third/plugin-drone-docker
1
0
Fork 0
mirror of https://github.com/drone-plugins/drone-docker.git synced 2026-06-13 10:41:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: third/plugin-drone-docker:cosign
Branches Tags
third/plugin-drone-docker:master third/plugin-drone-docker:CI-21939-fix third/plugin-drone-docker:CI-21939-test third/plugin-drone-docker:Remove-EoL-Components third/plugin-drone-docker:master-patch-2 third/plugin-drone-docker:CI-21703 third/plugin-drone-docker:master-patch-1 third/plugin-drone-docker:ci-18951 third/plugin-drone-docker:master-patch-7 third/plugin-drone-docker:master-patch-6 third/plugin-drone-docker:CI-20527 third/plugin-drone-docker:abhay1 third/plugin-drone-docker:blah third/plugin-drone-docker:CI-19670 third/plugin-drone-docker:cosign third/plugin-drone-docker:CI-17953 third/plugin-drone-docker:CI-16559-pipeyaml third/plugin-drone-docker:CI-16559-gitex-pipe-update third/plugin-drone-docker:master-patch third/plugin-drone-docker:CI-16478 third/plugin-drone-docker:CI-16264 third/plugin-drone-docker:CI-16181 third/plugin-drone-docker:CI-15963 third/plugin-drone-docker:CI-15946-2 third/plugin-drone-docker:CI-15946-1 third/plugin-drone-docker:CI-15946 third/plugin-drone-docker:CI-15502 third/plugin-drone-docker:CI-14845 third/plugin-drone-docker:scheduled_go_upgrade2024-09-20_01-08-13 third/plugin-drone-docker:scheduled_go_upgrade2024-09-13_01-07-18 third/plugin-drone-docker:temp_test_plugin third/plugin-drone-docker:scheduled_go_upgrade2024-09-06_01-05-27 third/plugin-drone-docker:scheduled_go_upgrade2024-08-30_01-05-43 third/plugin-drone-docker:scheduled_go_upgrade2024-08-23_01-04-53 third/plugin-drone-docker:scheduled_go_upgrade2024-08-16_01-05-35 third/plugin-drone-docker:go_upgrade_1_22_42024-07-02_08-12-32 third/plugin-drone-docker:update-go-version third/plugin-drone-docker:ci-3011 third/plugin-drone-docker:chicken-egg-ltsc2022 third/plugin-drone-docker:card-refactor third/plugin-drone-docker:win_test_pipeline third/plugin-drone-docker:windows_img third/plugin-drone-docker:starlark-build third/plugin-drone-docker:update-windows-dockerfiles
third/plugin-drone-docker:v21.2.9 third/plugin-drone-docker:v21.2.8 third/plugin-drone-docker:v21.2.7 third/plugin-drone-docker:v21.2.6 third/plugin-drone-docker:v21.2.5 third/plugin-drone-docker:v21.2.4 third/plugin-drone-docker:v21.2.3 third/plugin-drone-docker:v21.2.2 third/plugin-drone-docker:v21.2.1 third/plugin-drone-docker:v21.2.0 third/plugin-drone-docker:v21.2.1-debug third/plugin-drone-docker:v21.1.1 third/plugin-drone-docker:v21.1.0 third/plugin-drone-docker:v21.0.2-debug third/plugin-drone-docker:v21.0.1 third/plugin-drone-docker:v21.0.0 third/plugin-drone-docker:v20.18.8 third/plugin-drone-docker:v20.18.8-debug third/plugin-drone-docker:v20.18.7 third/plugin-drone-docker:v20.18.7-debug2 third/plugin-drone-docker:v20.18.6-debug third/plugin-drone-docker:v20.18.7-debug third/plugin-drone-docker:v20.18.6 third/plugin-drone-docker:v20.18.5-debug third/plugin-drone-docker:v20.18.5 third/plugin-drone-docker:v20.18.4 third/plugin-drone-docker:v20.18.3 third/plugin-drone-docker:v20.18.1 third/plugin-drone-docker:v20.18.2 third/plugin-drone-docker:v20.17.7 third/plugin-drone-docker:v20.18.0 third/plugin-drone-docker:v20.17.6 third/plugin-drone-docker:v20.17.5 third/plugin-drone-docker:v20.17.4 third/plugin-drone-docker:v20.17.3 third/plugin-drone-docker:v20.17.0 third/plugin-drone-docker:v20.17.1 third/plugin-drone-docker:v20.17.2 third/plugin-drone-docker:v20.16.0 third/plugin-drone-docker:v20.15.0 third/plugin-drone-docker:v20.14.5 third/plugin-drone-docker:v20.14.4 third/plugin-drone-docker:v20.14.3 third/plugin-drone-docker:v20.14.2 third/plugin-drone-docker:v20.14.1 third/plugin-drone-docker:v20.14.0 third/plugin-drone-docker:v20.13.0 third/plugin-drone-docker:v20.12.0 third/plugin-drone-docker:v20.11.0 third/plugin-drone-docker:v20.10.9.1 third/plugin-drone-docker:v20.10.9 third/plugin-drone-docker:v19.03.9 third/plugin-drone-docker:v19.03.8 third/plugin-drone-docker:v18.09.2 third/plugin-drone-docker:v18.09.1 third/plugin-drone-docker:v18.09.0 third/plugin-drone-docker:v18.06.1 third/plugin-drone-docker:v18.06.0
..
compare: third/plugin-drone-docker:v20.18.8-debug
Branches Tags
third/plugin-drone-docker:master third/plugin-drone-docker:CI-21939-fix third/plugin-drone-docker:CI-21939-test third/plugin-drone-docker:Remove-EoL-Components third/plugin-drone-docker:master-patch-2 third/plugin-drone-docker:CI-21703 third/plugin-drone-docker:master-patch-1 third/plugin-drone-docker:ci-18951 third/plugin-drone-docker:master-patch-7 third/plugin-drone-docker:master-patch-6 third/plugin-drone-docker:CI-20527 third/plugin-drone-docker:abhay1 third/plugin-drone-docker:blah third/plugin-drone-docker:CI-19670 third/plugin-drone-docker:cosign third/plugin-drone-docker:CI-17953 third/plugin-drone-docker:CI-16559-pipeyaml third/plugin-drone-docker:CI-16559-gitex-pipe-update third/plugin-drone-docker:master-patch third/plugin-drone-docker:CI-16478 third/plugin-drone-docker:CI-16264 third/plugin-drone-docker:CI-16181 third/plugin-drone-docker:CI-15963 third/plugin-drone-docker:CI-15946-2 third/plugin-drone-docker:CI-15946-1 third/plugin-drone-docker:CI-15946 third/plugin-drone-docker:CI-15502 third/plugin-drone-docker:CI-14845 third/plugin-drone-docker:scheduled_go_upgrade2024-09-20_01-08-13 third/plugin-drone-docker:scheduled_go_upgrade2024-09-13_01-07-18 third/plugin-drone-docker:temp_test_plugin third/plugin-drone-docker:scheduled_go_upgrade2024-09-06_01-05-27 third/plugin-drone-docker:scheduled_go_upgrade2024-08-30_01-05-43 third/plugin-drone-docker:scheduled_go_upgrade2024-08-23_01-04-53 third/plugin-drone-docker:scheduled_go_upgrade2024-08-16_01-05-35 third/plugin-drone-docker:go_upgrade_1_22_42024-07-02_08-12-32 third/plugin-drone-docker:update-go-version third/plugin-drone-docker:ci-3011 third/plugin-drone-docker:chicken-egg-ltsc2022 third/plugin-drone-docker:card-refactor third/plugin-drone-docker:win_test_pipeline third/plugin-drone-docker:windows_img third/plugin-drone-docker:starlark-build third/plugin-drone-docker:update-windows-dockerfiles
third/plugin-drone-docker:v21.2.9 third/plugin-drone-docker:v21.2.8 third/plugin-drone-docker:v21.2.7 third/plugin-drone-docker:v21.2.6 third/plugin-drone-docker:v21.2.5 third/plugin-drone-docker:v21.2.4 third/plugin-drone-docker:v21.2.3 third/plugin-drone-docker:v21.2.2 third/plugin-drone-docker:v21.2.1 third/plugin-drone-docker:v21.2.0 third/plugin-drone-docker:v21.2.1-debug third/plugin-drone-docker:v21.1.1 third/plugin-drone-docker:v21.1.0 third/plugin-drone-docker:v21.0.2-debug third/plugin-drone-docker:v21.0.1 third/plugin-drone-docker:v21.0.0 third/plugin-drone-docker:v20.18.8 third/plugin-drone-docker:v20.18.8-debug third/plugin-drone-docker:v20.18.7 third/plugin-drone-docker:v20.18.7-debug2 third/plugin-drone-docker:v20.18.6-debug third/plugin-drone-docker:v20.18.7-debug third/plugin-drone-docker:v20.18.6 third/plugin-drone-docker:v20.18.5-debug third/plugin-drone-docker:v20.18.5 third/plugin-drone-docker:v20.18.4 third/plugin-drone-docker:v20.18.3 third/plugin-drone-docker:v20.18.1 third/plugin-drone-docker:v20.18.2 third/plugin-drone-docker:v20.17.7 third/plugin-drone-docker:v20.18.0 third/plugin-drone-docker:v20.17.6 third/plugin-drone-docker:v20.17.5 third/plugin-drone-docker:v20.17.4 third/plugin-drone-docker:v20.17.3 third/plugin-drone-docker:v20.17.0 third/plugin-drone-docker:v20.17.1 third/plugin-drone-docker:v20.17.2 third/plugin-drone-docker:v20.16.0 third/plugin-drone-docker:v20.15.0 third/plugin-drone-docker:v20.14.5 third/plugin-drone-docker:v20.14.4 third/plugin-drone-docker:v20.14.3 third/plugin-drone-docker:v20.14.2 third/plugin-drone-docker:v20.14.1 third/plugin-drone-docker:v20.14.0 third/plugin-drone-docker:v20.13.0 third/plugin-drone-docker:v20.12.0 third/plugin-drone-docker:v20.11.0 third/plugin-drone-docker:v20.10.9.1 third/plugin-drone-docker:v20.10.9 third/plugin-drone-docker:v19.03.9 third/plugin-drone-docker:v19.03.8 third/plugin-drone-docker:v18.09.2 third/plugin-drone-docker:v18.09.1 third/plugin-drone-docker:v18.09.0 third/plugin-drone-docker:v18.06.1 third/plugin-drone-docker:v18.06.0

1 Commits
cosign .. v20.18.8-debug

Author SHA1 Message Date
Ompragash Viswanathan c4ff01c1e7 Updated cmd/drone-acr/main.go and the dependencies 2025-03-24 13:33:27 +05:30
15 changed files with 477 additions and 567 deletions
Expand all files Collapse all files
.drone.yml
+30 -30
View File
@@ -12,7 +12,7 @@ platform:
steps:
- name: vet
image: golang:1.23
image: golang:1.22.4
commands:
- go vet ./...
environment:
@@ -22,7 +22,7 @@ steps:
path: /go
- name: test
image: golang:1.23
image: golang:1.22.4
commands:
- go test -cover ./...
environment:
@@ -55,7 +55,7 @@ platform:
steps:
- name: go build
image: golang:1.23
image: golang:1.22.4
environment:
CGO_ENABLED: 0
commands:
@@ -162,7 +162,7 @@ platform:
steps:
- name: go build
image: golang:1.23
image: golang:1.22.7
environment:
CGO_ENABLED: 0
commands:
@@ -264,7 +264,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
environment:
@@ -275,7 +275,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
environment:
@@ -285,7 +285,7 @@ steps:
- tag
- name: executable
image: golang:1.23
image: golang:1.22.7
commands:
- ./release/linux/amd64/drone-docker --help
@@ -329,7 +329,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
environment:
@@ -340,7 +340,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
environment:
@@ -350,7 +350,7 @@ steps:
- tag
- name: executable
image: golang:1.23
image: golang:1.22.7
commands:
- ./release/linux/arm64/drone-docker --help
@@ -429,7 +429,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
environment:
@@ -440,7 +440,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
environment:
@@ -488,7 +488,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
environment:
@@ -499,7 +499,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
environment:
@@ -582,7 +582,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
environment:
@@ -593,7 +593,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
environment:
@@ -641,7 +641,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
environment:
@@ -652,7 +652,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
environment:
@@ -734,7 +734,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
environment:
@@ -744,7 +744,7 @@ steps:
exclude:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
environment:
@@ -792,7 +792,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
environment:
@@ -802,7 +802,7 @@ steps:
exclude:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
environment:
@@ -885,7 +885,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
environment:
@@ -895,7 +895,7 @@ steps:
exclude:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
environment:
@@ -944,7 +944,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
environment:
@@ -954,7 +954,7 @@ steps:
exclude:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
environment:
@@ -1035,7 +1035,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
environment:
@@ -1045,7 +1045,7 @@ steps:
exclude:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
environment:
@@ -1093,7 +1093,7 @@ platform:
steps:
- name: build-push
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
environment:
@@ -1104,7 +1104,7 @@ steps:
- tag
- name: build-tag
image: golang:1.23
image: golang:1.22.7
commands:
- 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
environment:
.harness/eventPR.yaml
+112
View File
@@ -13,3 +13,115 @@ inputSet:
type: PR
spec:
number: <+trigger.prNumber>
stages:
- parallel:
- stage:
identifier: linamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Build_Push
type: Run
spec:
command: go build -a -tags netgo -o release/linux/amd64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
auto_tag_suffix: linux-amd64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
- stage:
identifier: linarm64
type: CI
spec:
execution:
steps:
- step:
identifier: buildpush
type: Run
spec:
command: go build -a -tags netgo -o release/linux/arm64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
auto_tag_suffix: linux-arm64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-arm64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
- stage:
identifier: win1809amd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
auto_tag_suffix: windows-1809-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-1809-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
- stage:
identifier: winamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
auto_tag_suffix: windows-ltsc2022-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-ltsc2022-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
- stage:
identifier: Manifest
type: CI
spec:
execution:
steps:
- step:
identifier: Plugin_1
type: Plugin
spec:
settings:
spec: docker/<+matrix.repo>/manifest.tmpl
.harness/eventPush.yaml
+112
View File
@@ -13,3 +13,115 @@ inputSet:
type: branch
spec:
branch: <+trigger.branch>
stages:
- parallel:
- stage:
identifier: linamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Build_Push
type: Run
spec:
command: go build -a -tags netgo -o release/linux/amd64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
auto_tag_suffix: linux-amd64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
- stage:
identifier: linarm64
type: CI
spec:
execution:
steps:
- step:
identifier: buildpush
type: Run
spec:
command: go build -a -tags netgo -o release/linux/arm64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
auto_tag_suffix: linux-arm64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-arm64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
- stage:
identifier: win1809amd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
auto_tag_suffix: windows-1809-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-1809-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
- stage:
identifier: winamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
auto_tag_suffix: windows-ltsc2022-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-ltsc2022-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
- stage:
identifier: Manifest
type: CI
spec:
execution:
steps:
- step:
identifier: Plugin_1
type: Plugin
spec:
settings:
spec: docker/<+matrix.repo>/manifest.tmpl
.harness/eventTag.yaml
+112
View File
@@ -13,3 +13,115 @@ inputSet:
type: tag
spec:
tag: <+trigger.tag>
stages:
- parallel:
- stage:
identifier: linamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Build_Push
type: Run
spec:
command: go build -a -tags netgo -o release/linux/amd64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
auto_tag_suffix: linux-amd64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
- stage:
identifier: linarm64
type: CI
spec:
execution:
steps:
- step:
identifier: buildpush
type: Run
spec:
command: go build -a -tags netgo -o release/linux/arm64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
- step:
identifier: Docker_Build_and_Push
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
auto_tag_suffix: linux-arm64
- step:
identifier: BuildAndPushDockerRegistry_1
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- linux-arm64
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
- stage:
identifier: win1809amd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
auto_tag_suffix: windows-1809-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-1809-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
- stage:
identifier: winamd64
type: CI
spec:
execution:
steps:
- step:
identifier: Docker_Build_and_Push1
type: Plugin
spec:
settings:
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
auto_tag_suffix: windows-ltsc2022-amd64
- step:
identifier: BuildAndPushDockerRegistry_2
type: BuildAndPushDockerRegistry
spec:
repo: plugins/<+matrix.repo>
tags:
- windows-ltsc2022-amd64
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
- stage:
identifier: Manifest
type: CI
spec:
execution:
steps:
- step:
identifier: Plugin_1
type: Plugin
spec:
settings:
spec: docker/<+matrix.repo>/manifest.tmpl
.harness/harness.yaml
+97 -162
View File
@@ -32,8 +32,8 @@ pipeline:
name: GO VET
identifier: Run_1
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: go vet ./...
- step:
@@ -41,8 +41,8 @@ pipeline:
name: GO TEST
identifier: Run_2
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: go test -cover ./...
- parallel:
@@ -69,21 +69,12 @@ pipeline:
name: Build Binary
identifier: Build_Push
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: go build -a -tags netgo -o release/linux/amd64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
command: <+input>
envVariables:
CGO_ENABLED: "0"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- step:
type: Plugin
name: Build and Push on Tag
@@ -94,45 +85,35 @@ pipeline:
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
repo: <+input>
dockerfile: <+input>
auto_tag: "true"
auto_tag_suffix: linux-amd64
auto_tag_suffix: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- step:
type: BuildAndPushDockerRegistry
name: Build and Push on Branch
identifier: BuildAndPushDockerRegistry_1
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/<+matrix.repo>
tags:
- linux-amd64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
repo: <+input>
tags: <+input>
caching: true
dockerfile: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- stage:
name: linux-arm64
identifier: linarm64
@@ -156,21 +137,12 @@ pipeline:
name: Build Binary
identifier: buildpush
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: go build -a -tags netgo -o release/linux/arm64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
command: <+input>
envVariables:
CGO_ENABLED: "0"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- step:
type: Plugin
name: Build and Push on Tag
@@ -181,45 +153,35 @@ pipeline:
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
repo: <+input>
dockerfile: <+input>
auto_tag: "true"
auto_tag_suffix: linux-arm64
auto_tag_suffix: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- step:
type: BuildAndPushDockerRegistry
name: Build and Push on Branch
identifier: BuildAndPushDockerRegistry_1
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/<+matrix.repo>
tags:
- linux-arm64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
repo: <+input>
tags: <+input>
caching: true
dockerfile: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
- stage:
name: win-1809-amd64
identifier: win1809amd64
@@ -243,22 +205,18 @@ pipeline:
name: Build Binary
identifier: go_build
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: |-
# disable cgo
export CGO_ENABLED=0
go build -o release/windows/amd64/drone-<+matrix.repo>.exe ./cmd/drone-<+matrix.repo>
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
go build -o release/windows/amd64/drone-docker.exe ./cmd/drone-docker
go build -o release/windows/amd64/drone-ecr.exe ./cmd/drone-ecr
go build -o release/windows/amd64/drone-gcr.exe ./cmd/drone-gcr
go build -o release/windows/amd64/drone-acr.exe ./cmd/drone-acr
go build -o release/windows/amd64/drone-gar.exe ./cmd/drone-gar
- step:
type: Plugin
name: Build and Push on Tag
@@ -269,43 +227,34 @@ pipeline:
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
repo: <+input>
dockerfile: <+input>
auto_tag: "true"
auto_tag_suffix: windows-1809-amd64
auto_tag_suffix: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
- step:
type: BuildAndPushDockerRegistry
name: Build and Push on Branch
identifier: BuildAndPushDockerRegistry_2
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/<+matrix.repo>
tags:
- windows-1809-amd64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.1809
repo: <+input>
tags: <+input>
caching: true
dockerfile: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
delegateSelectors:
- windows-vm
- stage:
@@ -331,24 +280,20 @@ pipeline:
name: Build Binary -ltsc2022
identifier: build_amd64ltsc2022
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
connectorRef: account.harnessImage
image: golang:1.22.4
shell: Sh
command: |-
# disable cgo
export CGO_ENABLED=0
go build -o release/windows/amd64/drone-<+matrix.repo>.exe ./cmd/drone-<+matrix.repo>
go build -o release/windows/amd64/drone-docker.exe ./cmd/drone-docker
go build -o release/windows/amd64/drone-ecr.exe ./cmd/drone-ecr
go build -o release/windows/amd64/drone-gcr.exe ./cmd/drone-gcr
go build -o release/windows/amd64/drone-acr.exe ./cmd/drone-acr
go build -o release/windows/amd64/drone-gar.exe ./cmd/drone-gar
envVariables:
CGO_ENABLED: "0"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
- step:
type: Plugin
name: Build and Push on Tag
@@ -359,45 +304,36 @@ pipeline:
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/<+matrix.repo>
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
repo: <+input>
dockerfile: <+input>
auto_tag: "true"
auto_tag_suffix: windows-ltsc2022-amd64
auto_tag_suffix: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
- step:
type: BuildAndPushDockerRegistry
name: Build and Push on Branch
identifier: BuildAndPushDockerRegistry_2
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/<+matrix.repo>
tags:
- windows-ltsc2022-amd64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.windows.amd64.ltsc2022
repo: <+input>
tags: <+input>
caching: true
dockerfile: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
buildIntelligence:
enabled: false
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
- stage:
name: Manifest and Release
identifier: Manifest
@@ -422,26 +358,25 @@ pipeline:
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
auto_tag: "true"
ignore_missing: "true"
spec: docker/<+matrix.repo>/manifest.tmpl
spec: <+input>
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
condition: <+codebase.build.type> == "tag" || <+codebase.build.type> == "branch"
platform:
os: Linux
arch: Amd64
runtime:
type: Cloud
spec: {}
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- heroku
- acr
identifier: dronedockerharness
projectIdentifier: Drone_Plugins
name: drone-docker-harness
allowStageExecutions: true
COSIGN_USAGE.md
-162
View File
@@ -1,162 +0,0 @@
# Cosign Integration for Drone-Docker
This document describes how to use the cosign container image signing feature in drone-docker.
## Overview
The drone-docker plugin now supports automatic container image signing using cosign after each successful push. This provides cryptographic verification that images haven't been tampered with.
## Environment Variables
The plugin accepts three cosign-related environment variables:
### `PLUGIN_COSIGN_PRIVATE_KEY` (Required for signing)
- **Description**: Private key for signing (PEM format content or file path)
- **Format**: Either PEM content or file path to private key
- **Usage**: Should be provided via secrets
### `PLUGIN_COSIGN_PASSWORD` (Optional)
- **Description**: Password for encrypted private keys
- **Usage**: Only needed if your private key is password-protected
### `PLUGIN_COSIGN_PARAMS` (Optional)
- **Description**: Additional cosign parameters
- **Examples**:
- `-a build_id=123` (add annotations)
- `--tlog-upload=false` (disable transparency log)
- `--rekor-url=https://custom-rekor.example.com` (custom rekor instance)
## Usage Examples
### 1. Basic Signing (Drone)
```yaml
kind: pipeline
type: docker
name: default
steps:
- name: docker
image: plugins/docker
settings:
repo: myregistry/myapp
tags: latest
cosign_private_key:
from_secret: cosign_private_key
cosign_password:
from_secret: cosign_password
```
### 2. Advanced Signing with Annotations (Drone)
```yaml
steps:
- name: docker
image: plugins/docker
settings:
repo: myregistry/myapp
tags:
- latest
- ${DRONE_BUILD_NUMBER}
cosign_private_key:
from_secret: cosign_private_key
cosign_params: "-a build_id=${DRONE_BUILD_NUMBER} -a commit_sha=${DRONE_COMMIT_SHA} -a branch=${DRONE_BRANCH}"
```
### 3. Harness CI/CD Usage
```yaml
- step:
type: Plugin
name: Build and Sign
identifier: build_and_sign
spec:
connectorRef: account.harnessImage
image: plugins/docker
settings:
repo: myregistry/myapp
tags: <+pipeline.sequenceId>
cosign_private_key: <+secrets.getValue("cosign_private_key")>
cosign_password: <+secrets.getValue("cosign_password")>
cosign_params: "-a harness_build=<+pipeline.sequenceId> -a harness_project=<+project.name>"
```
## Key Management
### Generating Cosign Keys
```bash
# Generate a new key pair
cosign generate-key-pair
# This creates:
# - cosign.key (private key)
# - cosign.pub (public key)
```
### Storing Keys Securely
**Harness Secrets:**
1. Go to Project Settings → Secrets
2. Create new secret with type "File" for private key
3. Create new secret with type "Text" for password
## Security Features
### Automatic Validation
-**Private key format validation**: Ensures PEM format is correct
-**Password requirement detection**: Warns if encrypted key needs password
-**Keyless signing prevention**: Warns that OIDC keyless signing isn't supported
### Error Handling
- **Invalid private key**: `❌ Invalid private key format. Expected PEM format`
- **Missing password**: `🔐 Encrypted private key requires password. Set PLUGIN_COSIGN_PASSWORD`
- **Keyless signing**: `⚠️ WARNING: Keyless signing (OIDC) isn't supported yet in this plugin`
## Signing Behavior
### When Signing Occurs
-**After each successful push**: Images are signed immediately after push
-**Multiple tags**: Each tag gets signed individually
-**Push-only mode**: Works with existing images
-**Dry-run respect**: Skips signing in dry-run mode
### Image References
- **Preferred**: Signs by digest (e.g., `image@sha256:abc123...`) for security
- **Fallback**: Signs by tag if digest unavailable
### Authentication
- **Registry auth**: Automatically uses existing Docker registry credentials
## Verification
To verify a signed image:
```bash
# Verify with public key
cosign verify --key cosign.pub myregistry/myapp:latest
# Verify with annotations
cosign verify --key cosign.pub \
-a build_id=123 \
myregistry/myapp:latest
```
## Troubleshooting
### Common Issues
1. **"cosign: command not found"**
- The container image includes cosign binary
- Use the latest plugin image: `plugins/docker:latest`
2. **"keyless signing not supported"**
- This plugin only supports private key signing
- Don't use `--oidc` or `--identity-token` in `cosign_params`
3. **"encrypted private key requires password"**
- Set `PLUGIN_COSIGN_PASSWORD` environment variable
- Or use an unencrypted private key
4. **Registry authentication issues**
- Cosign uses the same Docker registry credentials
- Ensure Docker login is working first
cmd/drone-acr/main.go
+1 -6
View File
@@ -10,7 +10,6 @@ import (
"net/url"
"os"
"os/exec"
"path/filepath"
"strings"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
@@ -29,7 +28,7 @@ type subscriptionUrlResponse struct {
}
const (
acrCertFile = "acr-cert.pem"
acrCertPath = "/tmp/acr-cert.pem"
azSubscriptionApiVersion = "2021-04-01"
azSubscriptionBaseUrl = "https://management.azure.com/subscriptions/"
basePublicUrl = "https://portal.azure.com/#view/Microsoft_Azure_ContainerRegistries/TagMetadataBlade/registryId/"
@@ -42,10 +41,6 @@ const (
certPathEnv = "AZURE_CLIENT_CERTIFICATE_PATH"
)
var (
acrCertPath = filepath.Join(os.TempDir(), acrCertFile)
)
func main() {
// Load env-file if it exists first
if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
cmd/drone-docker/main.go
-21
View File
@@ -323,22 +323,6 @@ func main() {
Usage: "access token",
EnvVar: "ACCESS_TOKEN",
},
// Cosign signing configuration
cli.StringFlag{
Name: "cosign.private-key",
Usage: "cosign private key content or file path for signing",
EnvVar: "PLUGIN_COSIGN_PRIVATE_KEY",
},
cli.StringFlag{
Name: "cosign.password",
Usage: "password for encrypted cosign private key",
EnvVar: "PLUGIN_COSIGN_PASSWORD",
},
cli.StringFlag{
Name: "cosign.params",
Usage: "additional cosign parameters (e.g., annotations, flags)",
EnvVar: "PLUGIN_COSIGN_PARAMS",
},
}
if err := app.Run(os.Args); err != nil {
@@ -414,11 +398,6 @@ func run(c *cli.Context) error {
BaseImageRegistry: c.String("docker.baseimageregistry"),
BaseImageUsername: c.String("docker.baseimageusername"),
BaseImagePassword: c.String("docker.baseimagepassword"),
Cosign: docker.CosignConfig{
PrivateKey: c.String("cosign.private-key"),
Password: c.String("cosign.password"),
Params: c.String("cosign.params"),
},
}
if c.Bool("tags.auto") {
daemon.go
-1
View File
@@ -11,7 +11,6 @@ import (
const dockerExe = "/usr/local/bin/docker"
const dockerdExe = "/usr/local/bin/dockerd"
const dockerHome = "/root/.docker/"
const cosignExe = "/usr/local/bin/cosign"
func (p Plugin) startDaemon() {
cmd := commandDaemon(p.Daemon)
daemon_win.go
-2
View File
@@ -1,4 +1,3 @@
//go:build windows
// +build windows
package docker
@@ -6,7 +5,6 @@ package docker
const dockerExe = "C:\\bin\\docker.exe"
const dockerdExe = ""
const dockerHome = "C:\\ProgramData\\docker\\"
const cosignExe = "C:\\bin\\cosign.exe"
func (p Plugin) startDaemon() {
// this is a no-op on windows
docker.go
+11 -165
View File
@@ -76,26 +76,18 @@ type (
SSHKeyPath string // Docker build ssh key path
}
// CosignConfig defines Cosign signing parameters.
CosignConfig struct {
PrivateKey string // Private key content (PEM format) or file path
Password string // Password for encrypted private keys
Params string // Additional cosign parameters
}
// Plugin defines the Docker plugin parameters.
Plugin struct {
Login Login // Docker login configuration
Build Build // Docker build configuration
Daemon Daemon // Docker daemon configuration
Cosign CosignConfig // Cosign signing configuration
Dryrun bool // Docker push is skipped
Cleanup bool // Docker purge is enabled
CardPath string // Card path to write file to
ArtifactFile string // Artifact path to write file to
BaseImageRegistry string // Docker registry to pull base image
BaseImageUsername string // Docker registry username to pull base image
BaseImagePassword string // Docker registry password to pull base image
Login Login // Docker login configuration
Build Build // Docker build configuration
Daemon Daemon // Docker daemon configuration
Dryrun bool // Docker push is skipped
Cleanup bool // Docker purge is enabled
CardPath string // Card path to write file to
ArtifactFile string // Artifact path to write file to
BaseImageRegistry string // Docker registry to pull base image
BaseImageUsername string // Docker registry username to pull base image
BaseImagePassword string // Docker registry password to pull base image
}
Card []struct {
@@ -201,9 +193,6 @@ func (p Plugin) Exec() error {
fmt.Println(out)
return fmt.Errorf("Error authenticating base connector: exit status 1")
}
} else {
fmt.Println("\033[33mTo ensure consistent and reliable pipeline execution, we recommend setting up a Base Image Connector.\033[0m\n" +
"\033[33mWhile optional at this time, configuring it helps prevent failures caused by Docker Hub's rate limits.\033[0m")
}
// login to the Docker registry
@@ -257,14 +246,6 @@ func (p Plugin) Exec() error {
cmds = append(cmds, commandBuild(p.Build)) // docker build
// Validate cosign configuration if present
if p.shouldSignWithCosign() {
if err := validateCosignConfig(p.Cosign); err != nil {
return fmt.Errorf("cosign validation failed: %w", err)
}
fmt.Println("🔐 Cosign signing enabled - images will be signed after push")
}
for _, tag := range p.Build.Tags {
cmds = append(cmds, commandTag(p.Build, tag)) // docker tag
@@ -306,31 +287,6 @@ func (p Plugin) Exec() error {
}
}
// Handle cosign signing after all commands complete (like artifact generation)
if p.shouldSignWithCosign() && !p.Dryrun {
// Set up environment variables for cosign
os.Setenv("COSIGN_YES", "true")
if digest, err := getDigest(p.Build.TempTag); err == nil {
fmt.Printf("🔐 Found image digest: %s\n", digest)
// Sign with digest reference
imageRef := fmt.Sprintf("%s@%s", p.Build.Repo, digest)
cosignCmd := createCosignCommand(imageRef, p.Cosign)
executeCosignCommand(cosignCmd)
} else {
fmt.Printf("⚠️ WARNING: Could not get image digest for cosign signing: %s\n", err)
fmt.Printf(" Falling back to tag-based signing\n")
// Fall back to tag-based signing for each tag
for _, tag := range p.Build.Tags {
imageRef := fmt.Sprintf("%s:%s", p.Build.Repo, tag)
cosignCmd := createCosignCommand(imageRef, p.Cosign)
executeCosignCommand(cosignCmd)
}
}
}
// execute cleanup routines in batch mode
if p.Cleanup {
// clear the slice
@@ -686,11 +642,6 @@ func isCommandRmi(args []string) bool {
return len(args) > 2 && args[1] == "rmi"
}
// helper to check if args match "cosign sign"
func isCommandCosign(args []string) bool {
return len(args) > 1 && args[0] == cosignExe
}
func commandRmi(tag string) *exec.Cmd {
return exec.Command(dockerExe, "rmi", tag)
}
@@ -727,7 +678,7 @@ func GetDroneDockerExecCmd() string {
}
func getDigest(buildName string) (string, error) {
cmd := exec.Command(dockerExe, "inspect", "--format='{{index .RepoDigests 0}}'", buildName)
cmd := exec.Command("docker", "inspect", "--format='{{index .RepoDigests 0}}'", buildName)
output, err := cmd.Output()
if err != nil {
return "", err
@@ -741,108 +692,3 @@ func getDigest(buildName string) (string, error) {
}
return "", errors.New("unable to fetch digest")
}
// shouldSignWithCosign determines if cosign signing should be performed
func (p Plugin) shouldSignWithCosign() bool {
return p.Cosign.PrivateKey != ""
}
// validateCosignConfig validates the cosign configuration
func validateCosignConfig(config CosignConfig) error {
if config.PrivateKey == "" {
return nil // No cosign config, skip silently
}
// Check if cosign binary is available
if _, err := exec.LookPath(cosignExe); err != nil {
fmt.Printf("❌ ERROR: cosign binary not found at %s\n", cosignExe)
fmt.Println(" Ensure you're using a plugin image that includes cosign")
return fmt.Errorf("cosign binary not available: %w", err)
}
// Check if it's trying to use keyless signing
if strings.Contains(config.Params, "--oidc") ||
strings.Contains(config.Params, "--identity-token") {
fmt.Println("⚠️ WARNING: Keyless signing (OIDC) isn't supported yet in this plugin. Use private key signing instead.")
return errors.New("keyless signing not supported")
}
// Validate private key format if it's PEM content
if strings.HasPrefix(config.PrivateKey, "-----BEGIN") {
if !isValidPEMKey(config.PrivateKey) {
return errors.New("❌ Invalid private key format. Expected PEM format")
}
// Check encrypted key password requirement
if isEncryptedPEMKey(config.PrivateKey) && config.Password == "" {
return errors.New("🔐 Encrypted private key requires password. Set PLUGIN_COSIGN_PASSWORD")
}
} else {
// File-based key - check if it's accessible (basic check)
if _, err := os.Stat(config.PrivateKey); err != nil {
fmt.Printf("⚠️ WARNING: Private key file may not be accessible: %s\n", config.PrivateKey)
fmt.Println(" This will be verified during signing")
}
}
return nil
}
// isEncryptedPEMKey checks if a PEM key is encrypted
func isEncryptedPEMKey(pemContent string) bool {
return strings.Contains(pemContent, "ENCRYPTED")
}
// isValidPEMKey performs basic PEM format validation
func isValidPEMKey(pemContent string) bool {
return strings.Contains(pemContent, "-----BEGIN") &&
strings.Contains(pemContent, "-----END") &&
(strings.Contains(pemContent, "PRIVATE KEY") ||
strings.Contains(pemContent, "RSA PRIVATE KEY") ||
strings.Contains(pemContent, "EC PRIVATE KEY"))
}
// createCosignCommand creates a cosign sign command with the given image reference
func createCosignCommand(imageRef string, cosign CosignConfig) *exec.Cmd {
args := []string{"sign", "--yes"}
// Handle private key (content vs file path)
if strings.HasPrefix(cosign.PrivateKey, "-----BEGIN") {
args = append(args, "--key", "env://COSIGN_PRIVATE_KEY")
os.Setenv("COSIGN_PRIVATE_KEY", cosign.PrivateKey)
} else {
args = append(args, "--key", cosign.PrivateKey)
}
// Set password if provided
if cosign.Password != "" {
os.Setenv("COSIGN_PASSWORD", cosign.Password)
}
// Add any extra parameters
if cosign.Params != "" {
extraArgs := strings.Fields(cosign.Params)
args = append(args, extraArgs...)
}
// Add the image reference to sign
args = append(args, imageRef)
return exec.Command(cosignExe, args...)
}
// executeCosignCommand executes the given cosign command and handles errors
func executeCosignCommand(cmd *exec.Cmd) {
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
fmt.Printf("🚀 Executing: %s %s\n", cmd.Path, strings.Join(cmd.Args[1:], " "))
if err := cmd.Run(); err != nil {
fmt.Printf("⚠️ WARNING: Image signing failed: %s\n", err)
fmt.Printf(" Image was pushed successfully but could not be signed\n")
fmt.Printf(" This is not fatal - continuing with the build\n")
}
}
docker/docker/Dockerfile.linux.amd64
+1 -5
View File
@@ -1,10 +1,6 @@
FROM docker:28.1.1-dind
FROM docker:20.10.14-dind
ENV DOCKER_HOST=unix:///var/run/docker.sock
# Install cosign for container image signing
RUN wget -O /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/v2.5.3/cosign-linux-amd64 \
&& chmod +x /usr/local/bin/cosign
ADD release/linux/amd64/drone-docker /bin/
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
docker/docker/Dockerfile.linux.arm64
+1 -5
View File
@@ -1,10 +1,6 @@
FROM arm64v8/docker:28.1.1-dind
FROM arm64v8/docker:20.10.14-dind
ENV DOCKER_HOST=unix:///var/run/docker.sock
# Install cosign for container image signing
RUN wget -O /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/v2.5.3/cosign-linux-arm64 \
&& chmod +x /usr/local/bin/cosign
ADD release/linux/arm64/drone-docker /bin/
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]
docker/docker/Dockerfile.windows.amd64.1809
-4
View File
@@ -24,10 +24,6 @@ LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
org.label-schema.schema-version="1.0"
RUN mkdir C:\bin
# Install cosign for container image signing
ADD https://github.com/sigstore/cosign/releases/download/v2.5.3/cosign-windows-amd64.exe C:/bin/cosign.exe
COPY --from=download /windows/system32/netapi32.dll /windows/system32/netapi32.dll
COPY --from=download /app/docker.exe C:/bin/docker.exe
ADD release/windows/amd64/drone-docker.exe C:/bin/drone-docker.exe
docker/docker/Dockerfile.windows.amd64.ltsc2022
-4
View File
@@ -22,10 +22,6 @@ LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
org.label-schema.schema-version="1.0"
RUN mkdir C:\bin
# Install cosign for container image signing
ADD https://github.com/sigstore/cosign/releases/download/v2.5.3/cosign-windows-amd64.exe C:/bin/cosign.exe
COPY --from=download /windows/system32/netapi32.dll /windows/system32/netapi32.dll
COPY --from=download /app/docker.exe C:/bin/docker.exe
ADD release/windows/amd64/drone-docker.exe C:/bin/drone-docker.exe