Merge pull request #377 from tphoney/prep_20.14.0

(maint) prep for v20.14.0

.drone.yml

@@ -566,69 +566,6 @@ trigger:
 depends_on:
 - testing
 
----
-kind: pipeline
-name: linux-arm-docker
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/arm/drone-docker ./cmd/drone-docker"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/arm/drone-docker ./cmd/drone-docker"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-    - tag
-
-- name: executable
-  image: golang:1.17.3
-  commands:
-  - ./release/linux/arm/drone-docker --help
-
-- name: publish
-  image: plugins/docker:18
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    daemon_off: false
-    dockerfile: docker/docker/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: plugins/docker
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - "refs/tags/**"
-  - "refs/pull/**"
-
-depends_on:
-- testing
-
 ---
 kind: pipeline
 name: notifications-docker
@@ -659,7 +596,6 @@ depends_on:
 - windows-1909-docker
 - linux-amd64-docker
 - linux-arm64-docker
-- linux-arm-docker
 
 ---
 kind: pipeline
@@ -777,64 +713,6 @@ trigger:
 depends_on:
 - linux-arm64-docker
 
----
-kind: pipeline
-name: linux-arm-gcr
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/arm/drone-gcr ./cmd/drone-gcr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/arm/drone-gcr ./cmd/drone-gcr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-    - tag
-
-- name: publish
-  image: plugins/docker:18
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    daemon_off: false
-    dockerfile: docker/gcr/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: plugins/gcr
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - "refs/tags/**"
-  - "refs/pull/**"
-
-depends_on:
-- linux-arm-docker
-
 ---
 kind: pipeline
 name: notifications-gcr
@@ -865,7 +743,6 @@ depends_on:
 - windows-1909-gcr
 - linux-amd64-gcr
 - linux-arm64-gcr
-- linux-arm-gcr
 
 ---
 kind: pipeline
@@ -983,64 +860,6 @@ trigger:
 depends_on:
 - linux-arm64-docker
 
----
-kind: pipeline
-name: linux-arm-ecr
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/arm/drone-ecr ./cmd/drone-ecr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/arm/drone-ecr ./cmd/drone-ecr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-    - tag
-
-- name: publish
-  image: plugins/docker:18
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    daemon_off: false
-    dockerfile: docker/ecr/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: plugins/ecr
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - "refs/tags/**"
-  - "refs/pull/**"
-
-depends_on:
-- linux-arm-docker
-
 ---
 kind: pipeline
 name: notifications-ecr
@@ -1071,7 +890,6 @@ depends_on:
 - windows-1909-ecr
 - linux-amd64-ecr
 - linux-arm64-ecr
-- linux-arm-ecr
 
 ---
 kind: pipeline
@@ -1189,64 +1007,6 @@ trigger:
 depends_on:
 - linux-arm64-docker
 
----
-kind: pipeline
-name: linux-arm-heroku
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/arm/drone-heroku ./cmd/drone-heroku"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/arm/drone-heroku ./cmd/drone-heroku"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-    - tag
-
-- name: publish
-  image: plugins/docker:18
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    daemon_off: false
-    dockerfile: docker/heroku/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: plugins/heroku
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - "refs/tags/**"
-  - "refs/pull/**"
-
-depends_on:
-- linux-arm-docker
-
 ---
 kind: pipeline
 name: notifications-heroku
@@ -1275,7 +1035,6 @@ trigger:
 depends_on:
 - linux-amd64-heroku
 - linux-arm64-heroku
-- linux-arm-heroku
 
 ---
 kind: pipeline
@@ -1393,64 +1152,6 @@ trigger:
 depends_on:
 - linux-arm64-docker
 
----
-kind: pipeline
-name: linux-arm-acr
-
-platform:
-  os: linux
-  arch: arm
-
-steps:
-- name: build-push
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.build=${DRONE_BUILD_NUMBER}\" -a -tags netgo -o release/linux/arm/drone-acr ./cmd/drone-acr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-      exclude:
-      - tag
-
-- name: build-tag
-  image: golang:1.17.3
-  commands:
-  - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}\" -a -tags netgo -o release/linux/arm/drone-acr ./cmd/drone-acr"
-  environment:
-    CGO_ENABLED: 0
-    GO111MODULE: on
-  when:
-    event:
-    - tag
-
-- name: publish
-  image: plugins/docker:18
-  settings:
-    auto_tag: true
-    auto_tag_suffix: linux-arm
-    daemon_off: false
-    dockerfile: docker/acr/Dockerfile.linux.arm
-    password:
-      from_secret: docker_password
-    repo: plugins/acr
-    username:
-      from_secret: docker_username
-  when:
-    event:
-      exclude:
-      - pull_request
-
-trigger:
-  ref:
-  - refs/heads/master
-  - "refs/tags/**"
-  - "refs/pull/**"
-
-depends_on:
-- linux-arm-docker
-
 ---
 kind: pipeline
 name: notifications-acr
@@ -1480,6 +1181,5 @@ depends_on:
 - windows-1909-acr
 - linux-amd64-acr
 - linux-arm64-acr
-- linux-arm-acr
 
 ...

CHANGELOG.md

@@ -1,11 +1,54 @@
 # Changelog
 
+## [v20.14.0](https://github.com/drone-plugins/drone-docker/tree/v20.14.0) (2022-11-17)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.13.0...v20.14.0)
+
+**Implemented enhancements:**
+
+- Add support for docker --platform flag [\#376](https://github.com/drone-plugins/drone-docker/pull/376) ([tphoney](https://github.com/tphoney))
+
+**Fixed bugs:**
+
+- Use full path to docker when creating card [\#373](https://github.com/drone-plugins/drone-docker/pull/373) ([donny-dont](https://github.com/donny-dont))
+
+## [v20.13.0](https://github.com/drone-plugins/drone-docker/tree/v20.13.0) (2022-06-08)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.12.0...v20.13.0)
+
+**Implemented enhancements:**
+
+- update docker linux amd64/arm64 to 20.10.14 [\#365](https://github.com/drone-plugins/drone-docker/pull/365) ([tphoney](https://github.com/tphoney))
+
+**Merged pull requests:**
+
+- v20.13.0 prep [\#367](https://github.com/drone-plugins/drone-docker/pull/367) ([tphoney](https://github.com/tphoney))
+
+## [v20.12.0](https://github.com/drone-plugins/drone-docker/tree/v20.12.0) (2022-05-16)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.11.0...v20.12.0)
+
+**Implemented enhancements:**
+
+- Add support for multiple Buildkit secrets with env vars or files as source [\#359](https://github.com/drone-plugins/drone-docker/pull/359) ([ste93cry](https://github.com/ste93cry))
+- \(DRON-237\) cards add link to image repo, minor cleanup [\#358](https://github.com/drone-plugins/drone-docker/pull/358) ([tphoney](https://github.com/tphoney))
+- \(DRON-232\) enable build-kit for secrets consumption [\#356](https://github.com/drone-plugins/drone-docker/pull/356) ([tphoney](https://github.com/tphoney))
+
+**Fixed bugs:**
+
+- \(fix\) Update card.json with UX [\#355](https://github.com/drone-plugins/drone-docker/pull/355) ([tphoney](https://github.com/tphoney))
+
+**Merged pull requests:**
+
+- prep for v20.12.0 [\#363](https://github.com/drone-plugins/drone-docker/pull/363) ([tphoney](https://github.com/tphoney))
+
 ## [v20.11.0](https://github.com/drone-plugins/drone-docker/tree/v20.11.0) (2022-01-19)
 
 [Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.10.9.1...v20.11.0)
 
 **Merged pull requests:**
 
+- new release to fix window semver error [\#354](https://github.com/drone-plugins/drone-docker/pull/354) ([eoinmcafee00](https://github.com/eoinmcafee00))
 - \(feat\) publish docker data to create drone card [\#347](https://github.com/drone-plugins/drone-docker/pull/347) ([eoinmcafee00](https://github.com/eoinmcafee00))
 
 ## [v20.10.9.1](https://github.com/drone-plugins/drone-docker/tree/v20.10.9.1) (2022-01-13)

README.md

@@ -62,6 +62,46 @@ docker build \
 
 > Notice: Be aware that the Docker plugin currently requires privileged capabilities, otherwise the integrated Docker daemon is not able to start.
 
+### Using Docker buildkit Secrets
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: build dummy docker file and publish
+  image: plugins/docker
+  pull: never
+  settings:
+    repo: tphoney/test
+    tags: latest
+    secret: id=mysecret,src=secret-file
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+```
+
+Using a dockerfile that references the secret-file 
+
+```bash
+# syntax=docker/dockerfile:1.2
+
+FROM alpine
+
+# shows secret from default secret location:
+RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
+```
+
+and a secret file called secret-file
+
+```
+COOL BANANAS
+```
+
+
+### Running from the CLI
+
 ```console
 docker run --rm \
   -e PLUGIN_TAG=latest \
@@ -73,6 +113,11 @@ docker run --rm \
   plugins/docker --dry-run
 ```
 
+## Developer Notes
+
+- When updating the base image, you will need to update for each architecture and OS.
+- Arm32 base images are no longer being updated.
+
 ## Release procedure
 
 Run the changelog generator.
@@ -91,4 +136,4 @@ Run the changelog generator again with the future version according to semver.
 docker run -it --rm -v "$(pwd)":/usr/local/src/your-app githubchangeloggenerator/github-changelog-generator -u drone-plugins -p drone-docker -t <secret token> --future-release v1.0.0
 ```
 
-Create your pull request for the release. Get it merged then tag the release.
+Create your pull request for the release. Get it merged then tag the release.

card.go

@@ -8,6 +8,8 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
+	"strings"
 	"time"
 
 	"github.com/drone/drone-go/drone"
@@ -16,13 +18,13 @@ import (
 )
 
 func (p Plugin) writeCard() error {
-	cmd := exec.Command("docker", "inspect", p.Build.Name)
+	cmd := exec.Command(dockerExe, "inspect", p.Build.Name)
 	data, err := cmd.CombinedOutput()
 	if err != nil {
 		return err
 	}
 
-	out := Inspect{}
+	out := Card{}
 	if err := json.Unmarshal(data, &out); err != nil {
 		return err
 	}
@@ -31,6 +33,14 @@ func (p Plugin) writeCard() error {
 	inspect.SizeString = fmt.Sprint(bytesize.New(float64(inspect.Size)))
 	inspect.VirtualSizeString = fmt.Sprint(bytesize.New(float64(inspect.VirtualSize)))
 	inspect.Time = fmt.Sprint(inspect.Metadata.LastTagTime.Format(time.RFC3339))
+	// change slice of tags to slice of TagStruct
+	var sliceTagStruct []TagStruct
+	for _, tag := range inspect.RepoTags {
+		sliceTagStruct = append(sliceTagStruct, TagStruct{Tag: tag})
+	}
+	inspect.ParsedRepoTags = sliceTagStruct[1:] // remove the first tag which is always "hash:latest"
+	// create the url from repo and registry
+	inspect.URL = mapRegistryToURL(p.Daemon.Registry, p.Build.Repo)
 	cardData, _ := json.Marshal(inspect)
 
 	card := drone.CardInput{
@@ -61,3 +71,18 @@ func writeCardTo(out io.Writer, data []byte) {
 	io.WriteString(out, "\u001B]0m")
 	io.WriteString(out, "\n")
 }
+
+func mapRegistryToURL(registry, repo string) (url string) {
+	url = "https://"
+	var domain string
+	if strings.Contains(registry, "amazonaws.com") {
+		domain = "gallery.ecr.aws/"
+	} else if strings.Contains(registry, "gcr.io") {
+		domain = "console.cloud.google.com/gcr/images"
+	} else {
+		// default to docker hub
+		domain = "hub.docker.com/r/"
+	}
+	url = path.Join(url, domain, repo)
+	return url
+}

cmd/drone-docker/main.go

@@ -249,11 +249,31 @@ func main() {
 			Usage:  "additional host:IP mapping",
 			EnvVar: "PLUGIN_ADD_HOST",
 		},
+		cli.StringFlag{
+			Name:   "secret",
+			Usage:  "secret key value pair eg id=MYSECRET",
+			EnvVar: "PLUGIN_SECRET",
+		},
+		cli.StringSliceFlag{
+			Name:   "secrets-from-env",
+			Usage:  "secret key value pair eg secret_name=secret",
+			EnvVar: "PLUGIN_SECRETS_FROM_ENV",
+		},
+		cli.StringSliceFlag{
+			Name:   "secrets-from-file",
+			Usage:  "secret key value pairs eg secret_name=/path/to/secret",
+			EnvVar: "PLUGIN_SECRETS_FROM_FILE",
+		},
 		cli.StringFlag{
 			Name:   "drone-card-path",
 			Usage:  "card path location to write to",
 			EnvVar: "DRONE_CARD_PATH",
 		},
+		cli.StringFlag{
+			Name:   "platform",
+			Usage:  "platform value to pass to docker",
+			EnvVar: "PLUGIN_PLATFORM",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -292,8 +312,12 @@ func run(c *cli.Context) error {
 			AutoLabel:   c.BoolT("auto-label"),
 			Link:        c.String("link"),
 			NoCache:     c.Bool("no-cache"),
+			Secret:      c.String("secret"),
+			SecretEnvs:  c.StringSlice("secrets-from-env"),
+			SecretFiles: c.StringSlice("secrets-from-file"),
 			AddHost:     c.StringSlice("add-host"),
 			Quiet:       c.Bool("quiet"),
+			Platform:    c.String("platform"),
 		},
 		Daemon: docker.Daemon{
 			Registry:      c.String("docker.registry"),

docker.go

@@ -58,8 +58,12 @@ type (
 		Labels      []string // Label map
 		Link        string   // Git repo link
 		NoCache     bool     // Docker build no-cache
+		Secret      string   // secret keypair
+		SecretEnvs  []string // Docker build secrets with env var as source
+		SecretFiles []string // Docker build secrets with file as source
 		AddHost     []string // Docker build add-host
 		Quiet       bool     // Docker build quiet
+		Platform    string   // Docker build platform
 	}
 
 	// Plugin defines the Docker plugin parameters.
@@ -72,26 +76,31 @@ type (
 		CardPath string // Card path to write file to
 	}
 
-	Inspect []struct {
-		ID            string        `json:"Id"`
-		RepoTags      []string      `json:"RepoTags"`
-		RepoDigests   []interface{} `json:"RepoDigests"`
-		Parent        string        `json:"Parent"`
-		Comment       string        `json:"Comment"`
-		Created       time.Time     `json:"Created"`
-		Container     string        `json:"Container"`
-		DockerVersion string        `json:"DockerVersion"`
-		Author        string        `json:"Author"`
-		Architecture  string        `json:"Architecture"`
-		Os            string        `json:"Os"`
-		Size          int           `json:"Size"`
-		VirtualSize   int           `json:"VirtualSize"`
-		Metadata      struct {
+	Card []struct {
+		ID             string        `json:"Id"`
+		RepoTags       []string      `json:"RepoTags"`
+		ParsedRepoTags []TagStruct   `json:"ParsedRepoTags"`
+		RepoDigests    []interface{} `json:"RepoDigests"`
+		Parent         string        `json:"Parent"`
+		Comment        string        `json:"Comment"`
+		Created        time.Time     `json:"Created"`
+		Container      string        `json:"Container"`
+		DockerVersion  string        `json:"DockerVersion"`
+		Author         string        `json:"Author"`
+		Architecture   string        `json:"Architecture"`
+		Os             string        `json:"Os"`
+		Size           int           `json:"Size"`
+		VirtualSize    int           `json:"VirtualSize"`
+		Metadata       struct {
 			LastTagTime time.Time `json:"LastTagTime"`
 		} `json:"Metadata"`
 		SizeString        string
 		VirtualSizeString string
 		Time              string
+		URL               string `json:"URL"`
+	}
+	TagStruct struct {
+		Tag string `json:"Tag"`
 	}
 )
 
@@ -175,7 +184,7 @@ func (p Plugin) Exec() error {
 	for _, tag := range p.Build.Tags {
 		cmds = append(cmds, commandTag(p.Build, tag)) // docker tag
 
-		if p.Dryrun == false {
+		if !p.Dryrun {
 			cmds = append(cmds, commandPush(p.Build, tag)) // docker push
 		}
 	}
@@ -297,12 +306,28 @@ func commandBuild(build Build) *exec.Cmd {
 	for _, host := range build.AddHost {
 		args = append(args, "--add-host", host)
 	}
+	if build.Secret != "" {
+		args = append(args, "--secret", build.Secret)
+	}
+	for _, secret := range build.SecretEnvs {
+		if arg, err := getSecretStringCmdArg(secret); err == nil {
+			args = append(args, "--secret", arg)
+		}
+	}
+	for _, secret := range build.SecretFiles {
+		if arg, err := getSecretFileCmdArg(secret); err == nil {
+			args = append(args, "--secret", arg)
+		}
+	}
 	if build.Target != "" {
 		args = append(args, "--target", build.Target)
 	}
 	if build.Quiet {
 		args = append(args, "--quiet")
 	}
+	if build.Platform != "" {
+		args = append(args, "--platform", build.Platform)
+	}
 
 	if build.AutoLabel {
 		labelSchema := []string{
@@ -328,9 +353,41 @@ func commandBuild(build Build) *exec.Cmd {
 		}
 	}
 
+	// we need to enable buildkit, for secret support
+	if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 {
+		os.Setenv("DOCKER_BUILDKIT", "1")
+	}
 	return exec.Command(dockerExe, args...)
 }
 
+func getSecretStringCmdArg(kvp string) (string, error) {
+	return getSecretCmdArg(kvp, false)
+}
+
+func getSecretFileCmdArg(kvp string) (string, error) {
+	return getSecretCmdArg(kvp, true)
+}
+
+func getSecretCmdArg(kvp string, file bool) (string, error) {
+	delimIndex := strings.IndexByte(kvp, '=')
+	if delimIndex == -1 {
+		return "", fmt.Errorf("%s is not a valid secret", kvp)
+	}
+
+	key := kvp[:delimIndex]
+	value := kvp[delimIndex+1:]
+
+	if key == "" || value == "" {
+		return "", fmt.Errorf("%s is not a valid secret", kvp)
+	}
+
+	if file {
+		return fmt.Sprintf("id=%s,src=%s", key, value), nil
+	}
+
+	return fmt.Sprintf("id=%s,env=%s", key, value), nil
+}
+
 // helper function to add proxy values from the environment
 func addProxyBuildArgs(build *Build) {
 	addProxyValue(build, "http_proxy")

docker/docker/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM docker:20.10.9-dind
+FROM docker:20.10.14-dind
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 

docker/docker/Dockerfile.linux.arm64

@@ -1,4 +1,4 @@
-FROM arm64v8/docker:20.10.9-dind
+FROM arm64v8/docker:20.10.14-dind
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 

docker/docker/manifest.tmpl

@@ -47,3 +47,9 @@ manifests:
       architecture: amd64
       os: windows
       version: 1909
+  -
+    image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-ltsc2022-amd64
+    platform:
+      architecture: amd64
+      os: windows
+      version: ltsc2022

docker_test.go

@@ -1 +1,151 @@
 package docker
+
+import (
+	"os/exec"
+	"reflect"
+	"testing"
+)
+
+func TestCommandBuild(t *testing.T) {
+	tcs := []struct {
+		name  string
+		build Build
+		want  *exec.Cmd
+	}{
+		{
+			name: "secret from env var",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				SecretEnvs: []string{
+					"foo_secret=FOO_SECRET_ENV_VAR",
+				},
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				"plugins/drone-docker:latest",
+				".",
+				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
+			),
+		},
+		{
+			name: "secret from file",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				SecretFiles: []string{
+					"foo_secret=/path/to/foo_secret",
+				},
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				"plugins/drone-docker:latest",
+				".",
+				"--secret id=foo_secret,src=/path/to/foo_secret",
+			),
+		},
+		{
+			name: "multiple mixed secrets",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				SecretEnvs: []string{
+					"foo_secret=FOO_SECRET_ENV_VAR",
+					"bar_secret=BAR_SECRET_ENV_VAR",
+				},
+				SecretFiles: []string{
+					"foo_secret=/path/to/foo_secret",
+					"bar_secret=/path/to/bar_secret",
+				},
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				"plugins/drone-docker:latest",
+				".",
+				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
+				"--secret id=bar_secret,env=BAR_SECRET_ENV_VAR",
+				"--secret id=foo_secret,src=/path/to/foo_secret",
+				"--secret id=bar_secret,src=/path/to/bar_secret",
+			),
+		},
+		{
+			name: "invalid mixed secrets",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				SecretEnvs: []string{
+					"foo_secret=",
+					"=FOO_SECRET_ENV_VAR",
+					"",
+				},
+				SecretFiles: []string{
+					"foo_secret=",
+					"=/path/to/bar_secret",
+					"",
+				},
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				"plugins/drone-docker:latest",
+				".",
+			),
+		},
+		{
+			name: "platform argument",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				Platform:   "test/platform",
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				"plugins/drone-docker:latest",
+				".",
+				"--platform",
+				"test/platform",
+			),
+		},
+	}
+
+	for _, tc := range tcs {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			cmd := commandBuild(tc.build)
+
+			if !reflect.DeepEqual(cmd.String(), tc.want.String()) {
+				t.Errorf("Got cmd %v, want %v", cmd, tc.want)
+			}
+		})
+	}
+}

docs/card.data.json

@@ -0,0 +1,41 @@
+{
+    "Id": "sha256:3b0709c9afb41629c79c93355feed114d08a8c1bedd975eb53af08f4b867fd91",
+    "RepoTags": [
+        "798a0dae10d63d281eff4c06eaa12001ffd23740:latest",
+        "tphoney/test:latest"
+    ],
+    "ParsedRepoTags": [
+        {
+            "Tag": ""
+        },
+        {
+            "Tag": ""
+        },
+        {
+            "Tag": "798a0dae10d63d281eff4c06eaa12001ffd23740:latest"
+        },
+        {
+            "Tag": "tphoney/test:latest"
+        }
+    ],
+    "RepoDigests": [
+        "tphoney/test@sha256:93f8b95aaae7d194208b72e94a3a90544b00c8f2ad45aeb89d81a0c6ccbc5e19"
+    ],
+    "Parent": "sha256:493aa330a5929027dd8ecded9fa8c473a1508d17c0fd7d6a94a7f197f8d22c60",
+    "Comment": "",
+    "Created": "2022-02-16T11:13:40.8956582Z",
+    "Container": "a57c0ca4dd2e081df8758e00549f7abe83803f1a1a7aaaf1cd8e685a5eb5a097",
+    "DockerVersion": "20.10.9",
+    "Author": "",
+    "Architecture": "amd64",
+    "Os": "linux",
+    "Size": 14045949,
+    "VirtualSize": 14045949,
+    "Metadata": {
+        "LastTagTime": "2022-02-16T11:13:40.9433973Z"
+    },
+    "SizeString": "13.40MB",
+    "VirtualSizeString": "13.40MB",
+    "Time": "2022-02-16T11:13:40Z",
+    "URL": "http://hub.docker.com/repositories/tphoney/test/"
+}

docs/card.json

@@ -1,118 +1,138 @@
 {
-  "type": "AdaptiveCard",
-  "body": [
-    {
-      "type": "ColumnSet",
-      "columns": [
+    "type": "AdaptiveCard",
+    "body": [
         {
-          "type": "Column",
-          "items": [
-            {
-              "type": "Image",
-              "url": "https://d36jcksde1wxzq.cloudfront.net/be7833db9bddb4494d2a7c3dd659199a.png",
-              "size": "Medium"
-            }
-          ],
-          "width": "auto"
+            "type": "ColumnSet",
+            "columns": [
+                {
+                    "type": "Column",
+                    "items": [
+                        {
+                            "type": "Image",
+                            "url": "https://d36jcksde1wxzq.cloudfront.net/be7833db9bddb4494d2a7c3dd659199a.png",
+                            "size": "small"
+                        }
+                    ],
+                    "width": "auto"
+                },
+                {
+                    "type": "Column",
+                    "items": [
+                        {
+                            "type": "TextBlock",
+                            "text": "Plugin: Drone Docker",
+                            "wrap": true,
+                            "size": "Small",
+                            "weight": "Bolder",
+                            "isSubtle": false,
+                            "spacing": "Small"
+                        },
+                        {
+                            "type": "TextBlock",
+                            "text": "DIGEST: ${RepoDigests[0]}",
+                            "wrap": true,
+                            "size": "Small",
+                            "weight": "Lighter",
+                            "isSubtle": true,
+                            "spacing": "Small"
+                        }
+                    ],
+                    "width": "stretch"
+                }
+            ],
+            "style": "default"
         },
         {
-          "type": "Column",
-          "items": [
-            {
-              "type": "TextBlock",
-              "text": "${RepoTags[0]}",
-              "size": "Medium"
-            },
-            {
-              "type": "TextBlock",
-              "text": "DIGEST: ${RepoDigests[0]}",
-              "wrap": true,
-              "size": "Small",
-              "weight": "Lighter",
-              "isSubtle": true,
-              "spacing": "Small"
-            },
-            {
-              "type": "ColumnSet",
-              "columns": [
+            "type": "ColumnSet",
+            "columns": [
                 {
-                  "type": "Column",
-                  "items": [
-                    {
-                      "type": "TextBlock",
-                      "weight": "Lighter",
-                      "text": "OS/ARCH",
-                      "wrap": true,
-                      "size": "Small",
-                      "isSubtle": true,
-                      "spacing": "Medium"
-                    },
-                    {
-                      "type": "TextBlock",
-                      "text": "${OS}/${Architecture}",
-                      "wrap": true,
-                      "size": "Small",
-                      "spacing": "Small"
-                    }
-                  ],
-                  "separator": true,
-                  "width": "auto"
+                    "type": "Column",
+                    "items": [
+                        {
+                            "type": "TextBlock",
+                            "weight": "Lighter",
+                            "text": "TAGS",
+                            "wrap": true,
+                            "size": "Small",
+                            "isSubtle": true,
+                            "spacing": "Medium"
+                        },
+                        {
+                            "type": "FactSet",
+                            "facts": [
+                                {
+                                    "title": "${Tag}",
+                                    "value": ""
+                                }
+                            ],
+                            "spacing": "Small",
+                            "$data": "${ParsedRepoTags}",
+                            "wrap": true,
+                            "size": "Small",
+                            "weight": "Bolder"
+                        }
+                    ],
+                    "separator": true,
+                    "width": "auto"
                 },
                 {
-                  "type": "Column",
-                  "items": [
-                    {
-                      "type": "TextBlock",
-                      "weight": "Lighter",
-                      "text": "SIZE",
-                      "wrap": true,
-                      "size": "Small",
-                      "isSubtle": true
-                    },
-                    {
-                      "type": "TextBlock",
-                      "spacing": "Small",
-                      "text": "${SizeString}",
-                      "wrap": true,
-                      "size": "Small"
-                    }
-                  ],
-                  "width": "auto",
-                  "separator": true,
-                  "spacing": "Medium"
+                    "type": "Column",
+                    "items": [
+                        {
+                            "type": "TextBlock",
+                            "weight": "Lighter",
+                            "text": "SIZE",
+                            "wrap": true,
+                            "size": "Small",
+                            "isSubtle": true
+                        },
+                        {
+                            "type": "TextBlock",
+                            "spacing": "Small",
+                            "text": "${SizeString}",
+                            "wrap": true,
+                            "weight": "Bolder"
+                        }
+                    ],
+                    "width": "auto",
+                    "separator": true,
+                    "spacing": "Medium"
                 },
                 {
-                  "type": "Column",
-                  "items": [
-                    {
-                      "type": "TextBlock",
-                      "weight": "Lighter",
-                      "text": "LAST PUSHED",
-                      "wrap": true,
-                      "size": "Small",
-                      "isSubtle": true
-                    },
-                    {
-                      "type": "TextBlock",
-                      "spacing": "Small",
-                      "text": "{{DATE(${Time})}} - {{TIME(${Time})}}",
-                      "wrap": true,
-                      "size": "Small"
-                    }
-                  ],
-                  "width": "auto",
-                  "separator": true,
-                  "spacing": "Medium"
+                    "type": "Column",
+                    "items": [
+                        {
+                            "type": "TextBlock",
+                            "weight": "Lighter",
+                            "text": "LAST PUSHED",
+                            "wrap": true,
+                            "size": "Small",
+                            "isSubtle": true
+                        },
+                        {
+                            "type": "TextBlock",
+                            "spacing": "Small",
+                            "text": "{{DATE(${Time})}} - {{TIME(${Time})}}",
+                            "wrap": true,
+                            "weight": "Bolder"
+                        }
+                    ],
+                    "width": "auto",
+                    "separator": true,
+                    "spacing": "Medium"
                 }
-              ],
-              "style": "default"
-            }
-          ],
-          "width": "stretch"
+            ],
+            "style": "default",
+            "separator": true
         }
-      ]
-    }
-  ],
-  "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
-  "version": "1.0"
+    ],
+    "actions": [
+        {
+            "type": "Action.OpenUrl",
+            "title": "Go to image",
+            "url": "${url}"
+        }
+    ],
+    "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+    "version": "1.5"
 }

go.mod

@@ -18,6 +18,7 @@ require (
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 // indirect
 	golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 // indirect
+	gopkg.in/yaml.v2 v2.2.8 // indirect
 )
 
 go 1.17

go.sum

@@ -38,5 +38,6 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=