ci-9739 - workload identity/OIDC support for GAR/GCR (#413)

* adds support for oidc access tokens gar/gcr

.drone.jsonnet

@@ -1,50 +0,0 @@
-local pipeline = import 'pipeline.libsonnet';
-
-[
-  pipeline.test('linux', 'amd64'),
-
-  pipeline.build('docker', 'linux', 'amd64'),
-  pipeline.build('docker', 'linux', 'arm64'),
-  pipeline.build('docker', 'linux', 'arm'),
-  pipeline.notifications('docker', depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-  ]),
-
-  pipeline.build('gcr', 'linux', 'amd64'),
-  pipeline.build('gcr', 'linux', 'arm64'),
-  pipeline.build('gcr', 'linux', 'arm'),
-  pipeline.notifications('gcr', depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-  ]),
-
-  pipeline.build('acr', 'linux', 'amd64'),
-  pipeline.build('acr', 'linux', 'arm64'),
-  pipeline.build('acr', 'linux', 'arm'),
-  pipeline.notifications('acr', depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-  ]),
-
-  pipeline.build('ecr', 'linux', 'amd64'),
-  pipeline.build('ecr', 'linux', 'arm64'),
-  pipeline.build('ecr', 'linux', 'arm'),
-  pipeline.notifications('ecr', depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-  ]),
-
-  pipeline.build('heroku', 'linux', 'amd64'),
-  pipeline.build('heroku', 'linux', 'arm64'),
-  pipeline.build('heroku', 'linux', 'arm'),
-  pipeline.notifications('heroku', depends_on=[
-    'linux-amd64',
-    'linux-arm64',
-    'linux-arm',
-  ]),
-]

.gitignore

@@ -1,3 +1,5 @@
 release
 coverage.out
 vendor
+.vscode/
+Dockerfile

CHANGELOG.md

@@ -1,5 +1,67 @@
 # Changelog
 
+## [v20.14.5](https://github.com/drone-plugins/drone-docker/tree/v20.14.5) (2023-09-13)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.4...v20.14.5)
+
+**Implemented enhancements:**
+
+- Allow gcr authentication with workload identity [\#383](https://github.com/drone-plugins/drone-docker/pull/383) ([dhpollack](https://github.com/dhpollack))
+
+**Fixed bugs:**
+
+- \[fix\]: \[ci-9254\]: go version upgrade to 1.21 [\#401](https://github.com/drone-plugins/drone-docker/pull/401) ([abhay084](https://github.com/abhay084))
+- Revert "Add support for AAD auth for docker-acr" [\#398](https://github.com/drone-plugins/drone-docker/pull/398) ([tphoney](https://github.com/tphoney))
+
+**Closed issues:**
+
+- Remove deprecated support of label-schema in favor of OCI [\#396](https://github.com/drone-plugins/drone-docker/issues/396)
+
+**Merged pull requests:**
+
+- Add support for AAD auth for docker-acr [\#395](https://github.com/drone-plugins/drone-docker/pull/395) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+## [v20.14.4](https://github.com/drone-plugins/drone-docker/tree/v20.14.4) (2023-05-16)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.3...v20.14.4)
+
+**Fixed bugs:**
+
+- fix: Use unique build name for build and tag [\#390](https://github.com/drone-plugins/drone-docker/pull/390) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+**Merged pull requests:**
+
+- v20.14.4 prep [\#391](https://github.com/drone-plugins/drone-docker/pull/391) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+## [v20.14.3](https://github.com/drone-plugins/drone-docker/tree/v20.14.3) (2023-05-04)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.2...v20.14.3)
+
+**Merged pull requests:**
+
+- Write artifacts to input artifact file [\#389](https://github.com/drone-plugins/drone-docker/pull/389) ([raghavharness](https://github.com/raghavharness))
+
+## [v20.14.2](https://github.com/drone-plugins/drone-docker/tree/v20.14.2) (2023-04-18)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.1...v20.14.2)
+
+**Merged pull requests:**
+
+- fix windows drone yml [\#388](https://github.com/drone-plugins/drone-docker/pull/388) ([shubham149](https://github.com/shubham149))
+
+## [v20.14.1](https://github.com/drone-plugins/drone-docker/tree/v20.14.1) (2023-01-30)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.0...v20.14.1)
+
+**Implemented enhancements:**
+
+- Add option to mount host ssh agent \(--ssh\) [\#382](https://github.com/drone-plugins/drone-docker/pull/382) ([tphoney](https://github.com/tphoney))
+
+**Fixed bugs:**
+
+- windows 1809 docker build pin [\#384](https://github.com/drone-plugins/drone-docker/pull/384) ([tphoney](https://github.com/tphoney))
+- \(maint\) move to harness.drone.io [\#381](https://github.com/drone-plugins/drone-docker/pull/381) ([tphoney](https://github.com/tphoney))
+
 ## [v20.14.0](https://github.com/drone-plugins/drone-docker/tree/v20.14.0) (2022-11-17)
 
 [Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.13.0...v20.14.0)
@@ -12,6 +74,10 @@
 
 - Use full path to docker when creating card [\#373](https://github.com/drone-plugins/drone-docker/pull/373) ([donny-dont](https://github.com/donny-dont))
 
+**Merged pull requests:**
+
+- \(maint\) prep for v20.14.0 [\#377](https://github.com/drone-plugins/drone-docker/pull/377) ([tphoney](https://github.com/tphoney))
+
 ## [v20.13.0](https://github.com/drone-plugins/drone-docker/tree/v20.13.0) (2022-06-08)
 
 [Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.12.0...v20.13.0)
@@ -94,6 +160,15 @@
 
 - Revert "Update seccomp to 20.10 docker" [\#325](https://github.com/drone-plugins/drone-docker/pull/325) ([bradrydzewski](https://github.com/bradrydzewski))
 
+**Closed issues:**
+
+- Enable auth against multiple registries [\#324](https://github.com/drone-plugins/drone-docker/issues/324)
+- Parameter add\_host not work [\#318](https://github.com/drone-plugins/drone-docker/issues/318)
+- support customized Dockerfile name ? [\#315](https://github.com/drone-plugins/drone-docker/issues/315)
+- Tag wrongly gets parsed as octal [\#311](https://github.com/drone-plugins/drone-docker/issues/311)
+- Support TLS 1.3 [\#310](https://github.com/drone-plugins/drone-docker/issues/310)
+- Can pugin-docker access workspace content directly?  [\#307](https://github.com/drone-plugins/drone-docker/issues/307)
+
 **Merged pull requests:**
 
 - \(maint\) bump git to 1.13 for build and test [\#338](https://github.com/drone-plugins/drone-docker/pull/338) ([tphoney](https://github.com/tphoney))

README.md

@@ -113,6 +113,46 @@ docker run --rm \
   plugins/docker --dry-run
 ```
 
+### GAR (Google Artifact Registry)
+
+```yaml
+kind: pipeline
+name: default
+type: docker
+
+steps:
+  - name: push-to-gar
+    image: plugins/gcr
+    pull: never
+    settings:
+      tag: latest
+      repo: project-id/repo/image-name
+      registry_type: GAR
+      location: us
+      json_key:
+        from_secret: gcr_json_key
+```
+
+### GAR (Google Artifact Registry) using workload identity (OIDC)
+
+```yaml
+steps:
+  - name: push-to-gar
+    image: plugins/gcr
+    pull: never
+    settings:
+      tag: latest
+      repo: project-id/repo/image-name
+      registry_type: GAR
+      location: europe
+      project_number: project-number
+      pool_id: workload identity pool id
+      provider_id: workload identity provider id
+      service_account_email: service account email
+      oidc_token_id:
+        from_secret: token 
+```
+
 ## Developer Notes
 
 - When updating the base image, you will need to update for each architecture and OS.
@@ -137,3 +177,4 @@ docker run -it --rm -v "$(pwd)":/usr/local/src/your-app githubchangeloggenerator
 ```
 
 Create your pull request for the release. Get it merged then tag the release.
+

card.go

@@ -18,7 +18,7 @@ import (
 )
 
 func (p Plugin) writeCard() error {
-	cmd := exec.Command(dockerExe, "inspect", p.Build.Name)
+	cmd := exec.Command(dockerExe, "inspect", p.Build.TempTag)
 	data, err := cmd.CombinedOutput()
 	if err != nil {
 		return err

cmd/drone-acr/main.go

@@ -41,6 +41,7 @@ func main() {
 	os.Setenv("PLUGIN_REGISTRY", registry)
 	os.Setenv("DOCKER_USERNAME", username)
 	os.Setenv("DOCKER_PASSWORD", password)
+	os.Setenv("PLUGIN_REGISTRY_TYPE", "ACR")
 
 	// invoke the base docker plugin binary
 	cmd := exec.Command(docker.GetDroneDockerExecCmd())

cmd/drone-docker/main.go

@@ -3,12 +3,15 @@ package main
 import (
 	"os"
 	"runtime"
+	"strings"
 
+	"github.com/dchest/uniuri"
 	"github.com/joho/godotenv"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 
 	docker "github.com/drone-plugins/drone-docker"
+	"github.com/drone-plugins/drone-plugin-lib/drone"
 )
 
 var (
@@ -274,6 +277,26 @@ func main() {
 			Usage:  "platform value to pass to docker",
 			EnvVar: "PLUGIN_PLATFORM",
 		},
+		cli.StringFlag{
+			Name:   "ssh-agent-key",
+			Usage:  "ssh agent key to use",
+			EnvVar: "PLUGIN_SSH_AGENT_KEY",
+		},
+		cli.StringFlag{
+			Name:   "artifact-file",
+			Usage:  "Artifact file location that will be generated by the plugin. This file will include information of docker images that are uploaded by the plugin.",
+			EnvVar: "PLUGIN_ARTIFACT_FILE",
+		},
+		cli.StringFlag{
+			Name:   "registry-type",
+			Usage:  "registry type",
+			EnvVar: "PLUGIN_REGISTRY_TYPE",
+		},
+		cli.StringFlag{
+			Name:   "access-token",
+			Usage:  "access token",
+			EnvVar: "ACCESS_TOKEN",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -282,20 +305,28 @@ func main() {
 }
 
 func run(c *cli.Context) error {
+	registryType := drone.Docker
+	if c.String("registry-type") != "" {
+		registryType = drone.RegistryType(c.String("registry-type"))
+	}
+
 	plugin := docker.Plugin{
 		Dryrun:  c.Bool("dry-run"),
 		Cleanup: c.BoolT("docker.purge"),
 		Login: docker.Login{
-			Registry: c.String("docker.registry"),
-			Username: c.String("docker.username"),
-			Password: c.String("docker.password"),
-			Email:    c.String("docker.email"),
-			Config:   c.String("docker.config"),
+			Registry:    c.String("docker.registry"),
+			Username:    c.String("docker.username"),
+			Password:    c.String("docker.password"),
+			Email:       c.String("docker.email"),
+			Config:      c.String("docker.config"),
+			AccessToken: c.String("access-token"),
 		},
-		CardPath: c.String("drone-card-path"),
+		CardPath:     c.String("drone-card-path"),
+		ArtifactFile: c.String("artifact-file"),
 		Build: docker.Build{
 			Remote:      c.String("remote.url"),
 			Name:        c.String("commit.sha"),
+			TempTag:     generateTempTag(),
 			Dockerfile:  c.String("dockerfile"),
 			Context:     c.String("context"),
 			Tags:        c.StringSlice("tags"),
@@ -318,6 +349,7 @@ func run(c *cli.Context) error {
 			AddHost:     c.StringSlice("add-host"),
 			Quiet:       c.Bool("quiet"),
 			Platform:    c.String("platform"),
+			SSHAgentKey: c.String("ssh-agent-key"),
 		},
 		Daemon: docker.Daemon{
 			Registry:      c.String("docker.registry"),
@@ -333,6 +365,7 @@ func run(c *cli.Context) error {
 			DNSSearch:     c.StringSlice("daemon.dns-search"),
 			MTU:           c.String("daemon.mtu"),
 			Experimental:  c.Bool("daemon.experimental"),
+			RegistryType:  registryType,
 		},
 	}
 
@@ -359,6 +392,10 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
+func generateTempTag() string {
+	return strings.ToLower(uniuri.New())
+}
+
 func GetExecCmd() string {
 	if runtime.GOOS == "windows" {
 		return "C:/bin/drone-docker.exe"

cmd/drone-ecr/main.go

@@ -111,6 +111,7 @@ func main() {
 	os.Setenv("PLUGIN_REGISTRY", registry)
 	os.Setenv("DOCKER_USERNAME", username)
 	os.Setenv("DOCKER_PASSWORD", password)
+	os.Setenv("PLUGIN_REGISTRY_TYPE", "ECR")
 
 	// invoke the base docker plugin binary
 	cmd := exec.Command(docker.GetDroneDockerExecCmd())
@@ -196,7 +197,7 @@ func parseBoolOrDefault(defaultValue bool, s string) (result bool) {
 	var err error
 	result, err = strconv.ParseBool(s)
 	if err != nil {
-		result = false
+		result = defaultValue
 	}
 
 	return

cmd/drone-gcr/main.go

@@ -1,71 +1,179 @@
 package main
 
 import (
+	"context"
 	"encoding/base64"
+	"fmt"
+	"log"
 	"os"
 	"os/exec"
 	"path"
+	"strconv"
 	"strings"
 
+	docker "github.com/drone-plugins/drone-docker"
+
 	"github.com/joho/godotenv"
 	"github.com/sirupsen/logrus"
-
-	docker "github.com/drone-plugins/drone-docker"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+	"google.golang.org/api/iamcredentials/v1"
+	"google.golang.org/api/option"
+	"google.golang.org/api/sts/v1"
 )
 
-// gcr default username
-const username = "_json_key"
+type Config struct {
+	Repo             string
+	Registry         string
+	Password         string
+	WorkloadIdentity bool
+	Username         string
+	RegistryType     string
+	AccessToken      string
+}
 
-func main() {
-	// Load env-file if it exists first
+type staticTokenSource struct {
+	token *oauth2.Token
+}
+
+func (s *staticTokenSource) Token() (*oauth2.Token, error) {
+	return s.token, nil
+}
+
+func loadConfig() Config {
+	// Default username
+	username := "_json_key"
+	var config Config
+
+	// Load env-file if it exists
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
+		if err := godotenv.Load(env); err != nil {
+			log.Fatalf("Error loading .env file: %v", err)
+		}
 	}
 
-	var (
-		repo     = getenv("PLUGIN_REPO")
-		registry = getenv("PLUGIN_REGISTRY")
-		password = getenv(
+	idToken := getenv("PLUGIN_OIDC_TOKEN_ID")
+	projectId := getenv("PLUGIN_PROJECT_NUMBER")
+	poolId := getenv("PLUGIN_POOL_ID")
+	providerId := getenv("PLUGIN_PROVIDER_ID")
+	serviceAccountEmail := getenv("PLUGIN_SERVICE_ACCOUNT_EMAIL")
+
+	if idToken != "" && projectId != "" && poolId != "" && providerId != "" && serviceAccountEmail != "" {
+		federalToken, err := getFederalToken(idToken, projectId, poolId, providerId)
+		if err != nil {
+			logrus.Fatalf("Error (getFederalToken): %s", err)
+		}
+		accessToken, err := getGoogleCloudAccessToken(federalToken, serviceAccountEmail)
+		if err != nil {
+			logrus.Fatalf("Error (getGoogleCloudAccessToken): %s", err)
+		}
+		config.AccessToken = accessToken
+	} else {
+		password := getenv(
 			"PLUGIN_JSON_KEY",
 			"GCR_JSON_KEY",
 			"GOOGLE_CREDENTIALS",
 			"TOKEN",
 		)
-	)
-
-	// decode the token if base64 encoded
-	decoded, err := base64.StdEncoding.DecodeString(password)
-	if err == nil {
-		password = string(decoded)
+		config.WorkloadIdentity = parseBoolOrDefault(false, getenv("PLUGIN_WORKLOAD_IDENTITY"))
+		config.Username, config.Password = setUsernameAndPassword(username, password, config.WorkloadIdentity)
 	}
 
-	// default registry value
+	location := getenv("PLUGIN_LOCATION")
+	repo := getenv("PLUGIN_REPO")
+
+	registryType := getenv("PLUGIN_REGISTRY_TYPE")
+	if registryType == "" {
+		registryType = "GCR"
+	}
+
+	registry := getenv("PLUGIN_REGISTRY")
 	if registry == "" {
-		registry = "gcr.io"
+		switch registryType {
+		case "GCR":
+			registry = "gcr.io"
+		case "GAR":
+			if location == "" {
+				logrus.Fatalf("Error: For REGISTRY_TYPE of GAR, LOCATION must be set")
+			}
+			registry = fmt.Sprintf("%s-docker.pkg.dev", location)
+		default:
+			logrus.Fatalf("Unsupported registry type: %s", registryType)
+		}
 	}
 
-	// must use the fully qualified repo name. If the
-	// repo name does not have the registry prefix we
-	// should prepend.
 	if !strings.HasPrefix(repo, registry) {
 		repo = path.Join(registry, repo)
 	}
+	config.Repo = repo
+	config.Registry = registry
+	config.RegistryType = registryType
+	return config
+}
 
-	os.Setenv("PLUGIN_REPO", repo)
-	os.Setenv("PLUGIN_REGISTRY", registry)
-	os.Setenv("DOCKER_USERNAME", username)
-	os.Setenv("DOCKER_PASSWORD", password)
+func main() {
+	config := loadConfig()
+	if config.AccessToken != "" {
+		os.Setenv("ACCESS_TOKEN", config.AccessToken)
+	} else if config.Username != "" && config.Password != "" {
+		os.Setenv("DOCKER_USERNAME", config.Username)
+		os.Setenv("DOCKER_PASSWORD", config.Password)
+	}
+
+	os.Setenv("PLUGIN_REPO", config.Repo)
+	os.Setenv("PLUGIN_REGISTRY", config.Registry)
+	os.Setenv("PLUGIN_REGISTRY_TYPE", config.RegistryType)
 
 	// invoke the base docker plugin binary
 	cmd := exec.Command(docker.GetDroneDockerExecCmd())
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-	err = cmd.Run()
+	err := cmd.Run()
 	if err != nil {
 		logrus.Fatal(err)
 	}
 }
 
+func getOauthToken(data []byte) (s string) {
+	scopes := []string{
+		"https://www.googleapis.com/auth/cloud-platform",
+	}
+	ctx := context.Background()
+	credentials, err := google.CredentialsFromJSON(ctx, data, scopes...)
+	if err == nil {
+		token, err := credentials.TokenSource.Token()
+		if err == nil {
+			return token.AccessToken
+		}
+	}
+	return
+}
+
+func setUsernameAndPassword(user string, pass string, workloadIdentity bool) (u string, p string) {
+	// decode the token if base64 encoded
+	decoded, err := base64.StdEncoding.DecodeString(pass)
+	if err == nil {
+		pass = string(decoded)
+	}
+	// get oauth token and set username if using workload identity
+	if workloadIdentity {
+		data := []byte(pass)
+		pass = getOauthToken(data)
+		user = "oauth2accesstoken"
+	}
+	return user, pass
+}
+
+func parseBoolOrDefault(defaultValue bool, s string) (result bool) {
+	var err error
+	result, err = strconv.ParseBool(s)
+	if err != nil {
+		result = defaultValue
+	}
+
+	return
+}
+
 func getenv(key ...string) (s string) {
 	for _, k := range key {
 		s = os.Getenv(k)
@@ -75,3 +183,49 @@ func getenv(key ...string) (s string) {
 	}
 	return
 }
+
+func getFederalToken(idToken, projectNumber, poolId, providerId string) (string, error) {
+	ctx := context.Background()
+	stsService, err := sts.NewService(ctx, option.WithoutAuthentication())
+	if err != nil {
+		return "", err
+	}
+	audience := fmt.Sprintf("//iam.googleapis.com/projects/%s/locations/global/workloadIdentityPools/%s/providers/%s", projectNumber, poolId, providerId)
+	tokenRequest := &sts.GoogleIdentityStsV1ExchangeTokenRequest{
+		GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
+		SubjectToken:       idToken,
+		Audience:           audience,
+		Scope:              "https://www.googleapis.com/auth/cloud-platform",
+		RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token",
+		SubjectTokenType:   "urn:ietf:params:oauth:token-type:id_token",
+	}
+	tokenResponse, err := stsService.V1.Token(tokenRequest).Do()
+	if err != nil {
+		return "", err
+	}
+
+	return tokenResponse.AccessToken, nil
+}
+
+func getGoogleCloudAccessToken(federatedToken string, serviceAccountEmail string) (string, error) {
+	ctx := context.Background()
+	tokenSource := &staticTokenSource{
+		token: &oauth2.Token{AccessToken: federatedToken},
+	}
+	service, err := iamcredentials.NewService(ctx, option.WithTokenSource(tokenSource))
+	if err != nil {
+		return "", err
+	}
+
+	name := "projects/-/serviceAccounts/" + serviceAccountEmail
+	rb := &iamcredentials.GenerateAccessTokenRequest{
+		Scope: []string{"https://www.googleapis.com/auth/cloud-platform"},
+	}
+
+	resp, err := service.Projects.ServiceAccounts.GenerateAccessToken(name, rb).Do()
+	if err != nil {
+		return "", err
+	}
+
+	return resp.AccessToken, nil
+}

daemon.go

@@ -1,9 +1,10 @@
+//go:build !windows
 // +build !windows
 
 package docker
 
 import (
-	"io/ioutil"
+	"io"
 	"os"
 )
 
@@ -17,8 +18,8 @@ func (p Plugin) startDaemon() {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 	} else {
-		cmd.Stdout = ioutil.Discard
-		cmd.Stderr = ioutil.Discard
+		cmd.Stdout = io.Discard
+		cmd.Stderr = io.Discard
 	}
 	go func() {
 		trace(cmd)

docker.go

@@ -1,47 +1,52 @@
 package docker
 
 import (
+	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"time"
+
+	"github.com/drone-plugins/drone-plugin-lib/drone"
 )
 
 type (
 	// Daemon defines Docker daemon parameters.
 	Daemon struct {
-		Registry      string   // Docker registry
-		Mirror        string   // Docker registry mirror
-		Insecure      bool     // Docker daemon enable insecure registries
-		StorageDriver string   // Docker daemon storage driver
-		StoragePath   string   // Docker daemon storage path
-		Disabled      bool     // DOcker daemon is disabled (already running)
-		Debug         bool     // Docker daemon started in debug mode
-		Bip           string   // Docker daemon network bridge IP address
-		DNS           []string // Docker daemon dns server
-		DNSSearch     []string // Docker daemon dns search domain
-		MTU           string   // Docker daemon mtu setting
-		IPv6          bool     // Docker daemon IPv6 networking
-		Experimental  bool     // Docker daemon enable experimental mode
+		Registry      string             // Docker registry
+		Mirror        string             // Docker registry mirror
+		Insecure      bool               // Docker daemon enable insecure registries
+		StorageDriver string             // Docker daemon storage driver
+		StoragePath   string             // Docker daemon storage path
+		Disabled      bool               // DOcker daemon is disabled (already running)
+		Debug         bool               // Docker daemon started in debug mode
+		Bip           string             // Docker daemon network bridge IP address
+		DNS           []string           // Docker daemon dns server
+		DNSSearch     []string           // Docker daemon dns search domain
+		MTU           string             // Docker daemon mtu setting
+		IPv6          bool               // Docker daemon IPv6 networking
+		Experimental  bool               // Docker daemon enable experimental mode
+		RegistryType  drone.RegistryType // Docker registry type
 	}
 
 	// Login defines Docker login parameters.
 	Login struct {
-		Registry string // Docker registry address
-		Username string // Docker registry username
-		Password string // Docker registry password
-		Email    string // Docker registry email
-		Config   string // Docker Auth Config
+		Registry    string // Docker registry address
+		Username    string // Docker registry username
+		Password    string // Docker registry password
+		Email       string // Docker registry email
+		Config      string // Docker Auth Config
+		AccessToken string // External Access Token
 	}
 
 	// Build defines Docker build parameters.
 	Build struct {
 		Remote      string   // Git remote URL
 		Name        string   // Docker build using default named tag
+		TempTag     string   // Temporary tag used during docker build
 		Dockerfile  string   // Docker build Dockerfile
 		Context     string   // Docker build context
 		Tags        []string // Docker build tags
@@ -64,16 +69,19 @@ type (
 		AddHost     []string // Docker build add-host
 		Quiet       bool     // Docker build quiet
 		Platform    string   // Docker build platform
+		SSHAgentKey string   // Docker build ssh agent key
+		SSHKeyPath  string   // Docker build ssh key path
 	}
 
 	// Plugin defines the Docker plugin parameters.
 	Plugin struct {
-		Login    Login  // Docker login configuration
-		Build    Build  // Docker build configuration
-		Daemon   Daemon // Docker daemon configuration
-		Dryrun   bool   // Docker push is skipped
-		Cleanup  bool   // Docker purge is enabled
-		CardPath string // Card path to write file to
+		Login        Login  // Docker login configuration
+		Build        Build  // Docker build configuration
+		Daemon       Daemon // Docker daemon configuration
+		Dryrun       bool   // Docker push is skipped
+		Cleanup      bool   // Docker purge is enabled
+		CardPath     string // Card path to write file to
+		ArtifactFile string // Artifact path to write file to
 	}
 
 	Card []struct {
@@ -135,6 +143,8 @@ func (p Plugin) Exec() error {
 		fmt.Println("Detected registry credentials")
 	case p.Login.Config != "":
 		fmt.Println("Detected registry credentials file")
+	case p.Login.AccessToken != "":
+		fmt.Println("Detected access token")
 	default:
 		fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
 	}
@@ -144,7 +154,7 @@ func (p Plugin) Exec() error {
 		os.MkdirAll(dockerHome, 0600)
 
 		path := filepath.Join(dockerHome, "config.json")
-		err := ioutil.WriteFile(path, []byte(p.Login.Config), 0600)
+		err := os.WriteFile(path, []byte(p.Login.Config), 0600)
 		if err != nil {
 			return fmt.Errorf("Error writing config.json: %s", err)
 		}
@@ -158,7 +168,18 @@ func (p Plugin) Exec() error {
 			out := string(raw)
 			out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
 			fmt.Println(out)
-			return fmt.Errorf("Error authenticating: exit status 1")
+			return fmt.Errorf("error authenticating: exit status 1")
+		}
+	} else if p.Login.AccessToken != "" {
+		cmd := commandLoginAccessToken(p.Login, p.Login.AccessToken)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			return fmt.Errorf("error logging in to Docker registry: %s", err)
+		}
+		if strings.Contains(string(output), "Login Succeeded") {
+			fmt.Println("Login successful")
+		} else {
+			return fmt.Errorf("login did not succeed")
 		}
 	}
 
@@ -179,6 +200,15 @@ func (p Plugin) Exec() error {
 		cmds = append(cmds, commandPull(img))
 	}
 
+	// setup for using ssh agent (https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds)
+	if p.Build.SSHAgentKey != "" {
+		var sshErr error
+		p.Build.SSHKeyPath, sshErr = writeSSHPrivateKey(p.Build.SSHAgentKey)
+		if sshErr != nil {
+			return sshErr
+		}
+	}
+
 	cmds = append(cmds, commandBuild(p.Build)) // docker build
 
 	for _, tag := range p.Build.Tags {
@@ -212,13 +242,23 @@ func (p Plugin) Exec() error {
 		fmt.Printf("Could not create adaptive card. %s\n", err)
 	}
 
+	if p.ArtifactFile != "" {
+		if digest, err := getDigest(p.Build.TempTag); err == nil {
+			if err = drone.WritePluginArtifactFile(p.Daemon.RegistryType, p.ArtifactFile, p.Daemon.Registry, p.Build.Repo, digest, p.Build.Tags); err != nil {
+				fmt.Printf("failed to write plugin artifact file at path: %s with error: %s\n", p.ArtifactFile, err)
+			}
+		} else {
+			fmt.Printf("Could not fetch the digest. %s\n", err)
+		}
+	}
+
 	// execute cleanup routines in batch mode
 	if p.Cleanup {
 		// clear the slice
 		cmds = nil
 
-		cmds = append(cmds, commandRmi(p.Build.Name)) // docker rmi
-		cmds = append(cmds, commandPrune())           // docker system prune -f
+		cmds = append(cmds, commandRmi(p.Build.TempTag)) // docker rmi
+		cmds = append(cmds, commandPrune())              // docker system prune -f
 
 		for _, cmd := range cmds {
 			cmd.Stdout = os.Stdout
@@ -243,6 +283,17 @@ func commandLogin(login Login) *exec.Cmd {
 	)
 }
 
+func commandLoginAccessToken(login Login, accessToken string) *exec.Cmd {
+	cmd := exec.Command(dockerExe,
+		"login",
+		"-u",
+		"oauth2accesstoken",
+		"--password-stdin",
+		login.Registry)
+	cmd.Stdin = strings.NewReader(accessToken)
+	return cmd
+}
+
 // helper to check if args match "docker pull <image>"
 func isCommandPull(args []string) bool {
 	return len(args) > 2 && args[1] == "pull"
@@ -278,7 +329,7 @@ func commandBuild(build Build) *exec.Cmd {
 		"build",
 		"--rm=true",
 		"-f", build.Dockerfile,
-		"-t", build.Name,
+		"-t", build.TempTag,
 	}
 
 	args = append(args, build.Context)
@@ -328,6 +379,9 @@ func commandBuild(build Build) *exec.Cmd {
 	if build.Platform != "" {
 		args = append(args, "--platform", build.Platform)
 	}
+	if build.SSHKeyPath != "" {
+		args = append(args, "--ssh", build.SSHKeyPath)
+	}
 
 	if build.AutoLabel {
 		labelSchema := []string{
@@ -353,8 +407,8 @@ func commandBuild(build Build) *exec.Cmd {
 		}
 	}
 
-	// we need to enable buildkit, for secret support
-	if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 {
+	// we need to enable buildkit, for secret support and ssh agent support
+	if build.Secret != "" || len(build.SecretEnvs) > 0 || len(build.SecretFiles) > 0 || build.SSHAgentKey != "" {
 		os.Setenv("DOCKER_BUILDKIT", "1")
 	}
 	return exec.Command(dockerExe, args...)
@@ -434,7 +488,7 @@ func hasProxyBuildArg(build *Build, key string) bool {
 // helper function to create the docker tag command.
 func commandTag(build Build, tag string) *exec.Cmd {
 	var (
-		source = build.Name
+		source = build.TempTag
 		target = fmt.Sprintf("%s:%s", build.Repo, tag)
 	)
 	return exec.Command(
@@ -507,6 +561,23 @@ func commandRmi(tag string) *exec.Cmd {
 	return exec.Command(dockerExe, "rmi", tag)
 }
 
+func writeSSHPrivateKey(key string) (path string, err error) {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return "", fmt.Errorf("unable to determine home directory: %s", err)
+	}
+	if err := os.MkdirAll(filepath.Join(home, ".ssh"), 0700); err != nil {
+		return "", fmt.Errorf("unable to create .ssh directory: %s", err)
+	}
+	pathToKey := filepath.Join(home, ".ssh", "id_rsa")
+	if err := os.WriteFile(pathToKey, []byte(key), 0400); err != nil {
+		return "", fmt.Errorf("unable to write ssh key %s: %s", pathToKey, err)
+	}
+	path = fmt.Sprintf("default=%s", pathToKey)
+
+	return path, nil
+}
+
 // trace writes each command to stdout with the command wrapped in an xml
 // tag so that it can be extracted and displayed in the logs.
 func trace(cmd *exec.Cmd) {
@@ -520,3 +591,19 @@ func GetDroneDockerExecCmd() string {
 
 	return "drone-docker"
 }
+
+func getDigest(buildName string) (string, error) {
+	cmd := exec.Command("docker", "inspect", "--format='{{index .RepoDigests 0}}'", buildName)
+	output, err := cmd.Output()
+	if err != nil {
+		return "", err
+	}
+
+	// Parse the output to extract the repo digest.
+	digest := strings.Trim(string(output), "'\n")
+	parts := strings.Split(digest, "@")
+	if len(parts) > 1 {
+		return parts[1], nil
+	}
+	return "", errors.New("unable to fetch digest")
+}

docker/acr/Dockerfile.linux.arm

@@ -1,4 +0,0 @@
-FROM plugins/docker:linux-arm
-
-ADD release/linux/arm/drone-acr /bin/
-ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-acr"]

docker/acr/Dockerfile.windows.amd64.1909

@@ -1,10 +0,0 @@
-# escape=`
-FROM plugins/docker:windows-1909-amd64
-
-LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
-  org.label-schema.name="Drone ACR" `
-  org.label-schema.vendor="Drone.IO Community" `
-  org.label-schema.schema-version="1.0"
-
-ADD release/windows/amd64/drone-acr.exe C:/bin/drone-acr.exe
-ENTRYPOINT [ "C:\\bin\\drone-acr.exe" ]

docker/acr/Dockerfile.windows.amd64.ltsc2022

@@ -1,5 +1,5 @@
 # escape=`
-FROM plugins/docker:windows-1803-amd64
+FROM plugins/docker:windows-ltsc2022-amd64
 
 LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
   org.label-schema.name="Drone ACR" `

docker/acr/manifest.tmpl

@@ -17,18 +17,6 @@ manifests:
       architecture: arm64
       os: linux
       variant: v8
-  -
-    image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  -
-    image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1803-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1803
   -
     image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1809-amd64
     platform:
@@ -36,14 +24,8 @@ manifests:
       os: windows
       version: 1809
   -
-    image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1903-amd64
+    image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-ltsc2022-amd64
     platform:
       architecture: amd64
       os: windows
-      version: 1903
-  -
-    image: plugins/acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1909-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1909
+      version: ltsc2022

docker/docker/Dockerfile.linux.arm

@@ -1,15 +0,0 @@
-FROM arm32v6/docker:19.03.8-dind
-
-ENV DOCKER_HOST=unix:///var/run/docker.sock
-
-RUN apk --update add --virtual .build-deps curl && \
-    mkdir -p /etc/docker/ && \
-    curl -SsL -o /etc/docker/default.json https://raw.githubusercontent.com/moby/moby/19.03/profiles/seccomp/default.json && \
-    sed -i 's/SCMP_ACT_ERRNO/SCMP_ACT_TRACE/g' /etc/docker/default.json && \
-    chmod 600 /etc/docker/default.json && \
-    apk del .build-deps && \
-    rm -rf /var/cache/apk/* && \
-    rm -rf /tmp/*
-
-ADD release/linux/arm/drone-docker /bin/
-ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-docker"]

docker/docker/Dockerfile.windows.amd64.1803

@@ -1,26 +0,0 @@
-# escape=`
-FROM mcr.microsoft.com/windows/servercore:1803 as download
-
-SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
-
-ENV DOCKER_VERSION 18.09.1
-
-RUN Invoke-WebRequest 'http://constexpr.org/innoextract/files/innoextract-1.6-windows.zip' -OutFile 'innoextract.zip' -UseBasicParsing ; `
-    Expand-Archive innoextract.zip -DestinationPath C:\ ; `
-    Remove-Item -Path innoextract.zip
-
-RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
-    Invoke-WebRequest $('https://github.com/docker/toolbox/releases/download/v{0}/DockerToolbox-{0}.exe' -f $env:DOCKER_VERSION) -OutFile 'dockertoolbox.exe' -UseBasicParsing
-RUN /innoextract.exe dockertoolbox.exe
-
-FROM plugins/base:windows-1803
-
-LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
-  org.label-schema.name="Drone Docker" `
-  org.label-schema.vendor="Drone.IO Community" `
-  org.label-schema.schema-version="1.0"
-
-COPY --from=download /windows/system32/netapi32.dll /windows/system32/netapi32.dll
-COPY --from=download /app/docker.exe C:/bin/docker.exe
-ADD release/windows/amd64/drone-docker.exe C:/bin/drone-docker.exe
-ENTRYPOINT [ "C:\\bin\\drone-docker.exe" ]

docker/docker/Dockerfile.windows.amd64.1809

@@ -1,9 +1,10 @@
 # escape=`
-FROM mcr.microsoft.com/windows/servercore:1809 as download
+# using 1809-KB5021237-amd64 as base image, 1809-KB5022286-amd64 does not work
+FROM mcr.microsoft.com/windows/servercore:1809-KB5021237 as download
 
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-ENV DOCKER_VERSION 18.09.1
+ENV DOCKER_VERSION 19.03.1
 
 RUN Invoke-WebRequest 'http://constexpr.org/innoextract/files/innoextract-1.6-windows.zip' -OutFile 'innoextract.zip' -UseBasicParsing ; `
     Expand-Archive innoextract.zip -DestinationPath C:\ ; `
@@ -13,7 +14,8 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
     Invoke-WebRequest $('https://github.com/docker/toolbox/releases/download/v{0}/DockerToolbox-{0}.exe' -f $env:DOCKER_VERSION) -OutFile 'dockertoolbox.exe' -UseBasicParsing
 RUN /innoextract.exe dockertoolbox.exe
 
-FROM mcr.microsoft.com/windows/nanoserver:1809
+FROM mcr.microsoft.com/windows/nanoserver:1809-KB5021237-amd64
+
 USER ContainerAdministrator
 
 LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
@@ -21,6 +23,7 @@ LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
   org.label-schema.vendor="Drone.IO Community" `
   org.label-schema.schema-version="1.0"
 
+RUN mkdir C:\bin
 COPY --from=download /windows/system32/netapi32.dll /windows/system32/netapi32.dll
 COPY --from=download /app/docker.exe C:/bin/docker.exe
 ADD release/windows/amd64/drone-docker.exe C:/bin/drone-docker.exe

docker/docker/Dockerfile.windows.amd64.1909

@@ -1,28 +0,0 @@
-# escape=`
-FROM mcr.microsoft.com/windows/servercore:1909 as download
-
-SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
-
-ENV DOCKER_VERSION 19.03.1
-
-RUN Invoke-WebRequest 'http://constexpr.org/innoextract/files/innoextract-1.7-windows.zip' -OutFile 'innoextract.zip' -UseBasicParsing ; `
-    Expand-Archive innoextract.zip -DestinationPath C:\ ; `
-    Remove-Item -Path innoextract.zip
-
-RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
-    Invoke-WebRequest $('https://github.com/docker/toolbox/releases/download/v{0}/DockerToolbox-{0}.exe' -f $env:DOCKER_VERSION) -OutFile 'dockertoolbox.exe' -UseBasicParsing
-RUN /innoextract.exe dockertoolbox.exe
-
-FROM mcr.microsoft.com/windows/nanoserver:1909
-USER ContainerAdministrator
-
-LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
-  org.label-schema.name="Drone Docker" `
-  org.label-schema.vendor="Drone.IO Community" `
-  org.label-schema.schema-version="1.0"
-
-RUN mkdir C:\bin
-COPY --from=download /windows/system32/netapi32.dll /windows/system32/netapi32.dll
-COPY --from=download /app/docker.exe C:/bin/docker.exe
-ADD release/windows/amd64/drone-docker.exe C:/bin/drone-docker.exe
-ENTRYPOINT [ "C:\\bin\\drone-docker.exe" ]

docker/docker/Dockerfile.windows.amd64.ltsc2022

@@ -1,5 +1,5 @@
 # escape=`
-FROM mcr.microsoft.com/windows/servercore:1903 as download
+FROM mcr.microsoft.com/windows/servercore:ltsc2022 as download
 
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
@@ -13,7 +13,7 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
     Invoke-WebRequest $('https://github.com/docker/toolbox/releases/download/v{0}/DockerToolbox-{0}.exe' -f $env:DOCKER_VERSION) -OutFile 'dockertoolbox.exe' -UseBasicParsing
 RUN /innoextract.exe dockertoolbox.exe
 
-FROM mcr.microsoft.com/windows/nanoserver:1903
+FROM mcr.microsoft.com/windows/nanoserver:ltsc2022
 USER ContainerAdministrator
 
 LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `

docker/docker/manifest.tmpl

@@ -17,36 +17,12 @@ manifests:
       architecture: arm64
       os: linux
       variant: v8
-  -
-    image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  -
-    image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1803-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1803
   -
     image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1809-amd64
     platform:
       architecture: amd64
       os: windows
       version: 1809
-  -
-    image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1903-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1903
-  -
-    image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1909-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1909
   -
     image: plugins/docker:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-ltsc2022-amd64
     platform:

docker/ecr/Dockerfile.linux.arm

@@ -1,4 +0,0 @@
-FROM plugins/docker:linux-arm
-
-ADD release/linux/arm/drone-ecr /bin/
-ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-ecr"]

docker/ecr/Dockerfile.windows.amd64.1803

@@ -1,10 +0,0 @@
-# escape=`
-FROM plugins/docker:windows-1803-amd64
-
-LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
-  org.label-schema.name="Drone ECR" `
-  org.label-schema.vendor="Drone.IO Community" `
-  org.label-schema.schema-version="1.0"
-
-ADD release/windows/amd64/drone-ecr.exe C:/bin/drone-ecr.exe
-ENTRYPOINT [ "C:\\bin\\drone-ecr.exe" ]

docker/ecr/Dockerfile.windows.amd64.ltsc2022

@@ -1,5 +1,5 @@
 # escape=`
-FROM plugins/docker:windows-1909-amd64
+FROM plugins/docker:windows-ltsc2022-amd64
 
 LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
   org.label-schema.name="Drone ECR" `

docker/ecr/manifest.tmpl

@@ -17,18 +17,6 @@ manifests:
       architecture: arm64
       os: linux
       variant: v8
-  -
-    image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  -
-    image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1803-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1803
   -
     image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1809-amd64
     platform:
@@ -36,14 +24,8 @@ manifests:
       os: windows
       version: 1809
   -
-    image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1903-amd64
+    image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-ltsc2022-amd64
     platform:
       architecture: amd64
       os: windows
-      version: 1903
-  -
-    image: plugins/ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1909-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1909
+      version: ltsc2022

docker/gcr/Dockerfile.linux.arm

@@ -1,4 +0,0 @@
-FROM plugins/docker:linux-arm
-
-ADD release/linux/arm/drone-gcr /bin/
-ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-gcr"]

docker/gcr/Dockerfile.windows.amd64.1909

@@ -1,10 +0,0 @@
-# escape=`
-FROM plugins/docker:windows-1909-amd64
-
-LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
-  org.label-schema.name="Drone GCR" `
-  org.label-schema.vendor="Drone.IO Community" `
-  org.label-schema.schema-version="1.0"
-
-ADD release/windows/amd64/drone-gcr.exe C:/bin/drone-gcr.exe
-ENTRYPOINT [ "C:\\bin\\drone-gcr.exe" ]

docker/gcr/Dockerfile.windows.amd64.ltsc2022

@@ -1,5 +1,5 @@
 # escape=`
-FROM plugins/docker:windows-1803-amd64
+FROM plugins/docker:windows-ltsc2022-amd64
 
 LABEL maintainer="Drone.IO Community <drone-dev@googlegroups.com>" `
   org.label-schema.name="Drone GCR" `

docker/gcr/manifest.tmpl

@@ -17,18 +17,6 @@ manifests:
       architecture: arm64
       os: linux
       variant: v8
-  -
-    image: plugins/gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
-  -
-    image: plugins/gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1803-amd64
-    platform:
-      architecture: amd64
-      os: windows
-      version: 1803
   -
     image: plugins/gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1809-amd64
     platform:
@@ -36,8 +24,8 @@ manifests:
       os: windows
       version: 1809
   -
-    image: plugins/gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-1909-amd64
+    image: plugins/gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}windows-ltsc2022-amd64
     platform:
       architecture: amd64
       os: windows
-      version: 1909
+      version: ltsc2022

docker/heroku/Dockerfile.linux.arm

@@ -1,4 +0,0 @@
-FROM plugins/docker:linux-arm
-
-ADD release/linux/arm/drone-heroku /bin/
-ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint.sh", "/bin/drone-heroku"]

docker/heroku/manifest.tmpl

@@ -17,9 +17,3 @@ manifests:
       architecture: arm64
       os: linux
       variant: v8
-  -
-    image: plugins/heroku:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7

docker_test.go

@@ -3,10 +3,14 @@ package docker
 import (
 	"os/exec"
 	"reflect"
+	"strings"
 	"testing"
+
+	"github.com/dchest/uniuri"
 )
 
 func TestCommandBuild(t *testing.T) {
+	tempTag := strings.ToLower(uniuri.New())
 	tcs := []struct {
 		name  string
 		build Build
@@ -16,6 +20,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "secret from env var",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -29,7 +34,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
 			),
@@ -38,6 +43,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "secret from file",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretFiles: []string{
@@ -51,7 +57,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,src=/path/to/foo_secret",
 			),
@@ -60,6 +66,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "multiple mixed secrets",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -78,7 +85,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
 				"--secret id=bar_secret,env=BAR_SECRET_ENV_VAR",
@@ -90,6 +97,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "invalid mixed secrets",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -110,7 +118,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 			),
 		},
@@ -118,6 +126,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "platform argument",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				Platform:   "test/platform",
@@ -129,12 +138,33 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--platform",
 				"test/platform",
 			),
 		},
+		{
+			name: "ssh agent",
+			build: Build{
+				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
+				Dockerfile: "Dockerfile",
+				Context:    ".",
+				SSHKeyPath: "id_rsa=/root/.ssh/id_rsa",
+			},
+			want: exec.Command(
+				dockerExe,
+				"build",
+				"--rm=true",
+				"-f",
+				"Dockerfile",
+				"-t",
+				tempTag,
+				".",
+				"--ssh id_rsa=/root/.ssh/id_rsa",
+			),
+		},
 	}
 
 	for _, tc := range tcs {

go.mod

@@ -3,22 +3,40 @@ module github.com/drone-plugins/drone-docker
 require (
 	github.com/aws/aws-sdk-go v1.26.7
 	github.com/coreos/go-semver v0.3.0
+	github.com/dchest/uniuri v1.2.0
+	github.com/drone-plugins/drone-plugin-lib v0.4.1
 	github.com/drone/drone-go v1.7.1
 	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743
 	github.com/joho/godotenv v1.3.0
-	github.com/sirupsen/logrus v1.3.0
+	github.com/sirupsen/logrus v1.9.0
 	github.com/urfave/cli v1.22.2
+	golang.org/x/oauth2 v0.13.0
 )
 
 require (
-	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
-	github.com/russross/blackfriday/v2 v2.0.1 // indirect
-	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
-	golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 // indirect
-	golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/api v0.146.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v2 v2.2.8 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-go 1.17
+go 1.21

go.sum

@@ -1,43 +1,208 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
+cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute/metadata v0.2.0 h1:nBbNSZyDpkNlo3DepaaLKVuO7ClyifSAmNloSCZrHnQ=
+cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e/go.mod h1:Xa6lInWHNQnuWoF0YPSsx+INFA9qk7/7pTjwb3PInkY=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/aws/aws-sdk-go v1.26.7 h1:ObjEnmzvSdYy8KVd3me7v/UMyCn81inLy2SyoIPoBkg=
 github.com/aws/aws-sdk-go v1.26.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g=
+github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY=
+github.com/drone-plugins/drone-plugin-lib v0.4.1 h1:47rZlmcMpr1hSp+6Gl+1Z4t+efi/gMQU3lxukC1Yg64=
+github.com/drone-plugins/drone-plugin-lib v0.4.1/go.mod h1:KwCu92jFjHV3xv2hu5Qg/8zBNvGwbhoJDQw/EwnTvoM=
 github.com/drone/drone-go v1.7.1 h1:ZX+3Rs8YHUSUQ5mkuMLmm1zr1ttiiE2YGNxF3AnyDKw=
 github.com/drone/drone-go v1.7.1/go.mod h1:fxCf9jAnXDZV1yDr0ckTuWd1intvcQwfJmTRpTZ1mXg=
-github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.3.0 h1:hI/7Q+DtNZ2kINb6qt/lS+IyXnHQe9e90POfeewL/ME=
-github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 h1:u+LnwYTOOW7Ukr/fppxEb1Nwz0AtPflrblfvUudpo+I=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.146.0 h1:9aBYT4vQXt9dhCuLNfwfd3zpwu8atg0yPkjBymwSrOM=
+google.golang.org/api v0.146.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
+google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
+google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

pipeline.libsonnet

@@ -1,206 +0,0 @@
-local windows_pipe = '\\\\\\\\.\\\\pipe\\\\docker_engine';
-local windows_pipe_volume = 'docker_pipe';
-local test_pipeline_name = 'testing';
-
-local windows(os) = os == 'windows';
-
-local golang_image(os, version) =
-  'golang:' + '1.13' + if windows(os) then '-windowsservercore-' + version else '';
-
-{
-  test(os='linux', arch='amd64', version='')::
-    local is_windows = windows(os);
-    local golang = golang_image(os, version);
-    local volumes = if is_windows then [{name: 'gopath', path: 'C:\\\\gopath'}] else [{name: 'gopath', path: '/go',}];
-    {
-      kind: 'pipeline',
-      name: test_pipeline_name,
-      platform: {
-        os: os,
-        arch: arch,
-        version: if std.length(version) > 0 then version,
-      },
-      steps: [
-        {
-          name: 'vet',
-          image: golang,
-          pull: 'always',
-          environment: {
-            GO111MODULE: 'on',
-          },
-          commands: [
-            'go vet ./...',
-          ],
-          volumes: volumes,
-        },
-        {
-          name: 'test',
-          image: golang,
-          pull: 'always',
-          environment: {
-            GO111MODULE: 'on',
-          },
-          commands: [
-            'go test -cover ./...',
-          ],
-          volumes: volumes,
-        },
-      ],
-      trigger: {
-        ref: [
-          'refs/heads/master',
-          'refs/tags/**',
-          'refs/pull/**',
-        ],
-      },
-      volumes: [{name: 'gopath', temp: {}}]
-    },
-
-  build(name, os='linux', arch='amd64', version='')::
-    local is_windows = windows(os);
-    local tag = if is_windows then os + '-' + version else os + '-' + arch;
-    local file_suffix = std.strReplace(tag, '-', '.');
-    local volumes = if is_windows then [{ name: windows_pipe_volume, path: windows_pipe }] else [];
-    local golang = golang_image(os, version);
-    local plugin_repo = 'plugins/' + name;
-    local extension = if is_windows then '.exe' else '';
-    local depends_on = if name == 'docker' then [test_pipeline_name] else [tag + '-docker'];
-    {
-      kind: 'pipeline',
-      name: tag + '-' + name,
-      platform: {
-        os: os,
-        arch: arch,
-        version: if std.length(version) > 0 then version,
-      },
-      steps: [
-        {
-          name: 'build-push',
-          image: golang,
-          pull: 'always',
-          environment: {
-            CGO_ENABLED: '0',
-            GO111MODULE: 'on',
-          },
-          commands: [
-            'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/' + os + '/' + arch + '/drone-' + name + extension + ' ./cmd/drone-' + name,
-          ],
-          when: {
-            event: {
-              exclude: ['tag'],
-            },
-          },
-        },
-        {
-          name: 'build-tag',
-          image: golang,
-          pull: 'always',
-          environment: {
-            CGO_ENABLED: '0',
-            GO111MODULE: 'on',
-          },
-          commands: [
-            'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/' + os + '/' + arch + '/drone-' + name + extension + ' ./cmd/drone-' + name,
-          ],
-          when: {
-            event: ['tag'],
-          },
-        },
-        if name == "docker" then {
-          name: 'executable',
-          image: golang,
-          pull: 'always',
-          commands: [
-            './release/' + os + '/' + arch + '/drone-' + name + extension + ' --help',
-          ],
-        },
-        {
-          name: 'dryrun',
-          image: 'plugins/docker:' + tag,
-          pull: 'always',
-          settings: {
-            dry_run: true,
-            tags: tag,
-            dockerfile: 'docker/'+ name +'/Dockerfile.' + file_suffix,
-            daemon_off: if is_windows then 'true' else 'false',
-            repo: plugin_repo,
-            username: { from_secret: 'docker_username' },
-            password: { from_secret: 'docker_password' },
-          },
-          volumes: if std.length(volumes) > 0 then volumes,
-          when: {
-            event: ['pull_request'],
-          },
-        },
-        {
-          name: 'publish',
-          image: 'plugins/docker:' + tag,
-          pull: 'always',
-          settings: {
-            auto_tag: true,
-            auto_tag_suffix: tag,
-            daemon_off: if is_windows then 'true' else 'false',
-            dockerfile: 'docker/' + name + '/Dockerfile.' + file_suffix,
-            repo: plugin_repo,
-            username: { from_secret: 'docker_username' },
-            password: { from_secret: 'docker_password' },
-          },
-          volumes: if std.length(volumes) > 0 then volumes,
-          when: {
-            event: {
-              exclude: ['pull_request'],
-            },
-          },
-        },
-      ],
-      trigger: {
-        ref: [
-          'refs/heads/master',
-          'refs/tags/**',
-          'refs/pull/**',
-        ],
-      },
-      depends_on: depends_on,
-      volumes: if is_windows then [{ name: windows_pipe_volume, host: { path: windows_pipe } }],
-    },
-
-  notifications(name, os='linux', arch='amd64', version='', depends_on=[])::
-    {
-      kind: 'pipeline',
-      name: 'notifications-' + name,
-      platform: {
-        os: os,
-        arch: arch,
-        version: if std.length(version) > 0 then version,
-      },
-      steps: [
-        {
-          name: 'manifest',
-          image: 'plugins/manifest',
-          pull: 'always',
-          settings: {
-            username: { from_secret: 'docker_username' },
-            password: { from_secret: 'docker_password' },
-            spec: 'docker/' + name + '/manifest.tmpl',
-            ignore_missing: true,
-            auto_tag: true,
-          },
-        },
-        {
-          name: 'microbadger',
-          image: 'plugins/webhook',
-          pull: 'always',
-          settings: {
-            urls: { from_secret: 'microbadger_' + name },
-          },
-        },
-      ],
-      depends_on: [x + '-' + name for x in depends_on],
-      trigger: {
-        ref: [
-          'refs/heads/master',
-          'refs/tags/**',
-        ],
-      },
-    },
-}