ci-3011 - GAR support (#404)

* adds support for GAR

.drone.yml

@@ -12,7 +12,7 @@ platform:
 
 steps:
   - name: vet
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - go vet ./...
     environment:
@@ -22,7 +22,7 @@ steps:
         path: /go
 
   - name: test
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - go test -cover ./...
     environment:
@@ -55,7 +55,7 @@ platform:
 
 steps:
   - name: go build
-    image: golang:1.17
+    image: golang:1.21
     environment:
       CGO_ENABLED: 0
     commands:
@@ -146,7 +146,7 @@ platform:
 
 steps:
   - name: go build
-    image: golang:1.17
+    image: golang:1.21
     environment:
       CGO_ENABLED: 0
     commands:
@@ -234,7 +234,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
     environment:
@@ -245,7 +245,7 @@ steps:
           - tag
 
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
     environment:
@@ -255,7 +255,7 @@ steps:
         - tag
 
   - name: executable
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - ./release/linux/amd64/drone-docker --help
 
@@ -299,7 +299,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
     environment:
@@ -310,7 +310,7 @@ steps:
           - tag
 
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
     environment:
@@ -320,7 +320,7 @@ steps:
         - tag
 
   - name: executable
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - ./release/linux/arm64/drone-docker --help
 
@@ -399,7 +399,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
     environment:
@@ -410,7 +410,7 @@ steps:
           - tag
 
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
     environment:
@@ -459,7 +459,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
     environment:
@@ -470,7 +470,7 @@ steps:
           - tag
 
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
     environment:
@@ -554,7 +554,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
     environment:
@@ -564,7 +564,7 @@ steps:
         exclude:
           - tag
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
     environment:
@@ -612,7 +612,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
     environment:
@@ -622,7 +622,7 @@ steps:
         exclude:
           - tag
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
     environment:
@@ -705,7 +705,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
     environment:
@@ -715,7 +715,7 @@ steps:
         exclude:
           - tag
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
     environment:
@@ -764,7 +764,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
     environment:
@@ -774,7 +774,7 @@ steps:
         exclude:
           - tag
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
     environment:
@@ -855,7 +855,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
     environment:
@@ -865,7 +865,7 @@ steps:
         exclude:
           - tag
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
     environment:
@@ -913,7 +913,7 @@ platform:
 
 steps:
   - name: build-push
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
     environment:
@@ -924,7 +924,7 @@ steps:
           - tag
 
   - name: build-tag
-    image: golang:1.17
+    image: golang:1.21
     commands:
       - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
     environment:

CHANGELOG.md

@@ -1,5 +1,67 @@
 # Changelog
 
+## [v20.14.5](https://github.com/drone-plugins/drone-docker/tree/v20.14.5) (2023-09-13)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.4...v20.14.5)
+
+**Implemented enhancements:**
+
+- Allow gcr authentication with workload identity [\#383](https://github.com/drone-plugins/drone-docker/pull/383) ([dhpollack](https://github.com/dhpollack))
+
+**Fixed bugs:**
+
+- \[fix\]: \[ci-9254\]: go version upgrade to 1.21 [\#401](https://github.com/drone-plugins/drone-docker/pull/401) ([abhay084](https://github.com/abhay084))
+- Revert "Add support for AAD auth for docker-acr" [\#398](https://github.com/drone-plugins/drone-docker/pull/398) ([tphoney](https://github.com/tphoney))
+
+**Closed issues:**
+
+- Remove deprecated support of label-schema in favor of OCI [\#396](https://github.com/drone-plugins/drone-docker/issues/396)
+
+**Merged pull requests:**
+
+- Add support for AAD auth for docker-acr [\#395](https://github.com/drone-plugins/drone-docker/pull/395) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+## [v20.14.4](https://github.com/drone-plugins/drone-docker/tree/v20.14.4) (2023-05-16)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.3...v20.14.4)
+
+**Fixed bugs:**
+
+- fix: Use unique build name for build and tag [\#390](https://github.com/drone-plugins/drone-docker/pull/390) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+**Merged pull requests:**
+
+- v20.14.4 prep [\#391](https://github.com/drone-plugins/drone-docker/pull/391) ([rutvijmehta-harness](https://github.com/rutvijmehta-harness))
+
+## [v20.14.3](https://github.com/drone-plugins/drone-docker/tree/v20.14.3) (2023-05-04)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.2...v20.14.3)
+
+**Merged pull requests:**
+
+- Write artifacts to input artifact file [\#389](https://github.com/drone-plugins/drone-docker/pull/389) ([raghavharness](https://github.com/raghavharness))
+
+## [v20.14.2](https://github.com/drone-plugins/drone-docker/tree/v20.14.2) (2023-04-18)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.1...v20.14.2)
+
+**Merged pull requests:**
+
+- fix windows drone yml [\#388](https://github.com/drone-plugins/drone-docker/pull/388) ([shubham149](https://github.com/shubham149))
+
+## [v20.14.1](https://github.com/drone-plugins/drone-docker/tree/v20.14.1) (2023-01-30)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.14.0...v20.14.1)
+
+**Implemented enhancements:**
+
+- Add option to mount host ssh agent \(--ssh\) [\#382](https://github.com/drone-plugins/drone-docker/pull/382) ([tphoney](https://github.com/tphoney))
+
+**Fixed bugs:**
+
+- windows 1809 docker build pin [\#384](https://github.com/drone-plugins/drone-docker/pull/384) ([tphoney](https://github.com/tphoney))
+- \(maint\) move to harness.drone.io [\#381](https://github.com/drone-plugins/drone-docker/pull/381) ([tphoney](https://github.com/tphoney))
+
 ## [v20.14.0](https://github.com/drone-plugins/drone-docker/tree/v20.14.0) (2022-11-17)
 
 [Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.13.0...v20.14.0)
@@ -12,6 +74,10 @@
 
 - Use full path to docker when creating card [\#373](https://github.com/drone-plugins/drone-docker/pull/373) ([donny-dont](https://github.com/donny-dont))
 
+**Merged pull requests:**
+
+- \(maint\) prep for v20.14.0 [\#377](https://github.com/drone-plugins/drone-docker/pull/377) ([tphoney](https://github.com/tphoney))
+
 ## [v20.13.0](https://github.com/drone-plugins/drone-docker/tree/v20.13.0) (2022-06-08)
 
 [Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v20.12.0...v20.13.0)
@@ -94,6 +160,15 @@
 
 - Revert "Update seccomp to 20.10 docker" [\#325](https://github.com/drone-plugins/drone-docker/pull/325) ([bradrydzewski](https://github.com/bradrydzewski))
 
+**Closed issues:**
+
+- Enable auth against multiple registries [\#324](https://github.com/drone-plugins/drone-docker/issues/324)
+- Parameter add\_host not work [\#318](https://github.com/drone-plugins/drone-docker/issues/318)
+- support customized Dockerfile name ? [\#315](https://github.com/drone-plugins/drone-docker/issues/315)
+- Tag wrongly gets parsed as octal [\#311](https://github.com/drone-plugins/drone-docker/issues/311)
+- Support TLS 1.3 [\#310](https://github.com/drone-plugins/drone-docker/issues/310)
+- Can pugin-docker access workspace content directly?  [\#307](https://github.com/drone-plugins/drone-docker/issues/307)
+
 **Merged pull requests:**
 
 - \(maint\) bump git to 1.13 for build and test [\#338](https://github.com/drone-plugins/drone-docker/pull/338) ([tphoney](https://github.com/tphoney))

README.md

@@ -113,6 +113,26 @@ docker run --rm \
   plugins/docker --dry-run
 ```
 
+### GAR (Google Artifact Registry)
+
+```yaml
+kind: pipeline
+name: default
+type: docker
+
+steps:
+  - name: push-to-gar
+    image: plugins/gcr
+    pull: never
+    settings:
+      tag: latest
+      repo: project-id/repo/image-name
+      registry_type: GAR
+      location: us
+      json_key:
+        from_secret: gcr_json_key
+```
+
 ## Developer Notes
 
 - When updating the base image, you will need to update for each architecture and OS.
@@ -137,3 +157,4 @@ docker run -it --rm -v "$(pwd)":/usr/local/src/your-app githubchangeloggenerator
 ```
 
 Create your pull request for the release. Get it merged then tag the release.
+

card.go

@@ -18,7 +18,7 @@ import (
 )
 
 func (p Plugin) writeCard() error {
-	cmd := exec.Command(dockerExe, "inspect", p.Build.Name)
+	cmd := exec.Command(dockerExe, "inspect", p.Build.TempTag)
 	data, err := cmd.CombinedOutput()
 	if err != nil {
 		return err

cmd/drone-docker/main.go

@@ -3,7 +3,9 @@ package main
 import (
 	"os"
 	"runtime"
+	"strings"
 
+	"github.com/dchest/uniuri"
 	"github.com/joho/godotenv"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -318,6 +320,7 @@ func run(c *cli.Context) error {
 		Build: docker.Build{
 			Remote:      c.String("remote.url"),
 			Name:        c.String("commit.sha"),
+			TempTag:     generateTempTag(),
 			Dockerfile:  c.String("dockerfile"),
 			Context:     c.String("context"),
 			Tags:        c.StringSlice("tags"),
@@ -383,6 +386,10 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
+func generateTempTag() string {
+	return strings.ToLower(uniuri.New())
+}
+
 func GetExecCmd() string {
 	if runtime.GOOS == "windows" {
 		return "C:/bin/drone-docker.exe"

cmd/drone-ecr/main.go

@@ -197,7 +197,7 @@ func parseBoolOrDefault(defaultValue bool, s string) (result bool) {
 	var err error
 	result, err = strconv.ParseBool(s)
 	if err != nil {
-		result = false
+		result = defaultValue
 	}
 
 	return

cmd/drone-gcr/main.go

@@ -1,72 +1,148 @@
 package main
 
 import (
+	"context"
 	"encoding/base64"
+	"fmt"
+	"log"
 	"os"
 	"os/exec"
 	"path"
+	"strconv"
 	"strings"
 
 	"github.com/joho/godotenv"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/oauth2/google"
 
 	docker "github.com/drone-plugins/drone-docker"
 )
 
-// gcr default username
-const username = "_json_key"
+type Config struct {
+	Repo             string
+	Registry         string
+	Password         string
+	WorkloadIdentity bool
+	Username         string
+	RegistryType     string
+}
 
-func main() {
-	// Load env-file if it exists first
+func loadConfig() Config {
+	// Default username
+	username := "_json_key"
+
+	// Load env-file if it exists
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
+		if err := godotenv.Load(env); err != nil {
+			log.Fatalf("Error loading .env file: %v", err)
+		}
 	}
 
-	var (
-		repo     = getenv("PLUGIN_REPO")
-		registry = getenv("PLUGIN_REGISTRY")
-		password = getenv(
-			"PLUGIN_JSON_KEY",
-			"GCR_JSON_KEY",
-			"GOOGLE_CREDENTIALS",
-			"TOKEN",
-		)
+	location := getenv("PLUGIN_LOCATION")
+	repo := getenv("PLUGIN_REPO")
+
+	password := getenv(
+		"PLUGIN_JSON_KEY",
+		"GCR_JSON_KEY",
+		"GOOGLE_CREDENTIALS",
+		"TOKEN",
 	)
+	workloadIdentity := parseBoolOrDefault(false, getenv("PLUGIN_WORKLOAD_IDENTITY"))
+	username, password = setUsernameAndPassword(username, password, workloadIdentity)
 
-	// decode the token if base64 encoded
-	decoded, err := base64.StdEncoding.DecodeString(password)
-	if err == nil {
-		password = string(decoded)
+	registryType := getenv("PLUGIN_REGISTRY_TYPE")
+	if registryType == "" {
+		registryType = "GCR"
 	}
 
-	// default registry value
+	registry := getenv("PLUGIN_REGISTRY")
 	if registry == "" {
-		registry = "gcr.io"
+		switch registryType {
+		case "GCR":
+			registry = "gcr.io"
+		case "GAR":
+			if location == "" {
+				logrus.Fatalf("Error: For REGISTRY_TYPE of GAR, LOCATION must be set")
+			}
+			registry = fmt.Sprintf("%s-docker.pkg.dev", location)
+		default:
+			logrus.Fatalf("Unsupported registry type: %s", registryType)
+		}
 	}
 
-	// must use the fully qualified repo name. If the
-	// repo name does not have the registry prefix we
-	// should prepend.
 	if !strings.HasPrefix(repo, registry) {
 		repo = path.Join(registry, repo)
 	}
 
-	os.Setenv("PLUGIN_REPO", repo)
-	os.Setenv("PLUGIN_REGISTRY", registry)
-	os.Setenv("DOCKER_USERNAME", username)
-	os.Setenv("DOCKER_PASSWORD", password)
-	os.Setenv("PLUGIN_REGISTRY_TYPE", "GCR")
+	return Config{
+		Repo:             repo,
+		Registry:         registry,
+		Password:         password,
+		WorkloadIdentity: workloadIdentity,
+		Username:         username,
+		RegistryType:     registryType,
+	}
+}
+
+func main() {
+	config := loadConfig()
+
+	os.Setenv("PLUGIN_REPO", config.Repo)
+	os.Setenv("PLUGIN_REGISTRY", config.Registry)
+	os.Setenv("DOCKER_USERNAME", config.Username)
+	os.Setenv("DOCKER_PASSWORD", config.Password)
+	os.Setenv("PLUGIN_REGISTRY_TYPE", config.RegistryType)
 
 	// invoke the base docker plugin binary
 	cmd := exec.Command(docker.GetDroneDockerExecCmd())
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-	err = cmd.Run()
+	err := cmd.Run()
 	if err != nil {
 		logrus.Fatal(err)
 	}
 }
 
+func getOauthToken(data []byte) (s string) {
+	scopes := []string{
+		"https://www.googleapis.com/auth/cloud-platform",
+	}
+	ctx := context.Background()
+	credentials, err := google.CredentialsFromJSON(ctx, data, scopes...)
+	if err == nil {
+		token, err := credentials.TokenSource.Token()
+		if err == nil {
+			return token.AccessToken
+		}
+	}
+	return
+}
+
+func setUsernameAndPassword(user string, pass string, workloadIdentity bool) (u string, p string) {
+	// decode the token if base64 encoded
+	decoded, err := base64.StdEncoding.DecodeString(pass)
+	if err == nil {
+		pass = string(decoded)
+	}
+	// get oauth token and set username if using workload identity
+	if workloadIdentity {
+		data := []byte(pass)
+		pass = getOauthToken(data)
+		user = "oauth2accesstoken"
+	}
+	return user, pass
+}
+
+func parseBoolOrDefault(defaultValue bool, s string) (result bool) {
+	var err error
+	result, err = strconv.ParseBool(s)
+	if err != nil {
+		result = defaultValue
+	}
+
+	return
+}
+
 func getenv(key ...string) (s string) {
 	for _, k := range key {
 		s = os.Getenv(k)

docker.go

@@ -45,6 +45,7 @@ type (
 	Build struct {
 		Remote      string   // Git remote URL
 		Name        string   // Docker build using default named tag
+		TempTag     string   // Temporary tag used during docker build
 		Dockerfile  string   // Docker build Dockerfile
 		Context     string   // Docker build context
 		Tags        []string // Docker build tags
@@ -229,7 +230,7 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.ArtifactFile != "" {
-		if digest, err := getDigest(p.Build.Name); err == nil {
+		if digest, err := getDigest(p.Build.TempTag); err == nil {
 			if err = drone.WritePluginArtifactFile(p.Daemon.RegistryType, p.ArtifactFile, p.Daemon.Registry, p.Build.Repo, digest, p.Build.Tags); err != nil {
 				fmt.Printf("failed to write plugin artifact file at path: %s with error: %s\n", p.ArtifactFile, err)
 			}
@@ -243,8 +244,8 @@ func (p Plugin) Exec() error {
 		// clear the slice
 		cmds = nil
 
-		cmds = append(cmds, commandRmi(p.Build.Name)) // docker rmi
-		cmds = append(cmds, commandPrune())           // docker system prune -f
+		cmds = append(cmds, commandRmi(p.Build.TempTag)) // docker rmi
+		cmds = append(cmds, commandPrune())              // docker system prune -f
 
 		for _, cmd := range cmds {
 			cmd.Stdout = os.Stdout
@@ -304,7 +305,7 @@ func commandBuild(build Build) *exec.Cmd {
 		"build",
 		"--rm=true",
 		"-f", build.Dockerfile,
-		"-t", build.Name,
+		"-t", build.TempTag,
 	}
 
 	args = append(args, build.Context)
@@ -463,7 +464,7 @@ func hasProxyBuildArg(build *Build, key string) bool {
 // helper function to create the docker tag command.
 func commandTag(build Build, tag string) *exec.Cmd {
 	var (
-		source = build.Name
+		source = build.TempTag
 		target = fmt.Sprintf("%s:%s", build.Repo, tag)
 	)
 	return exec.Command(

docker_test.go

@@ -3,10 +3,14 @@ package docker
 import (
 	"os/exec"
 	"reflect"
+	"strings"
 	"testing"
+
+	"github.com/dchest/uniuri"
 )
 
 func TestCommandBuild(t *testing.T) {
+	tempTag := strings.ToLower(uniuri.New())
 	tcs := []struct {
 		name  string
 		build Build
@@ -16,6 +20,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "secret from env var",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -29,7 +34,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
 			),
@@ -38,6 +43,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "secret from file",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretFiles: []string{
@@ -51,7 +57,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,src=/path/to/foo_secret",
 			),
@@ -60,6 +66,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "multiple mixed secrets",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -78,7 +85,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--secret id=foo_secret,env=FOO_SECRET_ENV_VAR",
 				"--secret id=bar_secret,env=BAR_SECRET_ENV_VAR",
@@ -90,6 +97,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "invalid mixed secrets",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SecretEnvs: []string{
@@ -110,7 +118,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 			),
 		},
@@ -118,6 +126,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "platform argument",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				Platform:   "test/platform",
@@ -129,7 +138,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--platform",
 				"test/platform",
@@ -139,6 +148,7 @@ func TestCommandBuild(t *testing.T) {
 			name: "ssh agent",
 			build: Build{
 				Name:       "plugins/drone-docker:latest",
+				TempTag:    tempTag,
 				Dockerfile: "Dockerfile",
 				Context:    ".",
 				SSHKeyPath: "id_rsa=/root/.ssh/id_rsa",
@@ -150,7 +160,7 @@ func TestCommandBuild(t *testing.T) {
 				"-f",
 				"Dockerfile",
 				"-t",
-				"plugins/drone-docker:latest",
+				tempTag,
 				".",
 				"--ssh id_rsa=/root/.ssh/id_rsa",
 			),

go.mod

@@ -3,21 +3,28 @@ module github.com/drone-plugins/drone-docker
 require (
 	github.com/aws/aws-sdk-go v1.26.7
 	github.com/coreos/go-semver v0.3.0
+	github.com/dchest/uniuri v1.2.0
 	github.com/drone-plugins/drone-plugin-lib v0.4.1
 	github.com/drone/drone-go v1.7.1
 	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743
 	github.com/joho/godotenv v1.3.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/urfave/cli v1.22.2
+	golang.org/x/oauth2 v0.8.0
 )
 
 require (
+	cloud.google.com/go/compute/metadata v0.2.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/yaml.v2 v2.2.8 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-go 1.17
+go 1.21

go.sum

@@ -1,6 +1,7 @@
+cloud.google.com/go/compute/metadata v0.2.0 h1:nBbNSZyDpkNlo3DepaaLKVuO7ClyifSAmNloSCZrHnQ=
+cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e/go.mod h1:Xa6lInWHNQnuWoF0YPSsx+INFA9qk7/7pTjwb3PInkY=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/aws/aws-sdk-go v1.26.7 h1:ObjEnmzvSdYy8KVd3me7v/UMyCn81inLy2SyoIPoBkg=
 github.com/aws/aws-sdk-go v1.26.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
@@ -11,12 +12,20 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g=
+github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY=
 github.com/drone-plugins/drone-plugin-lib v0.4.1 h1:47rZlmcMpr1hSp+6Gl+1Z4t+efi/gMQU3lxukC1Yg64=
 github.com/drone-plugins/drone-plugin-lib v0.4.1/go.mod h1:KwCu92jFjHV3xv2hu5Qg/8zBNvGwbhoJDQw/EwnTvoM=
 github.com/drone/drone-go v1.7.1 h1:ZX+3Rs8YHUSUQ5mkuMLmm1zr1ttiiE2YGNxF3AnyDKw=
 github.com/drone/drone-go v1.7.1/go.mod h1:fxCf9jAnXDZV1yDr0ckTuWd1intvcQwfJmTRpTZ1mXg=
-github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
@@ -36,11 +45,26 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.23.6/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
-golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=