Merge pull request #449 from Aishwarya-Lad/CI-13422

Change docker login method, from config writing to login func
remove comment
2026-06-04 18:24:24 +08:00 · 2024-07-15 17:22:27 -04:00 · 2024-07-13 14:52:45 -07:00 · 2024-07-12 12:13:41 -07:00 · 2024-07-10 15:10:59 +03:00 · 2024-07-10 16:14:18 +05:30
16 changed files with 421 additions and 46 deletions
@@ -12,7 +12,7 @@ platform:

 steps:
  - name: vet
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - go vet ./...
    environment:
@@ -22,7 +22,7 @@ steps:
        path: /go

  - name: test
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - go test -cover ./...
    environment:
@@ -55,7 +55,7 @@ platform:

 steps:
  - name: go build
-    image: golang:1.22
+    image: golang:1.22.4
    environment:
      CGO_ENABLED: 0
    commands:
@@ -162,7 +162,7 @@ platform:

 steps:
  - name: go build
-    image: golang:1.22
+    image: golang:1.22.4
    environment:
      CGO_ENABLED: 0
    commands:
@@ -172,7 +172,7 @@ steps:
      - go build -o release/windows/amd64/drone-acr.exe ./cmd/drone-acr
      - go build -o release/windows/amd64/drone-gar.exe ./cmd/drone-gar
  - name: build docker plugin
-    image: plugins/docker
+    image: plugins/docker@sha256:f0233d950ae87ee6cb5500b2d5497fe02aa338201c0bdce2619f443fd174cfa4
    settings:
      dockerfile: docker/docker/Dockerfile.windows.amd64.ltsc2022
      repo: plugins/docker
@@ -186,7 +186,7 @@ steps:
    when:
      event: [push, tag]
  - name: build ecr plugin
-    image: plugins/docker
+    image: plugins/docker@sha256:f0233d950ae87ee6cb5500b2d5497fe02aa338201c0bdce2619f443fd174cfa4
    settings:
      dockerfile: docker/ecr/Dockerfile.windows.amd64.ltsc2022
      repo: plugins/ecr
@@ -200,7 +200,7 @@ steps:
    when:
      event: [push, tag]
  - name: build gcr plugin
-    image: plugins/docker
+    image: plugins/docker@sha256:f0233d950ae87ee6cb5500b2d5497fe02aa338201c0bdce2619f443fd174cfa4
    settings:
      dockerfile: docker/gcr/Dockerfile.windows.amd64.ltsc2022
      repo: plugins/gcr
@@ -214,7 +214,7 @@ steps:
    when:
      event: [push, tag]
  - name: build acr plugin
-    image: plugins/docker
+    image: plugins/docker@sha256:f0233d950ae87ee6cb5500b2d5497fe02aa338201c0bdce2619f443fd174cfa4
    settings:
      dockerfile: docker/acr/Dockerfile.windows.amd64.ltsc2022
      repo: plugins/acr
@@ -228,7 +228,7 @@ steps:
    when:
      event: [push, tag]
  - name: build gar plugin
-    image: plugins/docker
+    image: plugins/docker@sha256:f0233d950ae87ee6cb5500b2d5497fe02aa338201c0bdce2619f443fd174cfa4
    settings:
      dockerfile: docker/gar/Dockerfile.windows.amd64.ltsc2022
      repo: plugins/gar
@@ -264,7 +264,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
    environment:
@@ -275,7 +275,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
    environment:
@@ -285,7 +285,7 @@ steps:
        - tag

  - name: executable
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - ./release/linux/amd64/drone-docker --help

@@ -329,7 +329,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
    environment:
@@ -340,7 +340,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
    environment:
@@ -350,7 +350,7 @@ steps:
        - tag

  - name: executable
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - ./release/linux/arm64/drone-docker --help

@@ -429,7 +429,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -440,7 +440,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -488,7 +488,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -499,7 +499,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -582,7 +582,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
    environment:
@@ -593,7 +593,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
    environment:
@@ -641,7 +641,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
    environment:
@@ -652,7 +652,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
    environment:
@@ -734,7 +734,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -744,7 +744,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -792,7 +792,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -802,7 +802,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -885,7 +885,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -895,7 +895,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -944,7 +944,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -954,7 +954,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -1035,7 +1035,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1045,7 +1045,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1093,7 +1093,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1104,7 +1104,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.22
+    image: golang:1.22.4
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
    environment:
@@ -10,6 +10,14 @@

 Drone plugin uses Docker-in-Docker to build and publish Docker images to a container registry. For the usage information and a listing of the available options please take a look at [the docs](http://plugins.drone.io/drone-plugins/drone-docker/).

+### Git Leaks
+
+Run the following script to install git-leaks support to this repo.
+```
+chmod +x ./git-hooks/install.sh
+./git-hooks/install.sh
+```
+
 ## Build

 Build the binaries with the following commands:
@@ -222,6 +222,21 @@ func main() {
 			Usage:  "docker password",
 			EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD",
 		},
+		cli.StringFlag{
+			Name:   "docker.baseimageusername",
+			Usage:  "Docker username for base image registry",
+			EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_BASE_IMAGE_USERNAME",
+		},
+		cli.StringFlag{
+			Name:   "docker.baseimagepassword",
+			Usage:  "Docker password for base image registry",
+			EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_BASE_IMAGE_PASSWORD",
+		},
+		cli.StringFlag{
+			Name:   "docker.baseimageregistry",
+			Usage:  "Docker registry for base image registry",
+			EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_BASE_IMAGE_REGISTRY",
+		},
 		cli.StringFlag{
 			Name:   "docker.email",
 			Usage:  "docker email",
@@ -367,6 +382,9 @@ func run(c *cli.Context) error {
 			Experimental:  c.Bool("daemon.experimental"),
 			RegistryType:  registryType,
 		},
+		BaseImageRegistry: c.String("docker.baseimageregistry"),
+		BaseImageUsername: c.String("docker.baseimageusername"),
+		BaseImagePassword: c.String("docker.baseimagepassword"),
 	}

 	if c.Bool("tags.auto") {
@@ -42,6 +42,7 @@ func main() {
 		assumeRole       = getenv("PLUGIN_ASSUME_ROLE")
 		externalId       = getenv("PLUGIN_EXTERNAL_ID")
 		scanOnPush       = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
+		idToken          = os.Getenv("PLUGIN_OIDC_TOKEN_ID")
 	)

 	// set the region
@@ -61,7 +62,7 @@ func main() {
 		log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
 	}

-	svc := getECRClient(sess, assumeRole, externalId)
+	svc := getECRClient(sess, assumeRole, externalId, idToken)
 	username, password, defaultRegistry, err := getAuthInfo(svc)

 	if registry == "" {
@@ -213,11 +214,30 @@ func getenv(key ...string) (s string) {
 	return
 }

-func getECRClient(sess *session.Session, role string, externalId string) *ecr.ECR {
+func getECRClient(sess *session.Session, role string, externalId string, idToken string) *ecr.ECR {
 	if role == "" {
 		return ecr.New(sess)
 	}
-	if externalId != "" {
+
+	if idToken != "" {
+		tempFile, err := os.CreateTemp("/tmp", "idToken-*.jwt")
+		if err != nil {
+			log.Fatalf("Failed to create temporary file: %v", err)
+		}
+		defer tempFile.Close()
+
+		if err := os.Chmod(tempFile.Name(), 0600); err != nil {
+			log.Fatalf("Failed to set file permissions: %v", err)
+		}
+
+		if _, err := tempFile.WriteString(idToken); err != nil {
+			log.Fatalf("Failed to write ID token to temporary file: %v", err)
+		}
+
+		// Create credentials using the path to the ID token file
+		creds := stscreds.NewWebIdentityCredentials(sess, role, "", tempFile.Name())
+		return ecr.New(sess, &aws.Config{Credentials: creds})
+	} else if externalId != "" {
 		return ecr.New(sess, &aws.Config{
 			Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
 				p.ExternalID = &externalId
@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"

+	"github.com/drone-plugins/drone-docker/internal/docker"
 	"github.com/drone-plugins/drone-plugin-lib/drone"
 )

@@ -75,13 +76,16 @@ type (

 	// Plugin defines the Docker plugin parameters.
 	Plugin struct {
-		Login        Login  // Docker login configuration
-		Build        Build  // Docker build configuration
-		Daemon       Daemon // Docker daemon configuration
-		Dryrun       bool   // Docker push is skipped
-		Cleanup      bool   // Docker purge is enabled
-		CardPath     string // Card path to write file to
-		ArtifactFile string // Artifact path to write file to
+		Login             Login  // Docker login configuration
+		Build             Build  // Docker build configuration
+		Daemon            Daemon // Docker daemon configuration
+		Dryrun            bool   // Docker push is skipped
+		Cleanup           bool   // Docker purge is enabled
+		CardPath          string // Card path to write file to
+		ArtifactFile      string // Artifact path to write file to
+		BaseImageRegistry string // Docker registry to pull base image
+		BaseImageUsername string // Docker registry username to pull base image
+		BaseImagePassword string // Docker registry password to pull base image
 	}

 	Card []struct {
@@ -160,6 +164,29 @@ func (p Plugin) Exec() error {
 		}
 	}

+	// instead of writing to config file directly, using docker's login func
+	// is better to integrate with various credential helpers,
+	//	it also handles different registry specific logic in a better way,
+	//	as opposed to config write where different registries need to be addressed differently.
+	//	It handles any changes in the authentication process across different Docker versions.
+
+	if p.BaseImagePassword != "" {
+		var baseConnectorLogin Login
+		baseConnectorLogin.Registry = p.BaseImageRegistry
+		baseConnectorLogin.Username = p.BaseImageUsername
+		baseConnectorLogin.Password = p.BaseImagePassword
+
+		cmd := commandLogin(baseConnectorLogin)
+
+		raw, err := cmd.CombinedOutput()
+		if err != nil {
+			out := string(raw)
+			out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
+			fmt.Println(out)
+			return fmt.Errorf("Error authenticating base connector: exit status 1")
+		}
+	}
+
 	// login to the Docker registry
 	if p.Login.Password != "" {
 		cmd := commandLogin(p.Login)
@@ -270,6 +297,35 @@ func (p Plugin) Exec() error {
 	return nil
 }

+// helper function to set the credentials
+func setDockerAuth(username, password, registry, baseImageUsername,
+	baseImagePassword, baseImageRegistry string) ([]byte, error) {
+	var credentials []docker.RegistryCredentials
+	// add only docker registry to the config
+	dockerConfig := docker.NewConfig()
+	if password != "" {
+		pushToRegistryCreds := docker.RegistryCredentials{
+			Registry: registry,
+			Username: username,
+			Password: password,
+		}
+		// push registry auth
+		credentials = append(credentials, pushToRegistryCreds)
+	}
+
+	if baseImageRegistry != "" {
+		pullFromRegistryCreds := docker.RegistryCredentials{
+			Registry: baseImageRegistry,
+			Username: baseImageUsername,
+			Password: baseImagePassword,
+		}
+		// base image registry auth
+		credentials = append(credentials, pullFromRegistryCreds)
+	}
+	// Creates docker config for both the registries used for authentication
+	return dockerConfig.CreateDockerConfigJson(credentials)
+}
+
 // helper function to create the docker login command.
 func commandLogin(login Login) *exec.Cmd {
 	if login.Email != "" {
@@ -0,0 +1,8 @@
+This document explains on how to install certain git hooks globally for all repositories in your machine.
+
+Step 1: git clone https://github.com/drone-plugins/drone-docker.git
+Step 2: cd git-hooks
+Step 3: Run install.sh
+
+"install.sh" script will create .git_template in the user directory and will put the git hook and its dependent scripts in it. Along with the .git_template folder, it will add 2 sections "init" and "hooks boolean" in the .gitconfig file in the same user's root directory.
+After running "install.sh" if you create/clone a new git repository then all the hooks will get install automatically for the git repository. In case of existing git repository copy the contents of ~/.git_template/hooks into the .git/hooks directory of existing git repository.
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+#Helper script to be used as a pre-commit hook.
+
+echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
+Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
+
+GIT_LEAKS_PRE_COMMIT=s$(git config --bool hook.pre-commit.gitleak)
+
+echo "INFO: Scanning Commits information for any GIT LEAKS"
+gitleaks protect --staged -v --exit-code=100
+STATUS=$?
+if [ $STATUS = 100  ]; then
+    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
+else
+    exit 0
+fi
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#Helper script to be used as a pre-commit hook.
+
+echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
+Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
+
+GIT_LEAKS=$(git config --bool hook.pre-push.gitleaks)
+
+echo "INFO: Scanning Commits information for any GIT LEAKS"
+gitleaks detect -s ./ --log-level=debug --log-opts=-1 -v
+STATUS=$?
+if [ $STATUS != 0  ]; then
+    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
+    exit $STATUS
+else
+    exit 0
+fi
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks-pre-commit.sh"
+
+pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
+BASENAME=`basename $0`
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+    against=HEAD
+else
+    #Initial commit : diff against an empty tree object
+    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+GIT_LEAKS_PRE_COMMIT=hook.pre-commit.gitleaks
+if [ "`git config $GIT_LEAKS_PRE_COMMIT`" == "false" ]
+then
+    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS_PRE_COMMIT '\033[0m'
+    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS_PRE_COMMIT true '\033[0m'
+else
+    echo -e '\033[0;34m' checking for git leaks...
+    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
+fi
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks.sh"
+
+pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
+BASENAME=`basename $0`
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+    against=HEAD
+else
+    #Initial commit : diff against an empty tree object
+    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+GIT_LEAKS=hook.pre-push.gitleaks
+if [ "`git config $GIT_LEAKS`" == "false" ]
+then
+    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS '\033[0m'
+    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS true '\033[0m'
+else
+    echo -e '\033[0;34m' checking for git leaks...
+    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
+fi
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+#Function to check if package is installed or not
+#args: $1: Name of the Package
+function check_package_installed() {
+  LOCAL_PACKAGE_NAME=$1
+  echo "Checking if $LOCAL_PACKAGE_NAME is installed or not..."
+  brew list $LOCAL_PACKAGE_NAME
+  if [ "$?" -eq 1 ];then
+    echo "Installing $LOCAL_PACKAGE_NAME package..."
+    brew install $LOCAL_PACKAGE_NAME
+  fi
+}
+
+function create_git_template() {
+    cd $BASEDIR
+    mkdir -p ~/.git_template/hooks
+    git config --global init.templatedir ${GIT_TEMPLATE}
+    git config --global --add $GIT_LEAKS true
+    git config --global --add $GIT_LEAKS_PRE_COMMIT true
+    find hooks/ -type f -exec cp "{}" ~/.git_template/hooks \;
+    #cp -f hooks/* ~/.git_template/hooks
+    cat ~/.gitconfig
+}
+
+GIT_TEMPLATE="~/.git_template"
+GIT_LEAKS=hook.pre-push.gitleaks
+GIT_LEAKS_PRE_COMMIT=hook.pre-commit.gitleaks
+
+pushd `dirname $0` && BASEDIR=$(pwd -L) && popd
+
+echo This script will install hooks that run scripts that could be updated without notice.
+
+while true; do
+    read -p "Do you wish to install these hooks?" yn
+    case $yn in
+        [Yy]* ) check_package_installed "gitleaks";
+                break;;
+        [Nn]* ) exit;;
+        * ) echo "Please answer yes or no.";;
+    esac
+done
+
+create_git_template
@@ -9,6 +9,7 @@ require (
 	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743
 	github.com/joho/godotenv v1.3.0
 	github.com/sirupsen/logrus v1.9.0
+	github.com/stretchr/testify v1.8.1
 	github.com/urfave/cli v1.22.2
 	golang.org/x/oauth2 v0.13.0
 )
@@ -17,6 +18,7 @@ require (
 	cloud.google.com/go/compute v1.23.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
@@ -24,6 +26,7 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.14.0 // indirect
@@ -39,4 +42,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

-go 1.22
+go 1.22.4
@@ -90,6 +90,7 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
@@ -0,0 +1,70 @@
+package docker
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+)
+
+const (
+	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
+	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
+	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
+)
+
+type (
+	Auth struct {
+		Auth string `json:"auth"`
+	}
+
+	Config struct {
+		Auths       map[string]Auth   `json:"auths"`
+		CredHelpers map[string]string `json:"credHelpers,omitempty"`
+	}
+)
+
+type RegistryCredentials struct {
+	Registry string
+	Username string
+	Password string
+}
+
+func NewConfig() *Config {
+	return &Config{
+		Auths:       make(map[string]Auth),
+		CredHelpers: make(map[string]string),
+	}
+}
+
+func (c *Config) SetAuth(registry, username, password string) {
+	authBytes := []byte(username + ":" + password)
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	c.Auths[registry] = Auth{Auth: encodedString}
+}
+
+func (c *Config) SetCredHelper(registry, helper string) {
+	c.CredHelpers[registry] = helper
+}
+
+func (c *Config) CreateDockerConfigJson(credentials []RegistryCredentials) ([]byte, error) {
+	for _, cred := range credentials {
+		if cred.Registry != "" {
+
+			if cred.Username == "" {
+				return nil, fmt.Errorf("Username must be specified for registry: %s", cred.Registry)
+			}
+			if cred.Password == "" {
+				return nil, fmt.Errorf("Password must be specified for registry: %s", cred.Registry)
+			}
+			c.SetAuth(cred.Registry, cred.Username, cred.Password)
+		}
+	}
+
+	jsonBytes, err := json.Marshal(c)
+	if err != nil {
+		return nil, errors.New("failed to serialize docker config json")
+	}
+
+	return jsonBytes, nil
+}
@@ -0,0 +1,64 @@
+package docker
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	RegistryV1        string = "https://index.docker.io/v1/"
+	RegistryV2        string = "https://index.docker.io/v2/"
+	RegistryECRPublic string = "public.ecr.aws"
+)
+
+func TestConfig(t *testing.T) {
+	c := NewConfig()
+	assert.NotNil(t, c.Auths)
+	assert.NotNil(t, c.CredHelpers)
+
+	c.SetAuth(RegistryV1, "test", "password")
+	expectedAuth := Auth{Auth: "dGVzdDpwYXNzd29yZA=="}
+	assert.Equal(t, expectedAuth, c.Auths[RegistryV1])
+
+	c.SetCredHelper(RegistryECRPublic, "ecr-login")
+	assert.Equal(t, "ecr-login", c.CredHelpers[RegistryECRPublic])
+
+	tempDir, err := ioutil.TempDir("", "docker-config-test")
+	assert.NoError(t, err)
+	defer os.RemoveAll(tempDir)
+
+	credentials := []RegistryCredentials{
+		{
+			Registry: "https://index.docker.io/v1/",
+			Username: "user1",
+			Password: "pass1",
+		},
+		{
+			Registry: "gcr.io",
+			Username: "user2",
+			Password: "pass2",
+		},
+	}
+
+	jsonBytes, err := c.CreateDockerConfigJson(credentials)
+	assert.NoError(t, err)
+
+	configPath := filepath.Join(tempDir, "config.json")
+	err = ioutil.WriteFile(configPath, jsonBytes, 0644)
+	assert.NoError(t, err)
+
+	data, err := ioutil.ReadFile(configPath)
+	assert.NoError(t, err)
+
+	var configFromFile Config
+	err = json.Unmarshal(data, &configFromFile)
+	assert.NoError(t, err)
+
+	assert.Equal(t, c.Auths, configFromFile.Auths)
+	assert.Equal(t, c.CredHelpers, configFromFile.CredHelpers)
+}
Author	SHA1	Message	Date
Jamie Li	f202de1604	Merge pull request #449 from Aishwarya-Lad/CI-13422 Change docker login method, from config writing to login func	2024-07-15 17:22:27 -04:00
Aishwarya Lad	60929c782c	remove comment	2024-07-13 14:52:45 -07:00
Aishwarya Lad	90280c9c7b	Change docker login method, from config writing to login func	2024-07-12 12:13:41 -07:00
Hen Amar	531cc5cb7a	Merge pull request #447 from drone-plugins/CI-13178_go-upgrade_minor fix: [CI-13178]: Upgraded go with minor version to 1.22.4	2024-07-10 15:10:59 +03:00
rahkumar56	a5459e5f20	Merge branch 'master' into CI-13178_go-upgrade_minor	2024-07-10 16:14:18 +05:30
OP (oppenheimer)	6ae21e3d8c	Merge pull request #448 from Aishwarya-Lad/CI-13377 remove docker registry string match	2024-07-10 13:19:11 +05:30
Aishwarya Lad	bee421255a	remove docker registry string match	2024-07-09 23:05:03 -07:00
rahkumar56	a6b3e2f7b5	fix: [CI-13178]: Upgraded go with minor version to 1.22.4	2024-07-05 12:13:35 +05:30
Jamie Li	6cade1e98b	Merge pull request #446 from Aishwarya-Lad/CI-11718-part2 update docker config for base image	2024-06-28 13:41:24 -04:00
Aishwarya Lad	0a2f635d57	typos	2024-06-26 16:22:01 -07:00
Aishwarya Lad	74d5558af0	resolve comments	2024-06-26 15:42:46 -07:00
Aishwarya Lad	5639b702aa	dependencies	2024-06-25 15:06:41 -07:00
Aishwarya Lad	9a4e1ba483	address review comments	2024-06-25 15:04:24 -07:00
Aishwarya Lad	ced9875ed0	add only docker registry auths to docker config	2024-06-24 12:50:00 -07:00
Aishwarya Lad	e9b38c94b4	update docker config	2024-06-23 03:02:24 -07:00
OP (oppenheimer)	292ebe06de	Merge pull request #440 from drone-plugins/CI-12566 Fixed 'error getting ECR auth: WebIdentityErr: unable to read file at…' issue	2024-05-20 16:16:44 +05:30
Ompragash Viswanathan	49e9dde7a7	Updated cmd/drone-ecr/main.go	2024-05-15 10:56:48 +05:30
Ompragash Viswanathan	e7e8dd882d	Fixed 'error getting ECR auth: WebIdentityErr: unable to read file at' issue	2024-05-15 10:56:48 +05:30
Brad Rydzewski	11015f0ddb	Merge pull request #442 from drone-plugins/pin-docker-version Update .drone.yml	2024-05-14 16:47:51 -04:00
Vistaar Juneja	a946428e81	Update .drone.yml Pin plugins/docker version for all builds	2024-05-14 21:46:20 +01:00
Vistaar Juneja	7c8c6ca9cb	Merge pull request #438 from drone-plugins/CI-10849 feat: [CI-10849]: add git-leaks support	2024-05-10 12:39:40 +01:00
abhay084	87212938c2	corrected external reference	2024-05-10 11:18:24 +05:30
abhay084	3c4c8e5f10	feat: [CI-10849]: add git-leaks support	2024-05-10 11:18:24 +05:30
Dinesh Garg	b009c711b5	Merge pull request #439 from Ompragash/patch-1 Added PLUGIN_OIDC_TOKEN_ID support	2024-04-23 23:34:53 -07:00
OP (oppenheimer)	12cc40aa62	Added PLUGIN_OIDC_TOKEN_ID support	2024-04-23 22:34:44 +05:30