diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..bd7c21e Binary files /dev/null and b/.DS_Store differ diff --git a/.drone.yml b/.drone.yml index fad3cd2..7f71b17 100644 --- a/.drone.yml +++ b/.drone.yml @@ -33,23 +33,6 @@ steps: exclude: - pull_request -- name: gcr - image: plugins/docker - settings: - repo: plugins/kaniko-gcr - auto_tag: true - auto_tag_suffix: linux-amd64 - daemon_off: false - dockerfile: docker/gcr/Dockerfile.linux.amd64 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - pull_request - - name: gar image: plugins/docker settings: @@ -118,23 +101,6 @@ steps: exclude: - pull_request -- name: gcr-kaniko-v1-9 - image: plugins/docker - settings: - repo: plugins/kaniko-gcr - auto_tag: true - auto_tag_suffix: linux-amd64-kaniko1.9.1 - daemon_off: false - dockerfile: docker/gcr/Dockerfile.linux.amd64.kaniko1.9.1 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - pull_request - - name: gar-kaniko-v1-9 image: plugins/docker settings: @@ -200,23 +166,6 @@ steps: exclude: - pull_request -- name: gcr - image: plugins/docker - settings: - repo: plugins/kaniko-gcr - auto_tag: true - auto_tag_suffix: linux-arm64 - daemon_off: false - dockerfile: docker/gcr/Dockerfile.linux.arm64 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - pull_request - - name: gar image: plugins/docker settings: @@ -285,23 +234,6 @@ steps: exclude: - pull_request -- name: gcr-kaniko-v1-9 - image: plugins/docker - settings: - repo: plugins/kaniko-gcr - auto_tag: true - auto_tag_suffix: linux-arm64-kaniko1.9.1 - daemon_off: false - dockerfile: docker/gcr/Dockerfile.linux.arm64.kaniko1.9.1 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: - exclude: - - pull_request - - name: gar-kaniko-v1-9 image: plugins/docker settings: @@ -360,18 +292,6 @@ steps: username: from_secret: docker_username -- name: manifest-gcr - pull: always - image: plugins/manifest - settings: - auto_tag: true - ignore_missing: true - password: - from_secret: docker_password - spec: docker/gcr/manifest.tmpl - username: - from_secret: docker_username - - name: manifest-gar pull: always image: plugins/manifest @@ -442,18 +362,6 @@ steps: username: from_secret: docker_username -- name: manifest-gcr - pull: always - image: plugins/manifest - settings: - auto_tag: false - ignore_missing: true - password: - from_secret: docker_password - spec: docker/gcr/manifest-kaniko1.9.1.tmpl - username: - from_secret: docker_username - - name: manifest-gar pull: always image: plugins/manifest @@ -486,3 +394,4 @@ trigger: depends_on: - default - arm + diff --git a/.harness/harness.yaml b/.harness/harness.yaml index eb4f758..a3e0174 100644 --- a/.harness/harness.yaml +++ b/.harness/harness.yaml @@ -65,53 +65,35 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" - "-acr" repo: - docker - - gcr - gar - ecr - acr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - image: "" repo: acr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - - image: "-gcr" - repo: acr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-gar" repo: acr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar - image: "-ecr" repo: acr - image: "-acr" repo: docker - - image: "-acr" - repo: gcr - image: "-acr" repo: gar - image: "-acr" @@ -139,37 +121,23 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" repo: - docker - - gcr - gar - ecr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar nodeName: <+matrix.repo> @@ -192,53 +160,35 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" - "-acr" repo: - docker - - gcr - gar - ecr - acr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - image: "" repo: acr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - - image: "-gcr" - repo: acr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-gar" repo: acr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar - image: "-ecr" repo: acr - image: "-acr" repo: docker - - image: "-acr" - repo: gcr - image: "-acr" repo: gar - image: "-acr" @@ -262,37 +212,23 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" repo: - docker - - gcr - gar - ecr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar nodeName: _<+matrix.repo> @@ -350,53 +286,35 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" - "-acr" repo: - docker - - gcr - gar - ecr - acr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - image: "" repo: acr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - - image: "-gcr" - repo: acr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-gar" repo: acr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar - image: "-ecr" repo: acr - image: "-acr" repo: docker - - image: "-acr" - repo: gcr - image: "-acr" repo: gar - image: "-acr" @@ -424,37 +342,23 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" repo: - docker - - gcr - gar - ecr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar nodeName: _<+matrix.repo> @@ -477,57 +381,25 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" - - "-acr" repo: - docker - - gcr - gar - ecr - - acr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - - image: "" - repo: acr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - - image: "-gcr" - repo: acr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - - image: "-gar" - repo: acr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar - - image: "-ecr" - repo: acr - - image: "-acr" - repo: docker - - image: "-acr" - repo: gcr - - image: "-acr" - repo: gar - - image: "-acr" - repo: ecr nodeName: <+matrix.repo> - step: type: BuildAndPushDockerRegistry @@ -547,37 +419,23 @@ pipeline: matrix: image: - "" - - "-gcr" - "-gar" - "-ecr" repo: - docker - - gcr - gar - ecr exclude: - - image: "" - repo: gcr - image: "" repo: gar - image: "" repo: ecr - - image: "-gcr" - repo: docker - - image: "-gcr" - repo: gar - - image: "-gcr" - repo: ecr - image: "-gar" repo: docker - - image: "-gar" - repo: gcr - image: "-gar" repo: ecr - image: "-ecr" repo: docker - - image: "-ecr" - repo: gcr - image: "-ecr" repo: gar nodeName: _<+matrix.repo> @@ -622,7 +480,6 @@ pipeline: matrix: repo: - docker - - gcr - gar - ecr - acr @@ -647,7 +504,6 @@ pipeline: matrix: repo: - docker - - gcr - gar - ecr nodeName: manifest_<+matrix.repo> diff --git a/README.md b/README.md index feab941..31a39b1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Drone kaniko plugin uses [kaniko](https://github.com/GoogleContainerTools/kaniko) to build and publish Docker images to a container registry. -Plugin images are published with 1.6.0 as well as 1.9.1 kaniko version from 1.5.1 release tag. `plugins/kaniko:` uses 1.6.0 version while `plugins/kaniko:-kaniko1.9.1` uses 1.9.1 version. Similar convention is used for plugins/kaniko-ecr & plugins/kaniko-gcr images as well. +Plugin images are published with 1.6.0 as well as 1.9.1 kaniko version from 1.5.1 release tag. `plugins/kaniko:` uses 1.6.0 version while `plugins/kaniko:-kaniko1.9.1` uses 1.9.1 version. Similar convention is used for plugins/kaniko-ecr & plugins/kaniko-gar images as well. Run the following script to install git-leaks support to this repo. @@ -22,7 +22,6 @@ export CGO_ENABLED=0 export GO111MODULE=on go build -v -a -tags netgo -o release/linux/amd64/kaniko-docker ./cmd/kaniko-docker -go build -v -a -tags netgo -o release/linux/amd64/kaniko-gcr ./cmd/kaniko-gcr go build -v -a -tags netgo -o release/linux/amd64/kaniko-ecr ./cmd/kaniko-ecr go build -v -a -tags netgo -o release/linux/amd64/kaniko-acr ./cmd/kaniko-acr ``` @@ -42,11 +41,6 @@ docker build \ --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \ --file docker/acr/Dockerfile.linux.amd64 --tag plugins/kaniko-acr . -docker build \ - --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \ - --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \ - --file docker/gcr/Dockerfile.linux.amd64 --tag plugins/kaniko-gcr . - docker build \ --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \ --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \ @@ -62,7 +56,6 @@ The drone-kaniko plugin now supports an improved build arguments system with the A new custom CLI flag type that allows passing multiple build arguments using semicolon (`;`) as a delimiter. This flag is available across all registry implementations: - `kaniko-docker` -- `kaniko-gcr` (Google Container Registry) - `kaniko-ecr` (Amazon Elastic Container Registry) - `kaniko-acr` (Azure Container Registry) - `kaniko-gar` (Google Artifact Registry) diff --git a/cmd/kaniko-gcr/main.go b/cmd/kaniko-gcr/main.go deleted file mode 100644 index 675f85d..0000000 --- a/cmd/kaniko-gcr/main.go +++ /dev/null @@ -1,482 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - "os" - - "github.com/joho/godotenv" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "github.com/urfave/cli" - - kaniko "github.com/drone/drone-kaniko" - "github.com/drone/drone-kaniko/pkg/artifact" - "github.com/drone/drone-kaniko/pkg/docker" - "github.com/drone/drone-kaniko/pkg/utils" -) - -const ( - dockerConfigPath string = "/kaniko/.docker" - // GCR JSON key file path - gcrKeyPath string = "/kaniko/config.json" - gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS" - - defaultDigestFile string = "/kaniko/digest-file" -) - -var ( - version = "unknown" -) - -func main() { - // Load env-file if it exists first - if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" { - if err := godotenv.Load(env); err != nil { - logrus.Fatal(err) - } - } - - app := cli.NewApp() - app.Name = "kaniko gcr plugin" - app.Usage = "kaniko gcr plugin" - app.Action = run - app.Version = version - app.Flags = []cli.Flag{ - cli.StringFlag{ - Name: "dockerfile", - Usage: "build dockerfile", - Value: "Dockerfile", - EnvVar: "PLUGIN_DOCKERFILE", - }, - cli.StringFlag{ - Name: "context", - Usage: "build context", - Value: ".", - EnvVar: "PLUGIN_CONTEXT", - }, - cli.StringFlag{ - Name: "drone-commit-ref", - Usage: "git commit ref passed by Drone", - EnvVar: "DRONE_COMMIT_REF", - }, - cli.StringFlag{ - Name: "drone-repo-branch", - Usage: "git repository default branch passed by Drone", - EnvVar: "DRONE_REPO_BRANCH", - }, - cli.StringSliceFlag{ - Name: "tags", - Usage: "build tags", - Value: &cli.StringSlice{"latest"}, - EnvVar: "PLUGIN_TAGS", - FilePath: ".tags", - }, - cli.BoolFlag{ - Name: "expand-tag", - Usage: "enable for semver tagging", - EnvVar: "PLUGIN_EXPAND_TAG", - }, - cli.BoolFlag{ - Name: "auto-tag", - Usage: "enable auto generation of build tags", - EnvVar: "PLUGIN_AUTO_TAG", - }, - cli.StringFlag{ - Name: "auto-tag-suffix", - Usage: "the suffix of auto build tags", - EnvVar: "PLUGIN_AUTO_TAG_SUFFIX", - }, - cli.StringSliceFlag{ - Name: "args", - Usage: "build args", - EnvVar: "PLUGIN_BUILD_ARGS", - }, - cli.StringFlag{ - Name: "target", - Usage: "build target", - EnvVar: "PLUGIN_TARGET", - }, - cli.StringFlag{ - Name: "repo", - Usage: "gcr repository", - EnvVar: "PLUGIN_REPO", - }, - cli.StringSliceFlag{ - Name: "custom-labels", - Usage: "additional k=v labels", - EnvVar: "PLUGIN_CUSTOM_LABELS", - }, - cli.StringFlag{ - Name: "registry", - Usage: "gcr registry", - Value: "gcr.io", - EnvVar: "PLUGIN_REGISTRY,BASE_REGISTRY", - }, - cli.StringFlag{ - Name: "base-image-username", - Usage: "Docker username for base image registry", - EnvVar: "PLUGIN_DOCKER_USERNAME,PLUGIN_BASE_IMAGE_USERNAME,DOCKER_USERNAME", - }, - cli.StringFlag{ - Name: "base-image-password", - Usage: "Docker password for base image registry", - EnvVar: "PLUGIN_DOCKER_PASSWORD,PLUGIN_BASE_IMAGE_PASSWORD,DOCKER_PASSWORD", - }, - cli.StringFlag{ - Name: "base-image-registry", - Usage: "Docker registry for base image registry", - EnvVar: "PLUGIN_DOCKER_REGISTRY,PLUGIN_BASE_IMAGE_REGISTRY,DOCKER_REGISTRY", - }, - cli.StringSliceFlag{ - Name: "registry-mirrors", - Usage: "docker registry mirrors", - EnvVar: "PLUGIN_REGISTRY_MIRRORS", - }, - cli.StringFlag{ - Name: "json-key", - Usage: "docker username", - EnvVar: "PLUGIN_JSON_KEY", - }, - cli.StringFlag{ - Name: "snapshot-mode", - Usage: "Specify one of full, redo or time as snapshot mode", - EnvVar: "PLUGIN_SNAPSHOT_MODE", - }, - cli.BoolFlag{ - Name: "enable-cache", - Usage: "Set this flag to opt into caching with kaniko", - EnvVar: "PLUGIN_ENABLE_CACHE", - }, - cli.StringFlag{ - Name: "cache-repo", - Usage: "Remote repository that will be used to store cached layers. Cache repo should be present in specified registry. enable-cache needs to be set to use this flag", - EnvVar: "PLUGIN_CACHE_REPO", - }, - cli.IntFlag{ - Name: "cache-ttl", - Usage: "Cache timeout in hours. Defaults to two weeks.", - EnvVar: "PLUGIN_CACHE_TTL", - }, - cli.StringFlag{ - Name: "artifact-file", - Usage: "Artifact file location that will be generated by the plugin. This file will include information of docker images that are uploaded by the plugin.", - EnvVar: "PLUGIN_ARTIFACT_FILE", - }, - cli.BoolFlag{ - Name: "no-push", - Usage: "Set this flag if you only want to build the image, without pushing to a registry", - EnvVar: "PLUGIN_NO_PUSH", - }, - cli.StringFlag{ - Name: "verbosity", - Usage: "Set this flag as --verbosity= to set the logging level for kaniko. Defaults to info.", - EnvVar: "PLUGIN_VERBOSITY", - }, - cli.StringFlag{ - Name: "platform", - Usage: "Allows to build with another default platform than the host, similarly to docker build --platform", - EnvVar: "PLUGIN_PLATFORM", - }, - cli.BoolFlag{ - Name: "skip-unused-stages", - Usage: "build only used stages", - EnvVar: "PLUGIN_SKIP_UNUSED_STAGES", - }, - cli.StringFlag{ - Name: "cache-dir", - Usage: "Set this flag to specify a local directory cache for base images", - EnvVar: "PLUGIN_CACHE_DIR", - }, - - cli.BoolFlag{ - Name: "cache-copy-layers", - Usage: "Enable or disable copying layers from the cache.", - EnvVar: "PLUGIN_CACHE_COPY_LAYERS", - }, - cli.BoolFlag{ - Name: "cache-run-layers", - Usage: "Enable or disable running layers from the cache.", - EnvVar: "PLUGIN_CACHE_RUN_LAYERS", - }, - cli.BoolFlag{ - Name: "cleanup", - Usage: "Enable or disable cleanup of temporary files.", - EnvVar: "PLUGIN_CLEANUP", - }, - cli.BoolFlag{ - Name: "compressed-caching", - Usage: "Enable or disable compressed caching.", - EnvVar: "PLUGIN_COMPRESSED_CACHING", - }, - cli.StringFlag{ - Name: "context-sub-path", - Usage: "Sub-path within the context to build.", - EnvVar: "PLUGIN_CONTEXT_SUB_PATH", - }, - cli.StringFlag{ - Name: "custom-platform", - Usage: "Platform to use for building.", - EnvVar: "PLUGIN_CUSTOM_PLATFORM", - }, - cli.BoolFlag{ - Name: "force", - Usage: "Force building the image even if it already exists.", - EnvVar: "PLUGIN_FORCE", - }, - cli.StringFlag{ - Name: "image-name-with-digest-file", - Usage: "Write image name with digest to a file.", - EnvVar: "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE", - }, - cli.StringFlag{ - Name: "image-name-tag-with-digest-file", - Usage: "Write image name with tag and digest to a file.", - EnvVar: "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE", - }, - cli.BoolFlag{ - Name: "insecure", - Usage: "Allow connecting to registries without TLS.", - EnvVar: "PLUGIN_INSECURE", - }, - cli.BoolFlag{ - Name: "insecure-pull", - Usage: "Allow insecure pulls from the registry.", - EnvVar: "PLUGIN_INSECURE_PULL", - }, - cli.StringFlag{ - Name: "insecure-registry", - Usage: "Use plain HTTP for registry communication.", - EnvVar: "PLUGIN_INSECURE_REGISTRY", - }, - cli.StringFlag{ - Name: "log-format", - Usage: "Set the log format for build output.", - EnvVar: "PLUGIN_LOG_FORMAT", - }, - cli.BoolFlag{ - Name: "log-timestamp", - Usage: "Show timestamps in build output.", - EnvVar: "PLUGIN_LOG_TIMESTAMP", - }, - cli.StringFlag{ - Name: "oci-layout-path", - Usage: "Directory to store OCI layout.", - EnvVar: "PLUGIN_OCI_LAYOUT_PATH", - }, - cli.IntFlag{ - Name: "push-retry", - Usage: "Number of times to retry pushing an image.", - EnvVar: "PLUGIN_PUSH_RETRY", - }, - cli.StringFlag{ - Name: "registry-certificate", - Usage: "Path to a file containing a registry certificate.", - EnvVar: "PLUGIN_REGISTRY_CERTIFICATE", - }, - cli.StringFlag{ - Name: "registry-client-cert", - Usage: "Path to a file containing a registry client certificate.", - EnvVar: "PLUGIN_REGISTRY_CLIENT_CERT", - }, - cli.BoolFlag{ - Name: "skip-default-registry-fallback", - Usage: "Skip Docker Hub and default registry fallback.", - EnvVar: "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK", - }, - cli.BoolFlag{ - Name: "reproducible", - Usage: "Create a reproducible image.", - EnvVar: "PLUGIN_REPRODUCIBLE", - }, - cli.BoolFlag{ - Name: "single-snapshot", - Usage: "Only create a single snapshot of the image.", - EnvVar: "PLUGIN_SINGLE_SNAPSHOT", - }, - cli.BoolFlag{ - Name: "skip-push-permission-check", - Usage: "Skip permission check when pushing.", - EnvVar: "PLUGIN_SKIP_PUSH_PERMISSION_CHECK", - }, - cli.BoolFlag{ - Name: "skip-tls-verify-pull", - Usage: "Skip TLS verification when pulling.", - EnvVar: "PLUGIN_SKIP_TLS_VERIFY_PULL", - }, - cli.BoolFlag{ - Name: "skip-tls-verify-registry", - Usage: "Skip TLS verification when connecting to a registry.", - EnvVar: "PLUGIN_SKIP_TLS_VERIFY_REGISTRY", - }, - cli.BoolFlag{ - Name: "use-new-run", - Usage: "Skip TLS verification when connecting to a registry.", - EnvVar: "PLUGIN_USE_NEW_RUN", - }, - cli.BoolFlag{ - Name: "ignore-var-run", - Usage: "Ignore the /var/run directory during build.", - EnvVar: "PLUGIN_IGNORE_VAR_RUN", - }, - cli.StringFlag{ - Name: "ignore-path", - Usage: "Path to ignore during the build.", - EnvVar: "PLUGIN_IGNORE_PATH", - }, - cli.IntFlag{ - Name: "image-fs-extract-retry", - Usage: "Number of retries for extracting filesystem layers.", - EnvVar: "PLUGIN_IMAGE_FS_EXTRACT_RETRY", - }, - cli.IntFlag{ - Name: "image-download-retry", - Usage: "Number of retries for downloading base images.", - EnvVar: "PLUGIN_IMAGE_DOWNLOAD_RETRY", - }, - cli.GenericFlag{ - Name: "args-new", - Usage: "build args new", - EnvVar: "PLUGIN_BUILD_ARGS_NEW", - Value: new(utils.CustomStringSliceFlag), - }, - cli.BoolFlag{ - Name: "plugin-multiple-build-agrs", - Usage: "plugin multiple build agrs", - EnvVar: "PLUGIN_MULTIPLE_BUILD_ARGS", - }, - - } - - if err := app.Run(os.Args); err != nil { - logrus.Fatal(err) - } -} - -func run(c *cli.Context) error { - noPush := c.Bool("no-push") - jsonKey := c.String("json-key") - - // JSON key may not be set in the following cases: - // 1. Image does not need to be pushed to GCR. - // 2. Workload identity is set on GKE in which pod will inherit the credentials via service account. - if jsonKey != "" { - if err := setupGCRAuth(jsonKey); err != nil { - return err - } - - // setup docker config only when base image registry is specified - if c.String("base-image-registry") != "" { - if err := setDockerAuth( - c.String("base-image-username"), - c.String("base-image-password"), - c.String("base-image-registry"), - ); err != nil { - return errors.Wrap(err, "failed to create docker config") - } - } else { - fmt.Println("\033[33mTo ensure consistent and reliable pipeline execution, we recommend setting up a Base Image Connector.\033[0m\n" + - "\033[33mWhile optional at this time, configuring it helps prevent failures caused by Docker Hub's rate limits.\033[0m") - } - } - - plugin := kaniko.Plugin{ - Build: kaniko.Build{ - DroneCommitRef: c.String("drone-commit-ref"), - DroneRepoBranch: c.String("drone-repo-branch"), - Dockerfile: c.String("dockerfile"), - Context: c.String("context"), - Tags: c.StringSlice("tags"), - AutoTag: c.Bool("auto-tag"), - AutoTagSuffix: c.String("auto-tag-suffix"), - ExpandTag: c.Bool("expand-tag"), - Args: c.StringSlice("args"), - ArgsNew: c.Generic("args-new").(*utils.CustomStringSliceFlag).GetValue(), - IsMultipleBuildArgs: c.Bool("plugin-multiple-build-agrs"), - Target: c.String("target"), - Repo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")), - Mirrors: c.StringSlice("registry-mirrors"), - Labels: c.StringSlice("custom-labels"), - SnapshotMode: c.String("snapshot-mode"), - EnableCache: c.Bool("enable-cache"), - CacheRepo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")), - CacheTTL: c.Int("cache-ttl"), - DigestFile: defaultDigestFile, - NoPush: noPush, - Verbosity: c.String("verbosity"), - Platform: c.String("platform"), - SkipUnusedStages: c.Bool("skip-unused-stages"), - CacheDir: c.String("cache-dir"), - CacheCopyLayers: c.Bool("cache-copy-layers"), - CacheRunLayers: c.Bool("cache-run-layers"), - Cleanup: c.Bool("cleanup"), - ContextSubPath: c.String("context-sub-path"), - CustomPlatform: c.String("custom-platform"), - Force: c.Bool("force"), - ImageNameWithDigestFile: c.String("image-name-with-digest-file"), - ImageNameTagWithDigestFile: c.String("image-name-tag-with-digest-file"), - Insecure: c.Bool("insecure"), - InsecurePull: c.Bool("insecure-pull"), - InsecureRegistry: c.String("insecure-registry"), - Label: c.String("label"), - LogFormat: c.String("log-format"), - LogTimestamp: c.Bool("log-timestamp"), - OCILayoutPath: c.String("oci-layout-path"), - PushRetry: c.Int("push-retry"), - RegistryCertificate: c.String("registry-certificate"), - RegistryClientCert: c.String("registry-client-cert"), - SkipDefaultRegistryFallback: c.Bool("skip-default-registry-fallback"), - Reproducible: c.Bool("reproducible"), - SingleSnapshot: c.Bool("single-snapshot"), - SkipTLSVerify: c.Bool("skip-tls-verify"), - SkipPushPermissionCheck: c.Bool("skip-push-permission-check"), - SkipTLSVerifyPull: c.Bool("skip-tls-verify-pull"), - SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"), - UseNewRun: c.Bool("use-new-run"), - IgnorePath: c.String("ignore-path"), - IgnorePaths: c.StringSlice("ignore-paths"), - ImageFSExtractRetry: c.Int("image-fs-extract-retry"), - ImageDownloadRetry: c.Int("image-download-retry"), - }, - Artifact: kaniko.Artifact{ - Tags: c.StringSlice("tags"), - Repo: c.String("repo"), - Registry: c.String("registry"), - ArtifactFile: c.String("artifact-file"), - RegistryType: artifact.GCR, - }, - } - if c.IsSet("compressed-caching") { - flag := c.Bool("compressed-caching") - plugin.Build.CompressedCaching = &flag - } - if c.IsSet("ignore-var-run") { - flag := c.Bool("ignore-var-run") - plugin.Build.IgnoreVarRun = &flag - } - return plugin.Exec() -} - -func setDockerAuth(dockerUsername, dockerPassword, dockerRegistry string) error { - dockerConfig := docker.NewConfig() - dockerRegistryCreds := docker.RegistryCredentials{ - Registry: dockerRegistry, - Username: dockerUsername, - Password: dockerPassword, - } - credentials := []docker.RegistryCredentials{dockerRegistryCreds} - return dockerConfig.CreateDockerConfig(credentials, dockerConfigPath) -} - -func setupGCRAuth(jsonKey string) error { - err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644) - if err != nil { - return errors.Wrap(err, "failed to write GCR JSON key") - } - - err = os.Setenv(gcrEnvVariable, gcrKeyPath) - if err != nil { - return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", gcrEnvVariable)) - } - return nil -} diff --git a/cmd/kaniko-gcr/main_test.go b/cmd/kaniko-gcr/main_test.go deleted file mode 100644 index 1fd7972..0000000 --- a/cmd/kaniko-gcr/main_test.go +++ /dev/null @@ -1,270 +0,0 @@ -package main - -import ( - "encoding/json" - "os" - "testing" - - "github.com/drone/drone-kaniko/pkg/utils" - "github.com/urfave/cli" -) - -func TestCustomStringSliceFlagIntegration(t *testing.T) { - tests := []struct { - name string - input string - expected []string - }{ - { - name: "single build arg", - input: "ARG1=value1", - expected: []string{"ARG1=value1"}, - }, - { - name: "multiple build args with semicolon", - input: "ARG1=value1;ARG2=value2;ARG3=value3", - expected: []string{"ARG1=value1", "ARG2=value2", "ARG3=value3"}, - }, - { - name: "build args with spaces", - input: "ARG1=value with spaces;ARG2=another value", - expected: []string{"ARG1=value with spaces", "ARG2=another value"}, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // Test the CustomStringSliceFlag directly - flag := &utils.CustomStringSliceFlag{} - err := flag.Set(tt.input) - if err != nil { - t.Errorf("Set() error = %v, want nil", err) - return - } - - result := flag.GetValue() - if len(result) != len(tt.expected) { - t.Errorf("Got %d args, want %d", len(result), len(tt.expected)) - return - } - - for i, expected := range tt.expected { - if result[i] != expected { - t.Errorf("Got arg[%d] = %v, want %v", i, result[i], expected) - } - } - }) - } -} - -func TestEnvironmentVariableIntegration(t *testing.T) { - // Test that environment variables work with CustomStringSliceFlag - originalEnv := os.Getenv("PLUGIN_BUILD_ARGS_NEW") - defer func() { - if originalEnv != "" { - os.Setenv("PLUGIN_BUILD_ARGS_NEW", originalEnv) - } else { - os.Unsetenv("PLUGIN_BUILD_ARGS_NEW") - } - }() - - os.Setenv("PLUGIN_BUILD_ARGS_NEW", "ENV_ARG1=env_value1;ENV_ARG2=env_value2") - - app := cli.NewApp() - app.Flags = []cli.Flag{ - cli.GenericFlag{ - Name: "args-new", - Usage: "build args new", - EnvVar: "PLUGIN_BUILD_ARGS_NEW", - Value: new(utils.CustomStringSliceFlag), - }, - } - - var capturedArgs []string - app.Action = func(c *cli.Context) error { - if flag := c.Generic("args-new"); flag != nil { - if customFlag, ok := flag.(*utils.CustomStringSliceFlag); ok { - capturedArgs = customFlag.GetValue() - } - } - return nil - } - - err := app.Run([]string{"test"}) - if err != nil { - t.Errorf("App.Run() error = %v, want nil", err) - return - } - - expected := []string{"ENV_ARG1=env_value1", "ENV_ARG2=env_value2"} - if len(capturedArgs) != len(expected) { - t.Errorf("Environment variable test: got %d args, want %d", len(capturedArgs), len(expected)) - return - } - - for i, exp := range expected { - if capturedArgs[i] != exp { - t.Errorf("Environment variable test: got arg[%d] = %v, want %v", i, capturedArgs[i], exp) - } - } -} - -func TestGCRBuildArgsProcessing(t *testing.T) { - // Test that build args are correctly processed in the context of GCR plugin - tests := []struct { - name string - argsNew string - expectedCount int - expectedFirst string - }{ - { - name: "docker build args format", - argsNew: "GOOS=linux;GOARCH=amd64;CGO_ENABLED=0", - expectedCount: 3, - expectedFirst: "GOOS=linux", - }, - { - name: "google cloud specific args", - argsNew: "GOOGLE_APPLICATION_CREDENTIALS=/path/to/creds.json;PROJECT_ID=my-project", - expectedCount: 2, - expectedFirst: "GOOGLE_APPLICATION_CREDENTIALS=/path/to/creds.json", - }, - { - name: "single complex arg with special characters", - argsNew: "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')", - expectedCount: 1, - expectedFirst: "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - flag := &utils.CustomStringSliceFlag{} - err := flag.Set(tt.argsNew) - if err != nil { - t.Errorf("Set() error = %v, want nil", err) - return - } - - args := flag.GetValue() - if len(args) != tt.expectedCount { - t.Errorf("Got %d args, want %d", len(args), tt.expectedCount) - return - } - - if len(args) > 0 && args[0] != tt.expectedFirst { - t.Errorf("Got first arg = %v, want %v", args[0], tt.expectedFirst) - } - }) - } -} - -func TestGCRRegistryFormatting(t *testing.T) { - // Test GCR-specific registry formatting - tests := []struct { - name string - registry string - repo string - expected string - }{ - { - name: "standard GCR format", - registry: "gcr.io", - repo: "my-project/my-image", - expected: "gcr.io/my-project/my-image", - }, - { - name: "regional GCR", - registry: "us.gcr.io", - repo: "project123/image456", - expected: "us.gcr.io/project123/image456", - }, - { - name: "european GCR", - registry: "eu.gcr.io", - repo: "my-eu-project/my-app", - expected: "eu.gcr.io/my-eu-project/my-app", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // This would be the format used in the GCR plugin - result := tt.registry + "/" + tt.repo - if result != tt.expected { - t.Errorf("GCR formatting: got %v, want %v", result, tt.expected) - } - }) - } -} - -func TestGCRJSONKeyValidation(t *testing.T) { - // Test JSON key validation for GCR authentication - tests := []struct { - name string - jsonKey string - expectErr bool - }{ - { - name: "empty json key", - jsonKey: "", - expectErr: false, // Empty is allowed (workload identity) - }, - { - name: "valid json structure", - jsonKey: `{"type":"service_account","project_id":"test","private_key_id":"123"}`, - expectErr: false, - }, - { - name: "invalid json", - jsonKey: `{invalid json}`, - expectErr: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // This simulates the JSON key validation that would happen in GCR - if tt.jsonKey != "" { - var data map[string]interface{} - err := json.Unmarshal([]byte(tt.jsonKey), &data) - if err != nil && !tt.expectErr { - t.Errorf("Expected no error for JSON key, got %v", err) - } - if err == nil && tt.expectErr { - t.Errorf("Expected error for JSON key, got nil") - } - } - }) - } -} - -func TestGCRAuthSetup(t *testing.T) { - // Test GCR authentication setup - tests := []struct { - name string - jsonKey string - expectAuthFile bool - }{ - { - name: "with json key", - jsonKey: `{"type":"service_account","project_id":"test"}`, - expectAuthFile: true, - }, - { - name: "without json key (workload identity)", - jsonKey: "", - expectAuthFile: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // This simulates the auth setup logic - hasAuthFile := tt.jsonKey != "" - if hasAuthFile != tt.expectAuthFile { - t.Errorf("Auth file expectation: got %v, want %v", hasAuthFile, tt.expectAuthFile) - } - }) - } -} diff --git a/docker/gcr/Dockerfile.linux.amd64 b/docker/gcr/Dockerfile.linux.amd64 deleted file mode 100644 index 645b5b6..0000000 --- a/docker/gcr/Dockerfile.linux.amd64 +++ /dev/null @@ -1,5 +0,0 @@ -FROM gcr.io/kaniko-project/executor:v1.23.2 - -ENV KANIKO_VERSION=1.23.2 -ADD release/linux/amd64/kaniko-gcr /kaniko/ -ENTRYPOINT ["/kaniko/kaniko-gcr"] diff --git a/docker/gcr/Dockerfile.linux.amd64.kaniko1.9.1 b/docker/gcr/Dockerfile.linux.amd64.kaniko1.9.1 deleted file mode 100644 index baa2775..0000000 --- a/docker/gcr/Dockerfile.linux.amd64.kaniko1.9.1 +++ /dev/null @@ -1,5 +0,0 @@ -FROM gcr.io/kaniko-project/executor:v1.9.1 - -ENV KANIKO_VERSION=1.9.1 -ADD release/linux/amd64/kaniko-gcr /kaniko/ -ENTRYPOINT ["/kaniko/kaniko-gcr"] diff --git a/docker/gcr/Dockerfile.linux.arm64 b/docker/gcr/Dockerfile.linux.arm64 deleted file mode 100644 index 788bd12..0000000 --- a/docker/gcr/Dockerfile.linux.arm64 +++ /dev/null @@ -1,8 +0,0 @@ -FROM gcr.io/kaniko-project/executor:v1.23.2 - -ENV HOME /root -ENV USER root -ENV KANIKO_VERSION=1.23.2 - -ADD release/linux/arm64/kaniko-gcr /kaniko/ -ENTRYPOINT ["/kaniko/kaniko-gcr"] diff --git a/docker/gcr/Dockerfile.linux.arm64.kaniko1.9.1 b/docker/gcr/Dockerfile.linux.arm64.kaniko1.9.1 deleted file mode 100644 index ff85a0d..0000000 --- a/docker/gcr/Dockerfile.linux.arm64.kaniko1.9.1 +++ /dev/null @@ -1,5 +0,0 @@ -FROM gcr.io/kaniko-project/executor:v1.9.1 - -ENV KANIKO_VERSION=1.9.1 -ADD release/linux/arm64/kaniko-gcr /kaniko/ -ENTRYPOINT ["/kaniko/kaniko-gcr"] diff --git a/docker/gcr/manifest-kaniko1.9.1.tmpl b/docker/gcr/manifest-kaniko1.9.1.tmpl deleted file mode 100644 index b66dc37..0000000 --- a/docker/gcr/manifest-kaniko1.9.1.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-kaniko1.9.1{{else}}latest-kaniko1.9.1{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - - image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-kaniko1.9.1 - platform: - architecture: amd64 - os: linux - - - image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-kaniko1.9.1 - platform: - architecture: arm64 - os: linux \ No newline at end of file diff --git a/docker/gcr/manifest.tmpl b/docker/gcr/manifest.tmpl deleted file mode 100644 index f1592e9..0000000 --- a/docker/gcr/manifest.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - - image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 - platform: - architecture: amd64 - os: linux - - - image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64 - platform: - architecture: arm64 - os: linux diff --git a/pkg/artifact/artifact.go b/pkg/artifact/artifact.go index 4db5161..eab3f55 100644 --- a/pkg/artifact/artifact.go +++ b/pkg/artifact/artifact.go @@ -19,7 +19,6 @@ type RegistryTypeEnum string const ( Docker RegistryTypeEnum = "Docker" ECR RegistryTypeEnum = "ECR" - GCR RegistryTypeEnum = "GCR" GAR RegistryTypeEnum = "GAR" ) @@ -75,3 +74,4 @@ func WritePluginArtifactFile(registryType RegistryTypeEnum, artifactFilePath, re } return nil } + diff --git a/pkg/docker/config_test.go b/pkg/docker/config_test.go index a4a717f..5d5c626 100644 --- a/pkg/docker/config_test.go +++ b/pkg/docker/config_test.go @@ -33,7 +33,7 @@ func TestConfig(t *testing.T) { Password: "pass1", }, { - Registry: "gcr.io", + Registry: "us-docker.pkg.dev", Username: "user2", Password: "pass2", }, diff --git a/scripts/build.sh b/scripts/build.sh index 553b66a..c0464b5 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -10,19 +10,16 @@ set -e set -x # linux -GOOS=linux GOARCH=amd64 go build -o release/linux/amd64/kaniko-gcr ./cmd/kaniko-gcr GOOS=linux GOARCH=amd64 go build -o release/linux/amd64/kaniko-acr ./cmd/kaniko-acr GOOS=linux GOARCH=amd64 go build -o release/linux/amd64/kaniko-ecr ./cmd/kaniko-ecr GOOS=linux GOARCH=amd64 go build -o release/linux/amd64/kaniko-docker ./cmd/kaniko-docker GOOS=linux GOARCH=amd64 go build -o release/linux/amd64/kaniko-gar ./cmd/kaniko-gar -GOOS=linux GOARCH=arm64 go build -o release/linux/arm64/kaniko-gcr ./cmd/kaniko-gcr GOOS=linux GOARCH=arm64 go build -o release/linux/arm64/kaniko-acr ./cmd/kaniko-acr GOOS=linux GOARCH=arm64 go build -o release/linux/arm64/kaniko-ecr ./cmd/kaniko-ecr GOOS=linux GOARCH=arm64 go build -o release/linux/arm64/kaniko-docker ./cmd/kaniko-docker GOOS=linux GOARCH=arm64 go build -o release/linux/arm64/kaniko-gar ./cmd/kaniko-gar -GOOS=linux GOARCH=arm go build -o release/linux/arm/kaniko-gcr ./cmd/kaniko-gcr GOOS=linux GOARCH=arm go build -o release/linux/arm/kaniko-acr ./cmd/kaniko-acr GOOS=linux GOARCH=arm go build -o release/linux/arm/kaniko-ecr ./cmd/kaniko-ecr GOOS=linux GOARCH=arm go build -o release/linux/arm/kaniko-docker ./cmd/kaniko-docker diff --git a/scripts/docker.sh b/scripts/docker.sh index bf1bdad..982cc33 100755 --- a/scripts/docker.sh +++ b/scripts/docker.sh @@ -14,13 +14,11 @@ set -e set -x # build the binary -go build -o release/linux/amd64/kaniko-gcr ./cmd/kaniko-gcr go build -o release/linux/amd64/kaniko-gar ./cmd/kaniko-gar go build -o release/linux/amd64/kaniko-ecr ./cmd/kaniko-ecr go build -o release/linux/amd64/kaniko-docker ./cmd/kaniko-docker # build the docker image -docker build -f docker/gcr/Dockerfile.linux.amd64 -t plugins/kaniko-gcr . docker build -f docker/gar/Dockerfile.linux.amd64 -t plugins/kaniko-gar . docker build -f docker/ecr/Dockerfile.linux.amd64 -t plugins/kaniko-ecr . docker build -f docker/docker/Dockerfile.linux.amd64 -t plugins/kaniko .