mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-06-04 18:23:50 +08:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 OP (oppenheimer)
|
58bd727c07 | ||
|
ci-reporunner
|
a73b8ee28d | ||
|
OP (oppenheimer)
|
b826c7f408 | ||
|
ci-reporunner
|
e56198f84c | ||
|
Devansh Mathur
|
d6153866df | ||
|
OP (oppenheimer)
|
30e1ea9fd8 | ||
|
OP (oppenheimer)
|
0fb726616e |
@@ -0,0 +1,14 @@
|
||||
inputSet:
|
||||
name: event-PR
|
||||
identifier: eventPR
|
||||
orgIdentifier: default
|
||||
projectIdentifier: Drone_Plugins
|
||||
pipeline:
|
||||
identifier: dronekanikoharness
|
||||
properties:
|
||||
ci:
|
||||
codebase:
|
||||
build:
|
||||
type: PR
|
||||
spec:
|
||||
number: <+trigger.prNumber>
|
||||
@@ -0,0 +1,14 @@
|
||||
inputSet:
|
||||
name: event-Push
|
||||
identifier: eventPush
|
||||
orgIdentifier: default
|
||||
projectIdentifier: Drone_Plugins
|
||||
pipeline:
|
||||
identifier: dronekanikoharness
|
||||
properties:
|
||||
ci:
|
||||
codebase:
|
||||
build:
|
||||
type: branch
|
||||
spec:
|
||||
branch: <+trigger.branch>
|
||||
@@ -0,0 +1,14 @@
|
||||
inputSet:
|
||||
name: event-Tag
|
||||
identifier: eventTag
|
||||
orgIdentifier: default
|
||||
projectIdentifier: Drone_Plugins
|
||||
pipeline:
|
||||
identifier: dronekanikoharness
|
||||
properties:
|
||||
ci:
|
||||
codebase:
|
||||
build:
|
||||
type: tag
|
||||
spec:
|
||||
tag: <+trigger.tag>
|
||||
@@ -0,0 +1,655 @@
|
||||
pipeline:
|
||||
name: drone-kaniko-harness
|
||||
identifier: dronekanikoharness
|
||||
projectIdentifier: Drone_Plugins
|
||||
orgIdentifier: default
|
||||
tags: {}
|
||||
properties:
|
||||
ci:
|
||||
codebase:
|
||||
connectorRef: GitHub_Drone_Org
|
||||
repoName: drone-kaniko
|
||||
build: <+input>
|
||||
sparseCheckout: []
|
||||
stages:
|
||||
- parallel:
|
||||
- stage:
|
||||
name: linux-amd64
|
||||
identifier: linuxamd64
|
||||
description: ""
|
||||
type: CI
|
||||
spec:
|
||||
cloneCodebase: true
|
||||
caching:
|
||||
enabled: false
|
||||
paths: []
|
||||
platform:
|
||||
os: Linux
|
||||
arch: Amd64
|
||||
runtime:
|
||||
type: Cloud
|
||||
spec: {}
|
||||
execution:
|
||||
steps:
|
||||
- step:
|
||||
type: Run
|
||||
name: Build Binary
|
||||
identifier: Build
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: golang:1.22.4
|
||||
shell: Sh
|
||||
command: |-
|
||||
go test ./...
|
||||
sh scripts/build.sh
|
||||
- parallel:
|
||||
- step:
|
||||
type: Plugin
|
||||
name: BuildAndPushDockerTag
|
||||
identifier: BuildAndPushDockerTag
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
|
||||
auto_tag: "true"
|
||||
auto_tag_suffix: linux-amd64
|
||||
daemon_off: "false"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
- "-acr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
- acr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: ""
|
||||
repo: acr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: acr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: acr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
- image: "-ecr"
|
||||
repo: acr
|
||||
- image: "-acr"
|
||||
repo: docker
|
||||
- image: "-acr"
|
||||
repo: gcr
|
||||
- image: "-acr"
|
||||
repo: gar
|
||||
- image: "-acr"
|
||||
repo: ecr
|
||||
nodeName: _<+matrix.repo>
|
||||
- step:
|
||||
type: Plugin
|
||||
name: BuildAndPushDockerTag_Kaniko
|
||||
identifier: BuildAndPushDockerTag_Kaniko
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
|
||||
auto_tag: "true"
|
||||
auto_tag_suffix: linux-amd64-kaniko1.9.1
|
||||
daemon_off: "false"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
nodeName: <+matrix.repo>
|
||||
- parallel:
|
||||
- step:
|
||||
type: BuildAndPushDockerRegistry
|
||||
name: BuildAndPushDockerBranch
|
||||
identifier: BuildAndPushDockerBranch
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
tags:
|
||||
- linux-amd64
|
||||
caching: false
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
- "-acr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
- acr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: ""
|
||||
repo: acr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: acr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: acr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
- image: "-ecr"
|
||||
repo: acr
|
||||
- image: "-acr"
|
||||
repo: docker
|
||||
- image: "-acr"
|
||||
repo: gcr
|
||||
- image: "-acr"
|
||||
repo: gar
|
||||
- image: "-acr"
|
||||
repo: ecr
|
||||
nodeName: <+matrix.repo>
|
||||
- step:
|
||||
type: BuildAndPushDockerRegistry
|
||||
name: BuildAndPushDockerBranch_Kaniko
|
||||
identifier: BuildAndPushDockerBranch_Kaniko
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
tags:
|
||||
- linux-amd64-kaniko1.9.1
|
||||
caching: false
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
nodeName: _<+matrix.repo>
|
||||
when:
|
||||
pipelineStatus: Success
|
||||
- stage:
|
||||
name: linux-arm64
|
||||
identifier: linuxarm64
|
||||
description: ""
|
||||
type: CI
|
||||
spec:
|
||||
cloneCodebase: true
|
||||
caching:
|
||||
enabled: false
|
||||
paths: []
|
||||
platform:
|
||||
os: Linux
|
||||
arch: Arm64
|
||||
runtime:
|
||||
type: Cloud
|
||||
spec: {}
|
||||
execution:
|
||||
steps:
|
||||
- step:
|
||||
type: Run
|
||||
name: Build Binary
|
||||
identifier: Build_and_Test
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: golang:1.22.4
|
||||
shell: Sh
|
||||
command: |-
|
||||
go test ./...
|
||||
sh scripts/build.sh
|
||||
- parallel:
|
||||
- step:
|
||||
type: Plugin
|
||||
name: BuildAndPushDockerTag
|
||||
identifier: BuildAndPushDockerTag
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
|
||||
auto_tag: "true"
|
||||
auto_tag_suffix: linux-arm64
|
||||
daemon_off: "false"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
- "-acr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
- acr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: ""
|
||||
repo: acr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: acr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: acr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
- image: "-ecr"
|
||||
repo: acr
|
||||
- image: "-acr"
|
||||
repo: docker
|
||||
- image: "-acr"
|
||||
repo: gcr
|
||||
- image: "-acr"
|
||||
repo: gar
|
||||
- image: "-acr"
|
||||
repo: ecr
|
||||
nodeName: _<+matrix.repo>
|
||||
- step:
|
||||
type: Plugin
|
||||
name: BuildAndPushDockerTag_Kaniko
|
||||
identifier: BuildAndPushDockerTag_Kaniko
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
|
||||
auto_tag: "true"
|
||||
auto_tag_suffix: linux-arm64-kaniko1.9.1
|
||||
daemon_off: "false"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
nodeName: _<+matrix.repo>
|
||||
- parallel:
|
||||
- step:
|
||||
type: BuildAndPushDockerRegistry
|
||||
name: BuildAndPushDockerBranch
|
||||
identifier: BuildAndPushDockerBranch
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
tags:
|
||||
- linux-arm64
|
||||
caching: false
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
- "-acr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
- acr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: ""
|
||||
repo: acr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: acr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: acr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
- image: "-ecr"
|
||||
repo: acr
|
||||
- image: "-acr"
|
||||
repo: docker
|
||||
- image: "-acr"
|
||||
repo: gcr
|
||||
- image: "-acr"
|
||||
repo: gar
|
||||
- image: "-acr"
|
||||
repo: ecr
|
||||
nodeName: <+matrix.repo>
|
||||
- step:
|
||||
type: BuildAndPushDockerRegistry
|
||||
name: BuildAndPushDockerBranch_Kaniko
|
||||
identifier: BuildAndPushDockerBranch_Kaniko
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
repo: plugins/kaniko<+matrix.image>
|
||||
tags:
|
||||
- linux-arm64-kaniko1.9.1
|
||||
caching: false
|
||||
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch"
|
||||
strategy:
|
||||
matrix:
|
||||
image:
|
||||
- ""
|
||||
- "-gcr"
|
||||
- "-gar"
|
||||
- "-ecr"
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
exclude:
|
||||
- image: ""
|
||||
repo: gcr
|
||||
- image: ""
|
||||
repo: gar
|
||||
- image: ""
|
||||
repo: ecr
|
||||
- image: "-gcr"
|
||||
repo: docker
|
||||
- image: "-gcr"
|
||||
repo: gar
|
||||
- image: "-gcr"
|
||||
repo: ecr
|
||||
- image: "-gar"
|
||||
repo: docker
|
||||
- image: "-gar"
|
||||
repo: gcr
|
||||
- image: "-gar"
|
||||
repo: ecr
|
||||
- image: "-ecr"
|
||||
repo: docker
|
||||
- image: "-ecr"
|
||||
repo: gcr
|
||||
- image: "-ecr"
|
||||
repo: gar
|
||||
nodeName: _<+matrix.repo>
|
||||
when:
|
||||
pipelineStatus: Success
|
||||
- stage:
|
||||
name: Manifest
|
||||
identifier: Manifest
|
||||
description: ""
|
||||
type: CI
|
||||
spec:
|
||||
cloneCodebase: true
|
||||
caching:
|
||||
enabled: false
|
||||
paths: []
|
||||
platform:
|
||||
os: Linux
|
||||
arch: Amd64
|
||||
runtime:
|
||||
type: Cloud
|
||||
spec: {}
|
||||
execution:
|
||||
steps:
|
||||
- parallel:
|
||||
- step:
|
||||
type: Plugin
|
||||
name: Manifest
|
||||
identifier: Manifest
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/manifest
|
||||
settings:
|
||||
auto_tag: "true"
|
||||
spec: docker/<+matrix.repo>/manifest.tmpl
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
ignore_missing: "true"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch" || <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
- acr
|
||||
nodeName: manifest_<+matrix.repo>
|
||||
- step:
|
||||
type: Plugin
|
||||
name: Manifest_kaniko
|
||||
identifier: Manifest_kaniko
|
||||
spec:
|
||||
connectorRef: Plugins_Docker_Hub_Connector
|
||||
image: plugins/manifest
|
||||
settings:
|
||||
auto_tag: "true"
|
||||
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
|
||||
username: drone
|
||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||
ignore_missing: "true"
|
||||
when:
|
||||
stageStatus: Success
|
||||
condition: <+codebase.build.type> == "branch" || <+codebase.build.type> == "tag"
|
||||
strategy:
|
||||
matrix:
|
||||
repo:
|
||||
- docker
|
||||
- gcr
|
||||
- gar
|
||||
- ecr
|
||||
nodeName: manifest_<+matrix.repo>
|
||||
when:
|
||||
pipelineStatus: Success
|
||||
+12
-4
@@ -451,6 +451,7 @@ func run(c *cli.Context) error {
|
||||
SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
IgnorePaths: c.StringSlice("ignore-paths"),
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
},
|
||||
@@ -479,25 +480,32 @@ func setupAuth(tenantId, clientId, cert,
|
||||
return "", fmt.Errorf("registry must be specified")
|
||||
}
|
||||
|
||||
if noPush {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// case of client secret or cert based auth
|
||||
if clientId != "" {
|
||||
// only setup auth when pushing or credentials are defined
|
||||
|
||||
token, publicUrl, err := getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry)
|
||||
if err != nil {
|
||||
if noPush {
|
||||
logrus.Warnf("NO_PUSH mode: failed to fetch ACR Token: %v", err)
|
||||
return "", nil
|
||||
}
|
||||
return "", errors.Wrap(err, "failed to fetch ACR Token")
|
||||
}
|
||||
|
||||
// setup docker config for azure registry and base image docker registry
|
||||
if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
|
||||
if noPush {
|
||||
logrus.Warnf("NO_PUSH mode: failed to create docker config: %v", err)
|
||||
return "", nil
|
||||
}
|
||||
return "", errors.Wrap(err, "failed to create docker config")
|
||||
}
|
||||
return publicUrl, nil
|
||||
} else {
|
||||
if noPush {
|
||||
return "", nil
|
||||
}
|
||||
return "", fmt.Errorf("managed authentication is not supported")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -353,6 +353,11 @@ func main() {
|
||||
Usage: "Path to ignore during the build.",
|
||||
EnvVar: "PLUGIN_IGNORE_PATH",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
Name: "ignore-paths",
|
||||
Usage: "Path to ignore during the build.",
|
||||
EnvVar: "PLUGIN_IGNORE_PATHS",
|
||||
},
|
||||
cli.IntFlag{
|
||||
Name: "image-fs-extract-retry",
|
||||
Usage: "Number of retries for extracting filesystem layers.",
|
||||
@@ -460,6 +465,7 @@ func run(c *cli.Context) error {
|
||||
SourceTarPath: c.String("source-tar-path"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
IgnorePaths: c.StringSlice("ignore-paths"),
|
||||
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
"github.com/aws/aws-sdk-go-v2/service/ecr"
|
||||
"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
|
||||
awsv1 "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
ecrv1 "github.com/aws/aws-sdk-go/service/ecr"
|
||||
@@ -29,6 +30,8 @@ import (
|
||||
kaniko "github.com/drone/drone-kaniko"
|
||||
"github.com/drone/drone-kaniko/pkg/artifact"
|
||||
"github.com/drone/drone-kaniko/pkg/docker"
|
||||
"github.com/google/go-containerregistry/pkg/authn"
|
||||
"github.com/google/go-containerregistry/pkg/crane"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -403,6 +406,21 @@ func main() {
|
||||
Usage: "OIDC token for assuming role via web identity",
|
||||
EnvVar: "PLUGIN_OIDC_TOKEN_ID",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "tar-path",
|
||||
Usage: "Set this flag to save the image as a tarball at path",
|
||||
EnvVar: "PLUGIN_TAR_PATH, PLUGIN_DESTINATION_TAR_PATH",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "source-tar-path",
|
||||
Usage: "Set this flag for the source tarball during push operations.",
|
||||
EnvVar: "PLUGIN_SOURCE_TAR_PATH",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "push-only",
|
||||
Usage: "Specify if the operation is push-only",
|
||||
EnvVar: "PLUGIN_PUSH_ONLY",
|
||||
},
|
||||
}
|
||||
|
||||
if err := app.Run(os.Args); err != nil {
|
||||
@@ -415,10 +433,21 @@ func run(c *cli.Context) error {
|
||||
registry := c.String("registry")
|
||||
region := c.String("region")
|
||||
noPush := c.Bool("no-push")
|
||||
pushOnly := c.Bool("push-only")
|
||||
assumeRole := c.String("assume-role")
|
||||
externalId := c.String("external-id")
|
||||
oidcToken := c.String("oidc-token-id")
|
||||
|
||||
// Validate flags
|
||||
if noPush && pushOnly {
|
||||
return fmt.Errorf("no-push and push-only flags cannot be used together")
|
||||
}
|
||||
|
||||
// Handle push-only operation
|
||||
if pushOnly {
|
||||
return handlePushOnly(c)
|
||||
}
|
||||
|
||||
// setup docker config for azure registry and base image docker registry
|
||||
err := setDockerAuth(
|
||||
c.String("docker-registry"),
|
||||
@@ -518,8 +547,12 @@ func run(c *cli.Context) error {
|
||||
SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
IgnorePaths: c.StringSlice("ignore-paths"),
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
TarPath: c.String("tar-path"),
|
||||
SourceTarPath: c.String("source-tar-path"),
|
||||
PushOnly: c.Bool("push-only"),
|
||||
},
|
||||
Artifact: kaniko.Artifact{
|
||||
Tags: c.StringSlice("tags"),
|
||||
@@ -845,3 +878,98 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
|
||||
// Return the credentials
|
||||
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
||||
}
|
||||
|
||||
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
Region: awsv1.String(region),
|
||||
Credentials: credentials.NewStaticCredentials(
|
||||
accessKey,
|
||||
secretKey,
|
||||
sessionToken,
|
||||
),
|
||||
}))
|
||||
return ecrv1.New(sess)
|
||||
}
|
||||
|
||||
func handlePushOnly(c *cli.Context) error {
|
||||
sourceTarPath := c.String("source-tar-path")
|
||||
if sourceTarPath == "" {
|
||||
return fmt.Errorf("source_tar_path is required when push_only is set")
|
||||
}
|
||||
|
||||
if _, err := os.Stat(sourceTarPath); os.IsNotExist(err) {
|
||||
return fmt.Errorf("image tarball does not exist at path: %s", sourceTarPath)
|
||||
}
|
||||
|
||||
repo := c.String("repo")
|
||||
registry := c.String("registry")
|
||||
if repo == "" || registry == "" {
|
||||
return fmt.Errorf("repository and registry must be specified for push-only operation")
|
||||
}
|
||||
|
||||
// Load the image from the tarball
|
||||
img, err := crane.Load(sourceTarPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to load image from tarball: %v", err)
|
||||
}
|
||||
|
||||
// Get ECR credentials using existing auth methods
|
||||
var username, password string
|
||||
var svc *ecrv1.ECR
|
||||
if oidcToken := c.String("oidc-token-id"); oidcToken != "" && c.String("assume-role") != "" {
|
||||
accessKey, secretKey, sessionToken, err := getOidcCreds(oidcToken, c.String("assume-role"))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
||||
}
|
||||
|
||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
||||
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
||||
}
|
||||
|
||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||
} else {
|
||||
// Use direct credentials or IAM role
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
Region: awsv1.String(c.String("region")),
|
||||
Credentials: credentials.NewStaticCredentials(
|
||||
c.String("access-key"),
|
||||
c.String("secret-key"),
|
||||
"",
|
||||
),
|
||||
}))
|
||||
svc = ecrv1.New(sess)
|
||||
}
|
||||
|
||||
// Get ECR auth token using the configured session
|
||||
username, password, _, err = getAuthInfo(svc)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get ECR credentials: %v", err)
|
||||
}
|
||||
|
||||
// Setup crane auth
|
||||
opts := []crane.Option{
|
||||
crane.WithAuth(&authn.Basic{
|
||||
Username: username,
|
||||
Password: password,
|
||||
}),
|
||||
}
|
||||
|
||||
// Push for each tag
|
||||
tags := c.StringSlice("tags")
|
||||
if len(tags) == 0 {
|
||||
tags = []string{"latest"}
|
||||
}
|
||||
|
||||
for _, tag := range tags {
|
||||
dest := fmt.Sprintf("%s/%s:%s", registry, repo, tag)
|
||||
if err := crane.Push(img, dest, opts...); err != nil {
|
||||
return fmt.Errorf("failed to push image to %s: %v", dest, err)
|
||||
}
|
||||
fmt.Printf("Successfully pushed image to %s\n", dest)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -414,6 +414,7 @@ func run(c *cli.Context) error {
|
||||
SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
IgnorePaths: c.StringSlice("ignore-paths"),
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
},
|
||||
|
||||
@@ -416,6 +416,7 @@ func run(c *cli.Context) error {
|
||||
SkipTLSVerifyRegistry: c.Bool("skip-tls-verify-registry"),
|
||||
UseNewRun: c.Bool("use-new-run"),
|
||||
IgnorePath: c.String("ignore-path"),
|
||||
IgnorePaths: c.StringSlice("ignore-paths"),
|
||||
ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
|
||||
ImageDownloadRetry: c.Int("image-download-retry"),
|
||||
},
|
||||
|
||||
@@ -49,41 +49,42 @@ type (
|
||||
Target string // Docker build target
|
||||
Verbosity string // Log level
|
||||
|
||||
Cache bool // Enable or disable caching during the build process.
|
||||
CacheDir string // Directory to store cached layers.
|
||||
CacheCopyLayers bool // Enable or disable copying layers from the cache.
|
||||
CacheRunLayers bool // Enable or disable running layers from the cache.
|
||||
Cleanup bool // Enable or disable cleanup of temporary files.
|
||||
CompressedCaching *bool // Enable or disable compressed caching.
|
||||
ContextSubPath string // Sub-path within the context to build.
|
||||
CustomPlatform string // Platform to use for building.
|
||||
Force bool // Force building the image even if it already exists.
|
||||
Git bool // Branch to clone if build context is a git repository .
|
||||
ImageNameWithDigestFile string // Write image name with digest to a file.
|
||||
ImageNameTagWithDigestFile string // Write image name with tag and digest to a file.
|
||||
Insecure bool // Allow connecting to registries without TLS.
|
||||
InsecurePull bool // Allow insecure pulls from the registry.
|
||||
InsecureRegistry string // Use plain HTTP for registry communication.
|
||||
Label string // Add metadata to an image.
|
||||
LogFormat string // Set the log format for build output.
|
||||
LogTimestamp bool // Show timestamps in build output.
|
||||
OCILayoutPath string // Directory to store OCI layout.
|
||||
PushRetry int // Number of times to retry pushing an image.
|
||||
RegistryCertificate string // Path to a file containing a registry certificate.
|
||||
RegistryClientCert string // Path to a file containing a registry client certificate.
|
||||
RegistryMirror string // Mirror for registry pulls.
|
||||
SkipDefaultRegistryFallback bool // Skip Docker Hub and default registry fallback.
|
||||
Reproducible bool // Create a reproducible image.
|
||||
SingleSnapshot bool // Only create a single snapshot of the image.
|
||||
SkipTLSVerify bool // Skip TLS verification when connecting to the registry.
|
||||
SkipPushPermissionCheck bool // Skip permission check when pushing.
|
||||
SkipTLSVerifyPull bool // Skip TLS verification when pulling.
|
||||
SkipTLSVerifyRegistry bool // Skip TLS verification when connecting to a registry.
|
||||
UseNewRun bool // Use the new container runtime (`runc`) for builds.
|
||||
IgnoreVarRun *bool // Ignore `/var/run` when copying from the context.
|
||||
IgnorePath string // Ignore files matching the specified path pattern.
|
||||
ImageFSExtractRetry int // Number of times to retry extracting the image filesystem.
|
||||
ImageDownloadRetry int // Number of times to retry downloading layers.
|
||||
Cache bool // Enable or disable caching during the build process.
|
||||
CacheDir string // Directory to store cached layers.
|
||||
CacheCopyLayers bool // Enable or disable copying layers from the cache.
|
||||
CacheRunLayers bool // Enable or disable running layers from the cache.
|
||||
Cleanup bool // Enable or disable cleanup of temporary files.
|
||||
CompressedCaching *bool // Enable or disable compressed caching.
|
||||
ContextSubPath string // Sub-path within the context to build.
|
||||
CustomPlatform string // Platform to use for building.
|
||||
Force bool // Force building the image even if it already exists.
|
||||
Git bool // Branch to clone if build context is a git repository .
|
||||
ImageNameWithDigestFile string // Write image name with digest to a file.
|
||||
ImageNameTagWithDigestFile string // Write image name with tag and digest to a file.
|
||||
Insecure bool // Allow connecting to registries without TLS.
|
||||
InsecurePull bool // Allow insecure pulls from the registry.
|
||||
InsecureRegistry string // Use plain HTTP for registry communication.
|
||||
Label string // Add metadata to an image.
|
||||
LogFormat string // Set the log format for build output.
|
||||
LogTimestamp bool // Show timestamps in build output.
|
||||
OCILayoutPath string // Directory to store OCI layout.
|
||||
PushRetry int // Number of times to retry pushing an image.
|
||||
RegistryCertificate string // Path to a file containing a registry certificate.
|
||||
RegistryClientCert string // Path to a file containing a registry client certificate.
|
||||
RegistryMirror string // Mirror for registry pulls.
|
||||
SkipDefaultRegistryFallback bool // Skip Docker Hub and default registry fallback.
|
||||
Reproducible bool // Create a reproducible image.
|
||||
SingleSnapshot bool // Only create a single snapshot of the image.
|
||||
SkipTLSVerify bool // Skip TLS verification when connecting to the registry.
|
||||
SkipPushPermissionCheck bool // Skip permission check when pushing.
|
||||
SkipTLSVerifyPull bool // Skip TLS verification when pulling.
|
||||
SkipTLSVerifyRegistry bool // Skip TLS verification when connecting to a registry.
|
||||
UseNewRun bool // Use the new container runtime (`runc`) for builds.
|
||||
IgnoreVarRun *bool // Ignore `/var/run` when copying from the context.
|
||||
IgnorePath string // Ignore files matching the specified path pattern.
|
||||
IgnorePaths []string // Ignore files matching the specified path pattern.
|
||||
ImageFSExtractRetry int // Number of times to retry extracting the image filesystem.
|
||||
ImageDownloadRetry int // Number of times to retry downloading layers.
|
||||
}
|
||||
|
||||
// Artifact defines content of artifact file
|
||||
@@ -448,6 +449,15 @@ func (p Plugin) Exec() error {
|
||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--ignore-path=%s", p.Build.IgnorePath))
|
||||
}
|
||||
|
||||
if p.Build.IgnorePaths != nil {
|
||||
for _, path := range p.Build.IgnorePaths {
|
||||
trimmed := strings.TrimSpace(path)
|
||||
if trimmed != "" {
|
||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--ignore-path=%s", trimmed))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if p.Build.ImageFSExtractRetry != 0 {
|
||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--image-fs-extract-retry=%d", p.Build.ImageFSExtractRetry))
|
||||
}
|
||||
@@ -473,14 +483,13 @@ func (p Plugin) Exec() error {
|
||||
}
|
||||
}
|
||||
|
||||
if p.Output.OutputFile != "" {
|
||||
var tarPath string
|
||||
if p.Build.TarPath != "" {
|
||||
tarPath = getTarPath(p.Build.TarPath)
|
||||
}
|
||||
if err = output.WritePluginOutputFile(p.Output.OutputFile, getDigest(p.Build.DigestFile), tarPath); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "failed to write plugin output file at path: %s with error: %s\n", p.Output.OutputFile, err)
|
||||
}
|
||||
p.Output.OutputFile = os.Getenv("DRONE_OUTPUT")
|
||||
var tarPath string
|
||||
if p.Build.TarPath != "" {
|
||||
tarPath = getTarPath(p.Build.TarPath)
|
||||
}
|
||||
if err = output.WritePluginOutputFile(p.Output.OutputFile, getDigest(p.Build.DigestFile), tarPath); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "failed to write plugin output file at path: %s with error: %s\n", p.Output.OutputFile, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user