third/plugin-drone-kaniko-ecr
1
0
Fork 0
mirror of https://github.com/drone/drone-kaniko.git synced 2026-06-25 02:12:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: third/plugin-drone-kaniko-ecr:CI-19933
Branches Tags
third/plugin-drone-kaniko-ecr:main third/plugin-drone-kaniko-ecr:CI-23227-Kaniko third/plugin-drone-kaniko-ecr:fix/CI-23227-vuln-remediation-20260624-054111 third/plugin-drone-kaniko-ecr:fix/vuln-remediation-20260618 third/plugin-drone-kaniko-ecr:CI-22323 third/plugin-drone-kaniko-ecr:main-patch-1 third/plugin-drone-kaniko-ecr:ci-14073 third/plugin-drone-kaniko-ecr:CI-20230-go-version-update third/plugin-drone-kaniko-ecr:CI-20230 third/plugin-drone-kaniko-ecr:CI-19670-1 third/plugin-drone-kaniko-ecr:CI-19933 third/plugin-drone-kaniko-ecr:CI-19670 third/plugin-drone-kaniko-ecr:CI-19672 third/plugin-drone-kaniko-ecr:CI-18923 third/plugin-drone-kaniko-ecr:CI-18100 third/plugin-drone-kaniko-ecr:CI-17708 third/plugin-drone-kaniko-ecr:CI-17517 third/plugin-drone-kaniko-ecr:CI-17122 third/plugin-drone-kaniko-ecr:main-patch third/plugin-drone-kaniko-ecr:harness-ci-patch third/plugin-drone-kaniko-ecr:CI-16588 third/plugin-drone-kaniko-ecr:CI-16392 third/plugin-drone-kaniko-ecr:CI-16330 third/plugin-drone-kaniko-ecr:CI-16193-fix third/plugin-drone-kaniko-ecr:CI-16193 third/plugin-drone-kaniko-ecr:CI-15946 third/plugin-drone-kaniko-ecr:CI-15370 third/plugin-drone-kaniko-ecr:CI-14845 third/plugin-drone-kaniko-ecr:CI-14242-2 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-20_01-08-13 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-13_01-07-18 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-06_01-05-27 third/plugin-drone-kaniko-ecr:CI-13961 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-30_01-05-43 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-23_01-04-53 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-16_01-05-35 third/plugin-drone-kaniko-ecr:CI-13178_go_upgrade_minor third/plugin-drone-kaniko-ecr:CI-13178_go_upgrade third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-02_08-12-32 third/plugin-drone-kaniko-ecr:kaniko-flag-fix third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-01_10-25-21 third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-01_10-47-35 third/plugin-drone-kaniko-ecr:CI-10849 third/plugin-drone-kaniko-ecr:CI-11358 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-03-04_08-03-22 third/plugin-drone-kaniko-ecr:newargs third/plugin-drone-kaniko-ecr:addargs third/plugin-drone-kaniko-ecr:follow_next_link third/plugin-drone-kaniko-ecr:dockerignore third/plugin-drone-kaniko-ecr:fix_panic third/plugin-drone-kaniko-ecr:ci-10525 third/plugin-drone-kaniko-ecr:ci-9254 third/plugin-drone-kaniko-ecr:aman/revert third/plugin-drone-kaniko-ecr:aman/fix-drone-ver third/plugin-drone-kaniko-ecr:new third/plugin-drone-kaniko-ecr:smjt-h-patch-1 third/plugin-drone-kaniko-ecr:support_1-9-1 third/plugin-drone-kaniko-ecr:aman/rename-config third/plugin-drone-kaniko-ecr:aman/fix-config third/plugin-drone-kaniko-ecr:aman/fix-docker-plugin third/plugin-drone-kaniko-ecr:aman-fix-acr third/plugin-drone-kaniko-ecr:aman/acrInteg third/plugin-drone-kaniko-ecr:ecr_update third/plugin-drone-kaniko-ecr:fix_assume_role third/plugin-drone-kaniko-ecr:ecr_assume_role third/plugin-drone-kaniko-ecr:kaniko_ver_upgrade third/plugin-drone-kaniko-ecr:expand_repo third/plugin-drone-kaniko-ecr:rm_autotag_v1-8 third/plugin-drone-kaniko-ecr:fix_manifest_spec third/plugin-drone-kaniko-ecr:fix_drone_yml third/plugin-drone-kaniko-ecr:fix_yml third/plugin-drone-kaniko-ecr:kaniko_1-8_img third/plugin-drone-kaniko-ecr:upgrade_kaniko_ver third/plugin-drone-kaniko-ecr:custom_platform third/plugin-drone-kaniko-ecr:gcr_cred_inherit third/plugin-drone-kaniko-ecr:upgrade_go_version third/plugin-drone-kaniko-ecr:add_verbosity third/plugin-drone-kaniko-ecr:update_cache_repo third/plugin-drone-kaniko-ecr:fix_remote_cache third/plugin-drone-kaniko-ecr:remote_cache third/plugin-drone-kaniko-ecr:cache third/plugin-drone-kaniko-ecr:update_yaml third/plugin-drone-kaniko-ecr:snapshot_mode third/plugin-drone-kaniko-ecr:test_kaniko third/plugin-drone-kaniko-ecr:fix_pipeline third/plugin-drone-kaniko-ecr:improve_err third/plugin-drone-kaniko-ecr:ecr_iam third/plugin-drone-kaniko-ecr:fix_label third/plugin-drone-kaniko-ecr:fix_ecr third/plugin-drone-kaniko-ecr:fix_gcr third/plugin-drone-kaniko-ecr:v2_registry third/plugin-drone-kaniko-ecr:fix_build_script third/plugin-drone-kaniko-ecr:fix_image third/plugin-drone-kaniko-ecr:version_update
third/plugin-drone-kaniko-ecr:v1.13.9-debug-3 third/plugin-drone-kaniko-ecr:v1.13.9-debug-2 third/plugin-drone-kaniko-ecr:v1.13.9-debug-4 third/plugin-drone-kaniko-ecr:v1.13.9-debug third/plugin-drone-kaniko-ecr:v1.13.8 third/plugin-drone-kaniko-ecr:v1.13.7 third/plugin-drone-kaniko-ecr:v1.13.7-debug third/plugin-drone-kaniko-ecr:v1.13.6 third/plugin-drone-kaniko-ecr:v1.13.5 third/plugin-drone-kaniko-ecr:v1.13.4 third/plugin-drone-kaniko-ecr:v1.13.3 third/plugin-drone-kaniko-ecr:v1.13.2 third/plugin-drone-kaniko-ecr:v1.13.1 third/plugin-drone-kaniko-ecr:v1.13.0 third/plugin-drone-kaniko-ecr:v1.12.0 third/plugin-drone-kaniko-ecr:v1.11.5 third/plugin-drone-kaniko-ecr:v1.11.5-debug-1 third/plugin-drone-kaniko-ecr:v1.11.5-debug third/plugin-drone-kaniko-ecr:v1.11.4 third/plugin-drone-kaniko-ecr:v1.11.3 third/plugin-drone-kaniko-ecr:v1.11.3-debug third/plugin-drone-kaniko-ecr:v1.11.2 third/plugin-drone-kaniko-ecr:v1.11.2-debug third/plugin-drone-kaniko-ecr:v1.11.1 third/plugin-drone-kaniko-ecr:v1.11.1-debug3 third/plugin-drone-kaniko-ecr:v1.11.1-debug third/plugin-drone-kaniko-ecr:v1.11.0 third/plugin-drone-kaniko-ecr:v1.11.0-debug third/plugin-drone-kaniko-ecr:v1.10.9 third/plugin-drone-kaniko-ecr:v1.10.8 third/plugin-drone-kaniko-ecr:v1.10.8-debug third/plugin-drone-kaniko-ecr:v1.10.7 third/plugin-drone-kaniko-ecr:v1.10.7-debug third/plugin-drone-kaniko-ecr:v1.10.6 third/plugin-drone-kaniko-ecr:v1.10.6-debug third/plugin-drone-kaniko-ecr:v1.10.5 third/plugin-drone-kaniko-ecr:v1.10.4 third/plugin-drone-kaniko-ecr:v1.10.3 third/plugin-drone-kaniko-ecr:v1.10.2 third/plugin-drone-kaniko-ecr:v1.10.1 third/plugin-drone-kaniko-ecr:v1.10.0-debug third/plugin-drone-kaniko-ecr:v1.10.0 third/plugin-drone-kaniko-ecr:v1.9.0 third/plugin-drone-kaniko-ecr:v1.8.10 third/plugin-drone-kaniko-ecr:v1.8.9 third/plugin-drone-kaniko-ecr:v1.8.8 third/plugin-drone-kaniko-ecr:1.8.7 third/plugin-drone-kaniko-ecr:v1.8.6 third/plugin-drone-kaniko-ecr:v1.8.5 third/plugin-drone-kaniko-ecr:v1.8.4 third/plugin-drone-kaniko-ecr:v1.8.3 third/plugin-drone-kaniko-ecr:v1.8.2 third/plugin-drone-kaniko-ecr:v1.8.0 third/plugin-drone-kaniko-ecr:v1.8.1 third/plugin-drone-kaniko-ecr:v1.7.5 third/plugin-drone-kaniko-ecr:v1.7.4 third/plugin-drone-kaniko-ecr:v1.7.3 third/plugin-drone-kaniko-ecr:v1.7.2 third/plugin-drone-kaniko-ecr:1.7.2 third/plugin-drone-kaniko-ecr:v1.7.1 third/plugin-drone-kaniko-ecr:v1.7.0 third/plugin-drone-kaniko-ecr:v1.6.11 third/plugin-drone-kaniko-ecr:v1.6.10 third/plugin-drone-kaniko-ecr:v1.6.9 third/plugin-drone-kaniko-ecr:v1.6.8 third/plugin-drone-kaniko-ecr:v1.6.7 third/plugin-drone-kaniko-ecr:v1.6.6 third/plugin-drone-kaniko-ecr:v1.6.5 third/plugin-drone-kaniko-ecr:v1.6.4 third/plugin-drone-kaniko-ecr:v1.6.3 third/plugin-drone-kaniko-ecr:v1.6.2 third/plugin-drone-kaniko-ecr:v1.6.1 third/plugin-drone-kaniko-ecr:v1.6.0 third/plugin-drone-kaniko-ecr:v1.5.1 third/plugin-drone-kaniko-ecr:v1.5.0 third/plugin-drone-kaniko-ecr:v1.4.5 third/plugin-drone-kaniko-ecr:v1.4.4 third/plugin-drone-kaniko-ecr:v1.4.3 third/plugin-drone-kaniko-ecr:v1.4.2 third/plugin-drone-kaniko-ecr:v1.4.1 third/plugin-drone-kaniko-ecr:v1.4.0 third/plugin-drone-kaniko-ecr:v1.3.1 third/plugin-drone-kaniko-ecr:v1.3.0 third/plugin-drone-kaniko-ecr:v1.2.0 third/plugin-drone-kaniko-ecr:v1.1.2 third/plugin-drone-kaniko-ecr:v1.1.1 third/plugin-drone-kaniko-ecr:v1.1.0 third/plugin-drone-kaniko-ecr:v1.0.0
..
compare: third/plugin-drone-kaniko-ecr:v1.13.9-debug-2
Branches Tags
third/plugin-drone-kaniko-ecr:CI-23227-Kaniko third/plugin-drone-kaniko-ecr:fix/CI-23227-vuln-remediation-20260624-054111 third/plugin-drone-kaniko-ecr:main third/plugin-drone-kaniko-ecr:fix/vuln-remediation-20260618 third/plugin-drone-kaniko-ecr:CI-22323 third/plugin-drone-kaniko-ecr:main-patch-1 third/plugin-drone-kaniko-ecr:ci-14073 third/plugin-drone-kaniko-ecr:CI-20230-go-version-update third/plugin-drone-kaniko-ecr:CI-20230 third/plugin-drone-kaniko-ecr:CI-19670-1 third/plugin-drone-kaniko-ecr:CI-19933 third/plugin-drone-kaniko-ecr:CI-19670 third/plugin-drone-kaniko-ecr:CI-19672 third/plugin-drone-kaniko-ecr:CI-18923 third/plugin-drone-kaniko-ecr:CI-18100 third/plugin-drone-kaniko-ecr:CI-17708 third/plugin-drone-kaniko-ecr:CI-17517 third/plugin-drone-kaniko-ecr:CI-17122 third/plugin-drone-kaniko-ecr:main-patch third/plugin-drone-kaniko-ecr:harness-ci-patch third/plugin-drone-kaniko-ecr:CI-16588 third/plugin-drone-kaniko-ecr:CI-16392 third/plugin-drone-kaniko-ecr:CI-16330 third/plugin-drone-kaniko-ecr:CI-16193-fix third/plugin-drone-kaniko-ecr:CI-16193 third/plugin-drone-kaniko-ecr:CI-15946 third/plugin-drone-kaniko-ecr:CI-15370 third/plugin-drone-kaniko-ecr:CI-14845 third/plugin-drone-kaniko-ecr:CI-14242-2 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-20_01-08-13 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-13_01-07-18 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-09-06_01-05-27 third/plugin-drone-kaniko-ecr:CI-13961 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-30_01-05-43 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-23_01-04-53 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-08-16_01-05-35 third/plugin-drone-kaniko-ecr:CI-13178_go_upgrade_minor third/plugin-drone-kaniko-ecr:CI-13178_go_upgrade third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-02_08-12-32 third/plugin-drone-kaniko-ecr:kaniko-flag-fix third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-01_10-25-21 third/plugin-drone-kaniko-ecr:go_upgrade_1_22_42024-07-01_10-47-35 third/plugin-drone-kaniko-ecr:CI-10849 third/plugin-drone-kaniko-ecr:CI-11358 third/plugin-drone-kaniko-ecr:scheduled_go_upgrade2024-03-04_08-03-22 third/plugin-drone-kaniko-ecr:newargs third/plugin-drone-kaniko-ecr:addargs third/plugin-drone-kaniko-ecr:follow_next_link third/plugin-drone-kaniko-ecr:dockerignore third/plugin-drone-kaniko-ecr:fix_panic third/plugin-drone-kaniko-ecr:ci-10525 third/plugin-drone-kaniko-ecr:ci-9254 third/plugin-drone-kaniko-ecr:aman/revert third/plugin-drone-kaniko-ecr:aman/fix-drone-ver third/plugin-drone-kaniko-ecr:new third/plugin-drone-kaniko-ecr:smjt-h-patch-1 third/plugin-drone-kaniko-ecr:support_1-9-1 third/plugin-drone-kaniko-ecr:aman/rename-config third/plugin-drone-kaniko-ecr:aman/fix-config third/plugin-drone-kaniko-ecr:aman/fix-docker-plugin third/plugin-drone-kaniko-ecr:aman-fix-acr third/plugin-drone-kaniko-ecr:aman/acrInteg third/plugin-drone-kaniko-ecr:ecr_update third/plugin-drone-kaniko-ecr:fix_assume_role third/plugin-drone-kaniko-ecr:ecr_assume_role third/plugin-drone-kaniko-ecr:kaniko_ver_upgrade third/plugin-drone-kaniko-ecr:expand_repo third/plugin-drone-kaniko-ecr:rm_autotag_v1-8 third/plugin-drone-kaniko-ecr:fix_manifest_spec third/plugin-drone-kaniko-ecr:fix_drone_yml third/plugin-drone-kaniko-ecr:fix_yml third/plugin-drone-kaniko-ecr:kaniko_1-8_img third/plugin-drone-kaniko-ecr:upgrade_kaniko_ver third/plugin-drone-kaniko-ecr:custom_platform third/plugin-drone-kaniko-ecr:gcr_cred_inherit third/plugin-drone-kaniko-ecr:upgrade_go_version third/plugin-drone-kaniko-ecr:add_verbosity third/plugin-drone-kaniko-ecr:update_cache_repo third/plugin-drone-kaniko-ecr:fix_remote_cache third/plugin-drone-kaniko-ecr:remote_cache third/plugin-drone-kaniko-ecr:cache third/plugin-drone-kaniko-ecr:update_yaml third/plugin-drone-kaniko-ecr:snapshot_mode third/plugin-drone-kaniko-ecr:test_kaniko third/plugin-drone-kaniko-ecr:fix_pipeline third/plugin-drone-kaniko-ecr:improve_err third/plugin-drone-kaniko-ecr:ecr_iam third/plugin-drone-kaniko-ecr:fix_label third/plugin-drone-kaniko-ecr:fix_ecr third/plugin-drone-kaniko-ecr:fix_gcr third/plugin-drone-kaniko-ecr:v2_registry third/plugin-drone-kaniko-ecr:fix_build_script third/plugin-drone-kaniko-ecr:fix_image third/plugin-drone-kaniko-ecr:version_update
third/plugin-drone-kaniko-ecr:v1.13.9-debug-3 third/plugin-drone-kaniko-ecr:v1.13.9-debug-2 third/plugin-drone-kaniko-ecr:v1.13.9-debug-4 third/plugin-drone-kaniko-ecr:v1.13.9-debug third/plugin-drone-kaniko-ecr:v1.13.8 third/plugin-drone-kaniko-ecr:v1.13.7 third/plugin-drone-kaniko-ecr:v1.13.7-debug third/plugin-drone-kaniko-ecr:v1.13.6 third/plugin-drone-kaniko-ecr:v1.13.5 third/plugin-drone-kaniko-ecr:v1.13.4 third/plugin-drone-kaniko-ecr:v1.13.3 third/plugin-drone-kaniko-ecr:v1.13.2 third/plugin-drone-kaniko-ecr:v1.13.1 third/plugin-drone-kaniko-ecr:v1.13.0 third/plugin-drone-kaniko-ecr:v1.12.0 third/plugin-drone-kaniko-ecr:v1.11.5 third/plugin-drone-kaniko-ecr:v1.11.5-debug-1 third/plugin-drone-kaniko-ecr:v1.11.5-debug third/plugin-drone-kaniko-ecr:v1.11.4 third/plugin-drone-kaniko-ecr:v1.11.3 third/plugin-drone-kaniko-ecr:v1.11.3-debug third/plugin-drone-kaniko-ecr:v1.11.2 third/plugin-drone-kaniko-ecr:v1.11.2-debug third/plugin-drone-kaniko-ecr:v1.11.1 third/plugin-drone-kaniko-ecr:v1.11.1-debug3 third/plugin-drone-kaniko-ecr:v1.11.1-debug third/plugin-drone-kaniko-ecr:v1.11.0 third/plugin-drone-kaniko-ecr:v1.11.0-debug third/plugin-drone-kaniko-ecr:v1.10.9 third/plugin-drone-kaniko-ecr:v1.10.8 third/plugin-drone-kaniko-ecr:v1.10.8-debug third/plugin-drone-kaniko-ecr:v1.10.7 third/plugin-drone-kaniko-ecr:v1.10.7-debug third/plugin-drone-kaniko-ecr:v1.10.6 third/plugin-drone-kaniko-ecr:v1.10.6-debug third/plugin-drone-kaniko-ecr:v1.10.5 third/plugin-drone-kaniko-ecr:v1.10.4 third/plugin-drone-kaniko-ecr:v1.10.3 third/plugin-drone-kaniko-ecr:v1.10.2 third/plugin-drone-kaniko-ecr:v1.10.1 third/plugin-drone-kaniko-ecr:v1.10.0-debug third/plugin-drone-kaniko-ecr:v1.10.0 third/plugin-drone-kaniko-ecr:v1.9.0 third/plugin-drone-kaniko-ecr:v1.8.10 third/plugin-drone-kaniko-ecr:v1.8.9 third/plugin-drone-kaniko-ecr:v1.8.8 third/plugin-drone-kaniko-ecr:1.8.7 third/plugin-drone-kaniko-ecr:v1.8.6 third/plugin-drone-kaniko-ecr:v1.8.5 third/plugin-drone-kaniko-ecr:v1.8.4 third/plugin-drone-kaniko-ecr:v1.8.3 third/plugin-drone-kaniko-ecr:v1.8.2 third/plugin-drone-kaniko-ecr:v1.8.0 third/plugin-drone-kaniko-ecr:v1.8.1 third/plugin-drone-kaniko-ecr:v1.7.5 third/plugin-drone-kaniko-ecr:v1.7.4 third/plugin-drone-kaniko-ecr:v1.7.3 third/plugin-drone-kaniko-ecr:v1.7.2 third/plugin-drone-kaniko-ecr:1.7.2 third/plugin-drone-kaniko-ecr:v1.7.1 third/plugin-drone-kaniko-ecr:v1.7.0 third/plugin-drone-kaniko-ecr:v1.6.11 third/plugin-drone-kaniko-ecr:v1.6.10 third/plugin-drone-kaniko-ecr:v1.6.9 third/plugin-drone-kaniko-ecr:v1.6.8 third/plugin-drone-kaniko-ecr:v1.6.7 third/plugin-drone-kaniko-ecr:v1.6.6 third/plugin-drone-kaniko-ecr:v1.6.5 third/plugin-drone-kaniko-ecr:v1.6.4 third/plugin-drone-kaniko-ecr:v1.6.3 third/plugin-drone-kaniko-ecr:v1.6.2 third/plugin-drone-kaniko-ecr:v1.6.1 third/plugin-drone-kaniko-ecr:v1.6.0 third/plugin-drone-kaniko-ecr:v1.5.1 third/plugin-drone-kaniko-ecr:v1.5.0 third/plugin-drone-kaniko-ecr:v1.4.5 third/plugin-drone-kaniko-ecr:v1.4.4 third/plugin-drone-kaniko-ecr:v1.4.3 third/plugin-drone-kaniko-ecr:v1.4.2 third/plugin-drone-kaniko-ecr:v1.4.1 third/plugin-drone-kaniko-ecr:v1.4.0 third/plugin-drone-kaniko-ecr:v1.3.1 third/plugin-drone-kaniko-ecr:v1.3.0 third/plugin-drone-kaniko-ecr:v1.2.0 third/plugin-drone-kaniko-ecr:v1.1.2 third/plugin-drone-kaniko-ecr:v1.1.1 third/plugin-drone-kaniko-ecr:v1.1.0 third/plugin-drone-kaniko-ecr:v1.0.0

12 Commits
CI-19933 .. v1.13.9-debug-2

Author SHA1 Message Date
Gargithakur01 b4a0c9fa1f fix: [CI-23227]: bump vbatts/tar-split to v0.12.2 
Resolves the High-severity tar-split (archive/tar) vulnerability flagged
by Snyk in the kaniko-docker plugin binary. tar-split is pulled in
transitively via go-containerregistry -> estargz. go mod tidy also nudged
urfave/cli v1.22.15 -> v1.22.16 (benign patch).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-24 14:13:38 +05:30
Gargithakur01 7c868888cc fix: [CI-23227]: Vuln-Fix-Kaniko 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-06-23 16:55:55 +05:30
Abhijeet ede8cf05b0 Update pipeline drone-kaniko-harness 2026-04-09 15:56:02 +05:30
Abhijeet 21a336ca17 Clone pipeline drone-kaniko-harness 2026-04-07 15:52:54 +05:30
ebtasam-faridy 7639ab9f70 Update pipeline drone-kaniko-harness (#166) 2026-03-18 16:59:47 +05:30
ebtasam-faridy 1cd7da5451 fix: [CI-21411] updating docker cli version to remove vulnerability (#165) 2026-03-18 16:34:40 +05:30
ebtasam-faridy 16758bd8cc fix: [CI-20436] adding fallback in case of del con (#164) 
* fix: [CI-20436] adding fallback in case of del con

* fix: [CI-20436] adding fallback in case of del con testcase

* fix: [CI-20436] adding fallback in case of del con testcase

* fix: [CI-20436] adding fallback in case of del con testcase

* fix: [CI-20436] adding fallback in case of del con testcase

* fix: [CI-20436] adding fallback in case of del con testcase

* fix: [CI-20436] reverting some changes
 2026-02-07 12:55:04 +05:30
Chirag S dd3c29c971 fix: [CI-14073]: Print absolute lookup path incase dockerfile not present (#163) 2026-01-29 14:01:55 +05:30
tapankarangiya c06fde824e fix: [CI-20230]: Updated go version (#160) 2026-01-20 18:03:38 +05:30
tapankarangiya 5bbe6ba026 Update pipeline drone-kaniko-harness (#161) 2026-01-20 13:43:16 +05:30
Abhay 9491e6b36f fix: [CI-19670]: fix vulnerabilty fron kaniko (#159) 
* fix: [CI-19670]: fix vulnerabilty fron kaniko

* Update docker/gcr/Dockerfile.linux.amd64

* Update docker/gcr/Dockerfile.linux.arm64

---------

Co-authored-by: OP (oppenheimer) <21008429+Ompragash@users.noreply.github.com>
 2025-11-26 11:39:40 +05:30
OP (oppenheimer) 594f1e2f23 fix: Consolidate platform flags to use --custom-platform and eliminate deprecation warning (#158) 2025-11-21 11:25:52 +05:30
10 changed files with 1464 additions and 39 deletions
Expand all files Collapse all files
.drone.yml
+2 -2
View File
@@ -11,7 +11,7 @@ platform:
steps:
- name: build
image: golang:1.22.4
image: golang:1.25.10
commands:
- go test ./...
- sh scripts/build.sh
@@ -178,7 +178,7 @@ pool:
steps:
- name: build
image: golang:1.22.4
image: golang:1.25.10
commands:
- go test ./...
- sh scripts/build.sh
.harness/harness.yaml
+675 -4
View File
@@ -1,6 +1,6 @@
pipeline:
name: drone-kaniko-harness
identifier: dronekanikoharness
name: drone-kaniko-harness
projectIdentifier: Drone_Plugins
orgIdentifier: default
tags: {}
@@ -37,7 +37,7 @@ pipeline:
identifier: Build
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
@@ -322,7 +322,7 @@ pipeline:
identifier: Build_and_Test
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.23.0
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
@@ -583,8 +583,618 @@ pipeline:
nodeName: _<+matrix.repo>
when:
pipelineStatus: Success
- stage:
name: rf-linux-amd64
identifier: rf_linuxamd64
description: RapidFort hardened kaniko images - amd64
type: CI
spec:
cloneCodebase: true
caching:
enabled: false
paths: []
platform:
os: Linux
arch: Amd64
runtime:
type: Cloud
spec: {}
execution:
steps:
- step:
type: GitClone
name: Clone RF Dockerfiles
identifier: clone_rf
spec:
connectorRef: RapidFortPlugins
build:
type: branch
spec:
branch: main
cloneDirectory: rf-plugins
- step:
type: Run
name: Build Binary
identifier: build_binary
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
sh scripts/build.sh
- parallel:
- step:
type: Plugin
name: RF Build and Push on Tag
identifier: rf_docker_build_push_tag
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
repo: harnesssecure/kaniko<+matrix.image>
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.rf
auto_tag: "true"
auto_tag_suffix: linux-amd64
base_image_username: <+secrets.getValue("harness0HARUsername")>
base_image_password: <+secrets.getValue("harness0HARPAT")>
base_image_registry: harness0.harness.io/oci/docker_artifacts
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
- "-acr"
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gcr"
repo: acr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-gar"
repo: acr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
- image: "-ecr"
repo: acr
- image: "-acr"
repo: docker
- image: "-acr"
repo: gcr
- image: "-acr"
repo: gar
- image: "-acr"
repo: ecr
nodeName: rf_<+matrix.repo>
- step:
type: Plugin
name: RF Build and Push on Tag Kaniko191
identifier: rf_docker_build_push_tag_191
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
repo: harnesssecure/kaniko<+matrix.image>
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
auto_tag: "true"
auto_tag_suffix: linux-amd64-kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
nodeName: rf_191_<+matrix.repo>
- parallel:
- step:
type: BuildAndPushDockerRegistry
name: RF Build and Push on Branch
identifier: rf_build_push_branch
spec:
connectorRef: harnesssecure
repo: harnesssecure/kaniko<+matrix.image>
tags:
- linux-amd64
caching: false
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.rf
envVariables:
PLUGIN_BASE_IMAGE_USERNAME: <+secrets.getValue("harness0HARUsername")>
PLUGIN_BASE_IMAGE_PASSWORD: <+secrets.getValue("harness0HARPAT")>
PLUGIN_BASE_IMAGE_REGISTRY: harness0.harness.io/oci/docker_artifacts
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
- "-acr"
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gcr"
repo: acr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-gar"
repo: acr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
- image: "-ecr"
repo: acr
- image: "-acr"
repo: docker
- image: "-acr"
repo: gcr
- image: "-acr"
repo: gar
- image: "-acr"
repo: ecr
nodeName: rf_<+matrix.repo>
- step:
type: BuildAndPushDockerRegistry
name: RF Build and Push on Branch Kaniko191
identifier: rf_build_push_branch_191
spec:
connectorRef: harnesssecure
repo: harnesssecure/kaniko<+matrix.image>
tags:
- linux-amd64-kaniko1.9.1
caching: false
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
nodeName: rf_191_<+matrix.repo>
variables:
- name: CI_ENABLE_BARE_METAL
type: String
description: ""
required: false
value: "false"
- stage:
name: rf-linux-arm64
identifier: rf_linuxarm64
description: RapidFort hardened kaniko images - arm64
type: CI
spec:
cloneCodebase: true
caching:
enabled: false
paths: []
platform:
os: Linux
arch: Arm64
runtime:
type: Cloud
spec: {}
execution:
steps:
- step:
type: GitClone
name: Clone RF Dockerfiles
identifier: clone_rf
spec:
connectorRef: RapidFortPlugins
build:
type: branch
spec:
branch: main
cloneDirectory: rf-plugins
- step:
type: Run
name: Build Binary
identifier: build_binary
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
sh scripts/build.sh
- parallel:
- step:
type: Plugin
name: RF Build and Push on Tag
identifier: rf_docker_build_push_tag
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
repo: harnesssecure/kaniko<+matrix.image>
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.rf
auto_tag: "true"
auto_tag_suffix: linux-arm64
base_image_username: <+secrets.getValue("harness0HARUsername")>
base_image_password: <+secrets.getValue("harness0HARPAT")>
base_image_registry: harness0.harness.io/oci/docker_artifacts
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
- "-acr"
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gcr"
repo: acr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-gar"
repo: acr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
- image: "-ecr"
repo: acr
- image: "-acr"
repo: docker
- image: "-acr"
repo: gcr
- image: "-acr"
repo: gar
- image: "-acr"
repo: ecr
nodeName: rf_<+matrix.repo>
- step:
type: Plugin
name: RF Build and Push on Tag Kaniko191
identifier: rf_docker_build_push_tag_191
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
repo: harnesssecure/kaniko<+matrix.image>
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
auto_tag: "true"
auto_tag_suffix: linux-arm64-kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
nodeName: rf_191_<+matrix.repo>
- parallel:
- step:
type: BuildAndPushDockerRegistry
name: RF Build and Push on Branch
identifier: rf_build_push_branch
spec:
connectorRef: harnesssecure
repo: harnesssecure/kaniko<+matrix.image>
tags:
- linux-arm64
caching: false
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.rf
envVariables:
PLUGIN_BASE_IMAGE_USERNAME: <+secrets.getValue("harness0HARUsername")>
PLUGIN_BASE_IMAGE_PASSWORD: <+secrets.getValue("harness0HARPAT")>
PLUGIN_BASE_IMAGE_REGISTRY: harness0.harness.io/oci/docker_artifacts
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
- "-acr"
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gcr"
repo: acr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-gar"
repo: acr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
- image: "-ecr"
repo: acr
- image: "-acr"
repo: docker
- image: "-acr"
repo: gcr
- image: "-acr"
repo: gar
- image: "-acr"
repo: ecr
nodeName: rf_<+matrix.repo>
- step:
type: BuildAndPushDockerRegistry
name: RF Build and Push on Branch Kaniko191
identifier: rf_build_push_branch_191
spec:
connectorRef: harnesssecure
repo: harnesssecure/kaniko<+matrix.image>
tags:
- linux-arm64-kaniko1.9.1
caching: false
dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- "-gcr"
- "-gar"
- "-ecr"
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: "-gcr"
repo: docker
- image: "-gcr"
repo: gar
- image: "-gcr"
repo: ecr
- image: "-gar"
repo: docker
- image: "-gar"
repo: gcr
- image: "-gar"
repo: ecr
- image: "-ecr"
repo: docker
- image: "-ecr"
repo: gcr
- image: "-ecr"
repo: gar
nodeName: rf_191_<+matrix.repo>
variables:
- name: CI_ENABLE_BARE_METAL
type: String
description: ""
required: false
value: "false"
- stage:
name: Manifest
name: Manifest and Release
identifier: Manifest
description: ""
type: CI
@@ -601,6 +1211,18 @@ pipeline:
spec: {}
execution:
steps:
- step:
type: GitClone
name: Clone RF Manifest Templates
identifier: clone_rf_manifest
spec:
connectorRef: RapidFortPlugins
build:
type: branch
spec:
branch: main
cloneDirectory: rf-plugins
contextType: Pipeline
- parallel:
- step:
type: Plugin
@@ -651,6 +1273,55 @@ pipeline:
- gar
- ecr
nodeName: manifest_<+matrix.repo>
- step:
type: Plugin
name: RF Manifest
identifier: rf_manifest
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
auto_tag: "true"
ignore_missing: "true"
spec: rf-plugins/drone-kaniko/docker/<+matrix.repo>/manifest.tmpl
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
nodeName: rf_manifest_<+matrix.repo>
- step:
type: Plugin
name: RF Manifest Kaniko191
identifier: rf_manifest_191
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest
settings:
username: <+secrets.getValue("harnesssecureusername")>
password: <+secrets.getValue("dockerHarnessSecurePwd")>
auto_tag: "false"
ignore_missing: "true"
spec: rf-plugins/drone-kaniko/docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
nodeName: rf_manifest_191_<+matrix.repo>
when:
pipelineStatus: Success
allowStageExecutions: true
.harness/orgs/default/projects/Drone_Plugins/pipelines/dronekanikoharness_Clone.yaml
+658
View File
@@ -0,0 +1,658 @@
pipeline:
projectIdentifier: Drone_Plugins
orgIdentifier: default
tags: {}
properties:
ci:
codebase:
connectorRef: GitHub_Drone_Org
repoName: drone-kaniko
build: <+input>
sparseCheckout: []
stages:
- parallel:
- stage:
name: linux-amd64
identifier: linuxamd64
description: ""
type: CI
spec:
cloneCodebase: true
caching:
enabled: false
paths: []
platform:
os: Linux
arch: Amd64
runtime:
type: Cloud
spec: {}
execution:
steps:
- step:
type: Run
name: Build Binary
identifier: Build
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
sh scripts/build.sh
- parallel:
- step:
type: Plugin
name: BuildAndPushDockerTag
identifier: BuildAndPushDockerTag
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/kaniko<+matrix.image>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
auto_tag: "true"
auto_tag_suffix: linux-amd64
daemon_off: "false"
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
- -acr
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gcr
repo: acr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -gar
repo: acr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
- image: -ecr
repo: acr
- image: -acr
repo: docker
- image: -acr
repo: gcr
- image: -acr
repo: gar
- image: -acr
repo: ecr
nodeName: _<+matrix.repo>
- step:
type: Plugin
name: BuildAndPushDockerTag_Kaniko
identifier: BuildAndPushDockerTag_Kaniko
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/kaniko<+matrix.image>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
auto_tag: "true"
auto_tag_suffix: linux-amd64-kaniko1.9.1
daemon_off: "false"
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
nodeName: <+matrix.repo>
- parallel:
- step:
type: BuildAndPushDockerRegistry
name: BuildAndPushDockerBranch
identifier: BuildAndPushDockerBranch
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/kaniko<+matrix.image>
tags:
- linux-amd64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
- -acr
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gcr
repo: acr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -gar
repo: acr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
- image: -ecr
repo: acr
- image: -acr
repo: docker
- image: -acr
repo: gcr
- image: -acr
repo: gar
- image: -acr
repo: ecr
nodeName: <+matrix.repo>
- step:
type: BuildAndPushDockerRegistry
name: BuildAndPushDockerBranch_Kaniko
identifier: BuildAndPushDockerBranch_Kaniko
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/kaniko<+matrix.image>
tags:
- linux-amd64-kaniko1.9.1
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
nodeName: _<+matrix.repo>
when:
pipelineStatus: Success
- stage:
name: linux-arm64
identifier: linuxarm64
description: ""
type: CI
spec:
cloneCodebase: true
caching:
enabled: false
paths: []
platform:
os: Linux
arch: Arm64
runtime:
type: Cloud
spec: {}
execution:
steps:
- step:
type: Run
name: Build Binary
identifier: Build_and_Test
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: golang:1.25.10
shell: Sh
command: |-
go test ./...
sh scripts/build.sh
- parallel:
- step:
type: Plugin
name: BuildAndPushDockerTag
identifier: BuildAndPushDockerTag
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/kaniko<+matrix.image>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
auto_tag: "true"
auto_tag_suffix: linux-arm64
daemon_off: "false"
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
- -acr
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gcr
repo: acr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -gar
repo: acr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
- image: -ecr
repo: acr
- image: -acr
repo: docker
- image: -acr
repo: gcr
- image: -acr
repo: gar
- image: -acr
repo: ecr
nodeName: _<+matrix.repo>
- step:
type: Plugin
name: BuildAndPushDockerTag_Kaniko
identifier: BuildAndPushDockerTag_Kaniko
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/docker
settings:
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
repo: plugins/kaniko<+matrix.image>
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
auto_tag: "true"
auto_tag_suffix: linux-arm64-kaniko1.9.1
daemon_off: "false"
when:
stageStatus: Success
condition: <+codebase.build.type> == "tag"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
nodeName: _<+matrix.repo>
- parallel:
- step:
type: BuildAndPushDockerRegistry
name: BuildAndPushDockerBranch
identifier: BuildAndPushDockerBranch
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/kaniko<+matrix.image>
tags:
- linux-arm64
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
- -acr
repo:
- docker
- gcr
- gar
- ecr
- acr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: ""
repo: acr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gcr
repo: acr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -gar
repo: acr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
- image: -ecr
repo: acr
- image: -acr
repo: docker
- image: -acr
repo: gcr
- image: -acr
repo: gar
- image: -acr
repo: ecr
nodeName: <+matrix.repo>
- step:
type: BuildAndPushDockerRegistry
name: BuildAndPushDockerBranch_Kaniko
identifier: BuildAndPushDockerBranch_Kaniko
spec:
connectorRef: Plugins_Docker_Hub_Connector
repo: plugins/kaniko<+matrix.image>
tags:
- linux-arm64-kaniko1.9.1
caching: false
dockerfile: docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch"
strategy:
matrix:
image:
- ""
- -gcr
- -gar
- -ecr
repo:
- docker
- gcr
- gar
- ecr
exclude:
- image: ""
repo: gcr
- image: ""
repo: gar
- image: ""
repo: ecr
- image: -gcr
repo: docker
- image: -gcr
repo: gar
- image: -gcr
repo: ecr
- image: -gar
repo: docker
- image: -gar
repo: gcr
- image: -gar
repo: ecr
- image: -ecr
repo: docker
- image: -ecr
repo: gcr
- image: -ecr
repo: gar
nodeName: _<+matrix.repo>
when:
pipelineStatus: Success
- stage:
name: Manifest
identifier: Manifest
description: ""
type: CI
spec:
cloneCodebase: true
caching:
enabled: false
paths: []
platform:
os: Linux
arch: Amd64
runtime:
type: Cloud
spec: {}
execution:
steps:
- parallel:
- step:
type: Plugin
name: Manifest
identifier: Manifest
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest
settings:
auto_tag: "true"
spec: docker/<+matrix.repo>/manifest.tmpl
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
ignore_missing: "true"
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch" || <+codebase.build.type>
== "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
- acr
nodeName: manifest_<+matrix.repo>
- step:
type: Plugin
name: Manifest_kaniko191
identifier: Manifest_kaniko
spec:
connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest
settings:
auto_tag: "false"
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
ignore_missing: "true"
when:
stageStatus: Success
condition: <+codebase.build.type> == "branch" || <+codebase.build.type>
== "tag"
strategy:
matrix:
repo:
- docker
- gcr
- gar
- ecr
nodeName: manifest_<+matrix.repo>
when:
pipelineStatus: Success
allowStageExecutions: true
identifier: dronekanikoharness_Clone
name: drone-kaniko-harness - Clone
cmd/kaniko-acr/main.go
+57 -16
View File
@@ -536,21 +536,21 @@ func setupAuth(tenantId, clientId, oidcIdToken, cert,
return "", fmt.Errorf("registry must be specified")
}
// Determine auth path: OIDC or Service Principal (secret/cert)
if tenantId == "" || clientId == "" {
if noPush {
logrus.Warnf("NO_PUSH mode: tenantId or clientId not provided")
return "", nil
}
return "", fmt.Errorf("tenantId and clientId must be provided")
}
var aadAccessToken string
var acrToken string
var publicUrl string
var err error
if oidcIdToken != "" {
// OIDC authentication flow requires tenantId and clientId
if tenantId == "" || clientId == "" {
if noPush {
logrus.Warnf("NO_PUSH mode: tenantId or clientId not provided for OIDC")
return "", nil
}
return "", fmt.Errorf("tenantId and clientId must be provided for OIDC authentication")
}
logrus.Debug("Using OIDC authentication flow")
// Exchange OIDC ID token for AAD access token via client_assertion
aadAccessToken, err = azureutil.GetAADAccessTokenViaClientAssertion(context.Background(), tenantId, clientId, oidcIdToken, authorityHost)
if err != nil {
@@ -565,16 +565,21 @@ func setupAuth(tenantId, clientId, oidcIdToken, cert,
if err != nil {
return handleError(noPush, err, "failed to fetch ACR token")
}
} else if clientSecret != "" || cert != "" {
} else {
logrus.Debug("Using traditional Azure AD authentication flow")
// Validate that if tenantId is provided, clientId must also be provided
// (unless using managed identity with no explicit tenantId)
if tenantId != "" && clientId == "" && clientSecret == "" && cert == "" {
if noPush {
logrus.Warnf("NO_PUSH mode: tenantId provided but clientId is missing")
return "", nil
}
return "", fmt.Errorf("tenantId and clientId must be provided")
}
acrToken, publicUrl, err = getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry)
if err != nil {
return handleError(noPush, err, "failed to fetch ACR Token")
}
} else {
if noPush {
return "", nil
}
return "", fmt.Errorf("managed authentication is not supported")
}
if err := setDockerAuth(username, acrToken, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
@@ -593,10 +598,46 @@ func handleError(noPush bool, err error, msg string) (string, error) {
}
func getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry string) (string, string, error) {
// Handle managed identity (when no clientSecret or cert provided)
if clientSecret == "" && cert == "" {
if tenantId == "" {
tenantId = os.Getenv("AZURE_TENANT_ID")
if tenantId == "" {
tenantId = os.Getenv("TENANT_ID")
}
}
opts := &azidentity.DefaultAzureCredentialOptions{}
if tenantId != "" {
opts.TenantID = tenantId
}
cred, err := azidentity.NewDefaultAzureCredential(opts)
if err != nil {
return "", "", errors.Wrap(err, "failed to get credentials")
}
policy := policy.TokenRequestOptions{
Scopes: []string{"https://management.azure.com/.default"},
}
azToken, err := cred.GetToken(context.Background(), policy)
if err != nil {
return "", "", errors.Wrap(err, "failed to fetch access token")
}
publicUrl, err := getPublicUrl(azToken.Token, registry, subscriptionId)
if err != nil {
fmt.Fprintf(os.Stderr, "failed to get public url with error: %s\n", err)
}
if tenantId == "" {
return "", "", fmt.Errorf("tenantId cannot be empty for ACR token exchange")
}
ACRToken, err := fetchACRToken(tenantId, azToken.Token, registry)
if err != nil {
return "", "", errors.Wrap(err, "failed to fetch ACR token")
}
return ACRToken, publicUrl, nil
}
if tenantId == "" {
return "", "", fmt.Errorf("tenantId can't be empty for AAD authentication")
}
if clientId == "" {
return "", "", fmt.Errorf("clientId can't be empty for AAD authentication")
}
cmd/kaniko-acr/main_test.go
+49
View File
@@ -387,3 +387,52 @@ func TestSetupAuth_NoCreds_NoPushTrue(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, "", pub)
}
// Test cases for managed identity support
func TestSetupAuth_ManagedIdentity_NoPush_Positive(t *testing.T) {
// Positive test: Managed identity flow with noPush=true should succeed
// This tests the new managed identity support when no credentials are provided
pub, err := setupAuth("tenant123", "", "", "", "", "sub", "myregistry.azurecr.io", "", "", "", "", true)
assert.NoError(t, err)
assert.Equal(t, "", pub)
}
func TestSetupAuth_TenantIdButNoClientId_ManagedIdentity(t *testing.T) {
// Negative test: When tenantId is provided but clientId is missing for managed identity,
// it should fail (unless noPush is true)
pub, err := setupAuth("tenant123", "", "", "", "", "sub", "myregistry.azurecr.io", "", "", "", "", false)
assert.Error(t, err)
assert.Contains(t, err.Error(), "tenantId and clientId must be provided")
assert.Equal(t, "", pub)
}
func TestGetACRToken_ManagedIdentity_NoTenantId(t *testing.T) {
// Negative test: Managed identity requires tenantId for ACR token exchange
// Clear environment variables to ensure tenantId is not available
originalTenantId := os.Getenv("AZURE_TENANT_ID")
originalTenantId2 := os.Getenv("TENANT_ID")
defer func() {
if originalTenantId != "" {
os.Setenv("AZURE_TENANT_ID", originalTenantId)
} else {
os.Unsetenv("AZURE_TENANT_ID")
}
if originalTenantId2 != "" {
os.Setenv("TENANT_ID", originalTenantId2)
} else {
os.Unsetenv("TENANT_ID")
}
}()
os.Unsetenv("AZURE_TENANT_ID")
os.Unsetenv("TENANT_ID")
// Managed identity path without tenantId should fail
// The failure occurs when DefaultAzureCredential tries to acquire a token
// since tenantId is required for ACR token exchange but not available
_, _, err := getACRToken("sub", "", "", "", "", "myregistry.azurecr.io")
assert.Error(t, err)
// The error will be from DefaultAzureCredential failing to acquire a token
// because tenantId is missing and no credentials are available
assert.Contains(t, err.Error(), "failed to fetch access token")
}
docker/gcr/Dockerfile.linux.amd64
+1 -1
View File
@@ -1,4 +1,4 @@
FROM gcr.io/kaniko-project/executor:v1.23.2
FROM harnesscommunity/kaniko-executor:1.25.0-linux-amd64
ENV KANIKO_VERSION=1.23.2
ADD release/linux/amd64/kaniko-gcr /kaniko/
docker/gcr/Dockerfile.linux.arm64
+1 -1
View File
@@ -1,4 +1,4 @@
FROM gcr.io/kaniko-project/executor:v1.23.2
FROM harnesscommunity/kaniko-executor:1.25.0-linux-arm64
ENV HOME /root
ENV USER root
go.mod
+4 -6
View File
@@ -17,7 +17,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.11.1
github.com/urfave/cli v1.22.15
github.com/urfave/cli v1.22.16
golang.org/x/mod v0.26.0
)
@@ -35,7 +35,7 @@ require (
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/cli v27.5.0+incompatible // indirect
github.com/docker/cli v29.3.0+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
@@ -49,7 +49,7 @@ require (
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/vbatts/tar-split v0.11.6 // indirect
github.com/vbatts/tar-split v0.12.2 // indirect
golang.org/x/crypto v0.41.0 // indirect
golang.org/x/net v0.43.0 // indirect
golang.org/x/sync v0.16.0 // indirect
@@ -58,6 +58,4 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
)
go 1.23.0
toolchain go1.23.8
go 1.25.10
go.sum
+8 -8
View File
@@ -10,7 +10,7 @@ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJ
github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
github.com/aws/aws-sdk-go v1.44.52 h1:kHLbYJj59C7VrsLM4gm7pxsvaNIvhXCCIDYEFFoQ+VE=
github.com/aws/aws-sdk-go v1.44.52/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go-v2 v1.16.7 h1:zfBwXus3u14OszRxGcqCDS4MfMCv10e8SMJ2r8Xm0Ns=
@@ -43,14 +43,14 @@ github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRcc
github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM=
github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v29.3.0+incompatible h1:z3iWveU7h19Pqx7alZES8j+IeFQZ1lhTwb2F+V9SVvk=
github.com/docker/cli v29.3.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
@@ -111,10 +111,10 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs=
github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI=
github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4=
github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
kaniko.go
+9 -1
View File
@@ -227,7 +227,15 @@ func (p Plugin) Exec() error {
}
if _, err := os.Stat(p.Build.Dockerfile); os.IsNotExist(err) {
return fmt.Errorf("dockerfile does not exist at path: %s", p.Build.Dockerfile)
// Get absolute path for better error message. If path is empty, this will
// return the current working directory, showing where the plugin looked.
absPath, absErr := filepath.Abs(p.Build.Dockerfile)
if absErr != nil {
absPath = p.Build.Dockerfile
}
return fmt.Errorf("dockerfile does not exist at path: %s", absPath)
}
var tags = p.Build.Tags