Upgrade kaniko version to 1.7.0

* allow --no-push to build without authentication

* linting

* setup no-push auth when credentials are not empty

.drone.yml

@@ -4,7 +4,7 @@ name: default
 
 steps:
 - name: build
-  image: golang
+  image: golang:1.17.2
   commands:
   - go test ./...
   - sh scripts/build.sh

.gitignore

@@ -1,3 +1,4 @@
 release
 coverage.out
 vendor
+.idea

README.md

@@ -51,3 +51,35 @@ docker run --rm \
     -w /drone \
     plugins/kaniko:linux-amd64
 ```
+
+### Automatic Tagging
+
+With auto tagging enabled, semantic versions can be passed to PLUGIN_TAGS directly for expansion:
+
+```console
+docker run --rm \
+    -e PLUGIN_TAGS=v1.2.3,latest \
+    -e PLUGIN_AUTO_TAG=true \
+    -v $(pwd):/drone \
+    -w /drone \
+    plugins/kaniko:linux-amd64
+```
+would both be equivalent to
+
+```
+PLUGIN_TAGS=1,1.2,1.2.3,latest
+```
+
+This allows for passing `$DRONE_TAG` directly as a tag for repos that use [semver](https://semver.org) tags.
+
+To avoid confusion between repo tags and image tags, `PLUGIN_AUTO_TAG` also recognizes a semantic version
+without the `v` prefix.  As such, the following is also equivalent to the above:
+
+```console
+docker run --rm \
+    -e PLUGIN_TAGS=1.2.3,latest \
+    -e PLUGIN_AUTO_TAG=true \
+    -v $(pwd):/drone \
+    -w /drone \
+    plugins/kaniko:linux-amd64
+```

cmd/kaniko-docker/main.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strings"
 
 	"github.com/joho/godotenv"
 	"github.com/pkg/errors"
@@ -12,7 +13,7 @@ import (
 	"github.com/urfave/cli"
 
 	kaniko "github.com/drone/drone-kaniko"
-	"github.com/drone/drone-kaniko/cmd/artifact"
+	"github.com/drone/drone-kaniko/pkg/artifact"
 )
 
 const (
@@ -20,8 +21,9 @@ const (
 	dockerPath       string = "/kaniko/.docker"
 	dockerConfigPath string = "/kaniko/.docker/config.json"
 
-	v1Registry string = "https://index.docker.io/v1/" // Default registry
-	v2Registry string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v1RegistryURL    string = "https://index.docker.io/v1/" // Default registry
+	v2RegistryURL    string = "https://index.docker.io/v2/" // v2 registry is not supported
+	v2HubRegistryURL string = "https://registry.hub.docker.com/v2/"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -33,7 +35,9 @@ var (
 func main() {
 	// Load env-file if it exists first
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
+		if err := godotenv.Load(env); err != nil {
+			logrus.Fatal(err)
+		}
 	}
 
 	app := cli.NewApp()
@@ -61,6 +65,11 @@ func main() {
 			EnvVar:   "PLUGIN_TAGS",
 			FilePath: ".tags",
 		},
+		cli.BoolFlag{
+			Name:   "auto_tag",
+			Usage:  "enable for semver tagging",
+			EnvVar: "PLUGIN_AUTO_TAG",
+		},
 		cli.StringSliceFlag{
 			Name:   "args",
 			Usage:  "build args",
@@ -84,7 +93,7 @@ func main() {
 		cli.StringFlag{
 			Name:   "registry",
 			Usage:  "docker registry",
-			Value:  v1Registry,
+			Value:  v1RegistryURL,
 			EnvVar: "PLUGIN_REGISTRY",
 		},
 		cli.StringFlag{
@@ -132,6 +141,16 @@ func main() {
 			Usage:  "Set this flag if you only want to build the image, without pushing to a registry",
 			EnvVar: "PLUGIN_NO_PUSH",
 		},
+		cli.StringFlag{
+			Name:   "verbosity",
+			Usage:  "Set this flag with value as oneof <panic|fatal|error|warn|info|debug|trace> to set the logging level for kaniko. Defaults to info.",
+			EnvVar: "PLUGIN_VERBOSITY",
+		},
+		cli.StringFlag{
+			Name:   "platform",
+			Usage:  "Allows to build with another default platform than the host, similarly to docker build --platform",
+			EnvVar: "PLUGIN_PLATFORM",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -140,9 +159,14 @@ func main() {
 }
 
 func run(c *cli.Context) error {
-	err := createDockerCfgFile(c.String("username"), c.String("password"), c.String("registry"))
-	if err != nil {
-		return err
+	username := c.String("username")
+	noPush := c.Bool("no-push")
+
+	// only setup auth when pushing or credentials are defined
+	if !noPush || username != "" {
+		if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
+			return err
+		}
 	}
 
 	plugin := kaniko.Plugin{
@@ -150,6 +174,7 @@ func run(c *cli.Context) error {
 			Dockerfile:    c.String("dockerfile"),
 			Context:       c.String("context"),
 			Tags:          c.StringSlice("tags"),
+			AutoTag:       c.Bool("auto_tag"),
 			Args:          c.StringSlice("args"),
 			Target:        c.String("target"),
 			Repo:          c.String("repo"),
@@ -160,11 +185,13 @@ func run(c *cli.Context) error {
 			CacheRepo:     c.String("cache-repo"),
 			CacheTTL:      c.Int("cache-ttl"),
 			DigestFile:    defaultDigestFile,
-			NoPush:        c.Bool("no-push"),
+			NoPush:        noPush,
+			Verbosity:     c.String("verbosity"),
+			Platform:      c.String("platform"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
-			Repo:         c.String("repo"),
+			Repo:         buildRepo(c.String("registry"), c.String("repo")),
 			Registry:     c.String("registry"),
 			ArtifactFile: c.String("artifact-file"),
 			RegistryType: artifact.Docker,
@@ -185,10 +212,10 @@ func createDockerCfgFile(username, password, registry string) error {
 		return fmt.Errorf("Registry must be specified")
 	}
 
-	if registry == v2Registry {
+	if registry == v2RegistryURL || registry == v2HubRegistryURL {
 		fmt.Println("Docker v2 registry is not supported in kaniko. Refer issue: https://github.com/GoogleContainerTools/kaniko/issues/1209")
-		fmt.Printf("Using v1 registry instead: %s\n", v1Registry)
-		registry = v1Registry
+		fmt.Printf("Using v1 registry instead: %s\n", v1RegistryURL)
+		registry = v1RegistryURL
 	}
 
 	err := os.MkdirAll(dockerPath, 0600)
@@ -205,3 +232,17 @@ func createDockerCfgFile(username, password, registry string) error {
 	}
 	return nil
 }
+
+func buildRepo(registry, repo string) string {
+	if registry == "" {
+		// No custom registry, just return the repo name
+		return repo
+	}
+	if strings.HasPrefix(repo, registry + "/") {
+		// Repo already includes the registry prefix
+		// For backward compatibility, we won't add the prefix again.
+		return repo
+	}
+	// Prefix the repo with the registry
+	return registry + "/" + repo
+}

cmd/kaniko-docker/main_test.go

@@ -0,0 +1,37 @@
+package main
+
+import "testing"
+
+func Test_buildRepo(t *testing.T) {
+	tests := []struct {
+		name     string
+		registry string
+		repo     string
+		want     string
+	}{
+		{
+			name: "dockerhub",
+			repo: "golang",
+			want: "golang",
+		},
+		{
+			name:     "internal",
+			registry: "artifactory.example.com",
+			repo:     "service",
+			want:     "artifactory.example.com/service",
+		},
+		{
+			name:     "backward_compatibility",
+			registry: "artifactory.example.com",
+			repo:     "artifactory.example.com/service",
+			want:     "artifactory.example.com/service",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := buildRepo(tt.registry, tt.repo); got != tt.want {
+				t.Errorf("buildRepo(%q, %q) = %v, want %v", tt.registry, tt.repo, got, tt.want)
+			}
+		})
+	}
+}

cmd/kaniko-ecr/main.go

@@ -1,23 +1,32 @@
 package main
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strings"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ecr"
+	"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
+	"github.com/aws/smithy-go"
+	kaniko "github.com/drone/drone-kaniko"
+	"github.com/drone/drone-kaniko/pkg/artifact"
+	"github.com/drone/drone-kaniko/pkg/docker"
 	"github.com/joho/godotenv"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
-
-	kaniko "github.com/drone/drone-kaniko"
-	"github.com/drone/drone-kaniko/cmd/artifact"
 )
 
 const (
 	accessKeyEnv     string = "AWS_ACCESS_KEY_ID"
 	secretKeyEnv     string = "AWS_SECRET_ACCESS_KEY"
 	dockerConfigPath string = "/kaniko/.docker/config.json"
+	ecrPublicDomain  string = "public.ecr.aws"
 
 	defaultDigestFile string = "/kaniko/digest-file"
 )
@@ -29,7 +38,9 @@ var (
 func main() {
 	// Load env-file if it exists first
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
+		if err := godotenv.Load(env); err != nil {
+			logrus.Fatal(err)
+		}
 	}
 
 	app := cli.NewApp()
@@ -44,6 +55,16 @@ func main() {
 			Value:  "Dockerfile",
 			EnvVar: "PLUGIN_DOCKERFILE",
 		},
+		cli.StringFlag{
+			Name:   "docker-username",
+			Usage:  "docker username",
+			EnvVar: "PLUGIN_USERNAME,DOCKER_USERNAME",
+		},
+		cli.StringFlag{
+			Name:   "docker-password",
+			Usage:  "docker password",
+			EnvVar: "PLUGIN_PASSWORD,DOCKER_PASSWORD",
+		},
 		cli.StringFlag{
 			Name:   "context",
 			Usage:  "build context",
@@ -57,6 +78,11 @@ func main() {
 			EnvVar:   "PLUGIN_TAGS",
 			FilePath: ".tags",
 		},
+		cli.BoolFlag{
+			Name:   "auto_tag",
+			Usage:  "enable for semver tagging",
+			EnvVar: "PLUGIN_AUTO_TAG",
+		},
 		cli.StringSliceFlag{
 			Name:   "args",
 			Usage:  "build args",
@@ -72,6 +98,17 @@ func main() {
 			Usage:  "docker repository",
 			EnvVar: "PLUGIN_REPO",
 		},
+		cli.BoolFlag{
+			Name:   "create-repository",
+			Usage:  "create ECR repository",
+			EnvVar: "PLUGIN_CREATE_REPOSITORY",
+		},
+		cli.StringFlag{
+			Name:   "region",
+			Usage:  "AWS region",
+			Value:  "us-east-1",
+			EnvVar: "PLUGIN_REGION",
+		},
 		cli.StringSliceFlag{
 			Name:   "custom-labels",
 			Usage:  "additional k=v labels",
@@ -97,6 +134,16 @@ func main() {
 			Usage:  "Specify one of full, redo or time as snapshot mode",
 			EnvVar: "PLUGIN_SNAPSHOT_MODE",
 		},
+		cli.StringFlag{
+			Name:   "lifecycle-policy",
+			Usage:  "Path to lifecycle policy file",
+			EnvVar: "PLUGIN_LIFECYCLE_POLICY",
+		},
+		cli.StringFlag{
+			Name:   "repository-policy",
+			Usage:  "Path to repository policy file",
+			EnvVar: "PLUGIN_REPOSITORY_POLICY",
+		},
 		cli.BoolFlag{
 			Name:   "enable-cache",
 			Usage:  "Set this flag to opt into caching with kaniko",
@@ -122,6 +169,16 @@ func main() {
 			Usage:  "Set this flag if you only want to build the image, without pushing to a registry",
 			EnvVar: "PLUGIN_NO_PUSH",
 		},
+		cli.StringFlag{
+			Name:   "verbosity",
+			Usage:  "Set this flag with value as oneof <panic|fatal|error|warn|info|debug|trace> to set the logging level for kaniko. Defaults to info.",
+			EnvVar: "PLUGIN_VERBOSITY",
+		},
+		cli.StringFlag{
+			Name:   "platform",
+			Usage:  "Allows to build with another default platform than the host, similarly to docker build --platform",
+			EnvVar: "PLUGIN_PLATFORM",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -130,16 +187,65 @@ func main() {
 }
 
 func run(c *cli.Context) error {
-	err := setupECRAuth(c.String("access-key"), c.String("secret-key"), c.String("registry"))
+	repo := c.String("repo")
+	registry := c.String("registry")
+	region := c.String("region")
+	noPush := c.Bool("no-push")
+
+	dockerConfig, err := createDockerConfig(
+		c.String("docker-username"),
+		c.String("docker-password"),
+		c.String("access-key"),
+		c.String("secret-key"),
+		registry,
+		noPush,
+	)
 	if err != nil {
 		return err
 	}
 
+	jsonBytes, err := json.Marshal(dockerConfig)
+	if err != nil {
+		return err
+	}
+
+	if err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644); err != nil {
+		return err
+	}
+
+	// only create repository when pushing and create-repository is true
+	if !noPush && c.Bool("create-repository") {
+		if err := createRepository(region, repo, registry); err != nil {
+			return err
+		}
+	}
+
+	if c.IsSet("lifecycle-policy") {
+		contents, err := ioutil.ReadFile(c.String("lifecycle-policy"))
+		if err != nil {
+			logrus.Fatal(err)
+		}
+		if err := uploadLifeCyclePolicy(region, repo, string(contents)); err != nil {
+			logrus.Fatal(fmt.Sprintf("error uploading ECR lifecycle policy: %v", err))
+		}
+	}
+
+	if c.IsSet("repository-policy") {
+		contents, err := ioutil.ReadFile(c.String("repository-policy"))
+		if err != nil {
+			logrus.Fatal(err)
+		}
+		if err := uploadRepositoryPolicy(region, repo, registry, string(contents)); err != nil {
+			logrus.Fatal(fmt.Sprintf("error uploading ECR lifecycle policy: %v", err))
+		}
+	}
+
 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
 			Dockerfile:   c.String("dockerfile"),
 			Context:      c.String("context"),
 			Tags:         c.StringSlice("tags"),
+			AutoTag:      c.Bool("auto_tag"),
 			Args:         c.StringSlice("args"),
 			Target:       c.String("target"),
 			Repo:         fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
@@ -149,7 +255,9 @@ func run(c *cli.Context) error {
 			CacheRepo:    fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
 			CacheTTL:     c.Int("cache-ttl"),
 			DigestFile:   defaultDigestFile,
-			NoPush:       c.Bool("no-push"),
+			NoPush:       noPush,
+			Verbosity:    c.String("verbosity"),
+			Platform:     c.String("platform"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -162,28 +270,119 @@ func run(c *cli.Context) error {
 	return plugin.Exec()
 }
 
-func setupECRAuth(accessKey, secretKey, registry string) error {
+func createDockerConfig(dockerUsername, dockerPassword, accessKey, secretKey, registry string, noPush bool) (*docker.Config, error) {
+	dockerConfig := docker.NewConfig()
+
+	if dockerUsername != "" {
+		dockerConfig.SetAuth(docker.RegistryV1, dockerUsername, dockerPassword)
+	}
+
+	// only setup auth when pushing or credentials are defined
+	if !noPush || accessKey != "" {
+		if registry == "" {
+			return nil, fmt.Errorf("registry must be specified")
+		}
+
+		// If IAM role is used, access key & secret key are not required
+		if accessKey != "" && secretKey != "" {
+			err := os.Setenv(accessKeyEnv, accessKey)
+			if err != nil {
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
+			}
+
+			err = os.Setenv(secretKeyEnv, secretKey)
+			if err != nil {
+				return nil, errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+			}
+		}
+
+		dockerConfig.SetCredHelper(ecrPublicDomain, "ecr-login")
+		dockerConfig.SetCredHelper(registry, "ecr-login")
+	}
+
+	return dockerConfig, nil
+}
+
+func createRepository(region, repo, registry string) error {
 	if registry == "" {
 		return fmt.Errorf("registry must be specified")
 	}
 
-	// If IAM role is used, access key & secret key are not required
-	if accessKey != "" && secretKey != "" {
-		err := os.Setenv(accessKeyEnv, accessKey)
-		if err != nil {
-			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
-		}
-
-		err = os.Setenv(secretKeyEnv, secretKey)
-		if err != nil {
-			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
-		}
+	if repo == "" {
+		return fmt.Errorf("repo must be specified")
 	}
 
-	jsonBytes := []byte(fmt.Sprintf(`{"credStore": "ecr-login", "credHelpers": {"public.ecr.aws": "ecr-login", "%s": "ecr-login"}}`, registry))
-	err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
+	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
 	if err != nil {
-		return errors.Wrap(err, "failed to create docker config file")
+		return errors.Wrap(err, "failed to load aws config")
 	}
+
+	var createErr error
+
+	//create public repo
+	//if registry string starts with public domain (ex: public.ecr.aws/example-registry)
+	if isRegistryPublic(registry) {
+		svc := ecrpublic.NewFromConfig(cfg)
+		_, createErr = svc.CreateRepository(context.TODO(), &ecrpublic.CreateRepositoryInput{RepositoryName: &repo})
+		//create private repo
+	} else {
+		svc := ecr.NewFromConfig(cfg)
+		_, createErr = svc.CreateRepository(context.TODO(), &ecr.CreateRepositoryInput{RepositoryName: &repo})
+	}
+
+	var apiError smithy.APIError
+	if errors.As(createErr, &apiError) && apiError.ErrorCode() != "RepositoryAlreadyExistsException" {
+		return errors.Wrap(createErr, "failed to create repository")
+	}
+
 	return nil
 }
+
+func uploadLifeCyclePolicy(region, repo, lifecyclePolicy string) (err error) {
+	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+	if err != nil {
+		return errors.Wrap(err, "failed to load aws config")
+	}
+
+	svc := ecr.NewFromConfig(cfg)
+
+	input := &ecr.PutLifecyclePolicyInput{
+		LifecyclePolicyText: aws.String(lifecyclePolicy),
+		RepositoryName:      aws.String(repo),
+	}
+	_, err = svc.PutLifecyclePolicy(context.TODO(), input)
+
+	return err
+}
+
+func uploadRepositoryPolicy(region, repo, registry, repositoryPolicy string) (err error) {
+	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+	if err != nil {
+		return errors.Wrap(err, "failed to load aws config")
+	}
+
+	if isRegistryPublic(registry) {
+		svc := ecrpublic.NewFromConfig(cfg)
+
+		input := &ecrpublic.SetRepositoryPolicyInput{
+			PolicyText:     aws.String(repositoryPolicy),
+			RepositoryName: aws.String(repo),
+		}
+		_, err = svc.SetRepositoryPolicy(context.TODO(), input)
+	} else {
+
+		svc := ecr.NewFromConfig(cfg)
+
+		input := &ecr.SetRepositoryPolicyInput{
+			PolicyText:     aws.String(repositoryPolicy),
+			RepositoryName: aws.String(repo),
+		}
+		_, err = svc.SetRepositoryPolicy(context.TODO(), input)
+	}
+
+	return err
+}
+
+func isRegistryPublic(registry string) bool {
+	return strings.HasPrefix(registry, ecrPublicDomain)
+}

cmd/kaniko-ecr/main_test.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/drone/drone-kaniko/pkg/docker"
+)
+
+func TestCreateDockerConfig(t *testing.T) {
+	got, err := createDockerConfig(
+		"docker-username",
+		"docker-password",
+		"access-key",
+		"secret-key",
+		"ecr-registry",
+		false,
+	)
+	if err != nil {
+		t.Error("failed to create docker config")
+	}
+
+	want := docker.NewConfig()
+	want.SetAuth(docker.RegistryV1, "docker-username", "docker-password")
+	want.SetCredHelper(docker.RegistryECRPublic, "ecr-login")
+	want.SetCredHelper("ecr-registry", "ecr-login")
+
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("not equal:\n  want: %#v\n   got: %#v", want, got)
+	}
+}

cmd/kaniko-gcr/main.go

@@ -11,7 +11,7 @@ import (
 	"github.com/urfave/cli"
 
 	kaniko "github.com/drone/drone-kaniko"
-	"github.com/drone/drone-kaniko/cmd/artifact"
+	"github.com/drone/drone-kaniko/pkg/artifact"
 )
 
 const (
@@ -29,7 +29,9 @@ var (
 func main() {
 	// Load env-file if it exists first
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
-		godotenv.Load(env)
+		if err := godotenv.Load(env); err != nil {
+			logrus.Fatal(err)
+		}
 	}
 
 	app := cli.NewApp()
@@ -57,6 +59,11 @@ func main() {
 			EnvVar:   "PLUGIN_TAGS",
 			FilePath: ".tags",
 		},
+		cli.BoolFlag{
+			Name:   "auto_tag",
+			Usage:  "enable for semver tagging",
+			EnvVar: "PLUGIN_AUTO_TAG",
+		},
 		cli.StringSliceFlag{
 			Name:   "args",
 			Usage:  "build args",
@@ -118,6 +125,16 @@ func main() {
 			Usage:  "Set this flag if you only want to build the image, without pushing to a registry",
 			EnvVar: "PLUGIN_NO_PUSH",
 		},
+		cli.StringFlag{
+			Name:   "verbosity",
+			Usage:  "Set this flag as --verbosity=<panic|fatal|error|warn|info|debug|trace> to set the logging level for kaniko. Defaults to info.",
+			EnvVar: "PLUGIN_VERBOSITY",
+		},
+		cli.StringFlag{
+			Name:   "platform",
+			Usage:  "Allows to build with another default platform than the host, similarly to docker build --platform",
+			EnvVar: "PLUGIN_PLATFORM",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -126,13 +143,16 @@ func main() {
 }
 
 func run(c *cli.Context) error {
-	err := setupGCRAuth(c.String("json-key"))
-	if err != nil {
-		return err
-	}
+	noPush := c.Bool("no-push")
+	jsonKey := c.String("json-key")
 
-	if c.String("repo") == "" {
-		return fmt.Errorf("repo must be specified")
+	// JSON key may not be set in the following cases:
+	// 1. Image does not need to be pushed to GCR.
+	// 2. Workload identity is set on GKE in which pod will inherit the credentials via service account.
+	if jsonKey != "" {
+		if err := setupGCRAuth(jsonKey); err != nil {
+			return err
+		}
 	}
 
 	plugin := kaniko.Plugin{
@@ -140,6 +160,7 @@ func run(c *cli.Context) error {
 			Dockerfile:   c.String("dockerfile"),
 			Context:      c.String("context"),
 			Tags:         c.StringSlice("tags"),
+			AutoTag:      c.Bool("auto_tag"),
 			Args:         c.StringSlice("args"),
 			Target:       c.String("target"),
 			Repo:         fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
@@ -149,7 +170,9 @@ func run(c *cli.Context) error {
 			CacheRepo:    fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
 			CacheTTL:     c.Int("cache-ttl"),
 			DigestFile:   defaultDigestFile,
-			NoPush:       c.Bool("no-push"),
+			NoPush:       noPush,
+			Verbosity:    c.String("verbosity"),
+			Platform:     c.String("platform"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -163,10 +186,6 @@ func run(c *cli.Context) error {
 }
 
 func setupGCRAuth(jsonKey string) error {
-	if jsonKey == "" {
-		return fmt.Errorf("GCR JSON key must be specified")
-	}
-
 	err := ioutil.WriteFile(gcrKeyPath, []byte(jsonKey), 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to write GCR JSON key")

docker/docker/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ADD release/linux/amd64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]

docker/docker/Dockerfile.linux.arm64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ENV HOME /root
 ENV USER root

docker/ecr/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ADD release/linux/amd64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]

docker/ecr/Dockerfile.linux.arm64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ENV HOME /root
 ENV USER root

docker/gcr/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ADD release/linux/amd64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]

docker/gcr/Dockerfile.linux.arm64

@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.5.2
+FROM gcr.io/kaniko-project/executor:v1.7.0
 
 ENV HOME /root
 ENV USER root

go.mod

@@ -1,10 +1,33 @@
 module github.com/drone/drone-kaniko
 
 require (
+	github.com/aws/aws-sdk-go-v2 v1.8.1
+	github.com/aws/aws-sdk-go-v2/config v1.6.1
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.4.3
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.3
+	github.com/aws/smithy-go v1.7.0
+	github.com/google/go-cmp v0.5.6
 	github.com/joho/godotenv v1.3.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.3.0
 	github.com/urfave/cli v1.22.2
+	golang.org/x/mod v0.4.2
 )
 
-go 1.13
+require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.4.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.6.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 // indirect
+	golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
+)
+
+go 1.17

go.sum

@@ -1,8 +1,38 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/aws/aws-sdk-go-v2 v1.8.1 h1:GcFgQl7MsBygmeeqXyV1ivrTEmsVz/rdFJaTcltG9ag=
+github.com/aws/aws-sdk-go-v2 v1.8.1/go.mod h1:xEFuWz+3TYdlPRuo+CqATbeDWIWyaT5uAPwPaWtgse0=
+github.com/aws/aws-sdk-go-v2/config v1.6.1 h1:qrZINaORyr78syO1zfD4l7r4tZjy0Z1l0sy4jiysyOM=
+github.com/aws/aws-sdk-go-v2/config v1.6.1/go.mod h1:t/y3UPu0XEDy0cEw6mvygaBQaPzWiYAxfP2SzgtvclA=
+github.com/aws/aws-sdk-go-v2/credentials v1.3.3 h1:A13QPatmUl41SqUfnuT3V0E3XiNGL6qNTOINbE8cZL4=
+github.com/aws/aws-sdk-go-v2/credentials v1.3.3/go.mod h1:oVieKMT3m9BSfqhOfuQ+E0j/yN84ZAJ7Qv8Sfume/ak=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.4.1 h1:rc+fRGvlKbeSd9IFhFS1KWBs0XjTkq0CfK5xqyLgIp0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.4.1/go.mod h1:+GTydg3uHmVlQdkRoetz6VHKbOMEYof70m19IpMLifc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.2.1 h1:IkqRRUZTKaS16P2vpX+FNc2jq3JWa3c478gykQp4ow4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.2.1/go.mod h1:Pv3WenDjI0v2Jl7UaMFIIbPOBbhn33RmmAmGgkXDoqY=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.4.3 h1:d356GPVp5MzJ4n/xCBc26wLmRti0DoWO4WzNfxSesrY=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.4.3/go.mod h1:HlFOVFXSvCfI2oUmd/Vv1IZKJhEVFQru38BBupEYWxs=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.3 h1:EU9GrpMtGLCklSMLjuU6AZGG5wu6aiowxIgbfWwxrgs=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.3/go.mod h1:AAI7iB1GPqxjyKHbzLpBJdmH9/dPr34pxeLFdkKsONA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.3 h1:VxFCgxsqWe7OThOwJ5IpFX3xrObtuIH9Hg/NW7oot1Y=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.3/go.mod h1:7gcsONBmFoCcKrAqrm95trrMd2+C/ReYKP7Vfu8yHHA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.3.3 h1:K2gCnGvAASpz+jqP9iyr+F/KNjmTYf8aWOtTQzhmZ5w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.3.3/go.mod h1:Jgw5O+SK7MZ2Yi9Yvzb4PggAPYaFSliiQuWR0hNjexk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.6.2 h1:l504GWCoQi1Pk68vSUFGLmDIEMzRfVGNgLakDK+Uj58=
+github.com/aws/aws-sdk-go-v2/service/sts v1.6.2/go.mod h1:RBhoMJB8yFToaCnbe0jNq5Dcdy0jp6LhHqg55rjClkM=
+github.com/aws/smithy-go v1.7.0 h1:+cLHMRrDZvQ4wk+KuQ9yH6eEg6KZEJ9RI2IkDqnygCg=
+github.com/aws/smithy-go v1.7.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
@@ -17,16 +47,32 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.3.0 h1:hI/7Q+DtNZ2kINb6qt/lS+IyXnHQe9e90POfeewL/ME=
 github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 h1:u+LnwYTOOW7Ukr/fppxEb1Nwz0AtPflrblfvUudpo+I=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

kaniko.go

@@ -7,7 +7,8 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/drone/drone-kaniko/cmd/artifact"
+	"github.com/drone/drone-kaniko/pkg/artifact"
+	"golang.org/x/mod/semver"
 )
 
 type (
@@ -16,6 +17,7 @@ type (
 		Dockerfile    string   // Docker build Dockerfile
 		Context       string   // Docker build context
 		Tags          []string // Docker build tags
+		AutoTag       bool     // Set this to create semver-tagged labels
 		Args          []string // Docker build args
 		Target        string   // Docker build target
 		Repo          string   // Docker build repository
@@ -27,7 +29,10 @@ type (
 		CacheTTL      int      // Cache timeout in hours
 		DigestFile    string   // Digest file location
 		NoPush        bool     // Set this flag if you only want to build the image, without pushing to a registry
+		Verbosity     string   // Log level
+		Platform      string   // Allows to build with another default platform than the host, similarly to docker build --platform
 	}
+
 	// Artifact defines content of artifact file
 	Artifact struct {
 		Tags         []string                  // Docker artifact tags
@@ -44,9 +49,50 @@ type (
 	}
 )
 
+// labelsForTag returns the labels to use for the given tag, subject to the value of AutoTag.
+//
+// Build information (e.g. +linux_amd64) is carried through to all labels.
+// Pre-release information (e.g. -rc1) suppresses major and major+minor auto-labels.
+func (b Build) labelsForTag(tag string) (labels []string) {
+	// We strip "v" off of the beginning of semantic versions, as they are not used in docker tags
+	const VersionPrefix = "v"
+
+	// Semantic Versions don't allow underscores, so replace them with dashes.
+	//   https://semver.org/
+	semverTag := strings.ReplaceAll(tag, "_", "-")
+
+	// Allow tags of the form "1.2.3" as well as "v1.2.3" to avoid confusion.
+	if withV := VersionPrefix + semverTag; !semver.IsValid(semverTag) && semver.IsValid(withV) {
+		semverTag = withV
+	}
+
+	// Pass through tags if auto-tag is not set, or if the tag is not a semantic version
+	if !b.AutoTag || !semver.IsValid(semverTag) {
+		return []string{tag}
+	}
+	tag = semverTag
+
+	// If the version is pre-release, only the full release should be tagged, not the major/minor versions.
+	if semver.Prerelease(tag) != "" {
+		return []string{
+			strings.TrimPrefix(tag, VersionPrefix),
+		}
+	}
+
+	// tagFor carries any build information from the semantic version through to major and minor tags.
+	labelFor := func(base string) string {
+		return strings.TrimPrefix(base, VersionPrefix) + semver.Build(tag)
+	}
+	return []string{
+		labelFor(semver.Major(tag)),
+		labelFor(semver.MajorMinor(tag)),
+		labelFor(semver.Canonical(tag)),
+	}
+}
+
 // Exec executes the plugin step
 func (p Plugin) Exec() error {
-	if p.Build.Repo == "" {
+	if !p.Build.NoPush && p.Build.Repo == "" {
 		return fmt.Errorf("repository name to publish image must be specified")
 	}
 
@@ -60,8 +106,12 @@ func (p Plugin) Exec() error {
 	}
 
 	// Set the destination repository
-	for _, tag := range p.Build.Tags {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--destination=%s:%s", p.Build.Repo, tag))
+	if !p.Build.NoPush {
+		for _, tag := range p.Build.Tags {
+			for _, label := range p.Build.labelsForTag(tag) {
+				cmdArgs = append(cmdArgs, fmt.Sprintf("--destination=%s:%s", p.Build.Repo, label))
+			}
+		}
 	}
 	// Set the build arguments
 	for _, arg := range p.Build.Args {
@@ -77,23 +127,23 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.Build.SkipTlsVerify {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--skip-tls-verify=true"))
+		cmdArgs = append(cmdArgs, "--skip-tls-verify=true")
 	}
 
 	if p.Build.SnapshotMode != "" {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshotMode=%s", p.Build.SnapshotMode))
 	}
 
-	if p.Build.EnableCache == true {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--cache=true"))
-	}
+	if p.Build.EnableCache {
+		cmdArgs = append(cmdArgs, "--cache=true")
 
-	if p.Build.CacheRepo != "" {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-repo=%s", p.Build.CacheRepo))
+		if p.Build.CacheRepo != "" {
+			cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-repo=%s", p.Build.CacheRepo))
+		}
 	}
 
 	if p.Build.CacheTTL != 0 {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-ttl=%d", p.Build.CacheTTL))
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-ttl=%dh", p.Build.CacheTTL))
 	}
 
 	if p.Build.DigestFile != "" {
@@ -101,7 +151,15 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.Build.NoPush {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--no-push"))
+		cmdArgs = append(cmdArgs, "--no-push")
+	}
+
+	if p.Build.Verbosity != "" {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--verbosity=%s", p.Build.Verbosity))
+	}
+
+	if p.Build.Platform != "" {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--customPlatform=%s", p.Build.Platform))
 	}
 
 	cmd := exec.Command("/kaniko/executor", cmdArgs...)

kaniko_test.go

@@ -1 +1,74 @@
 package kaniko
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func TestBuild_labelsForTag(t *testing.T) {
+	tests := []struct {
+		name     string
+		tag      string
+		autoTags []string
+	}{
+		{
+			name:     "semver",
+			tag:      "v1.2.3",
+			autoTags: []string{"1", "1.2", "1.2.3"},
+		},
+		{
+			name:     "no_patch",
+			tag:      "v1.2",
+			autoTags: []string{"1", "1.2", "1.2.0"},
+		},
+		{
+			name:     "only_major",
+			tag:      "v1",
+			autoTags: []string{"1", "1.0", "1.0.0"},
+		},
+		{
+			name:     "full_with_build",
+			tag:      "v1.2.3+build-info",
+			autoTags: []string{"1+build-info", "1.2+build-info", "1.2.3+build-info"},
+		},
+		{
+			name:     "build_with_underscores",
+			tag:      "v1.2.3+linux_amd64",
+			autoTags: []string{"1+linux-amd64", "1.2+linux-amd64", "1.2.3+linux-amd64"},
+		},
+		{
+			name:     "prerelease",
+			tag:      "v1.2.3-rc1",
+			autoTags: []string{"1.2.3-rc1"},
+		},
+		{
+			name:     "prerelease_with_build",
+			tag:      "v1.2.3-rc1+bld",
+			autoTags: []string{"1.2.3-rc1+bld"},
+		},
+		{
+			name:     "invalid_build",
+			tag:      "v1+bld", // can only include build detail with all three elements
+			autoTags: []string{"v1+bld"},
+		},
+		{
+			name:     "accidental_non_semver",
+			tag:      "1.2.3",
+			autoTags: []string{"1", "1.2", "1.2.3"},
+		},
+		{
+			name:     "non_semver",
+			tag:      "latest",
+			autoTags: []string{"latest"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tags := Build{AutoTag: true}.labelsForTag(tt.tag)
+			if got, want := tags, tt.autoTags; !cmp.Equal(got, want) {
+				t.Errorf("tagsFor(%q) = %q, want %q", tt.tag, got, want)
+			}
+		})
+	}
+}

pkg/docker/config.go

@@ -0,0 +1,34 @@
+package docker
+
+import (
+	"encoding/base64"
+	"fmt"
+)
+
+type (
+	Auth struct {
+		Auth string `json:"auth"`
+	}
+
+	Config struct {
+		Auths       map[string]Auth   `json:"auths"`
+		CredHelpers map[string]string `json:"credHelpers"`
+	}
+)
+
+func NewConfig() *Config {
+	return &Config{
+		Auths:       map[string]Auth{},
+		CredHelpers: map[string]string{},
+	}
+}
+
+func (c *Config) SetAuth(registry, username, password string) {
+	authBytes := []byte(fmt.Sprintf("%s:%s", username, password))
+	encodedString := base64.StdEncoding.EncodeToString(authBytes)
+	c.Auths[registry] = Auth{Auth: encodedString}
+}
+
+func (c *Config) SetCredHelper(registry, helper string) {
+	c.CredHelpers[registry] = helper
+}

pkg/docker/config_test.go

@@ -0,0 +1,25 @@
+package docker
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func TestConfig(t *testing.T) {
+	c := NewConfig()
+
+	c.SetAuth(RegistryV1, "test", "password")
+	c.SetCredHelper(RegistryECRPublic, "ecr-login")
+
+	bytes, err := json.Marshal(c)
+	if err != nil {
+		t.Error("json marshal failed")
+	}
+
+	want := `{"auths":{"https://index.docker.io/v1/":{"auth":"dGVzdDpwYXNzd29yZA=="}},"credHelpers":{"public.ecr.aws":"ecr-login"}}`
+	got := string(bytes)
+
+	if want != got {
+		t.Errorf("unexpected json output:\n  want: %s\n   got: %s", want, got)
+	}
+}

pkg/docker/constants.go

@@ -0,0 +1,7 @@
+package docker
+
+const (
+	RegistryV1        string = "https://index.docker.io/v1/"
+	RegistryV2        string = "https://index.docker.io/v2/"
+	RegistryECRPublic string = "public.ecr.aws"
+)