Updated drone yml to update docker latest image

Add snapshot mode support (#13 )
add skip-tls-verify flag for insecure private registries (#11 )
2026-06-04 18:23:50 +08:00 · 2021-03-19 17:39:48 +05:30 · 2021-03-02 21:15:44 +05:30 · 2021-02-18 13:49:21 +05:30 · 2021-01-30 00:10:51 +05:30 · 2021-01-30 00:09:22 +05:30
9 changed files with 155 additions and 57 deletions
@@ -14,30 +14,102 @@ steps:
  settings:
    repo: plugins/kaniko
    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    daemon_off: false
    dockerfile: docker/docker/Dockerfile.linux.amd64
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request

 - name: gcr
  image: plugins/docker
  settings:
    repo: plugins/kaniko-gcr
    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    daemon_off: false
    dockerfile: docker/gcr/Dockerfile.linux.amd64
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request

 - name: ecr
  image: plugins/docker
  settings:
    repo: plugins/kaniko-ecr
    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    daemon_off: false
    dockerfile: docker/ecr/Dockerfile.linux.amd64
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+---
+kind: pipeline
+type: docker
+name: notifications-docker
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: manifest-docker
+  pull: always
+  image: plugins/manifest
+  settings:
+    auto_tag: true
+    ignore_missing: true
+    password:
+      from_secret: docker_password
+    spec: docker/docker/manifest.tmpl
+    username:
+      from_secret: docker_username
+
+- name: manifest-gcr
+  pull: always
+  image: plugins/manifest
+  settings:
+    auto_tag: true
+    ignore_missing: true
+    password:
+      from_secret: docker_password
+    spec: docker/gcr/manifest.tmpl
+    username:
+      from_secret: docker_username
+
+- name: manifest-ecr
+  pull: always
+  image: plugins/manifest
+  settings:
+    auto_tag: true
+    ignore_missing: true
+    password:
+      from_secret: docker_password
+    spec: docker/ecr/manifest.tmpl
+    username:
+      from_secret: docker_username
+
+trigger:
+  ref:
+  - refs/heads/main
+  - "refs/tags/**"
+
+depends_on:
+- default
@@ -49,5 +49,5 @@ docker run --rm \
    -e PLUGIN_PASSWORD=bar \
    -v $(pwd):/drone \
    -w /drone \
-    plugins/kaniko-docker
+    plugins/kaniko:linux-amd64
 ```
@@ -94,6 +94,16 @@ func main() {
 			Usage:  "docker password",
 			EnvVar: "PLUGIN_PASSWORD",
 		},
+		cli.BoolFlag{
+			Name:   "skip-tls-verify",
+			Usage:  "Skip registry tls verify",
+			EnvVar: "PLUGIN_SKIP_TLS_VERIFY",
+		},
+		cli.StringFlag{
+			Name:   "snapshot-mode",
+			Usage:  "Specify one of full, redo or time as snapshot mode",
+			EnvVar: "PLUGIN_SNAPSHOT_MODE",
+		},
 	}

 	if err := app.Run(os.Args); err != nil {
@@ -109,13 +119,15 @@ func run(c *cli.Context) error {

 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			Dockerfile: c.String("dockerfile"),
-			Context:    c.String("context"),
-			Tags:       c.StringSlice("tags"),
-			Args:       c.StringSlice("args"),
-			Target:     c.String("target"),
-			Repo:       c.String("repo"),
-			Labels:     c.StringSlice("custom-labels"),
+			Dockerfile:    c.String("dockerfile"),
+			Context:       c.String("context"),
+			Tags:          c.StringSlice("tags"),
+			Args:          c.StringSlice("args"),
+			Target:        c.String("target"),
+			Repo:          c.String("repo"),
+			Labels:        c.StringSlice("custom-labels"),
+			SkipTlsVerify: c.Bool("skip-tls-verify"),
+			SnapshotMode:  c.String("snapshot-mode"),
 		},
 	}
 	return plugin.Exec()
@@ -89,6 +89,11 @@ func main() {
 			Usage:  "ECR secret key",
 			EnvVar: "PLUGIN_SECRET_KEY",
 		},
+		cli.StringFlag{
+			Name:   "snapshot-mode",
+			Usage:  "Specify one of full, redo or time as snapshot mode",
+			EnvVar: "PLUGIN_SNAPSHOT_MODE",
+		},
 	}

 	if err := app.Run(os.Args); err != nil {
@@ -104,41 +109,39 @@ func run(c *cli.Context) error {

 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			Dockerfile: c.String("dockerfile"),
-			Context:    c.String("context"),
-			Tags:       c.StringSlice("tags"),
-			Args:       c.StringSlice("args"),
-			Target:     c.String("target"),
-			Repo:       fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
-			Labels:     c.StringSlice("custom-labels"),
+			Dockerfile:   c.String("dockerfile"),
+			Context:      c.String("context"),
+			Tags:         c.StringSlice("tags"),
+			Args:         c.StringSlice("args"),
+			Target:       c.String("target"),
+			Repo:         fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
+			Labels:       c.StringSlice("custom-labels"),
+			SnapshotMode: c.String("snapshot-mode"),
 		},
 	}
 	return plugin.Exec()
 }

 func setupECRAuth(accessKey, secretKey, registry string) error {
-	if accessKey == "" {
-		return fmt.Errorf("Access key must be specified")
-	}
-	if secretKey == "" {
-		return fmt.Errorf("Secret key must be specified")
-	}
 	if registry == "" {
 		return fmt.Errorf("Registry must be specified")
 	}

-	err := os.Setenv(accessKeyEnv, accessKey)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
-	}
+	// If IAM role is used, access key & secret key are not required
+	if accessKey != "" && secretKey != "" {
+		err := os.Setenv(accessKeyEnv, accessKey)
+		if err != nil {
+			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", accessKeyEnv))
+		}

-	err = os.Setenv(secretKeyEnv, secretKey)
-	if err != nil {
-		return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+		err = os.Setenv(secretKeyEnv, secretKey)
+		if err != nil {
+			return errors.Wrap(err, fmt.Sprintf("failed to set %s environment variable", secretKeyEnv))
+		}
 	}

 	jsonBytes := []byte(fmt.Sprintf(`{"credStore": "ecr-login", "credHelpers": {"%s": "ecr-login"}}`, registry))
-	err = ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
+	err := ioutil.WriteFile(dockerConfigPath, jsonBytes, 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to create docker config file")
 	}
@@ -15,7 +15,7 @@ import (

 const (
 	// GCR JSON key file path
-	gcrKeyPath     string = "/kaniko/gcr.json"
+	gcrKeyPath     string = "/kaniko/config.json"
 	gcrEnvVariable string = "GOOGLE_APPLICATION_CREDENTIALS"
 )

@@ -85,6 +85,11 @@ func main() {
 			Usage:  "docker username",
 			EnvVar: "PLUGIN_JSON_KEY",
 		},
+		cli.StringFlag{
+			Name:   "snapshot-mode",
+			Usage:  "Specify one of full, redo or time as snapshot mode",
+			EnvVar: "PLUGIN_SNAPSHOT_MODE",
+		},
 	}

 	if err := app.Run(os.Args); err != nil {
@@ -104,13 +109,14 @@ func run(c *cli.Context) error {

 	plugin := kaniko.Plugin{
 		Build: kaniko.Build{
-			Dockerfile: c.String("dockerfile"),
-			Context:    c.String("context"),
-			Tags:       c.StringSlice("tags"),
-			Args:       c.StringSlice("args"),
-			Target:     c.String("target"),
-			Repo:       fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
-			Labels:     c.StringSlice("custom-labels"),
+			Dockerfile:   c.String("dockerfile"),
+			Context:      c.String("context"),
+			Tags:         c.StringSlice("tags"),
+			Args:         c.StringSlice("args"),
+			Target:       c.String("target"),
+			Repo:         fmt.Sprintf("%s/%s", c.String("registry"), c.String("repo")),
+			Labels:       c.StringSlice("custom-labels"),
+			SnapshotMode: c.String("snapshot-mode"),
 		},
 	}
 	return plugin.Exec()
@@ -1,7 +1,4 @@
-FROM gcr.io/kaniko-project/executor:amd64-v1.3.0
-
-ENV HOME /root
-ENV USER root
+FROM gcr.io/kaniko-project/executor:v1.3.0

 ADD release/linux/amd64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]
@@ -1,7 +1,4 @@
-FROM gcr.io/kaniko-project/executor:amd64-v1.3.0
-
-ENV HOME /root
-ENV USER root
+FROM gcr.io/kaniko-project/executor:v1.3.0

 ADD release/linux/amd64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]
@@ -1,7 +1,4 @@
-FROM gcr.io/kaniko-project/executor:amd64-v1.3.0
-
-ENV HOME /root
-ENV USER root
+FROM gcr.io/kaniko-project/executor:v1.3.0

 ADD release/linux/amd64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]
@@ -10,13 +10,15 @@ import (
 type (
 	// Build defines Docker build parameters.
 	Build struct {
-		Dockerfile string   // Docker build Dockerfile
-		Context    string   // Docker build context
-		Tags       []string // Docker build tags
-		Args       []string // Docker build args
-		Target     string   // Docker build target
-		Repo       string   // Docker build repository
-		Labels     []string // Label map
+		Dockerfile    string   // Docker build Dockerfile
+		Context       string   // Docker build context
+		Tags          []string // Docker build tags
+		Args          []string // Docker build args
+		Target        string   // Docker build target
+		Repo          string   // Docker build repository
+		Labels        []string // Label map
+		SkipTlsVerify bool     // Docker skip tls certificate verify for registry
+		SnapshotMode  string   // Kaniko snapshot mode
 	}

 	// Plugin defines the Docker plugin parameters.
@@ -31,6 +33,10 @@ func (p Plugin) Exec() error {
 		return fmt.Errorf("repository name to publish image must be specified")
 	}

+	if _, err := os.Stat(p.Build.Dockerfile); os.IsNotExist(err) {
+		return fmt.Errorf("dockerfile does not exist at path: %s", p.Build.Dockerfile)
+	}
+
 	cmdArgs := []string{
 		fmt.Sprintf("--dockerfile=%s", p.Build.Dockerfile),
 		fmt.Sprintf("--context=dir://%s", p.Build.Context),
@@ -46,13 +52,21 @@ func (p Plugin) Exec() error {
 	}
 	// Set the labels
 	for _, label := range p.Build.Labels {
-		cmdArgs = append(cmdArgs, fmt.Sprintf("--label %s", label))
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--label=%s", label))
 	}

 	if p.Build.Target != "" {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--target=%s", p.Build.Target))
 	}

+	if p.Build.SkipTlsVerify {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--skip-tls-verify=true"))
+	}
+
+	if p.Build.SnapshotMode != "" {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshotMode=%s", p.Build.SnapshotMode))
+	}
+
 	cmd := exec.Command("/kaniko/executor", cmdArgs...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
Author	SHA1	Message	Date
Shubham Agrawal	cc76a5edc2	Updated drone yml to update docker latest image	2021-03-19 17:39:48 +05:30
Shubham Agrawal	658478d5ae	Add snapshot mode support (#13 )	2021-03-02 21:15:44 +05:30
Beniamin	9cca954ec6	add skip-tls-verify flag for insecure private registries (#11 ) Co-authored-by: beniamin.calota <beniamin.calota@emag.ro>	2021-02-18 13:49:21 +05:30
Shubham Agrawal	3e4dad8cae	Merge pull request #10 from drone/fix_pipeline Fix pipeline yaml with auto tag suffix	2021-01-30 00:10:51 +05:30
Shubham Agrawal	69d5e73564	Fix pipeline yaml with auto tag suffix	2021-01-30 00:09:22 +05:30
Shubham Agrawal	b33681a9b9	Merge pull request #9 from drone/improve_err Log error if dockerfile does not exist at provided path	2021-01-29 14:41:19 +05:30
Shubham Agrawal	cdd1510210	Log error if dockerfile does not exist at provided path	2021-01-29 14:39:06 +05:30
Shubham Agrawal	fa7726153d	Merge pull request #8 from drone/ecr_iam Make access key & secret optional in case of iam role usage on EKS cluster	2021-01-20 00:28:57 +05:30
Shubham Agrawal	49309bfa42	Make access key & secret optional in case of iam role usage on EKS cluster	2021-01-20 00:25:23 +05:30
Shubham Agrawal	428642719b	Merge pull request #7 from drone/fix_label Fix label usage	2021-01-18 21:15:01 +05:30
Shubham Agrawal	33f15bdebe	Fix label usage	2021-01-18 21:12:53 +05:30
Shubham Agrawal	10df8f28b9	Merge pull request #6 from drone/fix_ecr Fix kaniko ecr publish	2020-12-02 15:20:00 +05:30
Shubham Agrawal	26c93eccd1	Merge pull request #5 from drone/fix_gcr Fix kaniko-gcr docker file	2020-11-26 23:50:20 +05:30
Shubham Agrawal	ee562a4a1b	Fix kaniko-gcr docker file	2020-11-26 23:47:00 +05:30