mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-07-07 23:14:59 +08:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0d0510f029 | |||
| e09b2ad589 | |||
| 5b4ff345a7 |
+28
-3
@@ -12,6 +12,32 @@ pipeline:
|
|||||||
build: <+input>
|
build: <+input>
|
||||||
sparseCheckout: []
|
sparseCheckout: []
|
||||||
stages:
|
stages:
|
||||||
|
- stage:
|
||||||
|
name: Manager Approval
|
||||||
|
identifier: Manager_Approval
|
||||||
|
description: ""
|
||||||
|
type: Approval
|
||||||
|
spec:
|
||||||
|
execution:
|
||||||
|
steps:
|
||||||
|
- step:
|
||||||
|
name: CI Manager Approval
|
||||||
|
identifier: CI_Manager_Approval
|
||||||
|
type: HarnessApproval
|
||||||
|
timeout: 1d
|
||||||
|
spec:
|
||||||
|
approvalMessage: |-
|
||||||
|
Please review the following information
|
||||||
|
and approve the pipeline progression
|
||||||
|
includePipelineExecutionHistory: true
|
||||||
|
approvers:
|
||||||
|
minimumCount: 1
|
||||||
|
disallowPipelineExecutor: false
|
||||||
|
userGroups:
|
||||||
|
- CI_Manager
|
||||||
|
isAutoRejectEnabled: false
|
||||||
|
approverInputs: []
|
||||||
|
tags: {}
|
||||||
- parallel:
|
- parallel:
|
||||||
- stage:
|
- stage:
|
||||||
name: linux-amd64
|
name: linux-amd64
|
||||||
@@ -629,13 +655,13 @@ pipeline:
|
|||||||
nodeName: manifest_<+matrix.repo>
|
nodeName: manifest_<+matrix.repo>
|
||||||
- step:
|
- step:
|
||||||
type: Plugin
|
type: Plugin
|
||||||
name: Manifest_kaniko191
|
name: Manifest_kaniko
|
||||||
identifier: Manifest_kaniko
|
identifier: Manifest_kaniko
|
||||||
spec:
|
spec:
|
||||||
connectorRef: Plugins_Docker_Hub_Connector
|
connectorRef: Plugins_Docker_Hub_Connector
|
||||||
image: plugins/manifest
|
image: plugins/manifest
|
||||||
settings:
|
settings:
|
||||||
auto_tag: "false"
|
auto_tag: "true"
|
||||||
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
|
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
|
||||||
username: drone
|
username: drone
|
||||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||||
@@ -653,4 +679,3 @@ pipeline:
|
|||||||
nodeName: manifest_<+matrix.repo>
|
nodeName: manifest_<+matrix.repo>
|
||||||
when:
|
when:
|
||||||
pipelineStatus: Success
|
pipelineStatus: Success
|
||||||
allowStageExecutions: true
|
|
||||||
|
|||||||
+18
-14
@@ -879,18 +879,6 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
|
|||||||
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
|
|
||||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
|
||||||
Region: awsv1.String(region),
|
|
||||||
Credentials: credentials.NewStaticCredentials(
|
|
||||||
accessKey,
|
|
||||||
secretKey,
|
|
||||||
sessionToken,
|
|
||||||
),
|
|
||||||
}))
|
|
||||||
return ecrv1.New(sess)
|
|
||||||
}
|
|
||||||
|
|
||||||
func handlePushOnly(c *cli.Context) error {
|
func handlePushOnly(c *cli.Context) error {
|
||||||
sourceTarPath := c.String("source-tar-path")
|
sourceTarPath := c.String("source-tar-path")
|
||||||
if sourceTarPath == "" {
|
if sourceTarPath == "" {
|
||||||
@@ -922,14 +910,30 @@ func handlePushOnly(c *cli.Context) error {
|
|||||||
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||||
|
Region: awsv1.String(c.String("region")),
|
||||||
|
Credentials: credentials.NewStaticCredentials(
|
||||||
|
accessKey,
|
||||||
|
secretKey,
|
||||||
|
sessionToken,
|
||||||
|
),
|
||||||
|
}))
|
||||||
|
svc = ecrv1.New(sess)
|
||||||
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
||||||
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||||
|
Region: awsv1.String(c.String("region")),
|
||||||
|
Credentials: credentials.NewStaticCredentials(
|
||||||
|
accessKey,
|
||||||
|
secretKey,
|
||||||
|
sessionToken,
|
||||||
|
),
|
||||||
|
}))
|
||||||
|
svc = ecrv1.New(sess)
|
||||||
} else {
|
} else {
|
||||||
// Use direct credentials or IAM role
|
// Use direct credentials or IAM role
|
||||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||||
|
|||||||
Reference in New Issue
Block a user