Compare commits

..

3 Commits

Author SHA1 Message Date
Ompragash Viswanathan 0d0510f029 Updated cmd/kaniko-ecr/main.go 2025-03-20 09:37:21 +05:30
Ompragash Viswanathan e09b2ad589 Updated cmd/kaniko-ecr/main.go 2025-03-17 14:02:36 +05:30
Ompragash Viswanathan 5b4ff345a7 Add support for tar-path, source-tar-path and push-only operations 2025-03-11 17:34:03 +05:30
2 changed files with 48 additions and 19 deletions
+28 -3
View File
@@ -12,6 +12,32 @@ pipeline:
build: <+input> build: <+input>
sparseCheckout: [] sparseCheckout: []
stages: stages:
- stage:
name: Manager Approval
identifier: Manager_Approval
description: ""
type: Approval
spec:
execution:
steps:
- step:
name: CI Manager Approval
identifier: CI_Manager_Approval
type: HarnessApproval
timeout: 1d
spec:
approvalMessage: |-
Please review the following information
and approve the pipeline progression
includePipelineExecutionHistory: true
approvers:
minimumCount: 1
disallowPipelineExecutor: false
userGroups:
- CI_Manager
isAutoRejectEnabled: false
approverInputs: []
tags: {}
- parallel: - parallel:
- stage: - stage:
name: linux-amd64 name: linux-amd64
@@ -629,13 +655,13 @@ pipeline:
nodeName: manifest_<+matrix.repo> nodeName: manifest_<+matrix.repo>
- step: - step:
type: Plugin type: Plugin
name: Manifest_kaniko191 name: Manifest_kaniko
identifier: Manifest_kaniko identifier: Manifest_kaniko
spec: spec:
connectorRef: Plugins_Docker_Hub_Connector connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest image: plugins/manifest
settings: settings:
auto_tag: "false" auto_tag: "true"
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
username: drone username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")> password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
@@ -653,4 +679,3 @@ pipeline:
nodeName: manifest_<+matrix.repo> nodeName: manifest_<+matrix.repo>
when: when:
pipelineStatus: Success pipelineStatus: Success
allowStageExecutions: true
+20 -16
View File
@@ -879,18 +879,6 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
} }
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
sess := session.Must(session.NewSession(&awsv1.Config{
Region: awsv1.String(region),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
return ecrv1.New(sess)
}
func handlePushOnly(c *cli.Context) error { func handlePushOnly(c *cli.Context) error {
sourceTarPath := c.String("source-tar-path") sourceTarPath := c.String("source-tar-path")
if sourceTarPath == "" { if sourceTarPath == "" {
@@ -921,15 +909,31 @@ func handlePushOnly(c *cli.Context) error {
if err != nil { if err != nil {
return fmt.Errorf("failed to get OIDC credentials: %v", err) return fmt.Errorf("failed to get OIDC credentials: %v", err)
} }
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken) sess := session.Must(session.NewSession(&awsv1.Config{
Region: awsv1.String(c.String("region")),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
svc = ecrv1.New(sess)
} else if assumeRole := c.String("assume-role"); assumeRole != "" { } else if assumeRole := c.String("assume-role"); assumeRole != "" {
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "") accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
if err != nil { if err != nil {
return fmt.Errorf("failed to get assume role credentials: %v", err) return fmt.Errorf("failed to get assume role credentials: %v", err)
} }
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken) sess := session.Must(session.NewSession(&awsv1.Config{
Region: awsv1.String(c.String("region")),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
svc = ecrv1.New(sess)
} else { } else {
// Use direct credentials or IAM role // Use direct credentials or IAM role
sess := session.Must(session.NewSession(&awsv1.Config{ sess := session.Must(session.NewSession(&awsv1.Config{