Compare commits

..

3 Commits

Author SHA1 Message Date
ompragash.viswanathan@harness.io 474a6a8d28 Update pipeline drone-kaniko-harness 2025-04-09 19:19:27 +05:30
OP (oppenheimer) 58bd727c07 feat: [CI-16588]: Add support to PLUGIN_TAR_PATH, PLUGIN_SOURCE_TAR_PATH and PLUGIN_PUSH_ONLY to kaniko-ecr (#141)
* Add support for tar-path, source-tar-path and push-only operations

* Updated cmd/kaniko-ecr/main.go

* Updated cmd/kaniko-ecr/main.go

* Update cmd/kaniko-ecr/main.go
2025-03-24 21:31:18 +05:30
ci-reporunner a73b8ee28d Update pipeline drone-kaniko-harness (#142)
Co-authored-by: ompragash.viswanathan@harness.io <ompragash.viswanathan@harness.io>
2025-03-20 19:10:13 +05:30
2 changed files with 19 additions and 48 deletions
+3 -28
View File
@@ -12,32 +12,6 @@ pipeline:
build: <+input> build: <+input>
sparseCheckout: [] sparseCheckout: []
stages: stages:
- stage:
name: Manager Approval
identifier: Manager_Approval
description: ""
type: Approval
spec:
execution:
steps:
- step:
name: CI Manager Approval
identifier: CI_Manager_Approval
type: HarnessApproval
timeout: 1d
spec:
approvalMessage: |-
Please review the following information
and approve the pipeline progression
includePipelineExecutionHistory: true
approvers:
minimumCount: 1
disallowPipelineExecutor: false
userGroups:
- CI_Manager
isAutoRejectEnabled: false
approverInputs: []
tags: {}
- parallel: - parallel:
- stage: - stage:
name: linux-amd64 name: linux-amd64
@@ -655,13 +629,13 @@ pipeline:
nodeName: manifest_<+matrix.repo> nodeName: manifest_<+matrix.repo>
- step: - step:
type: Plugin type: Plugin
name: Manifest_kaniko name: Manifest_kaniko191
identifier: Manifest_kaniko identifier: Manifest_kaniko
spec: spec:
connectorRef: Plugins_Docker_Hub_Connector connectorRef: Plugins_Docker_Hub_Connector
image: plugins/manifest image: plugins/manifest
settings: settings:
auto_tag: "true" auto_tag: "false"
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
username: drone username: drone
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")> password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
@@ -679,3 +653,4 @@ pipeline:
nodeName: manifest_<+matrix.repo> nodeName: manifest_<+matrix.repo>
when: when:
pipelineStatus: Success pipelineStatus: Success
allowStageExecutions: true
+16 -20
View File
@@ -879,6 +879,18 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
} }
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
sess := session.Must(session.NewSession(&awsv1.Config{
Region: awsv1.String(region),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
return ecrv1.New(sess)
}
func handlePushOnly(c *cli.Context) error { func handlePushOnly(c *cli.Context) error {
sourceTarPath := c.String("source-tar-path") sourceTarPath := c.String("source-tar-path")
if sourceTarPath == "" { if sourceTarPath == "" {
@@ -909,31 +921,15 @@ func handlePushOnly(c *cli.Context) error {
if err != nil { if err != nil {
return fmt.Errorf("failed to get OIDC credentials: %v", err) return fmt.Errorf("failed to get OIDC credentials: %v", err)
} }
sess := session.Must(session.NewSession(&awsv1.Config{ svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
Region: awsv1.String(c.String("region")),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
svc = ecrv1.New(sess)
} else if assumeRole := c.String("assume-role"); assumeRole != "" { } else if assumeRole := c.String("assume-role"); assumeRole != "" {
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "") accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
if err != nil { if err != nil {
return fmt.Errorf("failed to get assume role credentials: %v", err) return fmt.Errorf("failed to get assume role credentials: %v", err)
} }
sess := session.Must(session.NewSession(&awsv1.Config{ svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
Region: awsv1.String(c.String("region")),
Credentials: credentials.NewStaticCredentials(
accessKey,
secretKey,
sessionToken,
),
}))
svc = ecrv1.New(sess)
} else { } else {
// Use direct credentials or IAM role // Use direct credentials or IAM role
sess := session.Must(session.NewSession(&awsv1.Config{ sess := session.Must(session.NewSession(&awsv1.Config{