mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-07-13 17:25:08 +08:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 474a6a8d28 | |||
| 58bd727c07 | |||
| a73b8ee28d |
+3
-28
@@ -12,32 +12,6 @@ pipeline:
|
|||||||
build: <+input>
|
build: <+input>
|
||||||
sparseCheckout: []
|
sparseCheckout: []
|
||||||
stages:
|
stages:
|
||||||
- stage:
|
|
||||||
name: Manager Approval
|
|
||||||
identifier: Manager_Approval
|
|
||||||
description: ""
|
|
||||||
type: Approval
|
|
||||||
spec:
|
|
||||||
execution:
|
|
||||||
steps:
|
|
||||||
- step:
|
|
||||||
name: CI Manager Approval
|
|
||||||
identifier: CI_Manager_Approval
|
|
||||||
type: HarnessApproval
|
|
||||||
timeout: 1d
|
|
||||||
spec:
|
|
||||||
approvalMessage: |-
|
|
||||||
Please review the following information
|
|
||||||
and approve the pipeline progression
|
|
||||||
includePipelineExecutionHistory: true
|
|
||||||
approvers:
|
|
||||||
minimumCount: 1
|
|
||||||
disallowPipelineExecutor: false
|
|
||||||
userGroups:
|
|
||||||
- CI_Manager
|
|
||||||
isAutoRejectEnabled: false
|
|
||||||
approverInputs: []
|
|
||||||
tags: {}
|
|
||||||
- parallel:
|
- parallel:
|
||||||
- stage:
|
- stage:
|
||||||
name: linux-amd64
|
name: linux-amd64
|
||||||
@@ -655,13 +629,13 @@ pipeline:
|
|||||||
nodeName: manifest_<+matrix.repo>
|
nodeName: manifest_<+matrix.repo>
|
||||||
- step:
|
- step:
|
||||||
type: Plugin
|
type: Plugin
|
||||||
name: Manifest_kaniko
|
name: Manifest_kaniko191
|
||||||
identifier: Manifest_kaniko
|
identifier: Manifest_kaniko
|
||||||
spec:
|
spec:
|
||||||
connectorRef: Plugins_Docker_Hub_Connector
|
connectorRef: Plugins_Docker_Hub_Connector
|
||||||
image: plugins/manifest
|
image: plugins/manifest
|
||||||
settings:
|
settings:
|
||||||
auto_tag: "true"
|
auto_tag: "false"
|
||||||
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
|
spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
|
||||||
username: drone
|
username: drone
|
||||||
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
|
||||||
@@ -679,3 +653,4 @@ pipeline:
|
|||||||
nodeName: manifest_<+matrix.repo>
|
nodeName: manifest_<+matrix.repo>
|
||||||
when:
|
when:
|
||||||
pipelineStatus: Success
|
pipelineStatus: Success
|
||||||
|
allowStageExecutions: true
|
||||||
|
|||||||
+16
-20
@@ -879,6 +879,18 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
|
|||||||
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
|
||||||
|
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||||
|
Region: awsv1.String(region),
|
||||||
|
Credentials: credentials.NewStaticCredentials(
|
||||||
|
accessKey,
|
||||||
|
secretKey,
|
||||||
|
sessionToken,
|
||||||
|
),
|
||||||
|
}))
|
||||||
|
return ecrv1.New(sess)
|
||||||
|
}
|
||||||
|
|
||||||
func handlePushOnly(c *cli.Context) error {
|
func handlePushOnly(c *cli.Context) error {
|
||||||
sourceTarPath := c.String("source-tar-path")
|
sourceTarPath := c.String("source-tar-path")
|
||||||
if sourceTarPath == "" {
|
if sourceTarPath == "" {
|
||||||
@@ -909,31 +921,15 @@ func handlePushOnly(c *cli.Context) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||||
Region: awsv1.String(c.String("region")),
|
|
||||||
Credentials: credentials.NewStaticCredentials(
|
|
||||||
accessKey,
|
|
||||||
secretKey,
|
|
||||||
sessionToken,
|
|
||||||
),
|
|
||||||
}))
|
|
||||||
svc = ecrv1.New(sess)
|
|
||||||
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
||||||
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||||
Region: awsv1.String(c.String("region")),
|
|
||||||
Credentials: credentials.NewStaticCredentials(
|
|
||||||
accessKey,
|
|
||||||
secretKey,
|
|
||||||
sessionToken,
|
|
||||||
),
|
|
||||||
}))
|
|
||||||
svc = ecrv1.New(sess)
|
|
||||||
} else {
|
} else {
|
||||||
// Use direct credentials or IAM role
|
// Use direct credentials or IAM role
|
||||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||||
|
|||||||
Reference in New Issue
Block a user