mirror of
https://github.com/drone/drone-kaniko.git
synced 2026-07-08 15:33:01 +08:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0d0510f029 | |||
| e09b2ad589 | |||
| 5b4ff345a7 |
@@ -12,6 +12,32 @@ pipeline:
|
||||
build: <+input>
|
||||
sparseCheckout: []
|
||||
stages:
|
||||
- stage:
|
||||
name: Manager Approval
|
||||
identifier: Manager_Approval
|
||||
description: ""
|
||||
type: Approval
|
||||
spec:
|
||||
execution:
|
||||
steps:
|
||||
- step:
|
||||
name: CI Manager Approval
|
||||
identifier: CI_Manager_Approval
|
||||
type: HarnessApproval
|
||||
timeout: 1d
|
||||
spec:
|
||||
approvalMessage: |-
|
||||
Please review the following information
|
||||
and approve the pipeline progression
|
||||
includePipelineExecutionHistory: true
|
||||
approvers:
|
||||
minimumCount: 1
|
||||
disallowPipelineExecutor: false
|
||||
userGroups:
|
||||
- CI_Manager
|
||||
isAutoRejectEnabled: false
|
||||
approverInputs: []
|
||||
tags: {}
|
||||
- parallel:
|
||||
- stage:
|
||||
name: linux-amd64
|
||||
|
||||
+20
-16
@@ -879,18 +879,6 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
|
||||
return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
|
||||
}
|
||||
|
||||
func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
Region: awsv1.String(region),
|
||||
Credentials: credentials.NewStaticCredentials(
|
||||
accessKey,
|
||||
secretKey,
|
||||
sessionToken,
|
||||
),
|
||||
}))
|
||||
return ecrv1.New(sess)
|
||||
}
|
||||
|
||||
func handlePushOnly(c *cli.Context) error {
|
||||
sourceTarPath := c.String("source-tar-path")
|
||||
if sourceTarPath == "" {
|
||||
@@ -921,15 +909,31 @@ func handlePushOnly(c *cli.Context) error {
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get OIDC credentials: %v", err)
|
||||
}
|
||||
|
||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
Region: awsv1.String(c.String("region")),
|
||||
Credentials: credentials.NewStaticCredentials(
|
||||
accessKey,
|
||||
secretKey,
|
||||
sessionToken,
|
||||
),
|
||||
}))
|
||||
svc = ecrv1.New(sess)
|
||||
} else if assumeRole := c.String("assume-role"); assumeRole != "" {
|
||||
accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get assume role credentials: %v", err)
|
||||
}
|
||||
|
||||
svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
|
||||
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
Region: awsv1.String(c.String("region")),
|
||||
Credentials: credentials.NewStaticCredentials(
|
||||
accessKey,
|
||||
secretKey,
|
||||
sessionToken,
|
||||
),
|
||||
}))
|
||||
svc = ecrv1.New(sess)
|
||||
} else {
|
||||
// Use direct credentials or IAM role
|
||||
sess := session.Must(session.NewSession(&awsv1.Config{
|
||||
|
||||
Reference in New Issue
Block a user