Update pipeline drone-kaniko-harness

Create inputset event-Tag
Create inputset event-Push
2026-06-14 22:11:19 +08:00 · 2025-01-31 12:14:42 +05:30 · 2025-01-30 12:54:42 +05:30 · 2025-01-30 12:53:54 +05:30 · 2025-01-30 12:53:00 +05:30 · 2025-01-30 12:45:40 +05:30
7 changed files with 75 additions and 235 deletions
@@ -12,6 +12,32 @@ pipeline:
        build: <+input>
        sparseCheckout: []
  stages:
    - stage:
        name: Manager Approval
        identifier: Manager_Approval
        description: ""
        type: Approval
        spec:
          execution:
            steps:
              - step:
                  name: CI Manager Approval
                  identifier: CI_Manager_Approval
                  type: HarnessApproval
                  timeout: 1d
                  spec:
                    approvalMessage: |-
                      Please review the following information
                      and approve the pipeline progression
                    includePipelineExecutionHistory: true
                    approvers:
                      minimumCount: 1
                      disallowPipelineExecutor: false
                      userGroups:
                        - CI_Manager
                    isAutoRejectEnabled: false
                    approverInputs: []
        tags: {}
    - parallel:
        - stage:
            name: linux-amd64
@@ -629,13 +655,13 @@ pipeline:
                          nodeName: manifest_<+matrix.repo>
                  - step:
                      type: Plugin
-                      name: Manifest_kaniko191
+                      name: Manifest_kaniko
                      identifier: Manifest_kaniko
                      spec:
                        connectorRef: Plugins_Docker_Hub_Connector
                        image: plugins/manifest
                        settings:
-                          auto_tag: "false"
+                          auto_tag: "true"
                          spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
                          username: drone
                          password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
@@ -653,4 +679,3 @@ pipeline:
                          nodeName: manifest_<+matrix.repo>
        when:
          pipelineStatus: Success
  allowStageExecutions: true
@@ -451,7 +451,6 @@ func run(c *cli.Context) error {
 			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
 			IgnorePaths:                 c.StringSlice("ignore-paths"),
 			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
 			ImageDownloadRetry:          c.Int("image-download-retry"),
 		},
@@ -480,32 +479,25 @@ func setupAuth(tenantId, clientId, cert,
 		return "", fmt.Errorf("registry must be specified")
 	}
 	if noPush {
 		return "", nil
 	}
 	// case of client secret or cert based auth
 	if clientId != "" {
 		// only setup auth when pushing or credentials are defined
 		token, publicUrl, err := getACRToken(subscriptionId, tenantId, clientId, clientSecret, cert, registry)
 		if err != nil {
 			if noPush {
 				logrus.Warnf("NO_PUSH mode: failed to fetch ACR Token: %v", err)
 				return "", nil
 			}
 			return "", errors.Wrap(err, "failed to fetch ACR Token")
 		}
 		// setup docker config for azure registry and base image docker registry
 		if err := setDockerAuth(username, token, registry, dockerUsername, dockerPassword, dockerRegistry); err != nil {
 			if noPush {
 				logrus.Warnf("NO_PUSH mode: failed to create docker config: %v", err)
 				return "", nil
 			}
 			return "", errors.Wrap(err, "failed to create docker config")
 		}
 		return publicUrl, nil
 	} else {
 		if noPush {
 			return "", nil
 		}
 		return "", fmt.Errorf("managed authentication is not supported")
 	}
 }
@@ -353,11 +353,6 @@ func main() {
 			Usage:  "Path to ignore during the build.",
 			EnvVar: "PLUGIN_IGNORE_PATH",
 		},
 		cli.StringSliceFlag{
 			Name:   "ignore-paths",
 			Usage:  "Path to ignore during the build.",
 			EnvVar: "PLUGIN_IGNORE_PATHS",
 		},
 		cli.IntFlag{
 			Name:   "image-fs-extract-retry",
 			Usage:  "Number of retries for extracting filesystem layers.",
@@ -465,7 +460,6 @@ func run(c *cli.Context) error {
 			SourceTarPath:               c.String("source-tar-path"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
 			IgnorePaths:                 c.StringSlice("ignore-paths"),
 			ImageFSExtractRetry: c.Int("image-fs-extract-retry"),
 			ImageDownloadRetry:  c.Int("image-download-retry"),
@@ -14,7 +14,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/ecr"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic"
 	awsv1 "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	ecrv1 "github.com/aws/aws-sdk-go/service/ecr"
@@ -30,8 +29,6 @@ import (
 	kaniko "github.com/drone/drone-kaniko"
 	"github.com/drone/drone-kaniko/pkg/artifact"
 	"github.com/drone/drone-kaniko/pkg/docker"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/crane"
 )
 const (
@@ -406,21 +403,6 @@ func main() {
 			Usage:  "OIDC token for assuming role via web identity",
 			EnvVar: "PLUGIN_OIDC_TOKEN_ID",
 		},
 		cli.StringFlag{
 			Name:   "tar-path",
 			Usage:  "Set this flag to save the image as a tarball at path",
 			EnvVar: "PLUGIN_TAR_PATH, PLUGIN_DESTINATION_TAR_PATH",
 		},
 		cli.StringFlag{
 			Name:   "source-tar-path",
 			Usage:  "Set this flag for the source tarball during push operations.",
 			EnvVar: "PLUGIN_SOURCE_TAR_PATH",
 		},
 		cli.BoolFlag{
 			Name:   "push-only",
 			Usage:  "Specify if the operation is push-only",
 			EnvVar: "PLUGIN_PUSH_ONLY",
 		},
 	}
 	if err := app.Run(os.Args); err != nil {
@@ -433,21 +415,10 @@ func run(c *cli.Context) error {
 	registry := c.String("registry")
 	region := c.String("region")
 	noPush := c.Bool("no-push")
 	pushOnly := c.Bool("push-only")
 	assumeRole := c.String("assume-role")
 	externalId := c.String("external-id")
 	oidcToken := c.String("oidc-token-id")
 	// Validate flags
 	if noPush && pushOnly {
 		return fmt.Errorf("no-push and push-only flags cannot be used together")
 	}
 	// Handle push-only operation
 	if pushOnly {
 		return handlePushOnly(c)
 	}
 	// setup docker config for azure registry and base image docker registry
 	err := setDockerAuth(
 		c.String("docker-registry"),
@@ -547,12 +518,8 @@ func run(c *cli.Context) error {
 			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
 			IgnorePaths:                 c.StringSlice("ignore-paths"),
 			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
 			ImageDownloadRetry:          c.Int("image-download-retry"),
 			TarPath:                     c.String("tar-path"),
 			SourceTarPath:               c.String("source-tar-path"),
 			PushOnly:                    c.Bool("push-only"),
 		},
 		Artifact: kaniko.Artifact{
 			Tags:         c.StringSlice("tags"),
@@ -878,130 +845,3 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
 	// Return the credentials
 	return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
 }
 func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
 	sess := session.Must(session.NewSession(&awsv1.Config{
 		Region: awsv1.String(region),
 		Credentials: credentials.NewStaticCredentials(
 			accessKey,
 			secretKey,
 			sessionToken,
 		),
 	}))
 	return ecrv1.New(sess)
 }
 func getECRCredentials(region, registry, assumeRole, externalId, accessKey, secretKey, oidcToken string) (string, string, error) {
 	if assumeRole != "" && oidcToken != "" {
 		// For OIDC auth with assume role
 		awsAccessKey, awsSecretKey, awsSessionToken, err := getOidcCreds(oidcToken, assumeRole)
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get OIDC credentials: %w", err)
 		}
 		// Create ECR session and get auth info
 		svc := createECRSession(region, awsAccessKey, awsSecretKey, awsSessionToken)
 		username, password, _, err := getAuthInfo(svc)
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get ECR credentials: %w", err)
 		}
 		return username, password, nil
 	} else if assumeRole != "" {
 		// For assume role auth
 		username, password, _, err := getAssumeRoleCreds(region, assumeRole, externalId, "")
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get ECR credentials: %w", err)
 		}
 		return username, password, nil
 	} else if accessKey != "" && secretKey != "" {
 		// For direct credentials
 		sess := session.Must(session.NewSession(&awsv1.Config{
 			Region: awsv1.String(region),
 			Credentials: credentials.NewStaticCredentials(
 				accessKey,
 				secretKey,
 				"",
 			),
 		}))
 		svc := ecrv1.New(sess)
 		username, password, _, err := getAuthInfo(svc)
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get ECR credentials: %w", err)
 		}
 		return username, password, nil
 	} else {
 		// For IAM role auth (default credentials)
 		sess := session.Must(session.NewSession(&awsv1.Config{
 			Region: awsv1.String(region),
 		}))
 		svc := ecrv1.New(sess)
 		username, password, _, err := getAuthInfo(svc)
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get ECR credentials: %w", err)
 		}
 		return username, password, nil
 	}
 }
 func handlePushOnly(c *cli.Context) error {
 	sourceTarPath := c.String("source-tar-path")
 	if sourceTarPath == "" {
 		return fmt.Errorf("source_tar_path is required when push_only is set")
 	}
 	if _, err := os.Stat(sourceTarPath); os.IsNotExist(err) {
 		return fmt.Errorf("image tarball does not exist at path: %s", sourceTarPath)
 	}
 	repo := c.String("repo")
 	registry := c.String("registry")
 	if repo == "" || registry == "" {
 		return fmt.Errorf("repository and registry must be specified for push-only operation")
 	}
 	// Load the image from the tarball
 	img, err := crane.Load(sourceTarPath)
 	if err != nil {
 		return fmt.Errorf("failed to load image from tarball: %v", err)
 	}
 	// Get ECR credentials using the common function
 	username, password, err := getECRCredentials(
 		c.String("region"),
 		registry,
 		c.String("assume-role"),
 		c.String("external-id"),
 		c.String("access-key"),
 		c.String("secret-key"),
 		c.String("oidc-token-id"),
 	)
 	if err != nil {
 		return err
 	}
 	// Setup crane auth
 	opts := []crane.Option{
 		crane.WithAuth(&authn.Basic{
 			Username: username,
 			Password: password,
 		}),
 	}
 	// Push for each tag
 	tags := c.StringSlice("tags")
 	if len(tags) == 0 {
 		tags = []string{"latest"}
 	}
 	for _, tag := range tags {
 		dest := fmt.Sprintf("%s/%s:%s", registry, repo, tag)
 		if err := crane.Push(img, dest, opts...); err != nil {
 			return fmt.Errorf("failed to push image to %s: %v", dest, err)
 		}
 		fmt.Printf("Successfully pushed image to %s\n", dest)
 	}
 	return nil
 }
@@ -414,7 +414,6 @@ func run(c *cli.Context) error {
 			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
 			IgnorePaths:                 c.StringSlice("ignore-paths"),
 			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
 			ImageDownloadRetry:          c.Int("image-download-retry"),
 		},
@@ -416,7 +416,6 @@ func run(c *cli.Context) error {
 			SkipTLSVerifyRegistry:       c.Bool("skip-tls-verify-registry"),
 			UseNewRun:                   c.Bool("use-new-run"),
 			IgnorePath:                  c.String("ignore-path"),
 			IgnorePaths:                 c.StringSlice("ignore-paths"),
 			ImageFSExtractRetry:         c.Int("image-fs-extract-retry"),
 			ImageDownloadRetry:          c.Int("image-download-retry"),
 		},
@@ -49,42 +49,41 @@ type (
 		Target              string   // Docker build target
 		Verbosity           string   // Log level
-		Cache                       bool     // Enable or disable caching during the build process.
+		Cache                       bool   // Enable or disable caching during the build process.
-		CacheDir                    string   // Directory to store cached layers.
+		CacheDir                    string // Directory to store cached layers.
-		CacheCopyLayers             bool     // Enable or disable copying layers from the cache.
+		CacheCopyLayers             bool   // Enable or disable copying layers from the cache.
-		CacheRunLayers              bool     // Enable or disable running layers from the cache.
+		CacheRunLayers              bool   // Enable or disable running layers from the cache.
-		Cleanup                     bool     // Enable or disable cleanup of temporary files.
+		Cleanup                     bool   // Enable or disable cleanup of temporary files.
-		CompressedCaching           *bool    // Enable or disable compressed caching.
+		CompressedCaching           *bool  // Enable or disable compressed caching.
-		ContextSubPath              string   // Sub-path within the context to build.
+		ContextSubPath              string // Sub-path within the context to build.
-		CustomPlatform              string   // Platform to use for building.
+		CustomPlatform              string // Platform to use for building.
-		Force                       bool     // Force building the image even if it already exists.
+		Force                       bool   // Force building the image even if it already exists.
-		Git                         bool     // Branch to clone if build context is a git repository .
+		Git                         bool   // Branch to clone if build context is a git repository .
-		ImageNameWithDigestFile     string   // Write image name with digest to a file.
+		ImageNameWithDigestFile     string // Write image name with digest to a file.
-		ImageNameTagWithDigestFile  string   // Write image name with tag and digest to a file.
+		ImageNameTagWithDigestFile  string // Write image name with tag and digest to a file.
-		Insecure                    bool     // Allow connecting to registries without TLS.
+		Insecure                    bool   // Allow connecting to registries without TLS.
-		InsecurePull                bool     // Allow insecure pulls from the registry.
+		InsecurePull                bool   // Allow insecure pulls from the registry.
-		InsecureRegistry            string   // Use plain HTTP for registry communication.
+		InsecureRegistry            string // Use plain HTTP for registry communication.
-		Label                       string   // Add metadata to an image.
+		Label                       string // Add metadata to an image.
-		LogFormat                   string   // Set the log format for build output.
+		LogFormat                   string // Set the log format for build output.
-		LogTimestamp                bool     // Show timestamps in build output.
+		LogTimestamp                bool   // Show timestamps in build output.
-		OCILayoutPath               string   // Directory to store OCI layout.
+		OCILayoutPath               string // Directory to store OCI layout.
-		PushRetry                   int      // Number of times to retry pushing an image.
+		PushRetry                   int    // Number of times to retry pushing an image.
-		RegistryCertificate         string   // Path to a file containing a registry certificate.
+		RegistryCertificate         string // Path to a file containing a registry certificate.
-		RegistryClientCert          string   // Path to a file containing a registry client certificate.
+		RegistryClientCert          string // Path to a file containing a registry client certificate.
-		RegistryMirror              string   // Mirror for registry pulls.
+		RegistryMirror              string // Mirror for registry pulls.
-		SkipDefaultRegistryFallback bool     // Skip Docker Hub and default registry fallback.
+		SkipDefaultRegistryFallback bool   // Skip Docker Hub and default registry fallback.
-		Reproducible                bool     // Create a reproducible image.
+		Reproducible                bool   // Create a reproducible image.
-		SingleSnapshot              bool     // Only create a single snapshot of the image.
+		SingleSnapshot              bool   // Only create a single snapshot of the image.
-		SkipTLSVerify               bool     // Skip TLS verification when connecting to the registry.
+		SkipTLSVerify               bool   // Skip TLS verification when connecting to the registry.
-		SkipPushPermissionCheck     bool     // Skip permission check when pushing.
+		SkipPushPermissionCheck     bool   // Skip permission check when pushing.
-		SkipTLSVerifyPull           bool     // Skip TLS verification when pulling.
+		SkipTLSVerifyPull           bool   // Skip TLS verification when pulling.
-		SkipTLSVerifyRegistry       bool     // Skip TLS verification when connecting to a registry.
+		SkipTLSVerifyRegistry       bool   // Skip TLS verification when connecting to a registry.
-		UseNewRun                   bool     // Use the new container runtime (`runc`) for builds.
+		UseNewRun                   bool   // Use the new container runtime (`runc`) for builds.
-		IgnoreVarRun                *bool    // Ignore `/var/run` when copying from the context.
+		IgnoreVarRun                *bool  // Ignore `/var/run` when copying from the context.
-		IgnorePath                  string   // Ignore files matching the specified path pattern.
+		IgnorePath                  string // Ignore files matching the specified path pattern.
-		IgnorePaths                 []string // Ignore files matching the specified path pattern.
+		ImageFSExtractRetry         int    // Number of times to retry extracting the image filesystem.
-		ImageFSExtractRetry         int      // Number of times to retry extracting the image filesystem.
+		ImageDownloadRetry          int    // Number of times to retry downloading layers.
 		ImageDownloadRetry          int      // Number of times to retry downloading layers.
 	}
 	// Artifact defines content of artifact file
@@ -449,15 +448,6 @@ func (p Plugin) Exec() error {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--ignore-path=%s", p.Build.IgnorePath))
 	}
 	if p.Build.IgnorePaths != nil {
 		for _, path := range p.Build.IgnorePaths {
 			trimmed := strings.TrimSpace(path)
 			if trimmed != "" {
 				cmdArgs = append(cmdArgs, fmt.Sprintf("--ignore-path=%s", trimmed))
 			}
 		}
 	}
 	if p.Build.ImageFSExtractRetry != 0 {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--image-fs-extract-retry=%d", p.Build.ImageFSExtractRetry))
 	}
@@ -483,13 +473,14 @@ func (p Plugin) Exec() error {
 		}
 	}
-	p.Output.OutputFile = os.Getenv("DRONE_OUTPUT")
+	if p.Output.OutputFile != "" {
-	var tarPath string
+		var tarPath string
-	if p.Build.TarPath != "" {
+		if p.Build.TarPath != "" {
-		tarPath = getTarPath(p.Build.TarPath)
+			tarPath = getTarPath(p.Build.TarPath)
-	}
+		}
-	if err = output.WritePluginOutputFile(p.Output.OutputFile, getDigest(p.Build.DigestFile), tarPath); err != nil {
+		if err = output.WritePluginOutputFile(p.Output.OutputFile, getDigest(p.Build.DigestFile), tarPath); err != nil {
-		fmt.Fprintf(os.Stderr, "failed to write plugin output file at path: %s with error: %s\n", p.Output.OutputFile, err)
+			fmt.Fprintf(os.Stderr, "failed to write plugin output file at path: %s with error: %s\n", p.Output.OutputFile, err)
 		}
 	}
 	return nil
Author	SHA1	Message	Date
Archit Mallik	ee4fe0529d	Update pipeline drone-kaniko-harness	2025-01-31 12:14:42 +05:30
Archit Mallik	9be866d9c9	Create inputset event-Tag	2025-01-30 12:54:42 +05:30
Archit Mallik	c65696994a	Create inputset event-Push	2025-01-30 12:53:54 +05:30
Archit Mallik	507998a34d	Create inputset event-PR	2025-01-30 12:53:00 +05:30
Archit Mallik	8ee10bb9a6	Create pipeline drone-kaniko-harness	2025-01-30 12:45:40 +05:30