[fix]: [ci-9254]: go version upgrade to 1.21 (#86)

This reverts commit cd3745b3ca.

.drone.yml

@@ -4,7 +4,7 @@ name: default
 
 steps:
 - name: build
-  image: golang:1.18
+  image: golang:1.21
   commands:
   - go test ./...
   - sh scripts/build.sh
@@ -130,16 +130,15 @@ steps:
       - pull_request
 ---
 kind: pipeline
-type: docker
+type: vm
 name: arm
 
-platform:
-  os: linux
-  arch: arm64
+pool:
+  use: ubuntu_arm64
 
 steps:
 - name: build
-  image: golang:1.18
+  image: golang:1.21
   commands:
   - go test ./...
   - sh scripts/build.sh

cmd/kaniko-docker/main.go

@@ -176,6 +176,11 @@ func main() {
 			Usage:  "Set this flag if you only want to build the image, without pushing to a registry",
 			EnvVar: "PLUGIN_NO_PUSH",
 		},
+		cli.StringFlag{
+			Name:   "tar-path",
+			Usage:  "Set this flag to save the image as a tarball at path",
+			EnvVar: "PLUGIN_TAR_PATH",
+		},
 		cli.StringFlag{
 			Name:   "verbosity",
 			Usage:  "Set this flag with value as oneof <panic|fatal|error|warn|info|debug|trace> to set the logging level for kaniko. Defaults to info.",
@@ -191,6 +196,11 @@ func main() {
 			Usage:  "build only used stages",
 			EnvVar: "PLUGIN_SKIP_UNUSED_STAGES",
 		},
+		cli.StringFlag{
+			Name:   "output-file",
+			Usage:  "Output file location that will be generated by the plugin. This file will include information of the output that are exported by the plugin.",
+			EnvVar: "DRONE_OUTPUT",
+		},
 	}
 
 	if err := app.Run(os.Args); err != nil {
@@ -237,6 +247,7 @@ func run(c *cli.Context) error {
 			CacheTTL:         c.Int("cache-ttl"),
 			DigestFile:       defaultDigestFile,
 			NoPush:           noPush,
+			TarPath:          c.String("tar-path"),
 			Verbosity:        c.String("verbosity"),
 			Platform:         c.String("platform"),
 			SkipUnusedStages: c.Bool("skip-unused-stages"),
@@ -248,6 +259,9 @@ func run(c *cli.Context) error {
 			ArtifactFile: c.String("artifact-file"),
 			RegistryType: artifact.Docker,
 		},
+		Output: kaniko.Output{
+			OutputFile: c.String("output-file"),
+		},
 	}
 	return plugin.Exec()
 }

cmd/kaniko-ecr/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
 	"github.com/aws/aws-sdk-go/aws/session"
 	ecrv1 "github.com/aws/aws-sdk-go/service/ecr"
+	ecrpublicv1 "github.com/aws/aws-sdk-go/service/ecrpublic"
 	"github.com/aws/smithy-go"
 	"github.com/hashicorp/go-version"
 	"github.com/joho/godotenv"
@@ -245,6 +246,8 @@ func run(c *cli.Context) error {
 	registry := c.String("registry")
 	region := c.String("region")
 	noPush := c.Bool("no-push")
+	assumeRole := c.String("assume-role")
+	externalId := c.String("external-id")
 
 	dockerConfig, err := createDockerConfig(
 		c.String("docker-registry"),
@@ -253,8 +256,8 @@ func run(c *cli.Context) error {
 		c.String("access-key"),
 		c.String("secret-key"),
 		registry,
-		c.String("assume-role"),
-		c.String("external-id"),
+		assumeRole,
+		externalId,
 		region,
 		noPush,
 	)
@@ -273,7 +276,7 @@ func run(c *cli.Context) error {
 
 	// only create repository when pushing and create-repository is true
 	if !noPush && c.Bool("create-repository") {
-		if err := createRepository(region, repo, registry); err != nil {
+		if err := createRepository(region, repo, registry, assumeRole, externalId); err != nil {
 			return err
 		}
 	}
@@ -283,7 +286,7 @@ func run(c *cli.Context) error {
 		if err != nil {
 			logrus.Fatal(err)
 		}
-		if err := uploadLifeCyclePolicy(region, repo, string(contents)); err != nil {
+		if err := uploadLifeCyclePolicy(region, repo, string(contents), assumeRole, externalId); err != nil {
 			logrus.Fatal(fmt.Sprintf("error uploading ECR lifecycle policy: %v", err))
 		}
 	}
@@ -293,7 +296,7 @@ func run(c *cli.Context) error {
 		if err != nil {
 			logrus.Fatal(err)
 		}
-		if err := uploadRepositoryPolicy(region, repo, registry, string(contents)); err != nil {
+		if err := uploadRepositoryPolicy(region, repo, registry, string(contents), assumeRole, externalId); err != nil {
 			logrus.Fatal(fmt.Sprintf("error uploading ECR lifecycle policy: %v", err))
 		}
 	}
@@ -383,7 +386,7 @@ func createDockerConfig(dockerRegistry, dockerUsername, dockerPassword, accessKe
 	return dockerConfig, nil
 }
 
-func createRepository(region, repo, registry string) error {
+func createRepository(region, repo, registry, assumeRole, externalId string) error {
 	if registry == "" {
 		return fmt.Errorf("registry must be specified")
 	}
@@ -392,22 +395,29 @@ func createRepository(region, repo, registry string) error {
 		return fmt.Errorf("repo must be specified")
 	}
 
-	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
-	if err != nil {
-		return errors.Wrap(err, "failed to load aws config")
-	}
-
 	var createErr error
 
-	//create public repo
-	//if registry string starts with public domain (ex: public.ecr.aws/example-registry)
-	if isRegistryPublic(registry) {
-		svc := ecrpublic.NewFromConfig(cfg)
-		_, createErr = svc.CreateRepository(context.TODO(), &ecrpublic.CreateRepositoryInput{RepositoryName: &repo})
-		//create private repo
+	if assumeRole != "" {
+		if isRegistryPublic(registry) {
+			_, createErr = getAssumeRoleEcrPublicSvc(region, assumeRole, externalId).CreateRepository(&ecrpublicv1.CreateRepositoryInput{RepositoryName: &repo})
+		} else {
+			_, createErr = getAssumeRoleEcrSvc(region, assumeRole, externalId).CreateRepository(&ecrv1.CreateRepositoryInput{RepositoryName: &repo})
+		}
 	} else {
-		svc := ecr.NewFromConfig(cfg)
-		_, createErr = svc.CreateRepository(context.TODO(), &ecr.CreateRepositoryInput{RepositoryName: &repo})
+		cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+		if err != nil {
+			return errors.Wrap(err, "failed to load aws config")
+		}
+		//create public repo
+		//if registry string starts with public domain (ex: public.ecr.aws/example-registry)
+		if isRegistryPublic(registry) {
+			svc := ecrpublic.NewFromConfig(cfg)
+			_, createErr = svc.CreateRepository(context.TODO(), &ecrpublic.CreateRepositoryInput{RepositoryName: &repo})
+			//create private repo
+		} else {
+			svc := ecr.NewFromConfig(cfg)
+			_, createErr = svc.CreateRepository(context.TODO(), &ecr.CreateRepositoryInput{RepositoryName: &repo})
+		}
 	}
 
 	var apiError smithy.APIError
@@ -418,46 +428,67 @@ func createRepository(region, repo, registry string) error {
 	return nil
 }
 
-func uploadLifeCyclePolicy(region, repo, lifecyclePolicy string) (err error) {
-	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
-	if err != nil {
-		return errors.Wrap(err, "failed to load aws config")
-	}
+func uploadLifeCyclePolicy(region, repo, lifecyclePolicy, assumeRole, externalId string) (err error) {
+	if assumeRole != "" {
+		input := &ecrv1.PutLifecyclePolicyInput{
+			LifecyclePolicyText: aws.String(lifecyclePolicy),
+			RepositoryName:      aws.String(repo),
+		}
+		_, err = getAssumeRoleEcrSvc(region, assumeRole, externalId).PutLifecyclePolicy(input)
+	} else {
+		cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+		if err != nil {
+			return errors.Wrap(err, "failed to load aws config")
+		}
 
-	svc := ecr.NewFromConfig(cfg)
+		svc := ecr.NewFromConfig(cfg)
 
-	input := &ecr.PutLifecyclePolicyInput{
-		LifecyclePolicyText: aws.String(lifecyclePolicy),
-		RepositoryName:      aws.String(repo),
+		input := &ecr.PutLifecyclePolicyInput{
+			LifecyclePolicyText: aws.String(lifecyclePolicy),
+			RepositoryName:      aws.String(repo),
+		}
+		_, err = svc.PutLifecyclePolicy(context.TODO(), input)
 	}
-	_, err = svc.PutLifecyclePolicy(context.TODO(), input)
 
 	return err
 }
 
-func uploadRepositoryPolicy(region, repo, registry, repositoryPolicy string) (err error) {
-	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
-	if err != nil {
-		return errors.Wrap(err, "failed to load aws config")
-	}
-
-	if isRegistryPublic(registry) {
-		svc := ecrpublic.NewFromConfig(cfg)
-
-		input := &ecrpublic.SetRepositoryPolicyInput{
-			PolicyText:     aws.String(repositoryPolicy),
-			RepositoryName: aws.String(repo),
+func uploadRepositoryPolicy(region, repo, registry, repositoryPolicy, assumeRole, externalId string) (err error) {
+	if assumeRole != "" {
+		if isRegistryPublic(registry) {
+			input := &ecrpublicv1.SetRepositoryPolicyInput{
+				PolicyText:     aws.String(repositoryPolicy),
+				RepositoryName: aws.String(repo),
+			}
+			_, err = getAssumeRoleEcrPublicSvc(region, assumeRole, externalId).SetRepositoryPolicy(input)
+		} else {
+			input := &ecrv1.SetRepositoryPolicyInput{
+				PolicyText:     aws.String(repositoryPolicy),
+				RepositoryName: aws.String(repo),
+			}
+			_, err = getAssumeRoleEcrSvc(region, assumeRole, externalId).SetRepositoryPolicy(input)
 		}
-		_, err = svc.SetRepositoryPolicy(context.TODO(), input)
 	} else {
-
-		svc := ecr.NewFromConfig(cfg)
-
-		input := &ecr.SetRepositoryPolicyInput{
-			PolicyText:     aws.String(repositoryPolicy),
-			RepositoryName: aws.String(repo),
+		cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
+		if err != nil {
+			return errors.Wrap(err, "failed to load aws config")
+		}
+
+		if isRegistryPublic(registry) {
+			svc := ecrpublic.NewFromConfig(cfg)
+			input := &ecrpublic.SetRepositoryPolicyInput{
+				PolicyText:     aws.String(repositoryPolicy),
+				RepositoryName: aws.String(repo),
+			}
+			_, err = svc.SetRepositoryPolicy(context.TODO(), input)
+		} else {
+			svc := ecr.NewFromConfig(cfg)
+			input := &ecr.SetRepositoryPolicyInput{
+				PolicyText:     aws.String(repositoryPolicy),
+				RepositoryName: aws.String(repo),
+			}
+			_, err = svc.SetRepositoryPolicy(context.TODO(), input)
 		}
-		_, err = svc.SetRepositoryPolicy(context.TODO(), input)
 	}
 
 	return err
@@ -507,6 +538,36 @@ func getAuthInfo(svc *ecrv1.ECR) (username, password, registry string, err error
 	return
 }
 
+func getAssumeRoleEcrSvc(region, assumeRole, externalId string) *ecrv1.ECR {
+	sess, err := session.NewSession(&awsv1.Config{Region: &region})
+	if err != nil {
+		logrus.Fatal(err, "failed to create aws session")
+	}
+
+	return ecrv1.New(sess, &awsv1.Config{
+		Credentials: stscreds.NewCredentials(sess, assumeRole, func(p *stscreds.AssumeRoleProvider) {
+			if externalId != "" {
+				p.ExternalID = &externalId
+			}
+		}),
+	})
+}
+
+func getAssumeRoleEcrPublicSvc(region, assumeRole, externalId string) *ecrpublicv1.ECRPublic {
+	sess, err := session.NewSession(&awsv1.Config{Region: &region})
+	if err != nil {
+		logrus.Fatal(err, "failed to create aws session")
+	}
+
+	return ecrpublicv1.New(sess, &awsv1.Config{
+		Credentials: stscreds.NewCredentials(sess, assumeRole, func(p *stscreds.AssumeRoleProvider) {
+			if externalId != "" {
+				p.ExternalID = &externalId
+			}
+		}),
+	})
+}
+
 func isRegistryPublic(registry string) bool {
 	return strings.HasPrefix(registry, ecrPublicDomain)
 }

go.mod

@@ -1,6 +1,8 @@
 module github.com/drone/drone-kaniko
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
 	github.com/aws/aws-sdk-go v1.44.52
 	github.com/aws/aws-sdk-go-v2 v1.16.7
 	github.com/aws/aws-sdk-go-v2/config v1.15.14
@@ -18,8 +20,6 @@ require (
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.3 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.9 // indirect
@@ -43,4 +43,4 @@ require (
 	golang.org/x/text v0.3.7 // indirect
 )
 
-go 1.18
+go 1.21

go.sum

@@ -43,9 +43,13 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
+github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -76,9 +80,9 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw=
 github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
@@ -93,8 +97,6 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e h1:NHvCuwuS43lGnYhten69ZWqi2QOj/CiDNcKbVqwVoew=
-golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -103,5 +105,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

kaniko.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"github.com/drone/drone-kaniko/pkg/artifact"
+	"github.com/drone/drone-kaniko/pkg/output"
 	"github.com/drone/drone-kaniko/pkg/tagger"
 	"golang.org/x/mod/semver"
 )
@@ -38,6 +39,7 @@ type (
 		Verbosity        string   // Log level
 		Platform         string   // Allows to build with another default platform than the host, similarly to docker build --platform
 		SkipUnusedStages bool     // Build only used stages
+		TarPath          string   // Set this flag to save the image as a tarball at path
 	}
 
 	// Artifact defines content of artifact file
@@ -49,10 +51,16 @@ type (
 		ArtifactFile string                    // Artifact file location
 	}
 
+	// Output defines content of output file
+	Output struct {
+		OutputFile string // File where plugin output are saved
+	}
+
 	// Plugin defines the Docker plugin parameters.
 	Plugin struct {
 		Build    Build    // Docker build configuration
 		Artifact Artifact // Artifact file content
+		Output   Output   // Output file content
 	}
 )
 
@@ -148,14 +156,15 @@ func (p Plugin) Exec() error {
 		fmt.Sprintf("--context=dir://%s", p.Build.Context),
 	}
 
-	// Set the destination repository
-	if !p.Build.NoPush {
+	// Set the destination repository only when we push or save to tarball
+	if !p.Build.NoPush || p.Build.TarPath != "" {
 		for _, tag := range tags {
 			for _, label := range p.Build.labelsForTag(tag) {
 				cmdArgs = append(cmdArgs, fmt.Sprintf("--destination=%s:%s", p.Build.Repo, label))
 			}
 		}
 	}
+
 	// Set the build arguments
 	for _, arg := range p.Build.Args {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--build-arg=%s", arg))
@@ -212,6 +221,10 @@ func (p Plugin) Exec() error {
 		cmdArgs = append(cmdArgs, "--skip-unused-stages")
 	}
 
+	if p.Build.TarPath != "" {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--tar-path=%s", p.Build.TarPath))
+	}
+	
 	cmd := exec.Command("/kaniko/executor", cmdArgs...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -223,19 +236,29 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.Build.DigestFile != "" && p.Artifact.ArtifactFile != "" {
-		content, err := ioutil.ReadFile(p.Build.DigestFile)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "failed to read digest file contents at path: %s with error: %s\n", p.Build.DigestFile, err)
-		}
-		err = artifact.WritePluginArtifactFile(p.Artifact.RegistryType, p.Artifact.ArtifactFile, p.Artifact.Registry, p.Artifact.Repo, string(content), p.Artifact.Tags)
+		err = artifact.WritePluginArtifactFile(p.Artifact.RegistryType, p.Artifact.ArtifactFile, p.Artifact.Registry, p.Artifact.Repo, getDigest(p.Build.DigestFile), p.Artifact.Tags)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "failed to write plugin artifact file at path: %s with error: %s\n", p.Artifact.ArtifactFile, err)
 		}
 	}
 
+	if p.Output.OutputFile != "" {
+		if err = output.WritePluginOutputFile(p.Output.OutputFile, getDigest(p.Build.DigestFile)); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to write plugin output file at path: %s with error: %s\n", p.Output.OutputFile, err)
+		}
+	}
+
 	return nil
 }
 
+func getDigest(digestFile string) string {
+	content, err := ioutil.ReadFile(digestFile)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed to read digest file contents at path: %s with error: %s\n", digestFile, err)
+	}
+	return string(content)
+}
+
 // trace writes each command to stdout with the command wrapped in an xml
 // tag so that it can be extracted and displayed in the logs.
 func trace(cmd *exec.Cmd) {

pkg/output/output.go

@@ -0,0 +1,12 @@
+package output
+
+import (
+	"github.com/joho/godotenv"
+)
+
+func WritePluginOutputFile(outputFilePath, digest string) error {
+	output := map[string]string{
+		"digest": digest,
+	}
+	return godotenv.Write(output, outputFilePath)
+}