fix: [CI-10165]: remove excludelist

This reverts commit 20c593c3e7.

cmd/kaniko-acr/main.go

@@ -37,6 +37,7 @@ var (
 	ACRCertPath   = "/kaniko/acr-cert.pem"
 	pluginVersion = "unknown"
 	username      = "00000000-0000-0000-0000-000000000000"
+	maxPageCount  = 1000 // maximum count of pages to cycle through before we break out
 )
 
 func main() {
@@ -407,32 +408,56 @@ func getPublicUrl(token, registryUrl, subscriptionId string) (string, error) {
 	}
 
 	registry := strings.Split(registryUrl, ".")[0]
-	burl := "https://management.azure.com/subscriptions/" +
+	baseURL := "https://management.azure.com/subscriptions/" +
 		subscriptionId + "/resources?$filter=resourceType%20eq%20'Microsoft.ContainerRegistry/registries'%20and%20name%20eq%20'" +
 		registry + "'&api-version=2021-04-01&$select=id"
 
 	method := "GET"
 	client := &http.Client{}
-	req, err := http.NewRequest(method, burl, nil)
-	if err != nil {
-		fmt.Println(err)
-		return "", errors.Wrap(err, "failed to create request for getting container registry setting")
+
+	cnt := 0
+
+	for {
+		// this is just in case we end up cycling through nextLink's infinitely.
+		// this should not happen - added as a precaution.
+		if cnt > maxPageCount {
+			break
+		}
+		cnt++
+		req, err := http.NewRequest(method, baseURL, nil)
+		if err != nil {
+			return "", errors.Wrap(err, "failed to create request for getting container registry setting")
+		}
+
+		req.Header.Add("Authorization", "Bearer "+token)
+		res, err := client.Do(req)
+		if err != nil {
+			return "", errors.Wrap(err, "failed to send request for getting container registry setting")
+		}
+		defer res.Body.Close()
+
+		var response strct
+		err = json.NewDecoder(res.Body).Decode(&response)
+		if err != nil {
+			return "", errors.Wrap(err, "failed to send request for getting container registry setting")
+		}
+
+		if len(response.Value) > 0 {
+			if response.Value[0].ID == "" { // should not happen
+				return "", errors.New("received empty registry ID from /subscriptions API")
+			}
+			return finalUrl + encodeParam(response.Value[0].ID), nil
+		}
+
+		if response.NextLink == "" {
+			// No more pages, break the loop
+			break
+		}
+
+		baseURL = response.NextLink
 	}
 
-	req.Header.Add("Authorization", "Bearer "+token)
-	res, err := client.Do(req)
-	if err != nil {
-		fmt.Println(err)
-		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
-	}
-	defer res.Body.Close()
-
-	var response strct
-	err = json.NewDecoder(res.Body).Decode(&response)
-	if err != nil {
-		return "", errors.Wrap(err, "failed to send request for getting container registry setting")
-	}
-	return finalUrl + encodeParam(response.Value[0].ID), nil
+	return "", errors.New("did not receive any registry information from /subscriptions API")
 }
 
 func encodeParam(s string) string {
@@ -443,4 +468,5 @@ type strct struct {
 	Value []struct {
 		ID string `json:"id"`
 	} `json:"value"`
+	NextLink string `json:"nextLink"` // for pagination
 }

docker/acr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/amd64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]

docker/acr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/arm64/kaniko-acr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-acr"]

docker/docker/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/amd64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]

docker/docker/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
 ENV HOME /root
 ENV USER root
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/arm64/kaniko-docker /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-docker"]

docker/ecr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/amd64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]

docker/ecr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 
 ADD release/linux/arm64/kaniko-ecr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-ecr"]

docker/gar/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/amd64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]

docker/gar/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 
 ADD release/linux/arm64/kaniko-gar /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gar"]

docker/gcr/Dockerfile.linux.amd64

@@ -1,5 +1,5 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 ADD release/linux/amd64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]

docker/gcr/Dockerfile.linux.arm64

@@ -1,8 +1,8 @@
-FROM gcr.io/kaniko-project/executor:v1.9.1
+FROM gcr.io/kaniko-project/executor:v1.19.2
 
 ENV HOME /root
 ENV USER root
-ENV KANIKO_VERSION=1.9.1
+ENV KANIKO_VERSION=1.19.2
 
 ADD release/linux/arm64/kaniko-gcr /kaniko/
 ENTRYPOINT ["/kaniko/kaniko-gcr"]

kaniko.go

@@ -64,6 +64,11 @@ type (
 	}
 )
 
+const kanikoArgsEnabled = "DRONE_KANIKO_ADDIONAL_ARGS_ENABLED"
+
+// Allowed variables
+var allowList = []string{"PLUGIN_BUILD_ARG", "PLUGIN_CACHE", "PLUGIN_CACHE_DIR", "PLUGIN_CACHE_REPO", "PLUGIN_CACHE_COPY_LAYERS", "PLUGIN_CACHE_RUN_LAYERS", "PLUGIN_CACHE_TTL", "PLUGIN_CLEANUP", "PLUGIN_COMPRESSED_CACHING", "PLUGIN_CONTEXT_SUB_PATH", "PLUGIN_CUSTOM_PLATFORM", "PLUGIN_DIGEST_FILE", "PLUGIN_DOCKERFILE", "PLUGIN_FORCE", "PLUGIN_GIT", "PLUGIN_IMAGE_NAME_WITH_DIGEST_FILE", "PLUGIN_IMAGE_NAME_TAG_WITH_DIGEST_FILE", "PLUGIN_INSECURE", "PLUGIN_INSECURE_PULL", "PLUGIN_INSECURE_REGISTRY", "PLUGIN_LABEL", "PLUGIN_LOG_FORMAT", "PLUGIN_LOG_TIMESTAMP", "PLUGIN_NO_PUSH", "PLUGIN_OCI_LAYOUT_PATH", "PLUGIN_PUSH_RETRY", "PLUGIN_REGISTRY_CERTIFICATE", "PLUGIN_REGISTRY_CLIENT_CERT", "PLUGIN_REGISTRY_MIRROR", "PLUGIN_SKIP_DEFAULT_REGISTRY_FALLBACK", "PLUGIN_REPRODUCIBLE", "PLUGIN_SINGLE_SNAPSHOT", "PLUGIN_SKIP_TLS_VERIFY", "PLUGIN_SKIP_PUSH_PERMISSION_CHECK", "PLUGIN_SKIP_TLS_VERIFY_PULL", "PLUGIN_SKIP_TLS_VERIFY_REGISTRY", "PLUGIN_SKIP_UNUSED_STAGES", "PLUGIN_SNAPSHOT_MODE", "PLUGIN_TAR_PATH", "PLUGIN_TARGET", "PLUGIN_USE_NEW_RUN", "PLUGIN_VERBOSITY", "PLUGIN_IGNORE_VAR_RUN", "PLUGIN_IGNORE_PATH", "PLUGIN_IMAGE_FS_EXTRACT_RETRY", "PLUGIN_IMAGE_DOWNLOAD_RETRY"}
+
 // labelsForTag returns the labels to use for the given tag, subject to the value of ExpandTag.
 //
 // Build information (e.g. +linux_amd64) is carried through to all labels.
@@ -224,7 +229,18 @@ func (p Plugin) Exec() error {
 	if p.Build.TarPath != "" {
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--tar-path=%s", p.Build.TarPath))
 	}
-	
+
+	//Read all PLUGIN_ env vars if FF is enabled
+	//parse them such that PLUGIN_ENV_ARG is set to the value of --env-arg
+	//Add the value of --env-arg to cmdArgs if it does not exist
+	argsEnabled, ok := os.LookupEnv(kanikoArgsEnabled)
+	if ok {
+		fmt.Fprintf(os.Stdout, "%s env is set with value: %s ", kanikoArgsEnabled, argsEnabled)
+	}
+	if argsEnabled == "true" {
+		cmdArgs = getPluginEnvVars(cmdArgs)
+	}
+
 	cmd := exec.Command("/kaniko/executor", cmdArgs...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -264,3 +280,60 @@ func getDigest(digestFile string) string {
 func trace(cmd *exec.Cmd) {
 	fmt.Fprintf(os.Stdout, "+ %s\n", strings.Join(cmd.Args, " "))
 }
+
+func getPluginEnvVars(cmdArgs []string) []string {
+	envVars := os.Environ()
+
+	// Iterate through environment variables
+	for _, envVar := range envVars {
+		// Check if the variable starts with PLUGIN_
+		if strings.HasPrefix(envVar, "PLUGIN_") && contains(allowList, envVar) {
+			// Split the variable into key and value
+			parts := strings.SplitN(envVar, "=", 2)
+			if len(parts) != 2 {
+				continue
+			}
+			key := parts[0]
+			value := parts[1]
+
+			// Trim the "PLUGIN_" prefix
+			flagName := strings.TrimPrefix(key, "PLUGIN_")
+
+			// Replace underscores with hyphens and convert to lowercase
+			flagName = strings.ReplaceAll(flagName, "_", "-")
+			flagName = strings.ToLower(flagName)
+
+			// Format the flag name with "--" prefix
+			flag := "--" + flagName
+
+			// Check if the flag already exists in cmdArgs
+			exists := false
+			for _, arg := range cmdArgs {
+				if strings.HasPrefix(arg, flag) {
+					exists = true
+					break
+				}
+			}
+
+			// If the flag does not exist, add it to cmdArgs
+			if !exists {
+				if value == "" {
+					cmdArgs = append(cmdArgs, flag)
+				} else {
+					cmdArgs = append(cmdArgs, fmt.Sprintf("%s=%s", flag, value))
+				}
+			}
+		}
+	}
+	return cmdArgs
+}
+
+// Function to check if a string is in a slice
+func contains(slice []string, str string) bool {
+	for _, s := range slice {
+		if strings.HasPrefix(str, s) {
+			return true
+		}
+	}
+	return false
+}