Fix manifest of ACR (#62 )

Add arm stage as a depends_on for manifest stages (#61 )
Fix acr manifest template (#60 )
2026-06-13 10:31:35 +08:00 · 2022-08-18 11:52:19 +05:30 · 2022-08-17 11:54:11 +05:30 · 2022-08-17 11:24:31 +05:30 · 2022-08-16 11:20:49 +05:30 · 2022-08-03 15:06:01 +05:30
18 changed files with 219 additions and 14 deletions
@@ -131,6 +131,141 @@ steps:
 ---
 kind: pipeline
 type: docker
+name: arm
+
+platform:
+  os: linux
+  arch: arm64
+
+steps:
+- name: build
+  image: golang:1.18
+  commands:
+  - go test ./...
+  - sh scripts/build.sh
+
+- name: docker
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko
+    auto_tag: true
+    auto_tag_suffix: linux-arm64
+    daemon_off: false
+    dockerfile: docker/docker/Dockerfile.linux.arm64
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+- name: gcr
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko-gcr
+    auto_tag: true
+    auto_tag_suffix: linux-arm64
+    daemon_off: false
+    dockerfile: docker/gcr/Dockerfile.linux.arm64
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+- name: ecr
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko-ecr
+    auto_tag: true
+    auto_tag_suffix: linux-arm64
+    daemon_off: false
+    dockerfile: docker/ecr/Dockerfile.linux.arm64
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+- name: acr
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko-acr
+    auto_tag: true
+    auto_tag_suffix: linux-arm64
+    daemon_off: false
+    dockerfile: docker/acr/Dockerfile.linux.arm64
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+- name: docker-kaniko-v1-8
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko
+    auto_tag: true
+    auto_tag_suffix: linux-arm64-kaniko1.8.1
+    daemon_off: false
+    dockerfile: docker/docker/Dockerfile.linux.arm64.kaniko1.8.1
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+- name: gcr-kaniko-v1-8
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko-gcr
+    auto_tag: true
+    auto_tag_suffix: linux-arm64-kaniko1.8.1
+    daemon_off: false
+    dockerfile: docker/gcr/Dockerfile.linux.arm64.kaniko1.8.1
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+
+
+- name: ecr-kaniko-v1-8
+  image: plugins/docker
+  settings:
+    repo: plugins/kaniko-ecr
+    auto_tag: true
+    auto_tag_suffix: linux-arm64-kaniko1.8.1
+    daemon_off: false
+    dockerfile: docker/ecr/Dockerfile.linux.arm64.kaniko1.8.1
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    event:
+      exclude:
+      - pull_request
+---
+kind: pipeline
+type: docker
 name: notifications-docker

 platform:
@@ -193,6 +328,7 @@ trigger:

 depends_on:
 - default
+- arm

 ---
 kind: pipeline
@@ -247,3 +383,4 @@ trigger:

 depends_on:
 - default
+- arm
@@ -2,3 +2,4 @@ release
 coverage.out
 vendor
 .idea
+.vscode
@@ -17,6 +17,7 @@ export GO111MODULE=on
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-docker ./cmd/kaniko-docker
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-gcr ./cmd/kaniko-gcr
 go build -v -a -tags netgo -o release/linux/amd64/kaniko-ecr ./cmd/kaniko-ecr
+go build -v -a -tags netgo -o release/linux/amd64/kaniko-acr ./cmd/kaniko-acr
 ```

 ## Docker
@@ -28,6 +29,11 @@ docker build \
  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
  --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
  --file docker/docker/Dockerfile.linux.amd64 --tag plugins/kaniko .
+  
+docker build \
+  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+  --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \
+  --file docker/acr/Dockerfile.linux.amd64 --tag plugins/kaniko-acr .

 docker build \
  --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
@@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -130,7 +131,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:   "client-cert",
-			Usage:  "Azure client certificate",
+			Usage:  "Azure client certificate encoded in base64 format",
 			EnvVar: "CLIENT_CERTIFICATE",
 		},
 		cli.StringFlag{
@@ -307,16 +308,22 @@ func getACRToken(tenantId, clientId, clientSecret, cert, registry string) (strin
 		}
 	}

-	// TODO check for presence of file as well.
-	os.Setenv(clientIdEnv, clientId)
-	os.Setenv(clientSecretKeyEnv, clientSecret)
-	os.Setenv(tenantKeyEnv, tenantId)
-	os.Setenv(certPathEnv, ACRCertPath)
+	if err := os.Setenv(clientIdEnv, clientId); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable client Id")
+	}
+	if err := os.Setenv(clientSecretKeyEnv, clientSecret); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable client secret")
+	}
+	if err := os.Setenv(tenantKeyEnv, tenantId); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable tenant Id")
+	}
+	if err := os.Setenv(certPathEnv, ACRCertPath); err != nil {
+		return "", errors.Wrap(err, "failed to set env variable cert path")
+	}
 	env, err := azidentity.NewEnvironmentCredential(nil)
 	if err != nil {
 		return "", errors.Wrap(err, "failed to get env credentials from azure")
 	}
-
 	policy := policy.TokenRequestOptions{
 		Scopes: []string{"https://management.azure.com/.default"},
 	}
@@ -368,7 +375,11 @@ func fetchACRToken(tenantId, token, registry string) (string, error) {
 }

 func setupACRCert(cert string) error {
-	err := ioutil.WriteFile(ACRCertPath, []byte(cert), 0644)
+	decoded, err := base64.StdEncoding.DecodeString(cert)
+	if err != nil {
+		return errors.Wrap(err, "failed to base64 decode ACR certificate")
+	}
+	err = ioutil.WriteFile(ACRCertPath, []byte(decoded), 0644)
 	if err != nil {
 		return errors.Wrap(err, "failed to write ACR certificate")
 	}
@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.8.1
+FROM gcr.io/kaniko-project/executor:v1.8.1

 ENV HOME /root
 ENV USER root
@@ -1,4 +1,4 @@
-image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
@@ -7,7 +7,12 @@ tags:
 {{/if}}
 manifests:
  -
-    image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko-acr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux
@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.6.0
+FROM gcr.io/kaniko-project/executor:v1.6.0

 ENV HOME /root
 ENV USER root
@@ -0,0 +1,5 @@
+FROM gcr.io/kaniko-project/executor:v1.8.1
+
+ENV KANIKO_VERSION=1.8.1
+ADD release/linux/arm64/kaniko-docker /kaniko/
+ENTRYPOINT ["/kaniko/kaniko-docker"]
@@ -11,3 +11,8 @@ manifests:
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-kaniko1.8.1
+    platform:
+      architecture: arm64
+      os: linux
@@ -11,3 +11,8 @@ manifests:
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux
@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.6.0
+FROM gcr.io/kaniko-project/executor:v1.6.0

 ENV HOME /root
 ENV USER root
@@ -0,0 +1,5 @@
+FROM gcr.io/kaniko-project/executor:v1.8.1
+
+ENV KANIKO_VERSION=1.8.1
+ADD release/linux/arm64/kaniko-ecr /kaniko/
+ENTRYPOINT ["/kaniko/kaniko-ecr"]
@@ -11,3 +11,8 @@ manifests:
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko-ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-kaniko1.8.1
+    platform:
+      architecture: arm64
+      os: linux
@@ -10,4 +10,9 @@ manifests:
    image: plugins/kaniko-ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
    platform:
      architecture: amd64
+      os: linux
+  -
+    image: plugins/kaniko-ecr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
      os: linux
@@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:arm64-v1.6.0
+FROM gcr.io/kaniko-project/executor:v1.6.0

 ENV HOME /root
 ENV USER root
@@ -0,0 +1,5 @@
+FROM gcr.io/kaniko-project/executor:v1.8.1
+
+ENV KANIKO_VERSION=1.8.1
+ADD release/linux/arm64/kaniko-gcr /kaniko/
+ENTRYPOINT ["/kaniko/kaniko-gcr"]
@@ -11,3 +11,8 @@ manifests:
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-kaniko1.8.1
+    platform:
+      architecture: arm64
+      os: linux
@@ -11,3 +11,8 @@ manifests:
    platform:
      architecture: amd64
      os: linux
+  -
+    image: plugins/kaniko-gcr:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux
Author	SHA1	Message	Date
Jamie Li	864a7e5319	Fix manifest of ACR (#62 )	2022-08-18 11:52:19 +05:30
Jamie Li	1c34458f6c	Add arm stage as a depends_on for manifest stages (#61 )	2022-08-17 11:54:11 +05:30
Jamie Li	725950ee02	Fix acr manifest template (#60 )	2022-08-17 11:24:31 +05:30
Jamie Li	97a3f33180	Add arm image build (#59 )	2022-08-16 11:20:49 +05:30
Aman Singh	33e44ca23a	Merge pull request #58 from drone/aman-fix-acr Fix cert not working in ACR	2022-08-03 15:06:01 +05:30
Aman Singh	1409e80406	addressed comments	2022-08-03 13:14:03 +05:30
Aman Singh	97ecf9b992	addressed comments	2022-08-03 13:09:41 +05:30
Aman Singh	0ae1cbc382	addressed comments	2022-08-03 13:07:49 +05:30
Aman Singh	fe57a616ed	addressed comments	2022-08-03 13:07:27 +05:30
Aman Singh	4da1f904b0	Update README.md	2022-08-03 12:56:58 +05:30
Aman Singh	eaeab5fddb	updated .gitignore	2022-08-03 12:54:53 +05:30
Aman Singh	546dc21a7e	removed fmt.print	2022-08-03 12:53:16 +05:30
Aman Singh	d0df077e6e	fix cert issue in acr images	2022-08-03 12:50:10 +05:30