Compare commits

...

36 Commits

Author SHA1 Message Date
3c96b67e94
add deprecation notice 2023-08-29 21:37:14 +02:00
renovate[bot]
12deebdc80 chore(deps): update dependency golangci/golangci-lint to v1.54.2 2023-08-28 04:19:10 +00:00
renovate[bot]
c325b328d5 chore(docker): update golang:1.20 docker digest to 741d6f9 2023-08-17 12:19:08 +00:00
renovate[bot]
5d9b999006 chore(docker): update golang:1.20 docker digest to ee18a70 2023-08-17 04:47:22 +00:00
renovate[bot]
201c7f05d2 chore(docker): update golang:1.20 docker digest to 2db0b25 2023-08-16 16:13:03 +00:00
renovate[bot]
5d00f635ca chore(deps): update dependency golangci/golangci-lint to v1.54.1 2023-08-14 03:08:49 +00:00
renovate[bot]
bb87287089 chore(docker): update docker:24.0-dind docker digest to 020562d 2023-08-12 04:25:15 +00:00
08408124c6
chore: revert multi-registry support (#311) 2023-08-11 10:10:32 +02:00
0cc14f4114
refactor: use parameter list for multiple registries (#309) 2023-08-11 09:13:42 +02:00
renovate[bot]
6d13cf910f chore(docker): update golang:1.20 docker digest to 37c7d85 2023-08-10 07:31:34 +00:00
renovate[bot]
3b8c905a65 chore(docker): update docker:24.0-dind docker digest to 9e71442 2023-08-09 17:41:39 +00:00
renovate[bot]
bc5002fdd2
fix(deps): update module golang.org/x/sys to v0.11.0 (#302)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-09 11:36:12 +02:00
Maxim Slipenko
13c17d9c3c
feat: Add ability to push to multiple registries (#303)
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
2023-08-09 11:35:58 +02:00
renovate[bot]
56914d2332 chore(docker): update docker:24.0-dind docker digest to 9ec413d 2023-08-08 06:05:36 +00:00
renovate[bot]
c86c9bdde1 chore(docker): update golang:1.20 docker digest to bc5f0b5 2023-08-02 04:56:11 +00:00
renovate[bot]
1ad9710237 chore(docker): update docker digests 2023-08-01 06:04:26 +00:00
renovate[bot]
15751a5906 chore(docker): update docker:24.0-dind docker digest to ec0c2cf 2023-07-20 00:23:46 +00:00
renovate[bot]
7d13e5b69a
chore(deps): update dependency docker/buildx to v0.11.2 (#298)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-19 09:54:54 +02:00
renovate[bot]
3fdf306a5a chore(docker): update golang:1.20 docker digest to cfc9d1b 2023-07-14 00:04:49 +00:00
renovate[bot]
d1f882fd4f chore(docker): update docker digests 2023-07-12 03:56:15 +00:00
renovate[bot]
0f1834d73c chore(docker): update docker:24.0-dind docker digest to 1a3af94 2023-07-11 00:23:53 +00:00
renovate[bot]
7f9d843d90 chore(docker): update docker:24.0-dind docker digest to 8c39dc8 2023-07-07 00:40:31 +00:00
renovate[bot]
8017d097a0 chore(docker): update golang:1.20 docker digest to fd9306e 2023-07-06 03:06:25 +00:00
renovate[bot]
66c2e4229d
fix(deps): update module golang.org/x/sys to v0.10.0 (#288)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-05 20:31:35 +02:00
renovate[bot]
1ec20c6fb5
chore(deps): update dependency docker/buildx to v0.11.1 (#292)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-05 20:31:20 +02:00
renovate[bot]
c8532994c8 chore(docker): update golang:1.20 docker digest to 20ee7c8 2023-07-05 12:57:09 +00:00
renovate[bot]
3d174c7f05 chore(docker): update golang:1.20 docker digest to ff2cca5 2023-07-05 07:36:28 +00:00
renovate[bot]
96f9c9ed49 chore(docker): update golang:1.20 docker digest to 7954299 2023-07-05 01:35:47 +00:00
renovate[bot]
fd67a8c675
chore(docker): update docker:24.0-dind docker digest to 1d148de (#287)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-04 07:03:26 +00:00
d16fd6376b
docs: move documentation for the secrets option to parameter list (#286) 2023-06-29 21:30:58 +02:00
Grégoire Joncour
89db4c201e
fix: fix secrets format (#285) 2023-06-29 21:16:20 +02:00
c7c3ad6942
docs: add usage exaple for docker build secrets (#283) 2023-06-28 20:42:47 +02:00
Moein Nemati
a572b72527
feat: add support for docker build secrets (#282) 2023-06-28 20:26:07 +02:00
renovate[bot]
471b9e046d chore(docker): update golang:1.20 docker digest to 344193a 2023-06-24 06:18:09 +00:00
renovate[bot]
21f863a3f6 chore(docker): update golang:1.20 docker digest to 8f958bf 2023-06-22 13:12:43 +00:00
renovate[bot]
8a27c0806e chore(docker): update docker digests 2023-06-22 06:30:18 +00:00
13 changed files with 81 additions and 327 deletions

View File

@ -1,291 +0,0 @@
---
kind: pipeline
name: test
platform:
os: linux
arch: amd64
steps:
- name: deps
image: golang:1.20
commands:
- make deps
volumes:
- name: godeps
path: /go
- name: lint
image: golang:1.20
commands:
- make lint
volumes:
- name: godeps
path: /go
- name: test
image: golang:1.20
commands:
- make test
volumes:
- name: godeps
path: /go
volumes:
- name: godeps
temp: {}
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
name: build-binaries
platform:
os: linux
arch: amd64
steps:
- name: build
image: techknowlogick/xgo:go-1.20.x
commands:
- ln -s /drone/src /source
- make release
- name: executable
image: alpine
commands:
- $(find dist/ -executable -type f -iname ${DRONE_REPO_NAME}-linux-amd64) --help
- name: changelog-generate
image: thegeeklab/git-chglog
commands:
- git fetch -tq
- git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
- name: changelog-format
image: thegeeklab/alpine-tools
commands:
- prettier CHANGELOG.md
- prettier -w CHANGELOG.md
- name: publish
image: plugins/github-release
settings:
api_key:
from_secret: github_token
files:
- dist/*
note: CHANGELOG.md
overwrite: true
title: ${DRONE_TAG}
when:
ref:
- refs/tags/**
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- test
---
kind: pipeline
name: build-container
platform:
os: linux
arch: amd64
steps:
- name: dryrun
image: thegeeklab/drone-docker-buildx:23
settings:
dockerfile: Dockerfile.multiarch
dry_run: true
platforms:
- linux/amd64
- linux/arm64
provenance: false
repo: thegeeklab/${DRONE_REPO_NAME}
when:
ref:
- refs/pull/**
- name: publish-dockerhub
image: thegeeklab/drone-docker-buildx:23
settings:
auto_tag: true
dockerfile: Dockerfile.multiarch
password:
from_secret: docker_password
platforms:
- linux/amd64
- linux/arm64
provenance: false
repo: thegeeklab/${DRONE_REPO_NAME}
username:
from_secret: docker_username
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- dryrun
- name: publish-quay
image: thegeeklab/drone-docker-buildx:23
settings:
auto_tag: true
dockerfile: Dockerfile.multiarch
password:
from_secret: quay_password
platforms:
- linux/amd64
- linux/arm64
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
username:
from_secret: quay_username
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- dryrun
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- test
---
kind: pipeline
name: docs
platform:
os: linux
arch: amd64
concurrency:
limit: 1
steps:
- name: markdownlint
image: thegeeklab/markdownlint-cli
commands:
- markdownlint 'docs/content/**/*.md' 'README.md' 'CONTRIBUTING.md'
- name: spellcheck
image: thegeeklab/alpine-tools
commands:
- spellchecker --files '_docs/**/*.md' 'README.md' 'CONTRIBUTING.md' -d .dictionary -p spell indefinite-article syntax-urls --no-suggestions
environment:
FORCE_COLOR: true
NPM_CONFIG_LOGLEVEL: error
- name: publish
image: thegeeklab/drone-git-action
settings:
action:
- pages
author_email: bot@thegeeklab.de
author_name: thegeeklab-bot
branch: docs
message: auto-update documentation
netrc_password:
from_secret: github_token
pages_directory: _docs/
when:
ref:
- refs/heads/main
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- build-binaries
- build-container
---
kind: pipeline
name: notifications
platform:
os: linux
arch: amd64
steps:
- name: pushrm-dockerhub
image: chko/docker-pushrm:1
environment:
DOCKER_PASS:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
PUSHRM_FILE: README.md
PUSHRM_SHORT: Drone plugin to build multiarch Docker images with buildx
PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
when:
status:
- success
- name: pushrm-quay
image: chko/docker-pushrm:1
environment:
APIKEY__QUAY_IO:
from_secret: quay_token
PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
when:
status:
- success
- name: matrix
image: thegeeklab/drone-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
username:
from_secret: matrix_username
when:
status:
- success
- failure
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- docs
---
kind: signature
hmac: a62b604d49c98c24360bfaea313f8dba31166133620d5e7656f884e1f20b9ff6
...

View File

@ -1,4 +1,4 @@
FROM --platform=$BUILDPLATFORM golang:1.20@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f as build
FROM --platform=$BUILDPLATFORM golang:1.20@sha256:741d6f9bcab778441efe05c8e4369d4f8ff56c9a635a97d77f55d8b0ec62f907 as build
ARG TARGETOS
ARG TARGETARCH
@ -8,7 +8,7 @@ WORKDIR /src
RUN make build
FROM docker:24.0-dind@sha256:f8b5e548ce35f1e177aaebae6e738315a7e9a75098d76dfae60238e0ce3a788b
FROM docker:24.0-dind@sha256:020562d22f11c27997e00da910ed6b580d93094bc25841cb87aacab4ced4a882
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
@ -22,7 +22,7 @@ ARG TARGETARCH
ARG BUILDX_VERSION
# renovate: datasource=github-releases depName=docker/buildx
ENV BUILDX_VERSION="${BUILDX_VERSION:-v0.11.0}"
ENV BUILDX_VERSION="${BUILDX_VERSION:-v0.11.2}"
ENV DOCKER_HOST=unix:///var/run/docker.sock

View File

@ -1,7 +1,7 @@
# renovate: datasource=github-releases depName=mvdan/gofumpt
GOFUMPT_PACKAGE_VERSION := v0.5.0
# renovate: datasource=github-releases depName=golangci/golangci-lint
GOLANGCI_LINT_PACKAGE_VERSION := v1.53.3
GOLANGCI_LINT_PACKAGE_VERSION := v1.54.2
EXECUTABLE := drone-docker-buildx

View File

@ -1,6 +1,6 @@
# drone-docker-buildx
Drone plugin to build multiarch Docker images with buildx
DISCONTINUED: Drone plugin to build multiarch Docker images with buildx
[![Build Status](https://img.shields.io/drone/build/thegeeklab/drone-docker-buildx?logo=drone&server=https%3A%2F%2Fdrone.thegeeklab.de)](https://drone.thegeeklab.de/thegeeklab/drone-docker-buildx)
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/drone-docker-buildx)
@ -10,6 +10,8 @@ Drone plugin to build multiarch Docker images with buildx
[![Source: GitHub](https://img.shields.io/badge/source-github-blue.svg?logo=github&logoColor=white)](https://github.com/thegeeklab/drone-docker-buildx)
[![License: Apache-2.0](https://img.shields.io/github/license/thegeeklab/drone-docker-buildx)](https://github.com/thegeeklab/drone-docker-buildx/blob/main/LICENSE)
> **DISCONTINUED:** As I don't use Drone CI anymore, this project is unmaintained. If you are interested in a free and open source CI system check out [Woodpecker CI](https://woodpecker-ci.org/).
Drone plugin to build multiarch Docker images with buildx. This plugin is a fork of [drone-plugins/drone-docker](https://github.com/drone-plugins/drone-docker). You can find the full documentation at [https://drone-plugin-index.geekdocs.de](https://drone-plugin-index.geekdocs.de/plugins/drone-docker-buildx).
## Versioning

View File

@ -27,7 +27,7 @@ The tags follow the major version of Docker, e.g. `20`, and the minor and patch
Be aware that the this plugin requires [privileged](https://docs.drone.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start.
{{< /hint >}}
```YAML
```yaml
kind: pipeline
name: default
@ -58,7 +58,7 @@ If the created image is to be pushed to registries other than the default Docker
**GHCR:**
```YAML
```yaml
kind: pipeline
name: default
@ -76,7 +76,7 @@ steps:
**AWS ECR:**
```YAML
```yaml
kind: pipeline
name: default
@ -99,7 +99,7 @@ steps:
Build the binary with the following command:
```Shell
```shell
export GOOS=linux
export GOARCH=amd64
export CGO_ENABLED=0
@ -110,13 +110,13 @@ make build
Build the Docker image with the following command:
```Shell
```shell
docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx .
```
## Test
```Shell
```shell
docker run --rm \
-e PLUGIN_TAG=latest \
-e PLUGIN_REPO=octocat/hello-world \

View File

@ -75,15 +75,16 @@ properties:
description: |
Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example:
```TOML
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
buildkit_config: |
[registry."registry.local:30081"]
http = true
insecure = true
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
buildkit_config: |
[registry."registry.local:30081"]
http = true
insecure = true
```
type: string
defaultValue: false
@ -163,15 +164,16 @@ properties:
Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work,
commas used in the cache source entries need to be escaped:
```Yaml
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
cache_from:
# using quotes double-escaping is required
- "type=registry\\\\,ref=example"
- 'type=foo\\,ref=bar'
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
settings:
repo: example/repo
cache_from:
# while using quotes, double-escaping is required
- "type=registry\\\\,ref=example"
- 'type=foo\\,ref=bar'
```
type: list
required: false
@ -265,3 +267,29 @@ properties:
description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`).
type: string
required: false
- name: secrets
description: |
Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
The secrets can be used by the build using `RUN --mount=type=secret` mount.
```yaml
steps:
- name: Build
image: thegeeklab/drone-docker-buildx:23
privileged: true
environment:
SECURE_TOKEN:
from_secret: secure_token
settings:
secrets:
# while using quotes, double-escaping is required
- "id=raw_file_secret\\\\,src=file.txt"
- 'id=other_raw_file_secret\\,src=other_file.txt'
- "id=SECRET_TOKEN"
```
To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required.
This should be used with caution and avoided whenever possible.
type: list
required: false

View File

@ -321,5 +321,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
Destination: &settings.Build.SBOM,
Category: category,
},
&cli.GenericFlag{
Name: "secrets",
EnvVars: []string{"PLUGIN_SECRETS"},
Usage: "exposes secrets to the build",
Value: &drone.StringSliceFlag{},
Category: category,
},
}
}

View File

@ -57,6 +57,13 @@ func run(settings *plugin.Settings) cli.ActionFunc {
settings.Build.CacheFrom = cacheFrom.Get()
secrets, ok := ctx.Generic("secrets").(*drone.StringSliceFlag)
if !ok {
return fmt.Errorf("%w: failed to read secrets input", ErrTypeAssertionFailed)
}
settings.Build.Secrets = secrets.Get()
plugin := plugin.New(
*settings,
urfave.PipelineFromContext(ctx),

2
go.mod
View File

@ -8,7 +8,7 @@ require (
github.com/sirupsen/logrus v1.9.3
github.com/thegeeklab/drone-plugin-lib/v2 v2.3.4
github.com/urfave/cli/v2 v2.25.5
golang.org/x/sys v0.9.0
golang.org/x/sys v0.11.0
)
require (

4
go.sum
View File

@ -23,8 +23,8 @@ github.com/urfave/cli/v2 v2.25.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6f
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

View File

@ -160,6 +160,10 @@ func commandBuild(build Build, dryrun bool) *execabs.Cmd {
args = append(args, "--sbom", build.SBOM)
}
for _, secret := range build.Secrets {
args = append(args, "--secret", secret)
}
return execabs.Command(dockerBin, args...)
}

View File

@ -65,6 +65,7 @@ type Build struct {
Labels cli.StringSlice // Docker build labels
Provenance string // Docker build provenance attestation
SBOM string // Docker build sbom attestation
Secrets []string // Docker build secrets
}
// Settings for the Plugin.

View File

@ -1,4 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["github>thegeeklab/renovate-presets:golang"]
}