drone-docker-buildx/_docs/content/_index.md
2023-06-29 21:16:20 +02:00

4.3 KiB

title
drone-docker-buildx

Build Status Docker Hub Quay.io GitHub contributors Source: GitHub License: MIT

Drone plugin to build and publish multiarch Docker images with buildx.

{{< toc >}}

Versioning

The tags follow the major version of Docker, e.g. 20, and the minor and patch parts reflect the version of the plugin. A full example would be 20.12.5. Minor versions can introduce breaking changes, while patch versions can be considered non-breaking.

Usage

{{< hint type=important >}} Be aware that the this plugin requires privileged capabilities, otherwise the integrated Docker daemon is not able to start. {{< /hint >}}

kind: pipeline
name: default

steps:
  - name: docker
    image: thegeeklab/drone-docker-buildx:23
    privileged: true
    settings:
      username: octocat
      password: secure
      repo: octocat/example
      tags: latest

Parameters

{{< propertylist name=drone-docker-buildx.data sort=name >}}

Examples

Push to other registries than DockerHub

If the created image is to be pushed to registries other than the default DockerHub, it is necessary to set registry and repo as fully-qualified name.

GHCR:

kind: pipeline
name: default

steps:
  - name: docker
    image: thegeeklab/drone-docker-buildx:23
    privileged: true
    settings:
      registry: ghcr.io
      username: octocat
      password: secret-access-token
      repo: ghcr.io/octocat/example
      tags: latest

AWS ECR:

kind: pipeline
name: default

steps:
  - name: docker
    image: thegeeklab/drone-docker-buildx:23
    privileged: true
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key
    settings:
      registry: <account_id>.dkr.ecr.<region>.amazonaws.com
      repo: <account_id>.dkr.ecr.<region>.amazonaws.com/octocat/example
      tags: latest

Expose secrets to the build

The secrets can be used by the build using RUN --mount=type=secret mount.

kind: pipeline
name: default

steps:
  - name: docker
    image: thegeeklab/drone-docker-buildx:23
    privileged: true
    environment:
      SECURE_TOKEN:
        from_secret: secure_token
    settings:
      secrets:
        - "id=raw_file_secret\\\\,src=file.txt"
        - 'id=other_raw_file_secret\\,src=other_file.txt'
        - "id=SECRET_TOKEN"

To use secrets from files a host volume is required. This should be used with caution and avoided whenever possible.

Build

Build the binary with the following command:

export GOOS=linux
export GOARCH=amd64
export CGO_ENABLED=0
export GO111MODULE=on

make build

Build the Docker image with the following command:

docker build --file docker/Dockerfile.amd64 --tag thegeeklab/drone-docker-buildx .

Test

docker run --rm \
  -e PLUGIN_TAG=latest \
  -e PLUGIN_REPO=octocat/hello-world \
  -e DRONE_COMMIT_SHA=00000000 \
  -v $(pwd):$(pwd) \
  -w $(pwd) \
  --privileged \
  thegeeklab/drone-docker-buildx --dry-run