diff --git a/content/_index.md b/content/_index.md new file mode 100644 index 0000000..6a8cd62 --- /dev/null +++ b/content/_index.md @@ -0,0 +1,119 @@ +--- +title: wp-docker-buildx +--- + +[![Build Status](https://img.shields.io/wp/build/thegeeklab/wp-docker-buildx?logo=wp&server=https%3A%2F%2Fwp.thegeeklab.de)](https://wp.thegeeklab.de/thegeeklab/wp-docker-buildx) +[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/wp-docker-buildx) +[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/wp-docker-buildx) +[![GitHub contributors](https://img.shields.io/github/contributors/thegeeklab/wp-docker-buildx)](https://github.com/thegeeklab/wp-docker-buildx/graphs/contributors) +[![Source: GitHub](https://img.shields.io/badge/source-github-blue.svg?logo=github&logoColor=white)](https://github.com/thegeeklab/wp-docker-buildx) +[![License: MIT](https://img.shields.io/github/license/thegeeklab/wp-docker-buildx)](https://github.com/thegeeklab/wp-docker-buildx/blob/main/LICENSE) + +Woodpecker CI plugin to build multiarch OCI images with buildx. + + + +{{< toc >}} + + + +## Usage + +{{< hint type=important >}} +Be aware that the this plugin requires [privileged](https://docs.wp.io/pipeline/docker/syntax/steps/#privileged-mode) capabilities, otherwise the integrated Docker daemon is not able to start. +{{< /hint >}} + +```yaml +kind: pipeline +name: default + +steps: + - name: docker + image: thegeeklab/wp-docker-buildx:23 + privileged: true + settings: + username: octocat + password: secure + repo: octocat/example + tags: latest +``` + +### Parameters + + + +{{< propertylist name=wp-docker-buildx.data sort=name >}} + + + +### Examples + +#### Push to other registries than DockerHub + +If the created image is to be pushed to registries other than the default DockerHub, it is necessary to set `registry` and `repo` as fully-qualified name. + +**GHCR:** + +```yaml +kind: pipeline +name: default + +steps: + - name: docker + image: thegeeklab/wp-docker-buildx:23 + privileged: true + settings: + registry: ghcr.io + username: octocat + password: secret-access-token + repo: ghcr.io/octocat/example + tags: latest +``` + +**AWS ECR:** + +```yaml +kind: pipeline +name: default + +steps: + - name: docker + image: thegeeklab/wp-docker-buildx:23 + privileged: true + environment: + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + settings: + registry: .dkr.ecr..amazonaws.com + repo: .dkr.ecr..amazonaws.com/octocat/example + tags: latest +``` + +## Build + +Build the binary with the following command: + +```shell +make build +``` + +Build the container image with the following command: + +```shell +docker build --file Containerfile.multiarch --tag thegeeklab/wp-docker-buildx . +``` + +## Test + +```shell +docker run --rm \ + -e PLUGIN_TAG=latest \ + -e PLUGIN_REPO=octocat/hello-world \ + -e CI_COMMIT_SHA=00000000 \ + -v $(pwd):/build:z \ + -w /build \ + --privileged \ + thegeeklab/wp-docker-buildx --dry-run +``` diff --git a/data/data.yaml b/data/data.yaml new file mode 100644 index 0000000..31a224e --- /dev/null +++ b/data/data.yaml @@ -0,0 +1,295 @@ +--- +properties: + - name: dry_run + description: Disable docker push. + type: bool + required: false + + - name: mirror + description: Use a registry mirror to pull images. + type: string + required: false + + - name: storage_driver + description: The docker daemon storage driver. + type: string + required: false + + - name: storage_path + description: The docker daemon storage path. + defaultValue: /var/lib/docker + type: string + required: false + + - name: bip + description: Allows the docker daemon to bride IP address. + type: string + required: false + + - name: mtu + description: A docker daemon custom MTU. + type: string + required: false + + - name: custom_dns + description: Custom docker daemon DNS server. + type: list + required: false + + - name: custom_dns_search + description: Custom docker daemon DNS search domain. + type: list + required: false + + - name: insecure + description: Enable the usage of insecure registries. + type: bool + defaultValue: false + required: false + + - name: ipv6 + description: Enable docker daemon IPv6 support. + type: bool + defaultValue: false + required: false + + - name: experimental + description: Enable docker daemon experimental mode. + type: bool + defaultValue: false + required: false + + - name: debug + description: Enable verbose debug mode for the docker daemon. + type: string + defaultValue: false + required: false + + - name: daemon_off + description: Disable the startup of the docker daemon. + type: string + defaultValue: false + required: false + + - name: buildkit_config + description: | + Content of the docker buildkit toml [config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md). Example: + + ```yaml + steps: + - name: Build + image: thegeeklab/wp-docker-buildx:23 + settings: + repo: example/repo + buildkit_config: | + [registry."registry.local:30081"] + http = true + insecure = true + ``` + type: string + defaultValue: false + required: false + + - name: containerfile + description: Set the containerfile to use for the image build. + defaultValue: Containerfile + type: string + required: false + + - name: context + description: Set the path of the build context to use. + defaultValue: . + type: string + required: false + + - name: named_context + description: Set additional named [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., name=path). + type: list + required: false + + - name: tags + description: Set repository tags to use for the image. Tags can also be loaded from a `.tags` file. + defaultValue: latest + type: list + required: false + + - name: auto_tag + description: | + Generate tag names automatically based on git branch and git tag. When this feature is enabled and the event type is `tag`, + the plugin will automatically tag the image using the standard semVer convention. For example: + - `1.0.0` produces docker tags `1`, `1.0`, `1.0.0` + - `1.0.0-rc.1` produces docker tags `1.0.0-rc.1` + When the event type is `push` and the target branch is your default branch, the plugin will automatically tag the image + as `latest`. All other event types and branches are ignored. + defaultValue: false + type: bool + required: false + + - name: auto_tag_suffix + description: Generate tag names with the given suffix. + type: string + required: false + + - name: extra_tags + description: | + Set additional tags to be used for the image. Additional tags can also be loaded from an `.extratags` file. This function can be used + to push images to multiple registries at once. Therefore, it is necessary to use the `config` flag to provide a configuration file + that contains the authentication information for all used registries. + type: list + required: false + + - name: build_args + description: Custom build arguments to pass to the build. + type: list + required: false + + - name: build_args_from_env + description: Forward environment variables as custom arguments to the build. + type: list + required: false + + - name: quiet + description: Enable suppression of the build output. + defaultValue: false + type: bool + required: false + + - name: target + description: The docker build target. + type: string + required: false + + - name: cache_from + description: | + Images to consider as [cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from). To properly work, + commas used in the cache source entries need to be escaped: + + ```yaml + steps: + - name: Build + image: thegeeklab/wp-docker-buildx:23 + settings: + repo: example/repo + cache_from: + # while using quotes, double-escaping is required + - "type=registry\\\\,ref=example" + - 'type=foo\\,ref=bar' + ``` + type: list + required: false + + - name: cache_to + description: | + [Cache destination](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) for the build cache. + type: string + required: false + + - name: pull_image + description: Enforce to pull the base image at build time. + defaultValue: true + type: bool + required: false + + - name: compress + description: Enable compression of the build context using gzip. + defaultValue: false + type: bool + required: false + + - name: output + description: | + [Export action](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) for the build result + (format: `path` or `type=TYPE[,KEY=VALUE]`). + defaultValue: false + type: bool + required: false + + - name: repo + description: | + Repository name for the image. If the image is to be pushed to registries other than the default DockerHub, + it is necessary to set `repo` as fully-qualified name. + type: string + required: false + + - name: registry + description: Docker registry to upload images. + defaultValue: https://index.docker.io/v1/ + type: string + required: false + + - name: username + description: Username for authentication with the registry. + type: string + required: false + + - name: password + description: Password for authentication with the registry. + type: string + required: false + + - name: email + description: E-Mail address for authentication with the registry. + type: string + required: false + + - name: config + description: Content of the docker daemon json config. + type: string + required: false + + - name: no_cache + description: Disable the usage of cached intermediate containers. + defaultValue: false + type: string + required: false + + - name: add_host + description: Additional `host:ip` mapping. + type: list + required: false + + - name: platforms + description: Target platforms for build. + type: list + required: false + + - name: labels + description: Labels to add to the image. + type: list + required: false + + - name: provenance + description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`). + type: string + required: false + + - name: sbom + description: Generate [sbom](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest type=sbom`). + type: string + required: false + + - name: secrets + description: | + Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build. + The secrets can be used by the build using `RUN --mount=type=secret` mount. + + ```yaml + steps: + - name: Build + image: thegeeklab/wp-docker-buildx:23 + privileged: true + environment: + SECURE_TOKEN: + from_secret: secure_token + settings: + secrets: + # while using quotes, double-escaping is required + - "id=raw_file_secret\\\\,src=file.txt" + - 'id=other_raw_file_secret\\,src=other_file.txt' + - "id=SECRET_TOKEN" + ``` + + To use secrets from files a [host volume](https://docs.wp.io/pipeline/docker/syntax/volumes/host/) is required. + This should be used with caution and avoided whenever possible. + type: list + required: false