rebased on master + applied the previous changes commitb96d5245e3
Author: surtur <a_mirre@utb.cz> Date: Fri Oct 22 14:28:24 2021 +0200 chore: bump dind to 20.10.9 commitca9cfe9733
Author: surtur <a_mirre@utb.cz> Date: Tue Jun 8 22:32:45 2021 +0200 chore: bump docker to 20.10.7-dind commit5dc2b561ae
Author: surtur <a_mirre@utb.cz> Date: Tue Apr 13 10:00:07 2021 +0200 chore: bump docker to 20.10.6-dind commit6dc63b2b1d
Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:35:29 2021 +0100 chore: bump docker to 20.10.5-dind commit1ae4536a1e
Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 01:11:36 2021 +0100 docker: add multiple different image tags rolling: * latest * edge-dind fixed to a commit: * ${DRONE_COMMIT_SHA:0:8} * ${DRONE_COMMIT_SHA:0:8}-edge-dind * ${DRONE_COMMIT_SHA:0:8}-linux-amd64 commit6b86978633
Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:22:36 2021 +0100 ci: use plugins/docker:linux-amd64 * bump from :18 * add repo tag for dry_run commit2a52c7ee36
Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 22:26:30 2021 +0100 chore: bump docker to 19.03.15-dind commite5693c332a
Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 21:53:51 2021 +0100 ci: dry-run on push+publish to immawanderer commit07c40b46a6
Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:59:34 2021 +0100 jsonnet: thow out {arm,gcr,acr,heroku} stuff commitf0056159bf
Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:26:12 2021 +0100 ci: edit .drone.yml to only build for linux-amd64 * rm windows pipelines as I don't have any windows runners * rm arm/arm64 pipelines as I don't have any arm runners * rm {ecr,acr,whatever} publish steps as we're not publishing anything just yet * tag the image under immawanderer, not the official plugins repo * run as a dry_run (cause we're not really publishing, right?) commit6ec5e71411
Merge:88f8bf1
0911e6a
Author: TP Honey <tp@harness.io> Date: Wed Oct 13 17:19:30 2021 +0100 Merge pull request #338 from tphoney/bump-go-1.13 (maint) bump git to 1.13 for build and test commit0911e6a922
Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:49:29 2021 +0100 (maint) bump git to 1.13 for build and test commit88f8bf1cb0
Merge:607b04a
2d70a1f
Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:32:03 2021 +0100 Merge pull request #337 from tphoney/prep_v19.03.9 (maint) v19.03.9 release prep commit2d70a1fa7c
Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:24:58 2021 +0100 (maint) v19.03.9 release prep commit607b04a871
Merge:72ef7b1
e44c2d4
Author: Eoin McAfee <83226740+eoinmcafee00@users.noreply.github.com> Date: Thu Sep 23 15:52:24 2021 +0100 Merge pull request #333 from jimsheldon/ecr-externalid adding support for externalId commite44c2d46ea
Author: Jim Sheldon <jim.sheldon@meltwater.com> Date: Fri Sep 17 15:33:05 2021 -0400 adding support for externalId commit72ef7b1f3f
Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 22:15:39 2021 -0400 log available credentials before login commitfbbeec5a2e
Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:42:22 2021 -0400 use Replace instead of ReplaceAll commitb1d8698d1c
Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:28:37 2021 -0400 print login failure reason to output commitd4cf9f20f1
Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:50:43 2021 -0400 remove pull always commitf75380013d
Merge:dd359df
c10d367
Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:39:35 2021 -0400 Merge pull request #325 from drone-plugins/revert-322-update-seccomp Revert "Update seccomp to 20.10 docker" commitc10d36754c
Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:38:04 2021 -0400 Revert "Update seccomp to 20.10 docker (#322)" This reverts commitdd359dfc72
. commitdd359dfc72
Author: techknowlogick <matti@mdranta.net> Date: Wed Jul 7 15:03:54 2021 -0400 Update seccomp to 20.10 docker (#322) * Update seccomp to 20.10 docker commit729aa5d300
Merge:f08821b
db5c216
Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:52:19 2021 +0100 Merge pull request #323 from tphoney/docker_rate_limit (maint) CI, remove the dry run steps, due to rate limiting commitdb5c2161fe
Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:37:30 2021 +0100 (maint) CI, remove the dry run steps, due to rate limiting commitf08821b024
Merge:0f6bd8a
5760e7b
Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Tue Apr 6 15:55:56 2021 -0400 Merge pull request #300 from rvoitenko/ecr_scan_on_push ECR: adding setting to enable image scanning while repo creation commit5760e7b4e8
Merge:3501d9a
7ade37a
Author: Roman Voitenko <r00mka@gmail.com> Date: Sat Feb 20 13:32:16 2021 +0100 Merge branch 'master' into ecr_scan_on_push commit3501d9a65d
Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Thu Oct 1 10:43:25 2020 +0200 add possibility to turn on/off image scanning not only during repo creation, but when repo already created commitd8b6b48fa3
Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Wed Sep 30 23:32:23 2020 +0200 add possibility to turn on ECR image scanning for repos created by ecr plugin
This commit is contained in:
parent
d2940d43e2
commit
3e0e3c8cb5
15
.drone.yml
15
.drone.yml
|
@ -8,8 +8,7 @@ platform:
|
|||
|
||||
steps:
|
||||
- name: vet
|
||||
pull: always
|
||||
image: golang:1.11
|
||||
image: golang:1.13
|
||||
commands:
|
||||
- go vet ./...
|
||||
environment:
|
||||
|
@ -19,8 +18,7 @@ steps:
|
|||
path: /go
|
||||
|
||||
- name: test
|
||||
pull: always
|
||||
image: golang:1.11
|
||||
image: golang:1.13
|
||||
commands:
|
||||
- go test -cover ./...
|
||||
environment:
|
||||
|
@ -51,8 +49,7 @@ platform:
|
|||
|
||||
steps:
|
||||
- name: build-push
|
||||
pull: always
|
||||
image: golang:1.11
|
||||
image: golang:1.13
|
||||
commands:
|
||||
- "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
|
||||
environment:
|
||||
|
@ -64,8 +61,7 @@ steps:
|
|||
- tag
|
||||
|
||||
- name: build-tag
|
||||
pull: always
|
||||
image: golang:1.11
|
||||
image: golang:1.13
|
||||
commands:
|
||||
- "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
|
||||
environment:
|
||||
|
@ -76,8 +72,7 @@ steps:
|
|||
- tag
|
||||
|
||||
- name: executable
|
||||
pull: always
|
||||
image: golang:1.11
|
||||
image: golang:1.13
|
||||
commands:
|
||||
- ./release/linux/amd64/drone-docker --help
|
||||
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
since-tag=v19.03.8
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
# Changelog
|
||||
|
||||
## [v19.03.9](https://github.com/drone-plugins/drone-docker/tree/v19.03.9) (2021-10-13)
|
||||
|
||||
[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v19.03.8...v19.03.9)
|
||||
|
||||
**Implemented enhancements:**
|
||||
|
||||
- adding support for externalId [\#333](https://github.com/drone-plugins/drone-docker/pull/333) ([jimsheldon](https://github.com/jimsheldon))
|
||||
- Add support for automatic opencontainer labels [\#313](https://github.com/drone-plugins/drone-docker/pull/313) ([codrut-fc](https://github.com/codrut-fc))
|
||||
- add custom seccomp profile [\#312](https://github.com/drone-plugins/drone-docker/pull/312) ([xoxys](https://github.com/xoxys))
|
||||
- ECR: adding setting to enable image scanning while repo creation [\#300](https://github.com/drone-plugins/drone-docker/pull/300) ([rvoitenko](https://github.com/rvoitenko))
|
||||
|
||||
**Fixed bugs:**
|
||||
|
||||
- Revert "Update seccomp to 20.10 docker" [\#325](https://github.com/drone-plugins/drone-docker/pull/325) ([bradrydzewski](https://github.com/bradrydzewski))
|
||||
|
||||
**Merged pull requests:**
|
||||
|
||||
- \(maint\) CI, remove the dry run steps, due to rate limiting [\#323](https://github.com/drone-plugins/drone-docker/pull/323) ([tphoney](https://github.com/tphoney))
|
||||
- Update seccomp to 20.10 docker [\#322](https://github.com/drone-plugins/drone-docker/pull/322) ([techknowlogick](https://github.com/techknowlogick))
|
||||
|
||||
|
||||
|
||||
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
|
|
@ -37,6 +37,8 @@ func main() {
|
|||
lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY")
|
||||
repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
|
||||
assumeRole = getenv("PLUGIN_ASSUME_ROLE")
|
||||
externalId = getenv("PLUGIN_EXTERNAL_ID")
|
||||
scanOnPush = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
|
||||
)
|
||||
|
||||
// set the region
|
||||
|
@ -56,7 +58,7 @@ func main() {
|
|||
log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
|
||||
}
|
||||
|
||||
svc := getECRClient(sess, assumeRole)
|
||||
svc := getECRClient(sess, assumeRole, externalId)
|
||||
username, password, defaultRegistry, err := getAuthInfo(svc)
|
||||
|
||||
if registry == "" {
|
||||
|
@ -72,10 +74,14 @@ func main() {
|
|||
}
|
||||
|
||||
if create {
|
||||
err = ensureRepoExists(svc, trimHostname(repo, registry))
|
||||
err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
|
||||
if err != nil {
|
||||
log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
|
||||
}
|
||||
err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
|
||||
if err != nil {
|
||||
log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
|
||||
}
|
||||
}
|
||||
|
||||
if lifecyclePolicy != "" {
|
||||
|
@ -118,9 +124,10 @@ func trimHostname(repo, registry string) string {
|
|||
return repo
|
||||
}
|
||||
|
||||
func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
|
||||
func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
|
||||
input := &ecr.CreateRepositoryInput{}
|
||||
input.SetRepositoryName(name)
|
||||
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
|
||||
_, err = svc.CreateRepository(input)
|
||||
if err != nil {
|
||||
if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {
|
||||
|
@ -132,6 +139,15 @@ func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
|
||||
input := &ecr.PutImageScanningConfigurationInput{}
|
||||
input.SetRepositoryName(name)
|
||||
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
|
||||
_, err = svc.PutImageScanningConfiguration(input)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
|
||||
input := &ecr.PutLifecyclePolicyInput{}
|
||||
input.SetLifecyclePolicyText(lifecyclePolicy)
|
||||
|
@ -193,11 +209,19 @@ func getenv(key ...string) (s string) {
|
|||
return
|
||||
}
|
||||
|
||||
func getECRClient(sess *session.Session, role string) *ecr.ECR {
|
||||
func getECRClient(sess *session.Session, role string, externalId string) *ecr.ECR {
|
||||
if role == "" {
|
||||
return ecr.New(sess)
|
||||
}
|
||||
return ecr.New(sess, &aws.Config{
|
||||
Credentials: stscreds.NewCredentials(sess, role),
|
||||
})
|
||||
if externalId != "" {
|
||||
return ecr.New(sess, &aws.Config{
|
||||
Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
|
||||
p.ExternalID = &externalId
|
||||
}),
|
||||
})
|
||||
} else {
|
||||
return ecr.New(sess, &aws.Config{
|
||||
Credentials: stscreds.NewCredentials(sess, role),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
77
docker.go
77
docker.go
|
@ -39,26 +39,26 @@ type (
|
|||
|
||||
// Build defines Docker build parameters.
|
||||
Build struct {
|
||||
Remote string // Git remote URL
|
||||
Name string // Docker build using default named tag
|
||||
Dockerfile string // Docker build Dockerfile
|
||||
Context string // Docker build context
|
||||
Tags []string // Docker build tags
|
||||
Args []string // Docker build args
|
||||
ArgsEnv []string // Docker build args from env
|
||||
Target string // Docker build target
|
||||
Squash bool // Docker build squash
|
||||
Pull bool // Docker build pull
|
||||
CacheFrom []string // Docker build cache-from
|
||||
Compress bool // Docker build compress
|
||||
Repo string // Docker build repository
|
||||
LabelSchema []string // label-schema Label map
|
||||
AutoLabel bool // auto-label bool
|
||||
Labels []string // Label map
|
||||
Link string // Git repo link
|
||||
NoCache bool // Docker build no-cache
|
||||
AddHost []string // Docker build add-host
|
||||
Quiet bool // Docker build quiet
|
||||
Remote string // Git remote URL
|
||||
Name string // Docker build using default named tag
|
||||
Dockerfile string // Docker build Dockerfile
|
||||
Context string // Docker build context
|
||||
Tags []string // Docker build tags
|
||||
Args []string // Docker build args
|
||||
ArgsEnv []string // Docker build args from env
|
||||
Target string // Docker build target
|
||||
Squash bool // Docker build squash
|
||||
Pull bool // Docker build pull
|
||||
CacheFrom []string // Docker build cache-from
|
||||
Compress bool // Docker build compress
|
||||
Repo string // Docker build repository
|
||||
LabelSchema []string // label-schema Label map
|
||||
AutoLabel bool // auto-label bool
|
||||
Labels []string // Label map
|
||||
Link string // Git repo link
|
||||
NoCache bool // Docker build no-cache
|
||||
AddHost []string // Docker build add-host
|
||||
Quiet bool // Docker build quiet
|
||||
}
|
||||
|
||||
// Plugin defines the Docker plugin parameters.
|
||||
|
@ -80,16 +80,33 @@ func (p Plugin) Exec() error {
|
|||
|
||||
// poll the docker daemon until it is started. This ensures the daemon is
|
||||
// ready to accept connections before we proceed.
|
||||
for i := 0; i < 15; i++ {
|
||||
for i := 0; ; i++ {
|
||||
cmd := commandInfo()
|
||||
err := cmd.Run()
|
||||
if err == nil {
|
||||
break
|
||||
}
|
||||
if i == 15 {
|
||||
fmt.Println("Unable to reach Docker Daemon after 15 attempts.")
|
||||
break
|
||||
}
|
||||
time.Sleep(time.Second * 1)
|
||||
}
|
||||
|
||||
// Create Auth Config File
|
||||
// for debugging purposes, log the type of authentication
|
||||
// credentials that have been provided.
|
||||
switch {
|
||||
case p.Login.Password != "" && p.Login.Config != "":
|
||||
fmt.Println("Detected registry credentials and registry credentials file")
|
||||
case p.Login.Password != "":
|
||||
fmt.Println("Detected registry credentials")
|
||||
case p.Login.Config != "":
|
||||
fmt.Println("Detected registry credentials file")
|
||||
default:
|
||||
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
|
||||
}
|
||||
|
||||
// create Auth Config File
|
||||
if p.Login.Config != "" {
|
||||
os.MkdirAll(dockerHome, 0600)
|
||||
|
||||
|
@ -103,21 +120,15 @@ func (p Plugin) Exec() error {
|
|||
// login to the Docker registry
|
||||
if p.Login.Password != "" {
|
||||
cmd := commandLogin(p.Login)
|
||||
err := cmd.Run()
|
||||
raw, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error authenticating: %s", err)
|
||||
out := string(raw)
|
||||
out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
|
||||
fmt.Println(out)
|
||||
return fmt.Errorf("Error authenticating: exit status 1")
|
||||
}
|
||||
}
|
||||
|
||||
switch {
|
||||
case p.Login.Password != "":
|
||||
fmt.Println("Detected registry credentials")
|
||||
case p.Login.Config != "":
|
||||
fmt.Println("Detected registry credentials file")
|
||||
default:
|
||||
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
|
||||
}
|
||||
|
||||
if p.Build.Squash && !p.Daemon.Experimental {
|
||||
fmt.Println("Squash build flag is only available when Docker deamon is started with experimental flag. Ignoring...")
|
||||
p.Build.Squash = false
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM docker:20.10.7-dind
|
||||
FROM docker:20.10.9-dind
|
||||
|
||||
ENV DOCKER_HOST=unix:///var/run/docker.sock
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ local test_pipeline_name = 'testing';
|
|||
local windows(os) = os == 'windows';
|
||||
|
||||
local golang_image(os, version) =
|
||||
'golang:' + '1.11' + if windows(os) then '-windowsservercore-' + version else '';
|
||||
'golang:' + '1.13' + if windows(os) then '-windowsservercore-' + version else '';
|
||||
|
||||
{
|
||||
test(os='linux', arch='amd64', version='')::
|
||||
|
|
Loading…
Reference in New Issue