wanderer/drone-docker
1
0
Fork 0
Code Issues Pull Requests Releases Activity

bump dind to 20.10.9
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
rebased on master + applied the previous changes

commit b96d5245e363b8e465c95fde3dd7d3a00078da07
Author: surtur <a_mirre@utb.cz>
Date:   Fri Oct 22 14:28:24 2021 +0200

    chore: bump dind to 20.10.9

commit ca9cfe9733edef3df9ecae19d51976ea6371baf5
Author: surtur <a_mirre@utb.cz>
Date:   Tue Jun 8 22:32:45 2021 +0200

    chore: bump docker to 20.10.7-dind

commit 5dc2b561ae0cc0e75cf7f8ec78daeb0f1b2eafcd
Author: surtur <a_mirre@utb.cz>
Date:   Tue Apr 13 10:00:07 2021 +0200

    chore: bump docker to 20.10.6-dind

commit 6dc63b2b1d7ec133ae2b4a210f625364faa973b1
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 02:35:29 2021 +0100

    chore: bump docker to 20.10.5-dind

commit 1ae4536a1e38d54e3d29812b70e52fabd25530b7
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 01:11:36 2021 +0100

    docker: add multiple different image tags

    rolling:
    * latest
    * edge-dind

    fixed to a commit:
    * ${DRONE_COMMIT_SHA:0:8}
    * ${DRONE_COMMIT_SHA:0:8}-edge-dind
    * ${DRONE_COMMIT_SHA:0:8}-linux-amd64

commit 6b86978633e0b5ba039bb5139a4f9d83ce5b0e35
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 02:22:36 2021 +0100

    ci: use plugins/docker:linux-amd64

    * bump from :18
    * add repo tag for dry_run

commit 2a52c7ee365d4e05d6657fe0481af4c073c59d62
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 22:26:30 2021 +0100

    chore: bump docker to 19.03.15-dind

commit e5693c332a0e81366085ce9508590242f5e79f5a
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 21:53:51 2021 +0100

    ci: dry-run on push+publish to immawanderer

commit 07c40b46a61421b1c3a6aa6bc4edaf089631c360
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 19:59:34 2021 +0100

    jsonnet: thow out {arm,gcr,acr,heroku} stuff

commit f0056159bf98e9130d1af882f08fdde2e382629c
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 19:26:12 2021 +0100

    ci: edit .drone.yml to only build for linux-amd64

    * rm windows pipelines as I don't have any windows runners
    * rm arm/arm64 pipelines as I don't have any arm runners
    * rm {ecr,acr,whatever} publish steps as we're not publishing anything
      just yet
    * tag the image under immawanderer, not the official plugins repo
    * run as a dry_run (cause we're not really publishing, right?)

commit 6ec5e7141117e1489faa378b1c00e459d789642d
Merge: 88f8bf1 0911e6a
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 17:19:30 2021 +0100

    Merge pull request #338 from tphoney/bump-go-1.13

    (maint) bump git to 1.13 for build and test

commit 0911e6a922663d52e1d9e4dfdee51a383d2b95fa
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:49:29 2021 +0100

    (maint) bump git to 1.13 for build and test

commit 88f8bf1cb0c41297dbe8f5bb5ff1006b51a9f718
Merge: 607b04a 2d70a1f
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:32:03 2021 +0100

    Merge pull request #337 from tphoney/prep_v19.03.9

    (maint) v19.03.9 release prep

commit 2d70a1fa7cb4a8f2afe38cad3a1984804f1df464
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:24:58 2021 +0100

    (maint) v19.03.9 release prep

commit 607b04a8719332e8bbef6ff76ac26e30715df060
Merge: 72ef7b1 e44c2d4
Author: Eoin McAfee <83226740+eoinmcafee00@users.noreply.github.com>
Date:   Thu Sep 23 15:52:24 2021 +0100

    Merge pull request #333 from jimsheldon/ecr-externalid

    adding support for externalId

commit e44c2d46eafd5f223ac246eb003bc6b3427b3374
Author: Jim Sheldon <jim.sheldon@meltwater.com>
Date:   Fri Sep 17 15:33:05 2021 -0400

    adding support for externalId

commit 72ef7b1f3fa6c47c58f33ca312bdc8c484b6c5a4
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 22:15:39 2021 -0400

    log available credentials before login

commit fbbeec5a2e5845e488100da3885dc630fa3468fe
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 21:42:22 2021 -0400

    use Replace instead of ReplaceAll

commit b1d8698d1c5eb834b0703939e1001d23152300d2
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 21:28:37 2021 -0400

    print login failure reason to output

commit d4cf9f20f175ae550b11e0eeb44604c6d71bee20
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:50:43 2021 -0400

    remove pull always

commit f75380013d16585f4e4038483d6b948f0c025ff4
Merge: dd359df c10d367
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:39:35 2021 -0400

    Merge pull request #325 from drone-plugins/revert-322-update-seccomp

    Revert "Update seccomp to 20.10 docker"

commit c10d36754ccf53341f462a2e9f703315cc31f0cf
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:38:04 2021 -0400

    Revert "Update seccomp to 20.10 docker (#322)"

    This reverts commit dd359dfc7242b257f0f2078f1ef9027391d0bd0a.

commit dd359dfc7242b257f0f2078f1ef9027391d0bd0a
Author: techknowlogick <matti@mdranta.net>
Date:   Wed Jul 7 15:03:54 2021 -0400

    Update seccomp to 20.10 docker (#322)

    * Update seccomp to 20.10 docker

commit 729aa5d300a4085cfa6e0e8776368710a7fa96be
Merge: f08821b db5c216
Author: TP Honey <tp@harness.io>
Date:   Wed Jul 7 19:52:19 2021 +0100

    Merge pull request #323 from tphoney/docker_rate_limit

    (maint) CI, remove the dry run steps, due to rate limiting

commit db5c2161febe6292386d9dc7dd8e20047219d15e
Author: TP Honey <tp@harness.io>
Date:   Wed Jul 7 19:37:30 2021 +0100

    (maint) CI, remove the dry run steps, due to rate limiting

commit f08821b02496bfa8814d688523e170156050128f
Merge: 0f6bd8a 5760e7b
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Tue Apr 6 15:55:56 2021 -0400

    Merge pull request #300 from rvoitenko/ecr_scan_on_push

    ECR: adding setting to enable image scanning while repo creation

commit 5760e7b4e821a89805454f614cf2635f7ff7dc96
Merge: 3501d9a 7ade37a
Author: Roman Voitenko <r00mka@gmail.com>
Date:   Sat Feb 20 13:32:16 2021 +0100

    Merge branch 'master' into ecr_scan_on_push

commit 3501d9a65d0f773b01cf2c1a50d13a7726bca166
Author: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date:   Thu Oct 1 10:43:25 2020 +0200

    add possibility to turn on/off image scanning not only during repo creation, but when repo already created

commit d8b6b48fa34561c16680cc5787ab97b3f18b2141
Author: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date:   Wed Sep 30 23:32:23 2020 +0200

    add possibility to turn on ECR image scanning for repos created by ecr plugin
This commit is contained in:
surtur 2021-10-22 14:34:35 +02:00
parent d2940d43e2
commit 3e0e3c8cb5
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
7 changed files with 109 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.drone.yml
View File

@ -8,8 +8,7 @@ platform:
steps:
- name: vet
pull: always
image: golang:1.11
image: golang:1.13
commands:
- go vet ./...
environment:
@ -19,8 +18,7 @@ steps:
path: /go
- name: test
pull: always
image: golang:1.11
image: golang:1.13
commands:
- go test -cover ./...
environment:
@ -51,8 +49,7 @@ platform:
steps:
- name: build-push
pull: always
image: golang:1.11
image: golang:1.13
commands:
- "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
environment:
@ -64,8 +61,7 @@ steps:
- tag
- name: build-tag
pull: always
image: golang:1.11
image: golang:1.13
commands:
- "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
environment:
@ -76,8 +72,7 @@ steps:
- tag
- name: executable
pull: always
image: golang:1.11
image: golang:1.13
commands:
- ./release/linux/amd64/drone-docker --help

2
.github_changelog_generator Normal file
View File

@ -0,0 +1,2 @@
since-tag=v19.03.8

25
CHANGELOG.md Normal file
View File

@ -0,0 +1,25 @@
# Changelog
## [v19.03.9](https://github.com/drone-plugins/drone-docker/tree/v19.03.9) (2021-10-13)
[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v19.03.8...v19.03.9)
**Implemented enhancements:**
- adding support for externalId [\#333](https://github.com/drone-plugins/drone-docker/pull/333) ([jimsheldon](https://github.com/jimsheldon))
- Add support for automatic opencontainer labels [\#313](https://github.com/drone-plugins/drone-docker/pull/313) ([codrut-fc](https://github.com/codrut-fc))
- add custom seccomp profile [\#312](https://github.com/drone-plugins/drone-docker/pull/312) ([xoxys](https://github.com/xoxys))
- ECR: adding setting to enable image scanning while repo creation [\#300](https://github.com/drone-plugins/drone-docker/pull/300) ([rvoitenko](https://github.com/rvoitenko))
**Fixed bugs:**
- Revert "Update seccomp to 20.10 docker" [\#325](https://github.com/drone-plugins/drone-docker/pull/325) ([bradrydzewski](https://github.com/bradrydzewski))
**Merged pull requests:**
- \(maint\) CI, remove the dry run steps, due to rate limiting [\#323](https://github.com/drone-plugins/drone-docker/pull/323) ([tphoney](https://github.com/tphoney))
- Update seccomp to 20.10 docker [\#322](https://github.com/drone-plugins/drone-docker/pull/322) ([techknowlogick](https://github.com/techknowlogick))
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

38
cmd/drone-ecr/main.go
View File

@ -37,6 +37,8 @@ func main() {
lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY")
repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
assumeRole = getenv("PLUGIN_ASSUME_ROLE")
externalId = getenv("PLUGIN_EXTERNAL_ID")
scanOnPush = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
)
// set the region
@ -56,7 +58,7 @@ func main() {
log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
}
svc := getECRClient(sess, assumeRole)
svc := getECRClient(sess, assumeRole, externalId)
username, password, defaultRegistry, err := getAuthInfo(svc)
if registry == "" {
@ -72,10 +74,14 @@ func main() {
}
if create {
err = ensureRepoExists(svc, trimHostname(repo, registry))
err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
if err != nil {
log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
}
err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
if err != nil {
log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
}
}
if lifecyclePolicy != "" {
@ -118,9 +124,10 @@ func trimHostname(repo, registry string) string {
return repo
}
func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
input := &ecr.CreateRepositoryInput{}
input.SetRepositoryName(name)
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
_, err = svc.CreateRepository(input)
if err != nil {
if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {
@ -132,6 +139,15 @@ func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
return
}
func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
input := &ecr.PutImageScanningConfigurationInput{}
input.SetRepositoryName(name)
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
_, err = svc.PutImageScanningConfiguration(input)
return err
}
func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
input := &ecr.PutLifecyclePolicyInput{}
input.SetLifecyclePolicyText(lifecyclePolicy)
@ -193,11 +209,19 @@ func getenv(key ...string) (s string) {
return
}
func getECRClient(sess *session.Session, role string) *ecr.ECR {
func getECRClient(sess *session.Session, role string, externalId string) *ecr.ECR {
if role == "" {
return ecr.New(sess)
}
return ecr.New(sess, &aws.Config{
Credentials: stscreds.NewCredentials(sess, role),
})
if externalId != "" {
return ecr.New(sess, &aws.Config{
Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
p.ExternalID = &externalId
}),
})
} else {
return ecr.New(sess, &aws.Config{
Credentials: stscreds.NewCredentials(sess, role),
})
}
}

77
docker.go
View File

@ -39,26 +39,26 @@ type (
// Build defines Docker build parameters.
Build struct {
Remote string // Git remote URL
Name string // Docker build using default named tag
Dockerfile string // Docker build Dockerfile
Context string // Docker build context
Tags []string // Docker build tags
Args []string // Docker build args
ArgsEnv []string // Docker build args from env
Target string // Docker build target
Squash bool // Docker build squash
Pull bool // Docker build pull
CacheFrom []string // Docker build cache-from
Compress bool // Docker build compress
Repo string // Docker build repository
LabelSchema []string // label-schema Label map
AutoLabel bool // auto-label bool
Labels []string // Label map
Link string // Git repo link
NoCache bool // Docker build no-cache
AddHost []string // Docker build add-host
Quiet bool // Docker build quiet
Remote string // Git remote URL
Name string // Docker build using default named tag
Dockerfile string // Docker build Dockerfile
Context string // Docker build context
Tags []string // Docker build tags
Args []string // Docker build args
ArgsEnv []string // Docker build args from env
Target string // Docker build target
Squash bool // Docker build squash
Pull bool // Docker build pull
CacheFrom []string // Docker build cache-from
Compress bool // Docker build compress
Repo string // Docker build repository
LabelSchema []string // label-schema Label map
AutoLabel bool // auto-label bool
Labels []string // Label map
Link string // Git repo link
NoCache bool // Docker build no-cache
AddHost []string // Docker build add-host
Quiet bool // Docker build quiet
}
// Plugin defines the Docker plugin parameters.
@ -80,16 +80,33 @@ func (p Plugin) Exec() error {
// poll the docker daemon until it is started. This ensures the daemon is
// ready to accept connections before we proceed.
for i := 0; i < 15; i++ {
for i := 0; ; i++ {
cmd := commandInfo()
err := cmd.Run()
if err == nil {
break
}
if i == 15 {
fmt.Println("Unable to reach Docker Daemon after 15 attempts.")
break
}
time.Sleep(time.Second * 1)
}
// Create Auth Config File
// for debugging purposes, log the type of authentication
// credentials that have been provided.
switch {
case p.Login.Password != "" && p.Login.Config != "":
fmt.Println("Detected registry credentials and registry credentials file")
case p.Login.Password != "":
fmt.Println("Detected registry credentials")
case p.Login.Config != "":
fmt.Println("Detected registry credentials file")
default:
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
}
// create Auth Config File
if p.Login.Config != "" {
os.MkdirAll(dockerHome, 0600)
@ -103,21 +120,15 @@ func (p Plugin) Exec() error {
// login to the Docker registry
if p.Login.Password != "" {
cmd := commandLogin(p.Login)
err := cmd.Run()
raw, err := cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("Error authenticating: %s", err)
out := string(raw)
out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
fmt.Println(out)
return fmt.Errorf("Error authenticating: exit status 1")
}
}
switch {
case p.Login.Password != "":
fmt.Println("Detected registry credentials")
case p.Login.Config != "":
fmt.Println("Detected registry credentials file")
default:
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
}
if p.Build.Squash && !p.Daemon.Experimental {
fmt.Println("Squash build flag is only available when Docker deamon is started with experimental flag. Ignoring...")
p.Build.Squash = false

2
docker/docker/Dockerfile.linux.amd64
View File

@ -1,4 +1,4 @@
FROM docker:20.10.7-dind
FROM docker:20.10.9-dind
ENV DOCKER_HOST=unix:///var/run/docker.sock

2
pipeline.libsonnet
View File

@ -5,7 +5,7 @@ local test_pipeline_name = 'testing';
local windows(os) = os == 'windows';
local golang_image(os, version) =
'golang:' + '1.11' + if windows(os) then '-windowsservercore-' + version else '';
'golang:' + '1.13' + if windows(os) then '-windowsservercore-' + version else '';
{
test(os='linux', arch='amd64', version='')::