479 lines
13 KiB
Go
479 lines
13 KiB
Go
package docker
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"runtime"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
type (
|
|
// Daemon defines Docker daemon parameters.
|
|
Daemon struct {
|
|
Registry string // Docker registry
|
|
Mirror string // Docker registry mirror
|
|
Insecure bool // Docker daemon enable insecure registries
|
|
StorageDriver string // Docker daemon storage driver
|
|
StoragePath string // Docker daemon storage path
|
|
Disabled bool // DOcker daemon is disabled (already running)
|
|
Debug bool // Docker daemon started in debug mode
|
|
Bip string // Docker daemon network bridge IP address
|
|
DNS []string // Docker daemon dns server
|
|
DNSSearch []string // Docker daemon dns search domain
|
|
MTU string // Docker daemon mtu setting
|
|
IPv6 bool // Docker daemon IPv6 networking
|
|
Experimental bool // Docker daemon enable experimental mode
|
|
}
|
|
|
|
// Login defines Docker login parameters.
|
|
Login struct {
|
|
Registry string // Docker registry address
|
|
Username string // Docker registry username
|
|
Password string // Docker registry password
|
|
Email string // Docker registry email
|
|
Config string // Docker Auth Config
|
|
}
|
|
|
|
// Build defines Docker build parameters.
|
|
Build struct {
|
|
Remote string // Git remote URL
|
|
Name string // Docker build using default named tag
|
|
Dockerfile string // Docker build Dockerfile
|
|
Context string // Docker build context
|
|
Tags []string // Docker build tags
|
|
Args []string // Docker build args
|
|
ArgsEnv []string // Docker build args from env
|
|
Target string // Docker build target
|
|
Squash bool // Docker build squash
|
|
Pull bool // Docker build pull
|
|
CacheFrom []string // Docker build cache-from
|
|
Compress bool // Docker build compress
|
|
Repo string // Docker build repository
|
|
LabelSchema []string // label-schema Label map
|
|
AutoLabel bool // auto-label bool
|
|
Labels []string // Label map
|
|
Link string // Git repo link
|
|
NoCache bool // Docker build no-cache
|
|
Secret string // secret keypair
|
|
AddHost []string // Docker build add-host
|
|
Quiet bool // Docker build quiet
|
|
}
|
|
|
|
// Plugin defines the Docker plugin parameters.
|
|
Plugin struct {
|
|
Login Login // Docker login configuration
|
|
Build Build // Docker build configuration
|
|
Daemon Daemon // Docker daemon configuration
|
|
Dryrun bool // Docker push is skipped
|
|
Cleanup bool // Docker purge is enabled
|
|
CardPath string // Card path to write file to
|
|
}
|
|
|
|
Card []struct {
|
|
ID string `json:"Id"`
|
|
RepoTags []string `json:"RepoTags"`
|
|
ParsedRepoTags []TagStruct `json:"ParsedRepoTags"`
|
|
RepoDigests []interface{} `json:"RepoDigests"`
|
|
Parent string `json:"Parent"`
|
|
Comment string `json:"Comment"`
|
|
Created time.Time `json:"Created"`
|
|
Container string `json:"Container"`
|
|
DockerVersion string `json:"DockerVersion"`
|
|
Author string `json:"Author"`
|
|
Architecture string `json:"Architecture"`
|
|
Os string `json:"Os"`
|
|
Size int `json:"Size"`
|
|
VirtualSize int `json:"VirtualSize"`
|
|
Metadata struct {
|
|
LastTagTime time.Time `json:"LastTagTime"`
|
|
} `json:"Metadata"`
|
|
SizeString string
|
|
VirtualSizeString string
|
|
Time string
|
|
URL string `json:"URL"`
|
|
}
|
|
TagStruct struct {
|
|
Tag string `json:"Tag"`
|
|
}
|
|
)
|
|
|
|
// Exec executes the plugin step
|
|
func (p Plugin) Exec() error {
|
|
// start the Docker daemon server
|
|
if !p.Daemon.Disabled {
|
|
p.startDaemon()
|
|
}
|
|
|
|
// poll the docker daemon until it is started. This ensures the daemon is
|
|
// ready to accept connections before we proceed.
|
|
for i := 0; ; i++ {
|
|
cmd := commandInfo()
|
|
err := cmd.Run()
|
|
if err == nil {
|
|
break
|
|
}
|
|
if i == 15 {
|
|
fmt.Println("Unable to reach Docker Daemon after 15 attempts.")
|
|
break
|
|
}
|
|
time.Sleep(time.Second * 1)
|
|
}
|
|
|
|
// for debugging purposes, log the type of authentication
|
|
// credentials that have been provided.
|
|
switch {
|
|
case p.Login.Password != "" && p.Login.Config != "":
|
|
fmt.Println("Detected registry credentials and registry credentials file")
|
|
case p.Login.Password != "":
|
|
fmt.Println("Detected registry credentials")
|
|
case p.Login.Config != "":
|
|
fmt.Println("Detected registry credentials file")
|
|
default:
|
|
fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
|
|
}
|
|
|
|
// create Auth Config File
|
|
if p.Login.Config != "" {
|
|
os.MkdirAll(dockerHome, 0600)
|
|
|
|
path := filepath.Join(dockerHome, "config.json")
|
|
err := ioutil.WriteFile(path, []byte(p.Login.Config), 0600)
|
|
if err != nil {
|
|
return fmt.Errorf("Error writing config.json: %s", err)
|
|
}
|
|
}
|
|
|
|
// login to the Docker registry
|
|
if p.Login.Password != "" {
|
|
cmd := commandLogin(p.Login)
|
|
raw, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
out := string(raw)
|
|
out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
|
|
fmt.Println(out)
|
|
return fmt.Errorf("Error authenticating: exit status 1")
|
|
}
|
|
}
|
|
|
|
if p.Build.Squash && !p.Daemon.Experimental {
|
|
fmt.Println("Squash build flag is only available when Docker deamon is started with experimental flag. Ignoring...")
|
|
p.Build.Squash = false
|
|
}
|
|
|
|
// add proxy build args
|
|
addProxyBuildArgs(&p.Build)
|
|
|
|
var cmds []*exec.Cmd
|
|
cmds = append(cmds, commandVersion()) // docker version
|
|
cmds = append(cmds, commandInfo()) // docker info
|
|
|
|
// pre-pull cache images
|
|
for _, img := range p.Build.CacheFrom {
|
|
cmds = append(cmds, commandPull(img))
|
|
}
|
|
|
|
cmds = append(cmds, commandBuild(p.Build)) // docker build
|
|
|
|
for _, tag := range p.Build.Tags {
|
|
cmds = append(cmds, commandTag(p.Build, tag)) // docker tag
|
|
|
|
if !p.Dryrun {
|
|
cmds = append(cmds, commandPush(p.Build, tag)) // docker push
|
|
}
|
|
}
|
|
|
|
// execute all commands in batch mode.
|
|
for _, cmd := range cmds {
|
|
cmd.Stdout = os.Stdout
|
|
cmd.Stderr = os.Stderr
|
|
trace(cmd)
|
|
|
|
err := cmd.Run()
|
|
if err != nil && isCommandPull(cmd.Args) {
|
|
fmt.Printf("Could not pull cache-from image %s. Ignoring...\n", cmd.Args[2])
|
|
} else if err != nil && isCommandPrune(cmd.Args) {
|
|
fmt.Printf("Could not prune system containers. Ignoring...\n")
|
|
} else if err != nil && isCommandRmi(cmd.Args) {
|
|
fmt.Printf("Could not remove image %s. Ignoring...\n", cmd.Args[2])
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// output the adaptive card
|
|
if err := p.writeCard(); err != nil {
|
|
fmt.Printf("Could not create adaptive card. %s\n", err)
|
|
}
|
|
|
|
// execute cleanup routines in batch mode
|
|
if p.Cleanup {
|
|
// clear the slice
|
|
cmds = nil
|
|
|
|
cmds = append(cmds, commandRmi(p.Build.Name)) // docker rmi
|
|
cmds = append(cmds, commandPrune()) // docker system prune -f
|
|
|
|
for _, cmd := range cmds {
|
|
cmd.Stdout = os.Stdout
|
|
cmd.Stderr = os.Stderr
|
|
trace(cmd)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// helper function to create the docker login command.
|
|
func commandLogin(login Login) *exec.Cmd {
|
|
if login.Email != "" {
|
|
return commandLoginEmail(login)
|
|
}
|
|
return exec.Command(
|
|
dockerExe, "login",
|
|
"-u", login.Username,
|
|
"-p", login.Password,
|
|
login.Registry,
|
|
)
|
|
}
|
|
|
|
// helper to check if args match "docker pull <image>"
|
|
func isCommandPull(args []string) bool {
|
|
return len(args) > 2 && args[1] == "pull"
|
|
}
|
|
|
|
func commandPull(repo string) *exec.Cmd {
|
|
return exec.Command(dockerExe, "pull", repo)
|
|
}
|
|
|
|
func commandLoginEmail(login Login) *exec.Cmd {
|
|
return exec.Command(
|
|
dockerExe, "login",
|
|
"-u", login.Username,
|
|
"-p", login.Password,
|
|
"-e", login.Email,
|
|
login.Registry,
|
|
)
|
|
}
|
|
|
|
// helper function to create the docker info command.
|
|
func commandVersion() *exec.Cmd {
|
|
return exec.Command(dockerExe, "version")
|
|
}
|
|
|
|
// helper function to create the docker info command.
|
|
func commandInfo() *exec.Cmd {
|
|
return exec.Command(dockerExe, "info")
|
|
}
|
|
|
|
// helper function to create the docker build command.
|
|
func commandBuild(build Build) *exec.Cmd {
|
|
args := []string{
|
|
"build",
|
|
"--rm=true",
|
|
"-f", build.Dockerfile,
|
|
"-t", build.Name,
|
|
}
|
|
|
|
args = append(args, build.Context)
|
|
if build.Squash {
|
|
args = append(args, "--squash")
|
|
}
|
|
if build.Compress {
|
|
args = append(args, "--compress")
|
|
}
|
|
if build.Pull {
|
|
args = append(args, "--pull=true")
|
|
}
|
|
if build.NoCache {
|
|
args = append(args, "--no-cache")
|
|
}
|
|
for _, arg := range build.CacheFrom {
|
|
args = append(args, "--cache-from", arg)
|
|
}
|
|
for _, arg := range build.ArgsEnv {
|
|
addProxyValue(&build, arg)
|
|
}
|
|
for _, arg := range build.Args {
|
|
args = append(args, "--build-arg", arg)
|
|
}
|
|
for _, host := range build.AddHost {
|
|
args = append(args, "--add-host", host)
|
|
}
|
|
if build.Secret != "" {
|
|
args = append(args, "--secret", build.Secret)
|
|
}
|
|
if build.Target != "" {
|
|
args = append(args, "--target", build.Target)
|
|
}
|
|
if build.Quiet {
|
|
args = append(args, "--quiet")
|
|
}
|
|
|
|
if build.AutoLabel {
|
|
labelSchema := []string{
|
|
fmt.Sprintf("created=%s", time.Now().Format(time.RFC3339)),
|
|
fmt.Sprintf("revision=%s", build.Name),
|
|
fmt.Sprintf("source=%s", build.Remote),
|
|
fmt.Sprintf("url=%s", build.Link),
|
|
}
|
|
labelPrefix := "org.opencontainers.image"
|
|
|
|
if len(build.LabelSchema) > 0 {
|
|
labelSchema = append(labelSchema, build.LabelSchema...)
|
|
}
|
|
|
|
for _, label := range labelSchema {
|
|
args = append(args, "--label", fmt.Sprintf("%s.%s", labelPrefix, label))
|
|
}
|
|
}
|
|
|
|
if len(build.Labels) > 0 {
|
|
for _, label := range build.Labels {
|
|
args = append(args, "--label", label)
|
|
}
|
|
}
|
|
|
|
// we need to enable buildkit, for secret support
|
|
if build.Secret != "" {
|
|
os.Setenv("DOCKER_BUILDKIT", "1")
|
|
}
|
|
return exec.Command(dockerExe, args...)
|
|
}
|
|
|
|
// helper function to add proxy values from the environment
|
|
func addProxyBuildArgs(build *Build) {
|
|
addProxyValue(build, "http_proxy")
|
|
addProxyValue(build, "https_proxy")
|
|
addProxyValue(build, "no_proxy")
|
|
}
|
|
|
|
// helper function to add the upper and lower case version of a proxy value.
|
|
func addProxyValue(build *Build, key string) {
|
|
value := getProxyValue(key)
|
|
|
|
if len(value) > 0 && !hasProxyBuildArg(build, key) {
|
|
build.Args = append(build.Args, fmt.Sprintf("%s=%s", key, value))
|
|
build.Args = append(build.Args, fmt.Sprintf("%s=%s", strings.ToUpper(key), value))
|
|
}
|
|
}
|
|
|
|
// helper function to get a proxy value from the environment.
|
|
//
|
|
// assumes that the upper and lower case versions of are the same.
|
|
func getProxyValue(key string) string {
|
|
value := os.Getenv(key)
|
|
|
|
if len(value) > 0 {
|
|
return value
|
|
}
|
|
|
|
return os.Getenv(strings.ToUpper(key))
|
|
}
|
|
|
|
// helper function that looks to see if a proxy value was set in the build args.
|
|
func hasProxyBuildArg(build *Build, key string) bool {
|
|
keyUpper := strings.ToUpper(key)
|
|
|
|
for _, s := range build.Args {
|
|
if strings.HasPrefix(s, key) || strings.HasPrefix(s, keyUpper) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
// helper function to create the docker tag command.
|
|
func commandTag(build Build, tag string) *exec.Cmd {
|
|
var (
|
|
source = build.Name
|
|
target = fmt.Sprintf("%s:%s", build.Repo, tag)
|
|
)
|
|
return exec.Command(
|
|
dockerExe, "tag", source, target,
|
|
)
|
|
}
|
|
|
|
// helper function to create the docker push command.
|
|
func commandPush(build Build, tag string) *exec.Cmd {
|
|
target := fmt.Sprintf("%s:%s", build.Repo, tag)
|
|
return exec.Command(dockerExe, "push", target)
|
|
}
|
|
|
|
// helper function to create the docker daemon command.
|
|
func commandDaemon(daemon Daemon) *exec.Cmd {
|
|
args := []string{
|
|
"--data-root", daemon.StoragePath,
|
|
"--host=unix:///var/run/docker.sock",
|
|
}
|
|
|
|
if _, err := os.Stat("/etc/docker/default.json"); err == nil {
|
|
args = append(args, "--seccomp-profile=/etc/docker/default.json")
|
|
}
|
|
|
|
if daemon.StorageDriver != "" {
|
|
args = append(args, "-s", daemon.StorageDriver)
|
|
}
|
|
if daemon.Insecure && daemon.Registry != "" {
|
|
args = append(args, "--insecure-registry", daemon.Registry)
|
|
}
|
|
if daemon.IPv6 {
|
|
args = append(args, "--ipv6")
|
|
}
|
|
if len(daemon.Mirror) != 0 {
|
|
args = append(args, "--registry-mirror", daemon.Mirror)
|
|
}
|
|
if len(daemon.Bip) != 0 {
|
|
args = append(args, "--bip", daemon.Bip)
|
|
}
|
|
for _, dns := range daemon.DNS {
|
|
args = append(args, "--dns", dns)
|
|
}
|
|
for _, dnsSearch := range daemon.DNSSearch {
|
|
args = append(args, "--dns-search", dnsSearch)
|
|
}
|
|
if len(daemon.MTU) != 0 {
|
|
args = append(args, "--mtu", daemon.MTU)
|
|
}
|
|
if daemon.Experimental {
|
|
args = append(args, "--experimental")
|
|
}
|
|
return exec.Command(dockerdExe, args...)
|
|
}
|
|
|
|
// helper to check if args match "docker prune"
|
|
func isCommandPrune(args []string) bool {
|
|
return len(args) > 3 && args[2] == "prune"
|
|
}
|
|
|
|
func commandPrune() *exec.Cmd {
|
|
return exec.Command(dockerExe, "system", "prune", "-f")
|
|
}
|
|
|
|
// helper to check if args match "docker rmi"
|
|
func isCommandRmi(args []string) bool {
|
|
return len(args) > 2 && args[1] == "rmi"
|
|
}
|
|
|
|
func commandRmi(tag string) *exec.Cmd {
|
|
return exec.Command(dockerExe, "rmi", tag)
|
|
}
|
|
|
|
// trace writes each command to stdout with the command wrapped in an xml
|
|
// tag so that it can be extracted and displayed in the logs.
|
|
func trace(cmd *exec.Cmd) {
|
|
fmt.Fprintf(os.Stdout, "+ %s\n", strings.Join(cmd.Args, " "))
|
|
}
|
|
|
|
func GetDroneDockerExecCmd() string {
|
|
if runtime.GOOS == "windows" {
|
|
return "C:/bin/drone-docker.exe"
|
|
}
|
|
|
|
return "drone-docker"
|
|
}
|