Do not require username/password with `no_push: true` (#25)
* allow --no-push to build without authentication * linting * setup no-push auth when credentials are not empty
This commit is contained in:
Colin Hoglund
parent
00a65ec0b5
commit
6b4393acf8
GPG Key ID:
4AEE18F83AFDEB23
|
|
@ -33,7 +33,9 @@ var (
|
||||||
func main() {
|
func main() {
|
||||||
// Load env-file if it exists first
|
// Load env-file if it exists first
|
||||||
if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
|
if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
|
||||||
godotenv.Load(env)
|
if err := godotenv.Load(env); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
app := cli.NewApp()
|
app := cli.NewApp()
|
||||||
|
|
@ -145,9 +147,14 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func run(c *cli.Context) error {
|
func run(c *cli.Context) error {
|
||||||
err := createDockerCfgFile(c.String("username"), c.String("password"), c.String("registry"))
|
username := c.String("username")
|
||||||
if err != nil {
|
noPush := c.Bool("no-push")
|
||||||
return err
|
|
||||||
|
// only setup auth when pushing or credentials are defined
|
||||||
|
if !noPush || username != "" {
|
||||||
|
if err := createDockerCfgFile(username, c.String("password"), c.String("registry")); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
plugin := kaniko.Plugin{
|
plugin := kaniko.Plugin{
|
||||||
|
|
@ -165,7 +172,7 @@ func run(c *cli.Context) error {
|
||||||
CacheRepo: c.String("cache-repo"),
|
CacheRepo: c.String("cache-repo"),
|
||||||
CacheTTL: c.Int("cache-ttl"),
|
CacheTTL: c.Int("cache-ttl"),
|
||||||
DigestFile: defaultDigestFile,
|
DigestFile: defaultDigestFile,
|
||||||
NoPush: c.Bool("no-push"),
|
NoPush: noPush,
|
||||||
Verbosity: c.String("verbosity"),
|
Verbosity: c.String("verbosity"),
|
||||||
},
|
},
|
||||||
Artifact: kaniko.Artifact{
|
Artifact: kaniko.Artifact{
|
||||||
|
|
|
||||||
|
|
@ -155,21 +155,22 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func run(c *cli.Context) error {
|
func run(c *cli.Context) error {
|
||||||
repo := c.String("repo")
|
|
||||||
registry := c.String("registry")
|
registry := c.String("registry")
|
||||||
|
accessKey := c.String("access-key")
|
||||||
|
noPush := c.Bool("no-push")
|
||||||
|
|
||||||
if err := checkEmptyStringFlags(repo, registry); err != nil {
|
// only setup auth when pushing or credentials are defined
|
||||||
return err
|
if !noPush || accessKey != "" {
|
||||||
}
|
if err := setupECRAuth(accessKey, c.String("secret-key"), registry); err != nil {
|
||||||
|
|
||||||
if err := setupECRAuth(c.String("access-key"), c.String("secret-key"), registry); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.Bool("create-repository") {
|
|
||||||
if err := createRepository(c.String("region"), repo, registry); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// only create repository when pushing and create-repository is true
|
||||||
|
if !noPush && c.Bool("create-repository") {
|
||||||
|
if err := createRepository(c.String("region"), c.String("repo"), registry); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
plugin := kaniko.Plugin{
|
plugin := kaniko.Plugin{
|
||||||
|
|
@ -186,7 +187,7 @@ func run(c *cli.Context) error {
|
||||||
CacheRepo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
|
CacheRepo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
|
||||||
CacheTTL: c.Int("cache-ttl"),
|
CacheTTL: c.Int("cache-ttl"),
|
||||||
DigestFile: defaultDigestFile,
|
DigestFile: defaultDigestFile,
|
||||||
NoPush: c.Bool("no-push"),
|
NoPush: noPush,
|
||||||
Verbosity: c.String("verbosity"),
|
Verbosity: c.String("verbosity"),
|
||||||
},
|
},
|
||||||
Artifact: kaniko.Artifact{
|
Artifact: kaniko.Artifact{
|
||||||
|
|
@ -200,17 +201,11 @@ func run(c *cli.Context) error {
|
||||||
return plugin.Exec()
|
return plugin.Exec()
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkEmptyStringFlags(flags ...string) error {
|
func setupECRAuth(accessKey, secretKey, registry string) error {
|
||||||
for _, flag := range flags {
|
if registry == "" {
|
||||||
if flag == "" {
|
return fmt.Errorf("registry must be specified")
|
||||||
return fmt.Errorf("%s must be specified", flag)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func setupECRAuth(accessKey, secretKey, registry string) error {
|
|
||||||
// If IAM role is used, access key & secret key are not required
|
// If IAM role is used, access key & secret key are not required
|
||||||
if accessKey != "" && secretKey != "" {
|
if accessKey != "" && secretKey != "" {
|
||||||
err := os.Setenv(accessKeyEnv, accessKey)
|
err := os.Setenv(accessKeyEnv, accessKey)
|
||||||
|
|
@ -233,6 +228,14 @@ func setupECRAuth(accessKey, secretKey, registry string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func createRepository(region, repo, registry string) error {
|
func createRepository(region, repo, registry string) error {
|
||||||
|
if registry == "" {
|
||||||
|
return fmt.Errorf("registry must be specified")
|
||||||
|
}
|
||||||
|
|
||||||
|
if repo == "" {
|
||||||
|
return fmt.Errorf("repo must be specified")
|
||||||
|
}
|
||||||
|
|
||||||
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
|
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "failed to load aws config")
|
return errors.Wrap(err, "failed to load aws config")
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,9 @@ var (
|
||||||
func main() {
|
func main() {
|
||||||
// Load env-file if it exists first
|
// Load env-file if it exists first
|
||||||
if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
|
if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
|
||||||
godotenv.Load(env)
|
if err := godotenv.Load(env); err != nil {
|
||||||
|
logrus.Fatal(err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
app := cli.NewApp()
|
app := cli.NewApp()
|
||||||
|
|
@ -131,13 +133,14 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func run(c *cli.Context) error {
|
func run(c *cli.Context) error {
|
||||||
err := setupGCRAuth(c.String("json-key"))
|
noPush := c.Bool("no-push")
|
||||||
if err != nil {
|
jsonKey := c.String("json-key")
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.String("repo") == "" {
|
// only setup auth when pushing or credentials are defined
|
||||||
return fmt.Errorf("repo must be specified")
|
if !noPush || jsonKey != "" {
|
||||||
|
if err := setupGCRAuth(jsonKey); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
plugin := kaniko.Plugin{
|
plugin := kaniko.Plugin{
|
||||||
|
|
@ -154,7 +157,7 @@ func run(c *cli.Context) error {
|
||||||
CacheRepo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
|
CacheRepo: fmt.Sprintf("%s/%s", c.String("registry"), c.String("cache-repo")),
|
||||||
CacheTTL: c.Int("cache-ttl"),
|
CacheTTL: c.Int("cache-ttl"),
|
||||||
DigestFile: defaultDigestFile,
|
DigestFile: defaultDigestFile,
|
||||||
NoPush: c.Bool("no-push"),
|
NoPush: noPush,
|
||||||
Verbosity: c.String("verbosity"),
|
Verbosity: c.String("verbosity"),
|
||||||
},
|
},
|
||||||
Artifact: kaniko.Artifact{
|
Artifact: kaniko.Artifact{
|
||||||
|
|
|
||||||
16
kaniko.go
16
kaniko.go
|
|
@ -47,7 +47,7 @@ type (
|
||||||
|
|
||||||
// Exec executes the plugin step
|
// Exec executes the plugin step
|
||||||
func (p Plugin) Exec() error {
|
func (p Plugin) Exec() error {
|
||||||
if p.Build.Repo == "" {
|
if !p.Build.NoPush && p.Build.Repo == "" {
|
||||||
return fmt.Errorf("repository name to publish image must be specified")
|
return fmt.Errorf("repository name to publish image must be specified")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -61,8 +61,10 @@ func (p Plugin) Exec() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the destination repository
|
// Set the destination repository
|
||||||
for _, tag := range p.Build.Tags {
|
if !p.Build.NoPush {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--destination=%s:%s", p.Build.Repo, tag))
|
for _, tag := range p.Build.Tags {
|
||||||
|
cmdArgs = append(cmdArgs, fmt.Sprintf("--destination=%s:%s", p.Build.Repo, tag))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Set the build arguments
|
// Set the build arguments
|
||||||
for _, arg := range p.Build.Args {
|
for _, arg := range p.Build.Args {
|
||||||
|
|
@ -78,15 +80,15 @@ func (p Plugin) Exec() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Build.SkipTlsVerify {
|
if p.Build.SkipTlsVerify {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--skip-tls-verify=true"))
|
cmdArgs = append(cmdArgs, "--skip-tls-verify=true")
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Build.SnapshotMode != "" {
|
if p.Build.SnapshotMode != "" {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshotMode=%s", p.Build.SnapshotMode))
|
cmdArgs = append(cmdArgs, fmt.Sprintf("--snapshotMode=%s", p.Build.SnapshotMode))
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Build.EnableCache == true {
|
if p.Build.EnableCache {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--cache=true"))
|
cmdArgs = append(cmdArgs, "--cache=true")
|
||||||
|
|
||||||
if p.Build.CacheRepo != "" {
|
if p.Build.CacheRepo != "" {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-repo=%s", p.Build.CacheRepo))
|
cmdArgs = append(cmdArgs, fmt.Sprintf("--cache-repo=%s", p.Build.CacheRepo))
|
||||||
|
|
@ -102,7 +104,7 @@ func (p Plugin) Exec() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Build.NoPush {
|
if p.Build.NoPush {
|
||||||
cmdArgs = append(cmdArgs, fmt.Sprintf("--no-push"))
|
cmdArgs = append(cmdArgs, "--no-push")
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Build.Verbosity != "" {
|
if p.Build.Verbosity != "" {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue