forked from woodpecker-ci/plugin-kaniko
-
Notifications
You must be signed in to change notification settings - Fork 0
/
plugin.sh
executable file
·163 lines (134 loc) · 4.86 KB
/
plugin.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/busybox/busybox sh
# shellcheck disable=SC2187
set -euo pipefail
concatenate_strings() {
_STR1="${1}"
_STR2="${2}"
if [ -n "${_STR1}" ]; then
_STR1="${_STR1} ${_STR2}"
else
_STR1="${_STR2}"
fi
echo "${_STR1}"
}
export PATH="$PATH:/kaniko/"
REGISTRY=${PLUGIN_REGISTRY:-https://index.docker.io/v1/}
if [ -f "${PWD}/${PLUGIN_ENV_FILE:-}" ]; then
# shellcheck disable=SC3001
while IFS= read -r line; do
export "${line?}"
done < <(grep -v '^ *#' < "${PWD}/${PLUGIN_ENV_FILE}")
fi
if [ "${PLUGIN_USERNAME:-}" ] || [ "${PLUGIN_PASSWORD:-}" ]; then
DOCKER_AUTH=$(echo -n "${PLUGIN_USERNAME}:${PLUGIN_PASSWORD}" | base64 | tr -d "\n")
cat > /kaniko/.docker/config.json <<DOCKERJSON
{
"auths": {
"${REGISTRY}": {
"auth": "${DOCKER_AUTH}"
}
}
}
DOCKERJSON
fi
if [ "${PLUGIN_JSON_KEY:-}" ];then
echo "${PLUGIN_JSON_KEY}" > /kaniko/gcr.json
export GOOGLE_APPLICATION_CREDENTIALS=/kaniko/gcr.json
fi
DOCKERFILE=${PLUGIN_DOCKERFILE:-Dockerfile}
CONTEXT=${PLUGIN_CONTEXT:-$PWD}
LOG=${PLUGIN_LOG_LEVEL:-info}
EXTRA_OPTS=""
if [ -n "${PLUGIN_TARGET:-}" ]; then
TARGET="--target=${PLUGIN_TARGET}"
fi
if [ "${PLUGIN_SKIP_TLS_VERIFY:-}" = "true" ]; then
EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" '--skip-tls-verify=true')
fi
if [ "${PLUGIN_INSECURE:-}" = "true" ]; then
EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" '--insecure=true')
fi
if [ "${PLUGIN_INSECURE_PULL:-}" = "true" ]; then
EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" '--insecure-pull=true')
fi
if [ -n "${PLUGIN_INSECURE_REGISTRY:-}" ]; then
EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" "--insecure-registry=${PLUGIN_INSECURE_REGISTRY}")
fi
if [ "${PLUGIN_CACHE:-}" = "true" ]; then
CACHE="--cache=true"
fi
if [ -n "${PLUGIN_CACHE_REPO:-}" ]; then
CACHE_REPO="--cache-repo=${REGISTRY}/${PLUGIN_CACHE_REPO}"
fi
if [ -n "${PLUGIN_CACHE_TTL:-}" ]; then
CACHE_TTL="--cache-ttl=${PLUGIN_CACHE_TTL}"
fi
if [ -n "${PLUGIN_BUILD_ARGS:-}" ]; then
BUILD_ARGS=$(echo "${PLUGIN_BUILD_ARGS}" | tr ',' '\n' | while read -r build_arg; do echo "--build-arg ${build_arg}"; done)
fi
BUILD_ARGS_FROM_ENV=""
if [ -n "${PLUGIN_BUILD_ARGS_FROM_ENV:-}" ]; then
# shellcheck disable=SC3001
while IFS= read -r build_arg; do
BUILD_ARGS_FROM_ENV=$(concatenate_strings "${BUILD_ARGS_FROM_ENV}" "--build-arg ${build_arg}=$(eval "echo \$$build_arg")")
done < <(echo "${PLUGIN_BUILD_ARGS_FROM_ENV}" | tr ',' '\n')
fi
# auto_tag, if set auto_tag: true, auto generate .tags file
# support format Major.Minor.Release or start with `v`
# docker tags: Major, Major.Minor, Major.Minor.Release and latest
if [ "${PLUGIN_AUTO_TAG:-}" = "true" ]; then
TAG=$(echo "${CI_COMMIT_TAG:-}" |sed 's/^v//g')
part=$(echo "${TAG}" |tr '.' '\n' |wc -l)
# expect number
# shellcheck disable=SC3020
echo "${TAG}" |grep -E "[a-z-]" &>/dev/null && isNum=1 || isNum=0
if [ -z "${TAG:-}" ]; then
echo "latest" > .tags
elif [ "${isNum}" -eq 1 ] || [ "${part}" -gt 3 ]; then
echo "${TAG},latest" > .tags
else
major=$(echo "${TAG}" |awk -F'.' '{print $1}')
minor=$(echo "${TAG}" |awk -F'.' '{print $2}')
release=$(echo "${TAG}" |awk -F'.' '{print $3}')
major=${major:-0}
minor=${minor:-0}
release=${release:-0}
echo "${major},${major}.${minor},${major}.${minor}.${release},latest" > .tags
fi
fi
if [ -n "${PLUGIN_MIRRORS:-}" ]; then
MIRROR="$(echo "${PLUGIN_MIRRORS}" | tr ',' '\n' | while read -r mirror; do echo "--registry-mirror=${mirror}"; done)"
fi
DESTINATIONS=""
if [ "${PLUGIN_DRY_RUN:-}" = "true" ] || [ -z "${PLUGIN_REPO:-}" ]; then
DESTINATIONS="--no-push"
# Cache is not valid with --no-push
CACHE=""
elif [ -n "${PLUGIN_TAGS:-}" ]; then
DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read -r tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
elif [ -f .tags ]; then
# shellcheck disable=SC3001
while IFS= read -r tag; do
DESTINATIONS=$(concatenate_strings "${DESTINATIONS}" "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag}")
done < <(sed -e 's/,\s*/\n/g' .tags)
elif [ -n "${PLUGIN_REPO:-}" ]; then
DESTINATIONS="--destination=${REGISTRY}/${PLUGIN_REPO}:latest"
fi
if [ "${PLUGIN_IGNORE_VAR_RUN:-}" = "false" ]; then
EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" "--ignore-var-run=false")
fi
# Double quotes can't be used, otherwise kaniko takes all arguments as one.
# With bash, an array could have been used to avoid disabling this check.
# shellcheck disable=SC2086
/kaniko/executor -v "${LOG}" \
--context="${CONTEXT}" \
--dockerfile="${DOCKERFILE}" \
${EXTRA_OPTS} \
${DESTINATIONS} \
"${CACHE:-}" \
"${CACHE_TTL:-}" \
"${CACHE_REPO:-}" \
"${TARGET:-}" \
${BUILD_ARGS:-} \
${BUILD_ARGS_FROM_ENV:-} \
"${MIRROR:-}"