diff --git a/plugin.sh b/plugin.sh
old mode 100755
new mode 100644
index b52d012..1fe41b1
--- a/plugin.sh
+++ b/plugin.sh
@@ -1,11 +1,32 @@
-#!/busybox/sh
+#!/busybox/busybox sh
+# shellcheck disable=SC2187
 
 set -euo pipefail
 
+concatenate_strings() {
+    _STR1="${1}"
+    _STR2="${2}"
+
+    if [ -n "${_STR1}" ]; then
+        _STR1="${_STR1} ${_STR2}"
+    else
+        _STR1="${_STR2}"
+    fi
+
+    echo "${_STR1}"
+}
+
 export PATH="$PATH:/kaniko/"
 
 REGISTRY=${PLUGIN_REGISTRY:-https://index.docker.io/v1/}
 
+if [ -f "${PWD}/${PLUGIN_ENV_FILE:-}" ]; then
+    # shellcheck disable=SC3001
+    while IFS= read -r line; do
+        export "${line?}"
+    done < <(grep -v '^ *#' < "${PWD}/${PLUGIN_ENV_FILE}")
+fi
+
 if [ "${PLUGIN_USERNAME:-}" ] || [ "${PLUGIN_PASSWORD:-}" ]; then
     DOCKER_AUTH=$(echo -n "${PLUGIN_USERNAME}:${PLUGIN_PASSWORD}" | base64 | tr -d "\n")
 
@@ -30,15 +51,15 @@ CONTEXT=${PLUGIN_CONTEXT:-$PWD}
 LOG=${PLUGIN_LOG_LEVEL:-info}
 EXTRA_OPTS=""
 
-if [[ -n "${PLUGIN_TARGET:-}" ]]; then
+if [ -n "${PLUGIN_TARGET:-}" ]; then
     TARGET="--target=${PLUGIN_TARGET}"
 fi
 
-if [[ "${PLUGIN_SKIP_TLS_VERIFY:-}" == "true" ]]; then
-    EXTRA_OPTS="--skip-tls-verify=true"
+if [ "${PLUGIN_SKIP_TLS_VERIFY:-}" = "true" ]; then
+    EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" '--skip-tls-verify=true')
 fi
 
-if [[ "${PLUGIN_CACHE:-}" == "true" ]]; then
+if [ "${PLUGIN_CACHE:-}" = "true" ]; then
     CACHE="--cache=true"
 fi
 
@@ -51,20 +72,25 @@ if [ -n "${PLUGIN_CACHE_TTL:-}" ]; then
 fi
 
 if [ -n "${PLUGIN_BUILD_ARGS:-}" ]; then
-    BUILD_ARGS=$(echo "${PLUGIN_BUILD_ARGS}" | tr ',' '\n' | while read build_arg; do echo "--build-arg=${build_arg}"; done)
+    BUILD_ARGS=$(echo "${PLUGIN_BUILD_ARGS}" | tr ',' '\n' | while read -r build_arg; do echo "--build-arg ${build_arg}"; done)
 fi
 
+BUILD_ARGS_FROM_ENV=""
 if [ -n "${PLUGIN_BUILD_ARGS_FROM_ENV:-}" ]; then
-    BUILD_ARGS_FROM_ENV=$(echo "${PLUGIN_BUILD_ARGS_FROM_ENV}" | tr ',' '\n' | while read build_arg; do echo "--build-arg ${build_arg}=$(eval "echo \$$build_arg")"; done)
+    # shellcheck disable=SC3001
+    while IFS= read -r build_arg; do
+        BUILD_ARGS_FROM_ENV=$(concatenate_strings "${BUILD_ARGS_FROM_ENV}" "--build-arg ${build_arg}=$(eval "echo \$$build_arg")")
+    done < <(echo "${PLUGIN_BUILD_ARGS_FROM_ENV}" | tr ',' '\n')
 fi
 
 # auto_tag, if set auto_tag: true, auto generate .tags file
 # support format Major.Minor.Release or start with `v`
 # docker tags: Major, Major.Minor, Major.Minor.Release and latest
-if [[ "${PLUGIN_AUTO_TAG:-}" == "true" ]]; then
+if [ "${PLUGIN_AUTO_TAG:-}" = "true" ]; then
     TAG=$(echo "${CI_COMMIT_TAG:-}" |sed 's/^v//g')
     part=$(echo "${TAG}" |tr '.' '\n' |wc -l)
     # expect number
+    # shellcheck disable=SC3020
     echo "${TAG}" |grep -E "[a-z-]" &>/dev/null && isNum=1 || isNum=0
 
     if [ -z "${TAG:-}" ]; then
@@ -85,30 +111,41 @@ if [[ "${PLUGIN_AUTO_TAG:-}" == "true" ]]; then
 fi
 
 if [ -n "${PLUGIN_MIRRORS:-}" ]; then
-    MIRROR="$(echo "${PLUGIN_MIRRORS}" | tr ',' '\n' | while read mirror; do echo "--registry-mirror=${mirror}"; done)"
+    MIRROR="$(echo "${PLUGIN_MIRRORS}" | tr ',' '\n' | while read -r mirror; do echo "--registry-mirror=${mirror}"; done)"
 fi
 
-if [ -n "${PLUGIN_TAGS:-}" ]; then
-    DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
-elif [ -f .tags ]; then
-    DESTINATIONS=$(tr ',' '\n' < .tags | while read tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
-elif [ -n "${PLUGIN_REPO:-}" ] && [ "${PLUGIN_DRY_RUN:-}" != "true" ]; then
-    DESTINATIONS="--destination=${REGISTRY}/${PLUGIN_REPO}:latest"
-else
+DESTINATIONS=""
+if [ "${PLUGIN_DRY_RUN:-}" = "true" ] || [ -z "${PLUGIN_REPO:-}" ]; then
     DESTINATIONS="--no-push"
     # Cache is not valid with --no-push
     CACHE=""
+elif [ -n "${PLUGIN_TAGS:-}" ]; then
+    DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read -r tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
+elif [ -f .tags ]; then
+    # shellcheck disable=SC3001
+    while IFS= read -r tag; do
+        DESTINATIONS=$(concatenate_strings "${DESTINATIONS}" "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag}")
+    done < <(sed -e 's/,\s*/\n/g' .tags)
+elif [ -n "${PLUGIN_REPO:-}" ]; then
+    DESTINATIONS="--destination=${REGISTRY}/${PLUGIN_REPO}:latest"
 fi
 
+if [ "${PLUGIN_IGNORE_VAR_RUN:-}" = "false" ]; then
+    EXTRA_OPTS=$(concatenate_strings "${EXTRA_OPTS}" "--ignore-var-run=false")
+fi
+
+# Double quotes can't be used, otherwise kaniko takes all arguments as one.
+# With bash, an array could have been used to avoid disabling this check.
+# shellcheck disable=SC2086
 /kaniko/executor -v "${LOG}" \
     --context="${CONTEXT}" \
     --dockerfile="${DOCKERFILE}" \
-    "${EXTRA_OPTS}" \
-    "${DESTINATIONS}" \
+    ${EXTRA_OPTS} \
+    ${DESTINATIONS} \
     "${CACHE:-}" \
     "${CACHE_TTL:-}" \
     "${CACHE_REPO:-}" \
     "${TARGET:-}" \
     "${BUILD_ARGS:-}" \
-    "${BUILD_ARGS_FROM_ENV:-}" \
+    ${BUILD_ARGS_FROM_ENV:-} \
     "${MIRROR:-}"