a02ccc0680
[](https://renovatebot.com) Welcome to [Renovate](https://togithub.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. --- ### Detected Package Files * `Dockerfile` (dockerfile) * `Dockerfile.test` (dockerfile) ### Configuration Summary Based on the default config's presets, Renovate will: - Start dependency updates only once this onboarding PR is merged - Show all Merge Confidence badges for pull requests. - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Run lock file maintenance (updates) early Monday mornings. - Schedule automerge daily. - Schedule for weekends. - Run Renovate on following schedule: every weekend 🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to `renovate.json` in this branch. Renovate will update the Pull Request description the next time it runs. --- ### What to Expect With your current configuration, Renovate will create 1 Pull Request: <details> <summary>chore(deps): update alpine docker tag to v3.19</summary> - Schedule: ["every weekend"] - Branch name: `renovate/alpine-3.x` - Merge into: `main` - Upgrade alpine to `3.19` </details> --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://togithub.com/renovatebot/renovate/discussions). --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/woodpecker-ci/plugin-kaniko). <!--renovate-config-hash:160fba6c1384e49cc565c5a1ec2b1afdfd96eb8be069aa9e94322d8ff975ea8f--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|---|---|---|
| .ecrc | ||
| .editorconfig | ||
| .gitignore | ||
| Dockerfile | ||
| Dockerfile.test | ||
| LICENSE | ||
| plugin.sh | ||
| README.md | ||
| renovate.json | ||
drone-kaniko
A thin shim-wrapper around the official Google Kaniko Docker image to make it behave like the Drone Docker plugin.
Example .drone.yml for Drone 1.0 (pushing to Docker Hub):
kind: pipeline
name: default
steps:
- name: publish
image: banzaicloud/drone-kaniko
settings:
registry: registry.example.com # if not provided index.docker.io is supposed
repo: registry.example.com/example-project
tags: ${DRONE_COMMIT_SHA}
cache: true
skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
build_args:
- COMMIT_SHA=${DRONE_COMMIT_SHA}
- COMMIT_AUTHOR_EMAIL=${DRONE_COMMIT_AUTHOR_EMAIL}
username:
from_secret: docker-username
password:
from_secret: docker-password
Pushing to GCR:
kind: pipeline
name: default
steps:
- name: publish
image: banzaicloud/drone-kaniko
settings:
registry: gcr.io
repo: example.com/example-project
tags: ${DRONE_COMMIT_SHA}
cache: true
json_key:
from_secret: google-application-credentials
Use .tags file for tagging
Similarily to official
drone-docker plugin you can use
.tags file to embed some custom logic for creating tags for an image.
kind: pipeline
name: default
steps:
- name: build
image: golang
commands:
- go get
- go build
- make versiontags > .tags
- name: publish
image: banzaicloud/drone-kaniko
settings:
registry: registry.example.com
repo: registry.example.com/example-project
# tags: ${DRONE_COMMIT_SHA} <= it must be left undefined
username:
from_secret: docker-username
password:
from_secret: docker-password
Auto tag
Set auto_tag: true.
kind: pipeline
name: default
steps:
- name: build
image: golang
commands:
- go get
- go build
- name: publish
image: banzaicloud/drone-kaniko
settings:
registry: registry.example.com
repo: registry.example.com/example-project
auto_tag: true # higher priority then .tags file
# tags: ${DRONE_COMMIT_SHA} <= it must be left undefined to use auto_tag
username:
from_secret: docker-username
password:
from_secret: docker-password
Test that it can build
docker run -it --rm -w /src -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/drone-kaniko
Test that caching works
Start a Docker registry at 127.0.0.1:5000:
docker run -d -p 5000:5000 --restart always --name registry --hostname registry.local registry:2
Add the following lines to plugin.sh's final command and build a new image from it:
+ --cache=true \
+ --cache-repo=127.0.0.1:5000/${PLUGIN_REPO} \
docker build -t banzaicloud/drone-kaniko .
Warm up the alpine image to the cache:
docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8
Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:
docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true banzaicloud/drone-kaniko
The very same example just pushing to GCR instead of Docker Hub:
docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" banzaicloud/drone-kaniko