This repository has been archived on 2024-05-25. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
2024-05-03 12:16:04 +02:00
.woodpecker chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v3 (#22) 2024-01-22 08:19:36 +01:00
.ecrc Add editorconfig and fix issues 2024-01-12 21:29:49 +01:00
.editorconfig Add editorconfig and fix issues 2024-01-12 21:29:49 +01:00
.gitignore Init pipeline (#3) 2024-01-12 22:13:24 +01:00
.pre-commit-config.yaml Init pipeline (#3) 2024-01-12 22:13:24 +01:00
.yamllint.yaml Init pipeline (#3) 2024-01-12 22:13:24 +01:00
CHANGELOG.md 🎉 Release 1.1.1 (#24) 2024-02-01 17:24:36 +01:00
Dockerfile chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.22.0 2024-04-24 08:29:09 +02:00
Dockerfile.test chore(deps): update alpine docker tag to v3.19 (#11) 2024-01-12 22:47:55 +01:00
docs.md Fix author key (#14) 2024-01-14 14:07:26 +01:00
LICENSE Initial commit 2018-11-21 07:39:41 +01:00
plugin.sh Fix build arg quoting 2024-04-24 08:29:45 +02:00
README.md Update README to woodpecker plugin 2024-01-12 23:22:01 +01:00
renovate.json chore(renovate): use common conf 2024-05-03 12:16:04 +02:00

plugin-kaniko

A thin shim-wrapper around the official Google Kaniko Docker image to make it behave similar to the Woodpecker Docker Buildx plugin.

Example .woodpecker.yaml:

steps:
- name: publish
  image: woodpeckerci/plugin-kaniko
  settings:
    registry: registry.example.com # if not provided index.docker.io is used
    repo: registry.example.com/example-project
    tags: ${CI_COMMIT_SHA}
    cache: true
    skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
    build_args:
    - COMMIT_SHA=${CI_COMMIT_SHA}
    - COMMIT_AUTHOR_EMAIL=${CI_COMMIT_AUTHOR_EMAIL}
    username:
      from_secret: docker-username
    password:
      from_secret: docker-password

Pushing to GCR:

steps:
- name: publish
  image: woodpeckerci/plugin-kaniko
  settings:
    registry: gcr.io
    repo: example.com/example-project
    tags: ${CI_COMMIT_SHA}
    cache: true
    json_key:
      from_secret: google-application-credentials

Use .tags file for tagging

Similarily to Woodpecker Docker Buildx Plugin you can use .tags file to embed some custom logic for creating tags for an image.

steps:
- name: build
  image: golang
  commands:
      - go get
      - go build
      - make versiontags > .tags
- name: publish
  image: woodpeckerci/plugin-kaniko
  settings:
    registry: registry.example.com
    repo: registry.example.com/example-project
    # tags: ${CI_COMMIT_SHA} <= it must be left undefined
    username:
      from_secret: docker-username
    password:
      from_secret: docker-password

Auto tag

Set auto_tag: true.

steps:
- name: build
  image: golang
  commands:
      - go get
      - go build
- name: publish
  image: woodpeckerci/plugin-kaniko
  settings:
    registry: registry.example.com
    repo: registry.example.com/example-project
    auto_tag: true # higher priority then .tags file
    # tags: ${CI_COMMIT_SHA} <= it must be left undefined to use auto_tag
    username:
      from_secret: docker-username
    password:
      from_secret: docker-password

Test that it can build

docker run -it --rm -w /src -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=woodpeckerci/plugin-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test woodpeckerci/plugin-kaniko

Test that caching works

Start a Docker registry at 127.0.0.1:5000:

docker run -d -p 5000:5000 --restart always --name registry --hostname registry.local registry:2

Add the following lines to plugin.sh's final command and build a new image from it:

+    --cache=true \
+    --cache-repo=127.0.0.1:5000/${PLUGIN_REPO} \
docker build -t woodpeckerci/plugin-kaniko .

Warm up the alpine image to the cache:

docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8

Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:

docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=woodpeckerci/plugin-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true woodpeckerci/plugin-kaniko

The very same example just pushing to GCR instead of Docker Hub:

docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" woodpeckerci/plugin-kaniko