add arg to docker build

This adds the ability to build the image without pushing it by omitting
the `tags` and `repo` options.

.drone.yml

@@ -0,0 +1,30 @@
+kind: pipeline
+type: docker
+name: default
+steps:
+  - name: build-image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run
+    environment:
+      DOCKER_USERNAME:
+        from_secret: DOCKER_USERNAME
+      DOCKER_PASSWORD:
+        from_secret: DOCKER_PASSWORD
+    commands:
+      - sleep 10
+      - echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin registry.kmlabz.com
+      - docker build -t registry.kmlabz.com/tormakris/drone-kaniko .
+      - docker push registry.kmlabz.com/tormakris/drone-kaniko
+
+services:
+- name: docker
+  image: docker:dind
+  privileged: true
+  volumes:
+  - name: dockersock
+    path: /var/run
+volumes:
+- name: dockersock
+  temp: {}

Dockerfile

@@ -1,17 +1,11 @@
-FROM gcr.io/kaniko-project/executor:v0.7.0 AS kaniko
+FROM gcr.io/kaniko-project/executor:debug
 
-FROM alpine:3.8
-
-# clone the official kaniko container into this one, env vars needs to be re-set
-COPY --from=kaniko / /
 ENV HOME /root
-ENV USER /root
+ENV USER root
 ENV SSL_CERT_DIR=/kaniko/ssl/certs
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
 
-RUN apk add --update --no-cache jq
-
 # add the wrapper which acts as a drone plugin
-COPY plugin.sh /usr/bin/
-ENTRYPOINT [ "/usr/bin/plugin.sh" ]
+COPY plugin.sh /kaniko/plugin.sh
+ENTRYPOINT [ "/kaniko/plugin.sh" ]

README.md

@@ -1,11 +1,109 @@
-# kaniko-plugin
+# drone-kaniko
 
 A thin shim-wrapper around the official [Google Kaniko](https://cloud.google.com/blog/products/gcp/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access) Docker image to make it behave like the [Drone Docker plugin](http://plugins.drone.io/drone-plugins/drone-docker/).
 
+Example .drone.yml for Drone 1.0 (pushing to Docker Hub):
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: publish
+  image: banzaicloud/drone-kaniko
+  settings:
+    registry: registry.example.com # if not provided index.docker.io is supposed
+    repo: registry.example.com/example-project
+    tags: ${DRONE_COMMIT_SHA}
+    cache: true
+    skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
+    build_args:
+    - COMMIT_SHA=${DRONE_COMMIT_SHA}
+    - COMMIT_AUTHOR_EMAIL=${DRONE_COMMIT_AUTHOR_EMAIL}
+    username:
+      from_secret: docker-username
+    password:
+      from_secret: docker-password
+```
+
+Pushing to GCR:
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: publish
+  image: banzaicloud/drone-kaniko
+  settings:
+    registry: gcr.io
+    repo: example.com/example-project
+    tags: ${DRONE_COMMIT_SHA}
+    cache: true
+    json_key:
+      from_secret: google-application-credentials
+```
+
+## Use `.tags` file for tagging
+
+Similarily to official
+[drone-docker](https://github.com/drone-plugins/drone-docker) plugin you can use
+`.tags` file to embed some custom logic for creating tags for an image.
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: build
+  image: golang
+  commands:
+      - go get 
+      - go build
+      - make versiontags > .tags
+- name: publish
+  image: banzaicloud/drone-kaniko
+  settings:
+    registry: registry.example.com 
+    repo: registry.example.com/example-project
+    # tags: ${DRONE_COMMIT_SHA} <= it must be left undefined 
+    username:
+      from_secret: docker-username
+    password:
+      from_secret: docker-password
+```
+
+## Auto tag
+
+Set `auto_tag: true`.
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: build
+  image: golang
+  commands:
+      - go get 
+      - go build
+- name: publish
+  image: banzaicloud/drone-kaniko
+  settings:
+    registry: registry.example.com 
+    repo: registry.example.com/example-project
+    auto_tag: true # higher priority then .tags file
+    # tags: ${DRONE_COMMIT_SHA} <= it must be left undefined to use auto_tag
+    username:
+      from_secret: docker-username
+    password:
+      from_secret: docker-password
+```
+
 ## Test that it can build
 
 ```bash
-docker run -it --rm -w /src -v $PWD:/src -e DOCKER_USERNAME=${DOCKER_USERNAME} -e DOCKER_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/kaniko-plugin-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/kaniko-plugin
+docker run -it --rm -w /src -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/drone-kaniko
 ```
 
 ## Test that caching works
@@ -24,19 +122,25 @@ Add the following lines to plugin.sh's final command and build a new image from
 ```
 
 ```bash
-docker build -t banzaicloud/kaniko-plugin .
+docker build -t banzaicloud/drone-kaniko .
 ```
 
 
 Warm up the alpine image to the cache:
 
 ```bash
-docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --image=alpine:3.8
+docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8
 ```
 
 
-Run the builder on the host network to be able to access the registry:
+Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:
 
 ```bash
-docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e DOCKER_USERNAME=${DOCKER_USERNAME} -e DOCKER_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/kaniko-plugin-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/kaniko-plugin
+docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true banzaicloud/drone-kaniko
+```
+
+The very same example just pushing to GCR instead of Docker Hub:
+
+```bash
+docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" banzaicloud/drone-kaniko
 ```

plugin.sh

@@ -1,29 +1,109 @@
-#!/bin/sh
+#!/busybox/sh
 
 set -euo pipefail
 
 export PATH=$PATH:/kaniko/
 
-DOCKER_AUTH=`echo -n "${DOCKER_USERNAME}:${DOCKER_PASSWORD}" | base64`
+REGISTRY=${PLUGIN_REGISTRY:-index.docker.io}
+
+if [ "${PLUGIN_USERNAME:-}" ] || [ "${PLUGIN_PASSWORD:-}" ]; then
+    DOCKER_AUTH=`echo -n "${PLUGIN_USERNAME}:${PLUGIN_PASSWORD}" | base64 | tr -d "\n"`
 
     cat > /kaniko/.docker/config.json <<DOCKERJSON
 {
     "auths": {
-        "https://index.docker.io/v1/": {
+        "${REGISTRY}": {
             "auth": "${DOCKER_AUTH}"
         }
     }
 }
 DOCKERJSON
+fi
+
+if [ "${PLUGIN_JSON_KEY:-}" ];then
+    echo "${PLUGIN_JSON_KEY}" > /kaniko/gcr.json
+    export GOOGLE_APPLICATION_CREDENTIALS=/kaniko/gcr.json
+fi
 
 DOCKERFILE=${PLUGIN_DOCKERFILE:-Dockerfile}
-DESTINATION=${PLUGIN_REPO}:${PLUGIN_TAGS:-latest}
 CONTEXT=${PLUGIN_CONTEXT:-$PWD}
 LOG=${PLUGIN_LOG:-info}
-BUILD_ARGS=`echo ${PLUGIN_BUILD_ARGS:-} | jq -r 'map("--build-arg " + .) | join(" ")'`
+EXTRA_OPTS=""
+
+if [[ -n "${PLUGIN_TARGET:-}" ]]; then
+    TARGET="--target=${PLUGIN_TARGET}"
+fi
+
+if [[ "${PLUGIN_SKIP_TLS_VERIFY:-}" == "true" ]]; then
+    EXTRA_OPTS="--skip-tls-verify=true"
+fi
+
+if [[ "${PLUGIN_CACHE:-}" == "true" ]]; then
+    CACHE="--cache=true"
+fi
+
+if [ -n "${PLUGIN_CACHE_REPO:-}" ]; then
+    CACHE_REPO="--cache-repo=${REGISTRY}/${PLUGIN_CACHE_REPO}"
+fi
+
+if [ -n "${PLUGIN_CACHE_TTL:-}" ]; then
+    CACHE_TTL="--cache-ttl=${PLUGIN_CACHE_TTL}"
+fi
+
+if [ -n "${PLUGIN_BUILD_ARGS:-}" ]; then
+    BUILD_ARGS=$(echo "${PLUGIN_BUILD_ARGS}" | tr ',' '\n' | while read build_arg; do echo "--build-arg=${build_arg}"; done)
+fi
+
+if [ -n "${PLUGIN_BUILD_ARGS_FROM_ENV:-}" ]; then
+    BUILD_ARGS_FROM_ENV=$(echo "${PLUGIN_BUILD_ARGS_FROM_ENV}" | tr ',' '\n' | while read build_arg; do echo "--build-arg ${build_arg}=$(eval "echo \$$build_arg")"; done)
+fi
+
+# auto_tag, if set auto_tag: true, auto generate .tags file
+# support format Major.Minor.Release or start with `v`
+# docker tags: Major, Major.Minor, Major.Minor.Release and latest
+if [[ "${PLUGIN_AUTO_TAG:-}" == "true" ]]; then
+    TAG=$(echo "${DRONE_TAG:-}" |sed 's/^v//g')
+    part=$(echo "${TAG}" |tr '.' '\n' |wc -l)
+    # expect number
+    echo ${TAG} |grep -E "[a-z-]" &>/dev/null && isNum=1 || isNum=0
+
+    if [ ! -n "${TAG:-}" ];then
+        echo "latest" > .tags
+    elif [ ${isNum} -eq 1 -o ${part} -gt 3 ];then
+        echo "${TAG},latest" > .tags
+    else
+        major=$(echo "${TAG}" |awk -F'.' '{print $1}')
+        minor=$(echo "${TAG}" |awk -F'.' '{print $2}')
+        release=$(echo "${TAG}" |awk -F'.' '{print $3}')
+    
+        major=${major:-0}
+        minor=${minor:-0}
+        release=${release:-0}
+    
+        echo "${major},${major}.${minor},${major}.${minor}.${release},latest" > .tags
+    fi  
+fi
+
+if [ -n "${PLUGIN_TAGS:-}" ]; then
+    DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
+elif [ -f .tags ]; then
+    DESTINATIONS=$(cat .tags| tr ',' '\n' | while read tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
+elif [ -n "${PLUGIN_REPO:-}" ]; then
+    DESTINATIONS="--destination=${REGISTRY}/${PLUGIN_REPO}:latest"
+else
+    DESTINATIONS="--no-push"
+    # Cache is not valid with --no-push
+    CACHE=""
+fi
 
 /kaniko/executor -v ${LOG} \
-    --context ${CONTEXT} \
-    --dockerfile ${DOCKERFILE} \
-    --destination ${DESTINATION} \
-    ${BUILD_ARGS}
+    --context=${CONTEXT} \
+    --dockerfile=${DOCKERFILE} \
+    ${EXTRA_OPTS} \
+    ${DESTINATIONS} \
+    ${CACHE:-} \
+    ${CACHE_TTL:-} \
+    ${CACHE_REPO:-} \
+    ${TARGET:-} \
+    ${BUILD_ARGS:-} \
+    ${BUILD_ARGS_FROM_ENV:-}