Allow skip-tls-verify option for testing

Add Ability To Skip Push
This adds the ability to build the image without pushing it by omitting the `tags` and `repo` options.
2019-08-05 15:42:35 +02:00 · 2019-07-10 08:40:51 +02:00 · 2019-06-02 13:35:16 +02:00 · 2019-06-01 15:01:35 +02:00 · 2019-06-01 14:09:24 +02:00
3 changed files with 53 additions and 11 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM gcr.io/kaniko-project/executor:debug-v0.7.0
+FROM gcr.io/kaniko-project/executor:debug-v0.9.0

 ENV HOME /root
 ENV USER root
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@

 A thin shim-wrapper around the official [Google Kaniko](https://cloud.google.com/blog/products/gcp/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access) Docker image to make it behave like the [Drone Docker plugin](http://plugins.drone.io/drone-plugins/drone-docker/).

-Example .drone.yml for Drone 1.0
+Example .drone.yml for Drone 1.0 (pushing to Docker Hub):

 ```yaml
 kind: pipeline
@ -12,10 +12,11 @@ steps:
 - name: publish
  image: banzaicloud/drone-kaniko
  settings:
-    registry: registry.example.com
+    registry: registry.example.com # if not provided index.docker.io is supposed
    repo: registry.example.com/example-project
    tags: ${DRONE_COMMIT_SHA}
    cache: true
+    skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
    build_args:
    - COMMIT_SHA=${DRONE_COMMIT_SHA}
    - COMMIT_AUTHOR_EMAIL=${DRONE_COMMIT_AUTHOR_EMAIL}
@ -25,6 +26,24 @@ steps:
      from_secret: docker-password
 ```

+Pushing to GCR:
+
+```yaml
+kind: pipeline
+name: default
+
+steps:
+- name: publish
+  image: banzaicloud/drone-kaniko
+  settings:
+    registry: gcr.io
+    repo: example.com/example-project
+    tags: ${DRONE_COMMIT_SHA}
+    cache: true
+    json_key:
+      from_secret: google-application-credentials
+```
+
 ## Test that it can build

 ```bash
@ -54,12 +73,18 @@ docker build -t banzaicloud/drone-kaniko .
 Warm up the alpine image to the cache:

 ```bash
-docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --image=alpine:3.8
+docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8
 ```


-Run the builder on the host network to be able to access the registry:
+Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:

 ```bash
-docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e DOCKER_USERNAME=${DOCKER_USERNAME} -e DOCKER_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/drone-kaniko
+docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true banzaicloud/drone-kaniko
+```
+
+The very same example just pushing to GCR instead of Docker Hub:
+
+```bash
+docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" banzaicloud/drone-kaniko
 ```
--- a/plugin.sh
+++ b/plugin.sh
@ -4,11 +4,12 @@ set -euo pipefail

 export PATH=$PATH:/kaniko/

-DOCKER_AUTH=`echo -n "${PLUGIN_USERNAME}:${PLUGIN_PASSWORD}" | base64 | tr -d "\n"`
+REGISTRY=${PLUGIN_REGISTRY:-index.docker.io}

-REGISTRY=${PLUGIN_REGISTRY:-https://index.docker.io/v1/}
+if [ "${PLUGIN_USERNAME:-}" ] || [ "${PLUGIN_PASSWORD:-}" ]; then
+    DOCKER_AUTH=`echo -n "${PLUGIN_USERNAME}:${PLUGIN_PASSWORD}" | base64 | tr -d "\n"`

-cat > /kaniko/.docker/config.json <<DOCKERJSON
+    cat > /kaniko/.docker/config.json <<DOCKERJSON
 {
    "auths": {
        "${REGISTRY}": {
@ -17,15 +18,26 @@ cat > /kaniko/.docker/config.json <<DOCKERJSON
    }
 }
 DOCKERJSON
+fi
+
+if [ "${PLUGIN_JSON_KEY:-}" ];then
+    echo "${PLUGIN_JSON_KEY}" > /kaniko/gcr.json
+    export GOOGLE_APPLICATION_CREDENTIALS=/kaniko/gcr.json
+fi

 DOCKERFILE=${PLUGIN_DOCKERFILE:-Dockerfile}
 CONTEXT=${PLUGIN_CONTEXT:-$PWD}
 LOG=${PLUGIN_LOG:-info}
+EXTRA_OPTS=""

 if [[ -n "${PLUGIN_TARGET:-}" ]]; then
    TARGET="--target=${PLUGIN_TARGET}"
 fi

+if [[ "${PLUGIN_SKIP_TLS_VERIFY:-}" == "true" ]]; then
+    EXTRA_OPTS="--skip-tls-verify=true"
+fi
+
 if [[ "${PLUGIN_CACHE:-}" == "true" ]]; then
    CACHE="--cache=true"
 fi
@ -35,14 +47,19 @@ if [ -n "${PLUGIN_BUILD_ARGS:-}" ]; then
 fi

 if [ -n "${PLUGIN_TAGS:-}" ]; then
-    DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read tag; do echo "--destination=${PLUGIN_REPO}:${tag} "; done)
-else
+    DESTINATIONS=$(echo "${PLUGIN_TAGS}" | tr ',' '\n' | while read tag; do echo "--destination=${REGISTRY}/${PLUGIN_REPO}:${tag} "; done)
+elif [ -n "${PLUGIN_REPO:-}" ]; then
    DESTINATIONS="--destination=${PLUGIN_REPO}:latest"
+else
+    DESTINATIONS="--no-push"
+    # Cache is not valid with --no-push
+    CACHE=""
 fi

 /kaniko/executor -v ${LOG} \
    --context=${CONTEXT} \
    --dockerfile=${DOCKERFILE} \
+    ${EXTRA_OPTS} \
    ${DESTINATIONS} \
    ${CACHE:-} \
    ${TARGET:-} \
Author	SHA1	Message	Date
Tomasz Cholewa	3da5de27d7	Allow skip-tls-verify option for testing	2019-08-05 15:42:35 +02:00
Zicklag	4340afa523	Add Ability To Skip Push This adds the ability to build the image without pushing it by omitting the `tags` and `repo` options.	2019-07-10 08:40:51 +02:00
Nandor Kracser	71121bfd13	gcr: use json_key to keep compatibility with docker plugin	2019-06-02 13:35:16 +02:00
Nandor Kracser	71dd35e3ec	add support for gcr registries	2019-06-01 15:01:35 +02:00
Nandor Kracser	9d134a40f2	update kaniko and example to use caching	2019-06-01 14:09:24 +02:00