CI-Tools
/
plugin-kaniko
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Updated and simplified README.md
ci/woodpecker/push/build_and_release Pipeline was successful Details

This commit is contained in:
Kevin Dorner 2022-09-12 12:00:36 +02:00
parent ce3c29ef57
commit 45c5b95f14
1 changed files with 42 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
README.md
View File

@ -1,146 +1,69 @@
# drone-kaniko
# plugin-kaniko
A thin shim-wrapper around the official [Google Kaniko](https://cloud.google.com/blog/products/gcp/introducing-kaniko-build-container-images-in-kubernetes-and-google-container-builder-even-without-root-access) Docker image to make it behave like the [Drone Docker plugin](http://plugins.drone.io/drone-plugins/drone-docker/).
A thin shim-wrapper around the official [Google Kaniko](https://github.com/GoogleContainerTools/kaniko) OCI image to make it behave similar to the [Drone Docker plugin](http://plugins.drone.io/drone-plugins/drone-docker/).
Example .drone.yml for Drone 1.0 (pushing to Docker Hub):
This is a fork of the discontinued [`drone-kaniko`](https://github.com/banzaicloud/drone-kaniko) by banzaicloud.
## Example .woodpecker.yml (pushing to Docker Hub):
```yaml
pipeline:
build_and_release:
image: gitea.mdg-hamburg.de/ci-tools/plugin-kaniko:debug
pull: true
settings:
registry: registry.example.com # docker.io is the default registry
repo: example-org/example-project
tags: ${CI_COMMIT_SHA},awesometag,latest
cache: true
dockerfile: Containerfile
username:
from_secret: container_registry_username
password:
from_secret: container_registry_password
```
## Example .drone.yml (pushing to Docker Hub):
```yaml
kind: pipeline
name: default
steps:
- name: publish
image: banzaicloud/drone-kaniko
- name: build_and_release
image: gitea.mdg-hamburg.de/ci-tools/plugin-kaniko
settings:
registry: registry.example.com # if not provided index.docker.io is supposed
repo: registry.example.com/example-project
tags: ${DRONE_COMMIT_SHA}
registry: registry.example.com # docker.io is the default registry
repo: example-org/example-project
tags: ${DRONE_COMMIT_SHA},awesometag,latest
cache: true
skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
build_args:
- COMMIT_SHA=${DRONE_COMMIT_SHA}
- COMMIT_AUTHOR_EMAIL=${DRONE_COMMIT_AUTHOR_EMAIL}
username:
from_secret: docker-username
password:
from_secret: docker-password
```
Pushing to GCR:
## Pushing to Google Cloud Registry:
Instead of authenticating with username and password, you simply provide a json_key
```yaml
kind: pipeline
name: default
steps:
- name: publish
image: banzaicloud/drone-kaniko
...
settings:
registry: gcr.io
repo: example.com/example-project
tags: ${DRONE_COMMIT_SHA}
cache: true
json_key:
from_secret: google-application-credentials
from_secret: google_gcr_key
...
```
## Use `.tags` file for tagging
Similarily to official
[drone-docker](https://github.com/drone-plugins/drone-docker) plugin you can use
`.tags` file to embed some custom logic for creating tags for an image.
## Using auto-tag
**Woodpecker-only feature**
This uses the current git tag as the container destination tag. The `latest` tag is also appended. Optionally with the `tag_strip_v` a leading `v` can be stripped from the container tag.
```yaml
kind: pipeline
name: default
steps:
- name: build
image: golang
commands:
- go get
- go build
- make versiontags > .tags
- name: publish
image: banzaicloud/drone-kaniko
...
settings:
registry: registry.example.com
repo: registry.example.com/example-project
# tags: ${DRONE_COMMIT_SHA} <= it must be left undefined
username:
from_secret: docker-username
password:
from_secret: docker-password
auto_tag: true
tag_strip_v: false
...
```
## Auto tag
Set `auto_tag: true`.
```yaml
kind: pipeline
name: default
steps:
- name: build
image: golang
commands:
- go get
- go build
- name: publish
image: banzaicloud/drone-kaniko
settings:
registry: registry.example.com
repo: registry.example.com/example-project
auto_tag: true # higher priority then .tags file
# tags: ${DRONE_COMMIT_SHA} <= it must be left undefined to use auto_tag
username:
from_secret: docker-username
password:
from_secret: docker-password
```
## Test that it can build
```bash
docker run -it --rm -w /src -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/drone-kaniko
```
## Test that caching works
Start a Docker registry at 127.0.0.1:5000:
```bash
docker run -d -p 5000:5000 --restart always --name registry --hostname registry.local registry:2
```
Add the following lines to plugin.sh's final command and build a new image from it:
```diff
+ --cache=true \
+ --cache-repo=127.0.0.1:5000/${PLUGIN_REPO} \
```
```bash
docker build -t banzaicloud/drone-kaniko .
```
Warm up the alpine image to the cache:
```bash
docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8
```
Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:
```bash
docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true banzaicloud/drone-kaniko
```
The very same example just pushing to GCR instead of Docker Hub:
```bash
docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" banzaicloud/drone-kaniko
```