commit 951e01caf16ff1b39504ccbaa637102b5661a360 Author: Aaron Guise Date: Sat Aug 19 21:25:33 2023 +1200 first commit diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml new file mode 100644 index 0000000..d9c066b --- /dev/null +++ b/.woodpecker/build.yaml @@ -0,0 +1,25 @@ +variables: + - &platforms 'linux/arm64/v8,linux/amd64' + - &docker_creds + username: ${CI_REPO_OWNER} + password: + from_secret: docker_password + +steps: + publish-depot-plugin: + image: woodpeckerci/plugin-docker-buildx + pull: true + group: docker + settings: + <<: *docker_creds + token: + from_secret: depot_token + repo: ${CI_REPO_OWNER}/ansible-molecule + dockerfile: Dockerfile + platforms: *platforms + tag: latest + when: + branch: ${CI_REPO_DEFAULT_BRANCH} + event: + - push + - manual \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..487a2d3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM python:3.9-slim +ARG DEPOT_VERSION=2.30.0 + +RUN pip install -y 'ansible-core<2.17' molecule[docker] + + +CMD ["/bin/bash"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..2224eb1 --- /dev/null +++ b/README.md @@ -0,0 +1,116 @@ +--- +name: Docker Buildx +icon: https://woodpecker-ci.org/img/logo.svg +description: plugin to build Docker images using depot +authors: Woodpecker Authors +tags: [docker, image, container, build] +containerImage: woodpeckerci/plugin-docker-buildx +containerImageUrl: https://hub.docker.com/r/woodpeckerci/plugin-docker-buildx +url: https://codeberg.org/woodpecker-plugins/docker-buildx +--- + +Woodpecker CI plugin to build multiarch Docker images with depot. + +## Features + +- Build without push +- Use custom registries (Only supporting Docker Hub for now) +- Build based on existing tags when needed +- Push to multiple registries/repos + +> NB! To mount custom CA you can use Woodpecker CI runner configuration environment `WOODPECKER_BACKEND_DOCKER_VOLUMES` with value `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/docker/certs.d:/etc/docker/certs.d:ro`. And have created file `/etc/docker/certs.d//ca.crt` with CA certificate on runner server host. + +## Settings + +| Settings Name | Default | Description +| --------------------------| ----------------- | -------------------------------------------- +| `dry-run` | `false` | disables docker push +| `repo` | *none* | sets repository name for the image (can be a list) +| `username` | *none* | sets username to authenticates with +| `password` | *none* | sets password / token to authenticates with +| `registry` | `https://index.docker.io/v1/` | sets docker registry to authenticate with +| `dockerfile` | `Dockerfile` | sets dockerfile to use for the image build +| `tag`/`tags` | *none* | sets repository tags to use for the image +| `platforms` | *none* | sets target platform for build + +## auto_tag + +If set to true, it will use the `default_tag` ("latest") on tag event or default branch. +If it's a tag event it will also assume sem versioning and add tags accordingly (`x`, `x.x` and `x.x.x`). +If it's not a tag event, and no default branch, automated tags are skipped. + +## Examples + +```yaml + publish-next-agent: + image: cybercinch/woodpecker-plugin-depot + secrets: [docker_username, docker_password] + settings: + repo: cybercinch/an-awesome-container + dockerfile: docker/Dockerfile + username: ${CI_REPO_OWNER} + password: + from_secret: docker_password + platforms: linux/amd64,linux/arm64/v8,linux/arm32/v7 + tag: latest + when: + branch: ${CI_REPO_DEFAULT_BRANCH} + event: push +``` + +## Advanced Settings + +| Settings Name | Default | Description +| --------------------------| ----------------- | -------------------------------------------- +| `mirror` | *none* | sets a registry mirror to pull images +| `storage_driver` | *none* | sets the docker daemon storage driver +| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path +| `bip` | *none* | allows the docker daemon to bride ip address +| `mtu` | *none* | sets docker daemon custom mtu setting +| `custom_dns` | *none* | sets custom docker daemon dns server +| `custom_dns_search` | *none* | sets custom docker daemon dns search domain +| `insecure` | `false` | allows the docker daemon to use insecure registries +| `ipv6` | `false` | enables docker daemon IPv6 support +| `experimental` | `false` | enables docker daemon experimental mode +| `debug` | `false` | enables verbose debug mode for the docker daemon +| `daemon_off` | `false` | disables the startup of the docker daemon +| `buildkit_config` | *none* | sets content of the docker [buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) +| `tags_file` | *none* | overwrites `tags` option with values find in specified file +| `context` | `.` | sets the path of the build context to use +| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via `tags` are additionally added to the auto_tags without suffix +| `default_suffix"`/`auto_tag_suffix`| *none* | generates tag names with the given suffix +| `default_tag` | `latest` | overrides the default tag name used when generating with `auto_tag` enabled +| `label`/`labels` | *none* | sets labels to use for the image in format `=` +| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information +| `build_args` | *none* | sets custom build arguments for the build +| `build_args_from_env` | *none* | forwards environment variables as custom arguments to the build +| `quiet` | `false` | enables suppression of the build output +| `target` | *none* | sets the build target to use +| `cache_from` | *none* | sets images to consider as cache sources +| `pull_image` | `true` | enforces to pull base image at build time +| `compress` | `false` | enables compression of the build context using gzip +| `config` | *none* | sets content of the docker daemon json config +| `purge` | `true` | enables cleanup of the docker environment at the end of a build +| `no_cache` | `false` | disables the usage of cached intermediate containers +| `add_host` | *none* | sets additional host:ip mapping +| `output` | *none* | sets build output in format `type=[,=]` +| `logins` | *none* | option to log into multiple registries + +## Multi registry push example + +Only supported with `woodpecker >= 1.0.0` (next-da997fa3). + +```yaml +settings: + repo: a6543/tmp,codeberg.org/6543/tmp + tag: demo + logins: + - registry: https://index.docker.io/v1/ + username: a6543 + password: + from_secret: docker_token + - registry: https://codeberg.org + username: "6543" + password: + from_secret: cb_token +``` \ No newline at end of file diff --git a/files/docker-entrypoint.sh b/files/docker-entrypoint.sh new file mode 100755 index 0000000..f197f55 --- /dev/null +++ b/files/docker-entrypoint.sh @@ -0,0 +1,174 @@ +#!/bin/bash + +# This is to serve as a Plugin for Woodpecker to enable running of builds on depot.dev + +set -eo pipefail +shopt -s nullglob + +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# logging functions +drone_log() { + local type="$1"; shift + # accept argument string or stdin + local text="$*"; if [ "$#" -eq 0 ]; then text="$(cat)"; fi + local dt; dt="$(date -D 'YYYY-MM-DD hh:mm[:ss]')" + printf '%s [%s] [woodpecker-depot]: %s\n' "$dt" "$type" "$text" +} +woodpecker_note() { + drone_log Note "$@" +} +woodpecker_warn() { + drone_log Warn "$@" >&2 +} +woodpecker_error() { + drone_log ERROR "$@" >&2 + exit 1 +} + + +# Verify that the minimally required password settings are set for operation. +function verify_minimum_env { + if [ -z "$PLUGIN_PROJECT" ]; then + woodpecker_warn "token setting is required for plugin operation" + fi + if [ -z "$PLUGIN_TOKEN" ]; then + woodpecker_warn "token setting is required for plugin operation" + fi + if [ -z "$PLUGIN_REPO" ]; then + woodpecker_warn "repo setting is required for plugin operation" + fi + if [ -z "$PLUGIN_TAG" ]; then + woodpecker_warn "tag setting is required for plugin operation" + fi + if [ -z "$PLUGIN_REPOHOST" ]; then + woodpecker_warn "repohost setting is required for plugin operation" + fi + if [ -z "$PLUGIN_PLATFORMS" ]; then + woodpecker_warn "platforms setting is required for plugin operation" + fi + if [ "${PLUGIN_REPOHOST}" == "docker.io" ] + then + if [ -z "$PLUGIN_USERNAME" ] || [ -z "$PLUGIN_PASSWORD" ] + then + woodpecker_warn "username and password are required for plugin operation" + fi + fi + if [ -z "$PLUGIN_PROJECT" ] || + [ -z "$PLUGIN_TOKEN" ] || + [ -z "$PLUGIN_REPO" ] || + [ -z "$PLUGIN_TAGS" ] || + [ -z "$PLUGIN_REPOHOST" ] || + [ -z "$PLUGIN_PLATFORMS" ] ; then + woodpecker_error <<-'EOF' + You need to specify one/all of the following settings: + - token + - project + - repo + - tag + - repohost + - platforms + - username + - password + EOF + fi + woodpecker_note "Sufficient configuration" + +} + +function parse_tags { + # set (,) as delimiter + IFS=',' + + read -ra TAGS_ARRAY <<< "$PLUGIN_TAGS" + + TAGS_LENGTH=${#TAGS_ARRAY[@]} + for (( i=0; i/dev/null ) + woodpecker_note "${LOGON}" + + woodpecker_note "Building and pushing with Depot..." + # Build and push with depot + + #parse_tags + # Build the Commandline parameters + build_cli + + DEPOT_TOKEN=${PLUGIN_TOKEN} depot build "${options[@]}" + woodpecker_note "Build completed" + fi +} + +_main() { + woodpecker_note "Starting" + verify_minimum_env "$@" + woodpecker_note "$@" + woodpecker_note "Depot version is: $(depot --version)" + build_on_depot "$@" +} + +# If we are sourced from elsewhere, don't perform any further actions +if ! _is_sourced; then + _main "$@" +fi