diff --git a/.woodpecker.yml b/.woodpecker.yml index ee4b55f..1bb4c06 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -1,9 +1,9 @@ -when: - - event: [pull_request, tag, cron] - - event: push - branch: - - ${CI_REPO_DEFAULT_BRANCH} - - renovate/* +# when: +# - event: [pull_request, tag, cron] +# - event: push +# branch: +# - ${CI_REPO_DEFAULT_BRANCH} +# - renovate/* variables: - &golang "golang:1.22" @@ -12,89 +12,67 @@ variables: platforms: "linux/amd64,linux/arm64" dockerfile: Dockerfile.multiarch auto_tag: true - repo: woodpeckerci/plugin-docker-buildx,codeberg.org/woodpecker-plugins/docker-buildx + repo: gitnet.fr/deblan/docker-buildx - &login_setting - # Default DockerHub login - - registry: https://index.docker.io/v1/ + - registry: https://gitnet.fr username: - from_secret: docker_username + from_secret: registry_user password: - from_secret: docker_password - # Additional Codeberg login - - registry: https://codeberg.org - username: - from_secret: cb_username - password: - from_secret: cb_password + from_secret: registry_password steps: - vendor: - image: *golang - commands: go mod vendor + # vendor: + # image: *golang + # commands: go mod vendor + # + # test: + # image: *golang + # depends_on: vendor + # commands: go test -cover ./... + # + # lint-editorconfig: + # image: docker.io/mstruebing/editorconfig-checker:2.7.2 + # when: + # event: push + # + # lint-format: + # image: *golang + # depends_on: vendor + # commands: make formatcheck + # when: + # event: push + # + # publish-dryrun: + # image: *build_plugin + # depends_on: test + # pull: true + # settings: + # <<: *base_buildx_settings + # repo: test + # dry-run: true + # when: + # evaluate: 'not (CI_COMMIT_PULL_REQUEST_LABELS contains "build_pr_images")' + # event: pull_request + # branch: + # - ${CI_REPO_DEFAULT_BRANCH} + # - renovate/* - test: - image: *golang - depends_on: vendor - commands: go test -cover ./... + # publish: + # image: *build_plugin + # settings: + # <<: *base_buildx_settings + # logins: *login_setting + # when: + # event: [push, tag, cron] - lint-editorconfig: - image: docker.io/mstruebing/editorconfig-checker:2.7.2 - when: - event: pull_request - - lint-format: - image: *golang - depends_on: vendor - commands: make formatcheck - when: - event: pull_request - - publish-dryrun: - image: *build_plugin - depends_on: test + foo: + image: gitnet.fr/deblan/docker-buildx pull: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock settings: <<: *base_buildx_settings - repo: test dry-run: true - when: - evaluate: 'not (CI_COMMIT_PULL_REQUEST_LABELS contains "build_pr_images")' - event: pull_request - branch: - - ${CI_REPO_DEFAULT_BRANCH} - - renovate/* - - publish: - image: *build_plugin - depends_on: test - settings: - <<: *base_buildx_settings - logins: *login_setting - when: - event: [push, tag, cron] - branch: ${CI_REPO_DEFAULT_BRANCH} - - publish_pr_image: - image: *build_plugin - depends_on: test - settings: - <<: *base_buildx_settings - tag: pull_${CI_COMMIT_PULL_REQUEST} - logins: *login_setting - when: - evaluate: 'CI_COMMIT_PULL_REQUEST_LABELS contains "build_pr_images"' - event: pull_request - - # TODO: replace by plugin-ready-release-go once it supports gitea - gitea-release: - image: "woodpeckerci/plugin-gitea-release:0.3.1" - depends_on: test - settings: - base_url: https://codeberg.org - title: ${CI_COMMIT_TAG} - api_key: - from_secret: gitea_token - target: main - when: - event: [tag] - branch: ${CI_REPO_DEFAULT_BRANCH} + secrets: + - foo + - bar diff --git a/cmd/docker-buildx/config.go b/cmd/docker-buildx/config.go index 05705f3..9e56a4e 100644 --- a/cmd/docker-buildx/config.go +++ b/cmd/docker-buildx/config.go @@ -183,6 +183,12 @@ func settingsFlags(settings *plugin.Settings) []cli.Flag { Usage: "forwards environment variables as custom arguments to the build", Destination: &settings.Build.ArgsEnv, }, + &cli.StringSliceFlag{ + Name: "secrets", + EnvVars: []string{"PLUGIN_SECRETS"}, + Usage: "sets custom secret arguments for the build", + Destination: &settings.Build.Secrets, + }, &cli.BoolFlag{ Name: "quiet", EnvVars: []string{"PLUGIN_QUIET"}, diff --git a/docs.md b/docs.md index 3f8ce32..b413377 100644 --- a/docs.md +++ b/docs.md @@ -29,7 +29,7 @@ It will automatically generate buildkit configuration to use custom CA certifica | Settings Name | Default | Description | -| ------------------------- | ------------------------------- | ---------------------------------------------------- | +| --- | --- | --- | | `dry-run` | `false` | disables docker push | | `repo` | _none_ | sets repository name for the image (can be a list) | | `username` | _none_ | sets username to authenticates with | @@ -91,52 +91,51 @@ docker-build: ## Advanced Settings - -| Settings Name | Default | Description | +| Settings Name | Default | Description | | ------------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | -| `mirror` | _none_ | sets a registry mirror to pull images | -| `storage_driver` | _none_ | sets the docker daemon storage driver | -| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path | -| `bip` | _none_ | allows the docker daemon to bride ip address | -| `mtu` | _none_ | sets docker daemon custom mtu setting | -| `custom_dns` | _none_ | sets custom docker daemon dns server | -| `custom_dns_search` | _none_ | sets custom docker daemon dns search domain | -| `insecure` | `false` | allows the docker daemon to use insecure registries | -| `ipv6` | `false` | enables docker daemon IPv6 support | -| `experimental` | `false` | enables docker daemon experimental mode | -| `debug` | `false` | enables verbose debug mode for the docker daemon | -| `daemon_off` | `false` | disables the startup of the docker daemon | -| `buildkit_debug` | `false` | enables debug output of buildkit | -| `buildkit_config` | _none_ | sets content of the docker[buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) | -| `buildkit_driveropt` | _none_ | adds one or multiple`--driver-opt` buildx arguments for the default buildkit builder instance | -| `tags_file` | _none_ | overrides the`tags` option with values in a file named `.tags`; multiple tags can be specified separated by a newline | -| `context` | `.` | sets the path of the build context to use | -| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via`tags` are additionally added to the auto_tags without suffix | -| `default_suffix"`/`auto_tag_suffix` | _none_ | generates tag names with the given suffix | -| `default_tag` | `latest` | overrides the default tag name used when generating with`auto_tag` enabled | -| `label`/`labels` | _none_ | sets labels to use for the image in format`=` | -| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information | -| `build_args` | _none_ | sets custom build arguments for the build | -| `build_args_from_env` | _none_ | forwards environment variables as custom arguments to the build | -| `quiet` | `false` | enables suppression of the build output | -| `target` | _none_ | sets the build target to use | -| `cache_from` | _none_ | sets configuration for cache source | -| `cache_to` | _none_ | sets configuration for cache export | -| `cache_images` | _none_ | a list of images to use as cache. | -| `pull_image` | `true` | enforces to pull base image at build time | -| `compress` | `false` | enables compression of the build context using gzip | -| `config` | _none_ | sets content of the docker daemon json config | -| `purge` | `true` | enables cleanup of the docker environment at the end of a build | -| `no_cache` | `false` | disables the usage of cached intermediate containers | -| `add_host` | _none_ | sets additional host:ip mapping | -| `output` | _none_ | sets build output in format`type=[,=]` | -| `logins` | _none_ | option to log into multiple registries | -| `env_file` | _none_ | load env vars from specified file | -| `ecr_create_repository` | `false` | creates the ECR repository if it does not exist | -| `ecr_lifecycle_policy` | _none_ | AWS ECR lifecycle policy | -| `ecr_repository_policy` | _none_ | AWS ECR repository policy | -| `ecr_scan_on_push` | _none_ | AWS: whether to enable image scanning on push | - +| `mirror` | _none_ | sets a registry mirror to pull images | +| `storage_driver` | _none_ | sets the docker daemon storage driver | +| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path | +| `bip` | _none_ | allows the docker daemon to bride ip address | +| `mtu` | _none_ | sets docker daemon custom mtu setting | +| `custom_dns` | _none_ | sets custom docker daemon dns server | +| `custom_dns_search` | _none_ | sets custom docker daemon dns search domain | +| `insecure` | `false` | allows the docker daemon to use insecure registries | +| `ipv6` | `false` | enables docker daemon IPv6 support | +| `experimental` | `false` | enables docker daemon experimental mode | +| `debug` | `false` | enables verbose debug mode for the docker daemon | +| `daemon_off` | `false` | disables the startup of the docker daemon | +| `buildkit_debug` | `false` | enables debug output of buildkit | +| `buildkit_config` | _none_ | sets content of the docker[buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) | +| `buildkit_driveropt` | _none_ | adds one or multiple`--driver-opt` buildx arguments for the default buildkit builder instance | +| `tags_file` | _none_ | overrides the`tags` option with values in a file named `.tags`; multiple tags can be specified separated by a newline | +| `context` | `.` | sets the path of the build context to use | +| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via`tags` are additionally added to the auto_tags without suffix | +| `default_suffix"`/`auto_tag_suffix` | _none_ | generates tag names with the given suffix | +| `default_tag` | `latest` | overrides the default tag name used when generating with`auto_tag` enabled | +| `label`/`labels` | _none_ | sets labels to use for the image in format`=` | +| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information | +| `build_args` | _none_ | sets custom build arguments for the build | +| `build_args_from_env` | _none_ | forwards environment variables as custom arguments to the build | +| `secrets` | _none_ | Sets the build secrets for the build | +| `quiet` | `false` | enables suppression of the build output | +| `target` | _none_ | sets the build target to use | +| `cache_from` | _none_ | sets configuration for cache source | +| `cache_to` | _none_ | sets configuration for cache export | +| `cache_images` | _none_ | a list of images to use as cache. | +| `pull_image` | `true` | enforces to pull base image at build time | +| `compress` | `false` | enables compression of the build context using gzip | +| `config` | _none_ | sets content of the docker daemon json config | +| `purge` | `true` | enables cleanup of the docker environment at the end of a build | +| `no_cache` | `false` | disables the usage of cached intermediate containers | +| `add_host` | _none_ | sets additional host:ip mapping | +| `output` | _none_ | sets build output in format`type=[,=]` | +| `logins` | _none_ | option to log into multiple registries | +| `env_file` | _none_ | load env vars from specified file | +| `ecr_create_repository` | `false` | creates the ECR repository if it does not exist | +| `ecr_lifecycle_policy` | _none_ | AWS ECR lifecycle policy | +| `ecr_repository_policy` | _none_ | AWS ECR repository policy | +| `ecr_scan_on_push` | _none_ | AWS: whether to enable image scanning on push | ## Multi registry push example Only supported with `woodpecker >= 1.0.0` (next-da997fa3). diff --git a/plugin/docker.go b/plugin/docker.go index e966b37..4b82743 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -94,6 +94,9 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd { for _, arg := range append(defaultBuildArgs, build.Args.Value()...) { args = append(args, "--build-arg", arg) } + for _, secret := range build.Secrets.Value() { + args = append(args, "--secret", secret) + } for _, host := range build.AddHost.Value() { args = append(args, "--add-host", host) } diff --git a/plugin/impl.go b/plugin/impl.go index 563d03d..55708bf 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -69,6 +69,7 @@ type Build struct { Platforms cli.StringSlice // Docker build target platforms Args cli.StringSlice // Docker build args ArgsEnv cli.StringSlice // Docker build args from env + Secrets cli.StringSlice // Docker build secret Target string // Docker build target Output string // Docker build output Pull bool // Docker build pull