diff --git a/.hadolint.yaml b/.hadolint.yaml deleted file mode 100644 index d4b1790..0000000 --- a/.hadolint.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# https://github.com/hadolint/hadolint#configure -failure-threshold: style -strict-labels: true -disable-ignore-pragma: true -ignored: -# - DL3008 # Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =` -trustedRegistries: [docker.io] diff --git a/.justfile b/.justfile index b4f9e01..b8a3119 100644 --- a/.justfile +++ b/.justfile @@ -6,21 +6,22 @@ # Run linter. @lint: + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix - docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck - docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) woodpeckerci/woodpecker-cli lint # Build image with local docker daemon. [group('image')] @build: - docker buildx build . --tag=kokuwaio/buildctl --platform=linux/amd64,linux/arm64 + docker buildx build . --tag=kokuwaio/buildctl --platform=linux/amd64,linux/arm64 --push + docker buildx build . --platform=linux/amd64,linux/arm64 --push --tag registry.kokuwa.io/b # Inspect image with docker. [group('image')] -@inspect: +@inspect: build docker image inspect kokuwaio/buildctl # Inspect image layers with `dive`. diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml index d5f1b2f..2337066 100644 --- a/.woodpecker/build.yaml +++ b/.woodpecker/build.yaml @@ -1,20 +1,59 @@ when: + instance: ci.kokuwa.io + repo: woodpecker/buildctl event: [manual, push, pull_request] branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] steps: build: - image: kokuwaio/buildctl - settings: - name: registry.kokuwa.io/yamllint:$CI_PIPELINE_NUMBER - annotations: - org.opencontainers.image.title: Yamllint Plugin" + image: kokuwaio/buildctl:v0.21.0 + pull: true + depends_on: [] + settings: &settings + name: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER + auth: + registry.kokuwa.io: + username: {from_secret: kokuwa_io_username} + password: {from_secret: kokuwa_io_password} + platform: [linux/amd64, linux/arm64] + annotation: + org.opencontainers.image.title: Buildctl Plugin org.opencontainers.image.description: A Woodpecker CI plugin for yamllint to lint yaml files. org.opencontainers.image.url: $CI_REPO_URL - org.opencontainers.image.documentation: $CI_REPO_URL + org.opencontainers.image.documentation: $CI_REPO_URL/README.md org.opencontainers.image.source: $CI_REPO_CLONE_URL + org.opencontainers.image.revision: $CI_COMMIT_SHA org.opencontainers.image.vendor: kokuwa.io - org.opencontainers.image.licenses: GPL-3.0-or-later + org.opencontainers.image.licenses: EUPL-1.2 + org.opencontainers.image.ref.name: kokuwaio/buildctl org.opencontainers.image.version: v0.21.0 +# when: +# event: pull_request + + push: + image: kokuwaio/buildctl:v0.21.0 + pull: true + settings: + <<: *settings + name: + - registry.kokuwa.io/buildctl:latest + - registry.kokuwa.io/buildctl:v0.21.0 + - docker.io/kokuwaio/buildctl:latest + - docker.io/kokuwaio/buildctl:v0.21.0 + - ghcr.io/kokuwaio/buildctl:latest + - ghcr.io/kokuwaio/buildctl:v0.21.0 + auth: + "https://index.docker.io/v1/": + username: {from_secret: docker_io_username} + password: {from_secret: docker_io_password} + ghcr.io: + username: {from_secret: ghcr_io_username} + password: {from_secret: ghcr_io_password} + registry.kokuwa.io: + username: {from_secret: kokuwa_io_username} + password: {from_secret: kokuwa_io_password} +# when: +# event: [manual, push] +# branch: main diff --git a/.woodpecker/dockerhub.yaml b/.woodpecker/dockerhub.yaml index b1fa76b..47cd9df 100644 --- a/.woodpecker/dockerhub.yaml +++ b/.woodpecker/dockerhub.yaml @@ -1,9 +1,9 @@ when: instance: ci.kokuwa.io repo: woodpecker/buildctl - event: push + event: [manual, push] branch: main - path: README.md + path: [.woodpecker/dockerhub.yaml, README.md] steps: diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml index 8a70dee..59a1252 100644 --- a/.woodpecker/lint.yaml +++ b/.woodpecker/lint.yaml @@ -1,5 +1,5 @@ when: - event: [cron, manual, push, pull_request] + event: [manual, push, pull_request] branch: main path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"] @@ -23,7 +23,7 @@ steps: dockerfile: image: kokuwaio/hadolint depends_on: [] - when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]] + when: [path: [.woodpecker/lint.yaml, "**/Dockerfile"]] shellcheck: image: kokuwaio/shellcheck diff --git a/.woodpecker/push.yaml b/.woodpecker/push.yaml deleted file mode 100644 index 62e94de..0000000 --- a/.woodpecker/push.yaml +++ /dev/null @@ -1,32 +0,0 @@ -when: - instance: ci.kokuwa.io - repo: woodpecker/buildctl - event: push - branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] - -depends_on: [build] -skip_clone: true - -steps: - - docker.io: &push - image: quay.io/skopeo/stable:v1.18.0 - depends_on: [manifest] - commands: - - echo "$AUTH" > /tmp/auth.json - - skopeo copy --all --preserve-digests --dest-precompute-digests - docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER - docker://$URL/kokuwaio/yamllint:1.37.0 - - skopeo copy --all --preserve-digests --dest-precompute-digests - docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER - docker://$URL/kokuwaio/yamllint:latest - environment: - URL: docker.io - AUTH: {from_secret: DOCKER_IO_AUTH} - - ghcr.io: - <<: *push - environment: - URL: ghcr.io - AUTH: {from_secret: GHCR_IO_AUTH} diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml index 92806a6..b096834 100644 --- a/.woodpecker/test.yaml +++ b/.woodpecker/test.yaml @@ -1,11 +1,12 @@ when: instance: ci.kokuwa.io repo: woodpecker/buildctl - event: push + event: [manual, push, pull_request] branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] -depends_on: [push] +depends_on: [build] +skip_clone: true matrix: PLATFORM: [amd64, arm64] labels: @@ -13,17 +14,25 @@ labels: steps: - kokuwa.io: + pr: + image: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER + pull: true + commands: buildctl --version + when: + event: pull_request + + kokuwa.io: &version image: kokuwa.io/buildctl pull: true commands: buildctl --version + when: + event: [manual, push] + branch: main docker.io: image: docker.io/kokuwaio/buildctl - pull: true - commands: buildctl --version + <<: *version ghcr.io: image: ghcr.io/kokuwaio/buildctl - pull: true - commands: buildctl --version + <<: *version diff --git a/Dockerfile b/Dockerfile index 4167401..ea76470 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,27 @@ -FROM docker.io/library/bash:5.2.37@sha256:64defcbc5126c2d81122b4fb78a629a6d27068f0842c4a8302b8273415b12e30 +# ignore pipefail because +# bash is non-default location https://github.com/tianon/docker-bash/issues/29 +# hadolint only uses default locations https://github.com/hadolint/hadolint/issues/977 +# hadolint global ignore=DL4006 +FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91 +SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"] + RUN ARCH=$(uname -m) && \ [[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \ [[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \ [[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \ - wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | \ - tar --gz --extract --directory=/usr/local bin/buildctl + wget -q "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-$SUFFIX" --output-document=/usr/local/bin/jq && \ + chmod 555 /usr/local/bin/jq + +RUN ARCH=$(uname -m) && \ + [[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \ + [[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \ + [[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \ + wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | tar --gz --extract --directory=/usr/local bin/buildctl && \ + chmod 555 /usr/local/bin/jq + COPY --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] + +RUN mkdir -p /home/buildkit/.docker/ && echo '{}' > /home/buildkit/.docker/config.json && chown 1000:1000 /home/buildkit -R +ENV HOME=/home/buildkit USER 1000:1000 diff --git a/LICENSE b/LICENSE index dacd3ae..ebcf5a5 100644 --- a/LICENSE +++ b/LICENSE @@ -2,7 +2,7 @@ EUROPEAN UNION PUBLIC LICENCE v. 1.2 EUPL © the European Union 2007, 2016 -This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined +This European Union Public Licence (the 'EUPL') applies to the Work (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work). @@ -19,36 +19,36 @@ or has expressed by any other means his willingness to license under the EUPL. In this Licence, the following terms have the following meaning: -- ‘The Licence’: this Licence. +- 'The Licence': this Licence. -- ‘The Original Work’: the work or software distributed or communicated by the +- 'The Original Work': the work or software distributed or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be. -- ‘Derivative Works’: the works or software that could be created by the +- 'Derivative Works': the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15. -- ‘The Work’: the Original Work or its Derivative Works. +- 'The Work': the Original Work or its Derivative Works. -- ‘The Source Code’: the human-readable form of the Work which is the most +- 'The Source Code': the human-readable form of the Work which is the most convenient for people to study and modify. -- ‘The Executable Code’: any code which has generally been compiled and which is +- 'The Executable Code': any code which has generally been compiled and which is meant to be interpreted by a computer as a program. -- ‘The Licensor’: the natural or legal person that distributes or communicates +- 'The Licensor': the natural or legal person that distributes or communicates the Work under the Licence. -- ‘Contributor(s)’: any natural or legal person who modifies the Work under the +- 'Contributor(s)': any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work. -- ‘The Licensee’ or ‘You’: any natural or legal person who makes any usage of +- 'The Licensee' or 'You': any natural or legal person who makes any usage of the Work under the terms of the Licence. -- ‘Distribution’ or ‘Communication’: any act of selling, giving, lending, +- 'Distribution' or 'Communication': any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal @@ -114,15 +114,15 @@ Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the -Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee +Licence — for example by communicating 'EUPL v. 1.2 only'. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence. Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done under the -terms of this Compatible Licence. For the sake of this clause, ‘Compatible -Licence’ refers to the licences listed in the appendix attached to this Licence. +terms of this Compatible Licence. For the sake of this clause, 'Compatible +Licence' refers to the licences listed in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail. @@ -155,9 +155,9 @@ terms of this Licence. The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work and may therefore contain defects or -‘bugs’ inherent to this type of development. +'bugs' inherent to this type of development. -For the above reason, the Work is provided under the Licence on an ‘as is’ basis +For the above reason, the Work is provided under the Licence on an 'as is' basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than @@ -189,7 +189,7 @@ the fact You have accepted any warranty or additional liability. 10. Acceptance of the Licence -The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ +The provisions of this Licence can be accepted by clicking on an icon 'I agree' placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable @@ -264,7 +264,7 @@ Without prejudice to specific agreement between parties, Appendix -‘Compatible Licences’ according to Article 5 EUPL are: +'Compatible Licences' according to Article 5 EUPL are: - GNU General Public License (GPL) v. 2, v. 3 - GNU Affero General Public License (AGPL) v. 3 diff --git a/README.md b/README.md index 0072883..3e37a61 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,17 @@ [![pulls](https://img.shields.io/docker/pulls/kokuwaio/buildctl)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) -[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://github.com/kokuwaio/buildctl/blob/main/Dockerfile) -[![license](https://img.shields.io/github/license/kokuwaio/buildctl)](https://github.com/kokuwaio/buildctl/blob/main/LICENSE) -[![issues](https://img.shields.io/github/issues/kokuwaio/buildctl)](https://github.com/kokuwaio/buildctl/issues) +[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://git.kokuwa.io/woodpecker/buildctl/src/branch/main/Dockerfile) +[![license](https://img.shields.io/badge/License-EUPL%201.2-blue)](https://git.kokuwa.io/woodpecker/buildctl/src/branch/main/LICENSE) +[![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/pulls) +[![issues](https://img.shields.io/gitea/issues/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/issues) -A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit instance. +A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit host. Also usable with Gitlab, Github or locally, see examples for usage. ## Features -- preconfigure buildctl parameters -- searches for yaml files recursive +- preconfigured for [reproduceable builds](https://github.com/moby/buildkit/blob/master/docs/build-repro.md) - runnable with local docker daemon ## Example @@ -23,13 +23,15 @@ Woodpecker: steps: buildctl: image: kokuwaio/buildctl - depends_on: [] settings: - no-warnings: true - format: json - when: - event: pull_request - path: [.buildctl.yaml, "**/*.y*ml"] + name: + - registry.example.org/foo:latest + - registry.example.org/foo:0.0.1 + annotation: + org.opencontainers.image.title: My Image + org.opencontainers.image.description: A description. + platform: [linux/amd64, linux/arm64] + auth: {from_secret: AUTH} ``` Gitlab: @@ -40,34 +42,45 @@ buildctl: needs: [] image: kokuwaio/buildctl variables: - PLUGIN_NO_WARNINGS: true - PLUGIN_FORMAT: json + PLUGIN_ADDR: tcp://0.8.1.5:1234 + PLUGIN_NAME: registry.example.org/foo:latest,registry.example.org/foo:0.0.1 + PLUGIN_PLATFORM: linux/amd64,linux/arm64 + PLUGIN_AUTH: '{"auths":{"registry.example.org":{"auth":"changeMe}}}' rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" changes: [.buildctl.yaml, "**/*.y*ml"] ``` -CLI: +CLI (will reuse docker credentials of current user): ```bash -docker run --rm --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/buildctl --no-warnings --format=json +PLUGIN_ADDR=tcp://0.8.1.5:1234 +PLUGIN_NAME=registry.example.org/foo:latest,registry.example.org/foo:0.0.1 +PLUGIN_PLATFORM=linux/amd64,linux/arm64 +docker run --rm --user=$(id -u) --volume=$HOME:$HOME:ro --workdir=$PWD --env=PLUGIN_ADDR --env=PLUGIN_NAME --env=PLUGIN_PLATFORM kokuwaio/buildctl ``` ## Settings -| Settings Name | Environment | Default | Description | -| --------------| ------------------ | --------- | -------------------------------------------------------------------- | -| `config-file` | PLUGIN_CONFIG_FILE | `none` | Configuration file to use, if none is configured [default](https://buildctl.readthedocs.io/en/stable/configuration.html) is used | -| `strict` | PLUGIN_STRICT | `true` | Fail on warnings | -| `no-warnings` | PLUGIN_NO_WARNINGS | `false` | Output only error level problems | -| `format` | PLUGIN_FORMAT | `colored` | Format for parsing output: parsable, standard, colored, github, auto | +| Settings Name | Environment | Default | Description | +| ------------------- | ------------------------ | ---------------- | ----------------------------------------------------------------------------------------------- | +| `addr` | PLUGIN_ADDR | `$BUILDKIT_HOST` | Buildkit host to use. | +| `frontend` | PLUGIN_FRONTEND | `dockerfile.v0` | Only dockerfile frontend supported right now | +| `context` | PLUGIN_CONTEXT | `$PWD` | Context directory to use for build | +| `dockerfile` | PLUGIN_DOCKERFILE | `Dockerfile` | Dockerfile to use. | +| `platform` | PLUGIN_PLATFORM | `none` | Target platform for container image. | +| `source-epoch-date` | PLUGIN_SOURCE_DATE_EPOCH | `0` | Target platform for container image. | +| `name` | PLUGIN_NAME | `none` | Images names where to push the image. | +| `annotation` | PLUGIN_ANNOTATION | `none` | Annotations (also known as labels) to add to image | +| `auth` | PLUGIN_AUTH | `none` | Auth for private registries, see [](https://github.com/moby/buildkit?tab=readme-ov-file#output) | +| `push` | PLUGIN_PUSH | `true` | Push images if output names are set. | ## Alternatives -| Image | Comment | amd64 | arm64 | -| ----------------------------------------------------------------------------------- | --------------------------------- |:-----:|:-----:| -| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | -| [pipelinecomponents/buildctl](https://hub.docker.com/r/pipelinecomponents/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | -| [giantswarm/buildctl](https://hub.docker.com/r/giantswarm/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | -| [cytopia/buildctl](https://hub.docker.com/r/sdesbure/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | -| [sdesbure/buildctl](https://hub.docker.com/r/sdesbure/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | +| Image | Comment | amd64 | arm64 | +| --------------------------------------------------------------- | --------------------------------- |:-----:|:-----:| +| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | +| [moby/buildkit](https://hub.docker.com/r/moby/buildkit) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=amd64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=arm64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | +| [nordseth/buildctl](https://hub.docker.com/r/nordseth/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | +| [shopstic/buildctl](https://hub.docker.com/r/shopstic/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | +| [agisoft/buildctl](https://hub.docker.com/r/agisoft/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | diff --git a/entrypoint.sh b/entrypoint.sh index 10c0739..4d1e1e7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,46 +1,58 @@ -#!/bin/bash +#!/usr/bin/env bash set -eu; ## ## check input ## -BUILDCTL_ADDR=${PLUGIN_ADDR:-${BUILDCTL_ADDR:-}} -if [[ -z "${BUILDCTL_ADDR:-}" ]]; then - echo "Missing buildkit addr." - exit 1 -fi BUILDCTL_CONTEXT=${PLUGIN_CONTEXT:-$(pwd)} -BUILDCTL_DOCKERFILE=$(dirname ${PLUGIN_DOCKERFILE:-$BUILDCTL_CONTEXT/Dockerfile}) +BUILDCTL_DOCKERFILE=$(dirname "${PLUGIN_DOCKERFILE:-$BUILDCTL_CONTEXT/Dockerfile}") if [[ ! -f $BUILDCTL_DOCKERFILE/Dockerfile ]]; then echo "Dockerfile $BUILDCTL_DOCKERFILE/Dockerfile not found!" exit 1 fi + BUILDCTL_FRONTEND=${PLUGIN_FRONTEND:-dockerfile.v0} if [[ "$BUILDCTL_FRONTEND" != "dockerfile.v0" ]]; then echo "Only frontend 'dockerfile.v0' testet and supported yet." exit 1 fi +SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-0} + +if [[ -n "${PLUGIN_AUTH:-}" ]]; then + echo "$PLUGIN_AUTH" | jq -r 'to_entries|map({(.key):{"auth":(.value.username+":"+.value.password)|@base64}})|add|{"auths":.}' > "$HOME/.docker/config.json" + echo "Stored credentials at $HOME/.docker/config.json" + echo +fi + ## ## build command ## COMMAND="buildctl" -COMMAND="$COMMAND --addr $BUILDCTL_ADDR" COMMAND="$COMMAND build" +if [[ -n "${PLUGIN_ADDR:-}" ]]; then + COMMAND="$COMMAND --addr $PLUGIN_ADDR" +fi COMMAND="$COMMAND --frontend $BUILDCTL_FRONTEND" COMMAND="$COMMAND --local context='$BUILDCTL_CONTEXT'" COMMAND="$COMMAND --local dockerfile='$BUILDCTL_DOCKERFILE'" if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'" fi -# https://github.com/moby/buildkit/blob/master/README.md#output -if [[ ! -z "${PLUGIN_NAME:-}" ]]; then - COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAME,push=${PLUGIN_PUSH:-true}" -fi -# custom args, e.g. docker run --rm --volume=$(pwd):$(pwd) --workdir=$(pwd) --env=CI=test kokuwaio/buildkit --opt buildarg=foo=bar +# https://github.com/moby/buildkit/blob/master/README.md#output +OUTPUT="" +if [[ -n "${PLUGIN_NAME:-}" ]]; then + OUTPUT="--output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true}" + OUTPUT="$OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9" + OUTPUT="$OUTPUT,rewrite-timestamp=true" + OUTPUT="$OUTPUT$(echo "$PLUGIN_ANNOTATION" | jq --join-output 'keys[] as $k|",annotation.\($k)=\"\(.[$k])\""')" +fi +COMMAND="$COMMAND $OUTPUT" + +# custom args, e.g. docker run --rm --volume=$HOME:HOME:ro --workdir=$PWD kokuwaio/buildkit --opt buildarg=foo=bar if [[ -n "${1:-}" ]]; then COMMAND="$COMMAND $*" fi @@ -49,5 +61,21 @@ fi ## execute command ## -echo -e "${COMMAND// --/\\n --}\n" +echo +echo Reproduce with docker: +echo +echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH docker buildx build ${PLUGIN_CONTEXT:-.}" + echo " --no-cache" +if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then + echo " --platform='$PLUGIN_PLATFORM'" +fi +if [[ -n "${OUTPUT:-}" ]]; then + echo " $OUTPUT" +fi +echo +echo Running now: +echo +echo -e "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n --}" +echo + eval "$COMMAND" diff --git a/renovate.json b/renovate.json index 91aa873..6ea399d 100644 --- a/renovate.json +++ b/renovate.json @@ -39,14 +39,23 @@ "customManagers": [ { "customType": "regex", - "fileMatch": ["Dockerfile", ".woodpecker/build.yaml", ".woodpecker/push.yaml"], + "managerFilePatterns": ["Dockerfile", ".woodpecker/build.yaml"], "matchStrings": [ - "org.opencontainers.image.version=(?v[0-9]+\\.[0-9]+\\.[0-9]+)", - "SHELLCHECK_VERSION=(?v[0-9]+\\.[0-9]+\\.[0-9]+)", - "kokuwaio/shellcheck:(?v[0-9]+\\.[0-9]+\\.[0-9]+)" + "- registry.kokuwa.io/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "- docker.io/kokuwaio/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "- ghcr.io/kokuwaio/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "org.opencontainers.image.version: (?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "https://github.com/moby/buildkit/releases/download/(?v[0-9]+\\.[0-9]+\\.[0-9]+)/buildkit-v[0-9]+\\.[0-9]+\\.[0-9]+.linux-$SUFFIX.tar.gz", + "https://github.com/moby/buildkit/releases/download/v[0-9]+\\.[0-9]+\\.[0-9]+/buildkit-(?v[0-9]+\\.[0-9]+\\.[0-9]+).linux-$SUFFIX.tar.gz" ], "datasourceTemplate": "github-tags", "packageNameTemplate": "moby/buildkit" + },{ + "customType": "regex", + "managerFilePatterns": ["Dockerfile"], + "matchStrings": ["https://github.com/jqlang/jq/releases/download/(?jq-[0-9]+\\.[0-9]+\\.[0-9]+)/jq-linux-$SUFFIX"], + "datasourceTemplate": "github-tags", + "packageNameTemplate": "jqlang/jq" } ] -} +