1

2025-06-06 21:55:12 +02:00 · 2025-06-06 21:55:12 +02:00 · 01b16c2e42
commit 01b16c2e42
parent f9eff77790
12 changed files with 209 additions and 132 deletions
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@ -1,7 +0,0 @@
 # https://github.com/hadolint/hadolint#configure
 failure-threshold: style
 strict-labels: true
 disable-ignore-pragma: true
 ignored:
 #  - DL3008  # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
 trustedRegistries: [docker.io]
--- a/.justfile
+++ b/.justfile
@ -6,21 +6,22 @@
 # Run linter.
@lint:
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint	
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint
 	docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate
 	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) woodpeckerci/woodpecker-cli lint
 # Build image with local docker daemon.
 [group('image')]
@build:
-	docker buildx build . --tag=kokuwaio/buildctl --platform=linux/amd64,linux/arm64
+	docker buildx build . --tag=kokuwaio/buildctl --platform=linux/amd64,linux/arm64 --push
 	docker buildx build . --platform=linux/amd64,linux/arm64 --push --tag registry.kokuwa.io/b
 # Inspect image with docker.
 [group('image')]
-@inspect:
+@inspect: build
 	docker image inspect kokuwaio/buildctl
 # Inspect image layers with `dive`.
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@ -1,20 +1,59 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
  event: [manual, push, pull_request]
  branch: main
-  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+  path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 steps:
  build:
-    image: kokuwaio/buildctl
+    image: kokuwaio/buildctl:v0.21.0
-    settings:
+    pull: true
-      name: registry.kokuwa.io/yamllint:$CI_PIPELINE_NUMBER
+    depends_on: []
-      annotations:
+    settings: &settings
-        org.opencontainers.image.title: Yamllint Plugin"
+      name: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER
      auth:
        registry.kokuwa.io:
          username: {from_secret: kokuwa_io_username}
          password: {from_secret: kokuwa_io_password}
      platform: [linux/amd64, linux/arm64]
      annotation:
        org.opencontainers.image.title: Buildctl Plugin
        org.opencontainers.image.description: A Woodpecker CI plugin for yamllint to lint yaml files.
        org.opencontainers.image.url: $CI_REPO_URL
-        org.opencontainers.image.documentation: $CI_REPO_URL
+        org.opencontainers.image.documentation: $CI_REPO_URL/README.md
        org.opencontainers.image.source: $CI_REPO_CLONE_URL
        org.opencontainers.image.revision: $CI_COMMIT_SHA
        org.opencontainers.image.vendor: kokuwa.io
-        org.opencontainers.image.licenses: GPL-3.0-or-later
+        org.opencontainers.image.licenses: EUPL-1.2
        org.opencontainers.image.ref.name: kokuwaio/buildctl
        org.opencontainers.image.version: v0.21.0
 #    when:
 #      event: pull_request
  push:
    image: kokuwaio/buildctl:v0.21.0
    pull: true
    settings:
      <<: *settings
      name:
        - registry.kokuwa.io/buildctl:latest
        - registry.kokuwa.io/buildctl:v0.21.0
        - docker.io/kokuwaio/buildctl:latest
        - docker.io/kokuwaio/buildctl:v0.21.0
        - ghcr.io/kokuwaio/buildctl:latest
        - ghcr.io/kokuwaio/buildctl:v0.21.0
      auth:
        "https://index.docker.io/v1/":
          username: {from_secret: docker_io_username}
          password: {from_secret: docker_io_password}
        ghcr.io:
          username: {from_secret: ghcr_io_username}
          password: {from_secret: ghcr_io_password}
        registry.kokuwa.io:
          username: {from_secret: kokuwa_io_username}
          password: {from_secret: kokuwa_io_password}
 #    when:
 #      event: [manual, push]
 #      branch: main
--- a/.woodpecker/dockerhub.yaml
+++ b/.woodpecker/dockerhub.yaml
@ -1,9 +1,9 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
-  event: push
+  event: [manual, push]
  branch: main
-  path: README.md
+  path: [.woodpecker/dockerhub.yaml, README.md]
 steps:
--- a/.woodpecker/lint.yaml
+++ b/.woodpecker/lint.yaml
@ -1,5 +1,5 @@
 when:
-  event: [cron, manual, push, pull_request]
+  event: [manual, push, pull_request]
  branch: main
  path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"]
@ -23,7 +23,7 @@ steps:
  dockerfile:
    image: kokuwaio/hadolint
    depends_on: []
-    when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]]
+    when: [path: [.woodpecker/lint.yaml, "**/Dockerfile"]]
  shellcheck:
    image: kokuwaio/shellcheck
--- a/.woodpecker/push.yaml
+++ b/.woodpecker/push.yaml
@ -1,32 +0,0 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
  event: push
  branch: main
  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 depends_on: [build]
 skip_clone: true
 steps:
  docker.io: &push
    image: quay.io/skopeo/stable:v1.18.0
    depends_on: [manifest]
    commands:
      - echo "$AUTH" > /tmp/auth.json
      - skopeo copy --all --preserve-digests --dest-precompute-digests
          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
          docker://$URL/kokuwaio/yamllint:1.37.0
      - skopeo copy --all --preserve-digests --dest-precompute-digests
          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
          docker://$URL/kokuwaio/yamllint:latest
    environment:
      URL: docker.io
      AUTH: {from_secret: DOCKER_IO_AUTH}
  ghcr.io:
    <<: *push
    environment:
      URL: ghcr.io
      AUTH: {from_secret: GHCR_IO_AUTH}
--- a/.woodpecker/test.yaml
+++ b/.woodpecker/test.yaml
@ -1,11 +1,12 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
-  event: push
+  event: [manual, push, pull_request]
  branch: main
-  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+  path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
-depends_on: [push]
+depends_on: [build]
 skip_clone: true
 matrix:
  PLATFORM: [amd64, arm64]
 labels:
@ -13,17 +14,25 @@ labels:
 steps:
-  kokuwa.io:
+  pr:
    image: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER
    pull: true
    commands: buildctl --version
    when:
      event: pull_request
  kokuwa.io: &version
    image: kokuwa.io/buildctl
    pull: true
    commands: buildctl --version
    when:
      event: [manual, push]
      branch: main
  docker.io:
    image: docker.io/kokuwaio/buildctl
-    pull: true
+    <<: *version
    commands: buildctl --version
  ghcr.io:
    image: ghcr.io/kokuwaio/buildctl
-    pull: true
+    <<: *version
    commands: buildctl --version
--- a/23
+++ b/23
@ -1,10 +1,27 @@
-FROM docker.io/library/bash:5.2.37@sha256:64defcbc5126c2d81122b4fb78a629a6d27068f0842c4a8302b8273415b12e30
+# ignore pipefail because
 # bash is non-default location https://github.com/tianon/docker-bash/issues/29
 # hadolint only uses default locations https://github.com/hadolint/hadolint/issues/977
 # hadolint global ignore=DL4006
 FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91
 SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 RUN ARCH=$(uname -m) && \
 	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
 	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
 	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
-	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | \
+	wget -q "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-$SUFFIX" --output-document=/usr/local/bin/jq && \
-	tar --gz --extract --directory=/usr/local bin/buildctl
+	chmod 555 /usr/local/bin/jq
 RUN ARCH=$(uname -m) && \
 	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
 	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
 	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
 	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | tar --gz --extract --directory=/usr/local bin/buildctl && \
 	chmod 555 /usr/local/bin/jq
 COPY --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 RUN mkdir -p /home/buildkit/.docker/ && echo '{}' > /home/buildkit/.docker/config.json && chown 1000:1000 /home/buildkit -R
 ENV HOME=/home/buildkit
 USER 1000:1000
--- a/36
+++ b/36
@ -2,7 +2,7 @@
                      EUROPEAN UNION PUBLIC LICENCE v. 1.2
                      EUPL © the European Union 2007, 2016
-This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined
+This European Union Public Licence (the 'EUPL') applies to the Work (as defined
 below) which is provided under the terms of this Licence. Any use of the Work,
 other than as authorised under this Licence is prohibited (to the extent such
 use is covered by a right of the copyright holder of the Work).
@ -19,36 +19,36 @@ or has expressed by any other means his willingness to license under the EUPL.
 In this Licence, the following terms have the following meaning:
- ‘The Licence’: this Licence.
+- 'The Licence': this Licence.
- ‘The Original Work’: the work or software distributed or communicated by the
+- 'The Original Work': the work or software distributed or communicated by the
  Licensor under this Licence, available as Source Code and also as Executable
  Code as the case may be.
- ‘Derivative Works’: the works or software that could be created by the
+- 'Derivative Works': the works or software that could be created by the
  Licensee, based upon the Original Work or modifications thereof. This Licence
  does not define the extent of modification or dependence on the Original Work
  required in order to classify a work as a Derivative Work; this extent is
  determined by copyright law applicable in the country mentioned in Article 15.
- ‘The Work’: the Original Work or its Derivative Works.
+- 'The Work': the Original Work or its Derivative Works.
- ‘The Source Code’: the human-readable form of the Work which is the most
+- 'The Source Code': the human-readable form of the Work which is the most
  convenient for people to study and modify.
- ‘The Executable Code’: any code which has generally been compiled and which is
+- 'The Executable Code': any code which has generally been compiled and which is
  meant to be interpreted by a computer as a program.
- ‘The Licensor’: the natural or legal person that distributes or communicates
+- 'The Licensor': the natural or legal person that distributes or communicates
  the Work under the Licence.
- ‘Contributor(s)’: any natural or legal person who modifies the Work under the
+- 'Contributor(s)': any natural or legal person who modifies the Work under the
  Licence, or otherwise contributes to the creation of a Derivative Work.
- ‘The Licensee’ or ‘You’: any natural or legal person who makes any usage of
+- 'The Licensee' or 'You': any natural or legal person who makes any usage of
  the Work under the terms of the Licence.
- ‘Distribution’ or ‘Communication’: any act of selling, giving, lending,
+- 'Distribution' or 'Communication': any act of selling, giving, lending,
  renting, distributing, communicating, transmitting, or otherwise making
  available, online or offline, copies of the Work or providing access to its
  essential functionalities at the disposal of any other natural or legal
@ -114,15 +114,15 @@ Copyleft clause: If the Licensee distributes or communicates copies of the
 Original Works or Derivative Works, this Distribution or Communication will be
 done under the terms of this Licence or of a later version of this Licence
 unless the Original Work is expressly distributed only under this version of the
-Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee
+Licence — for example by communicating 'EUPL v. 1.2 only'. The Licensee
 (becoming Licensor) cannot offer or impose any additional terms or conditions on
 the Work or Derivative Work that alter or restrict the terms of the Licence.
 Compatibility clause: If the Licensee Distributes or Communicates Derivative
 Works or copies thereof based upon both the Work and another work licensed under
 a Compatible Licence, this Distribution or Communication can be done under the
-terms of this Compatible Licence. For the sake of this clause, ‘Compatible
+terms of this Compatible Licence. For the sake of this clause, 'Compatible
-Licence’ refers to the licences listed in the appendix attached to this Licence.
+Licence' refers to the licences listed in the appendix attached to this Licence.
 Should the Licensee's obligations under the Compatible Licence conflict with
 his/her obligations under this Licence, the obligations of the Compatible
 Licence shall prevail.
@ -155,9 +155,9 @@ terms of this Licence.
 The Work is a work in progress, which is continuously improved by numerous
 Contributors. It is not a finished work and may therefore contain defects or
-‘bugs’ inherent to this type of development.
+'bugs' inherent to this type of development.
-For the above reason, the Work is provided under the Licence on an ‘as is’ basis
+For the above reason, the Work is provided under the Licence on an 'as is' basis
 and without warranties of any kind concerning the Work, including without
 limitation merchantability, fitness for a particular purpose, absence of defects
 or errors, accuracy, non-infringement of intellectual property rights other than
@ -189,7 +189,7 @@ the fact You have accepted any warranty or additional liability.
 10. Acceptance of the Licence
-The provisions of this Licence can be accepted by clicking on an icon ‘I agree’
+The provisions of this Licence can be accepted by clicking on an icon 'I agree'
 placed under the bottom of a window displaying the text of this Licence or by
 affirming consent in any other similar way, in accordance with the rules of
 applicable law. Clicking on that icon indicates your clear and irrevocable
@ -264,7 +264,7 @@ Without prejudice to specific agreement between parties,
 Appendix
-‘Compatible Licences’ according to Article 5 EUPL are:
+'Compatible Licences' according to Article 5 EUPL are:
 - GNU General Public License (GPL) v. 2, v. 3
 - GNU Affero General Public License (AGPL) v. 3
--- a/README.md
+++ b/README.md
@ -2,17 +2,17 @@
 [![pulls](https://img.shields.io/docker/pulls/kokuwaio/buildctl)](https://hub.docker.com/repository/docker/kokuwaio/buildctl)
 [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl)](https://hub.docker.com/repository/docker/kokuwaio/buildctl)
-[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://github.com/kokuwaio/buildctl/blob/main/Dockerfile)
+[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://git.kokuwa.io/woodpecker/buildctl/src/branch/main/Dockerfile)
-[![license](https://img.shields.io/github/license/kokuwaio/buildctl)](https://github.com/kokuwaio/buildctl/blob/main/LICENSE)
+[![license](https://img.shields.io/badge/License-EUPL%201.2-blue)](https://git.kokuwa.io/woodpecker/buildctl/src/branch/main/LICENSE)
-[![issues](https://img.shields.io/github/issues/kokuwaio/buildctl)](https://github.com/kokuwaio/buildctl/issues)
+[![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/pulls)
 [![issues](https://img.shields.io/gitea/issues/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/issues)
-A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit instance.
+A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit host.
 Also usable with Gitlab, Github or locally, see examples for usage.
 ## Features
- preconfigure buildctl parameters
+- preconfigured for [reproduceable builds](https://github.com/moby/buildkit/blob/master/docs/build-repro.md)
 - searches for yaml files recursive
 - runnable with local docker daemon
 ## Example
@ -23,13 +23,15 @@ Woodpecker:
 steps:
  buildctl:
    image: kokuwaio/buildctl
    depends_on: []
    settings:
-      no-warnings: true
+      name:
-      format: json
+        - registry.example.org/foo:latest
-    when:
+        - registry.example.org/foo:0.0.1
-      event: pull_request
+      annotation:
-      path: [.buildctl.yaml, "**/*.y*ml"]
+        org.opencontainers.image.title: My Image
        org.opencontainers.image.description: A description.
      platform: [linux/amd64, linux/arm64]
      auth: {from_secret: AUTH}
 ```
 Gitlab:
@ -40,34 +42,45 @@ buildctl:
  needs: []
  image: kokuwaio/buildctl
  variables:
-    PLUGIN_NO_WARNINGS: true
+    PLUGIN_ADDR: tcp://0.8.1.5:1234
-    PLUGIN_FORMAT: json
+    PLUGIN_NAME: registry.example.org/foo:latest,registry.example.org/foo:0.0.1
    PLUGIN_PLATFORM: linux/amd64,linux/arm64
    PLUGIN_AUTH: '{"auths":{"registry.example.org":{"auth":"changeMe}}}'
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      changes: [.buildctl.yaml, "**/*.y*ml"]
 ```
-CLI:
+CLI (will reuse docker credentials of current user):
 ```bash
-docker run --rm --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/buildctl --no-warnings --format=json
+PLUGIN_ADDR=tcp://0.8.1.5:1234
 PLUGIN_NAME=registry.example.org/foo:latest,registry.example.org/foo:0.0.1
 PLUGIN_PLATFORM=linux/amd64,linux/arm64
 docker run --rm --user=$(id -u) --volume=$HOME:$HOME:ro --workdir=$PWD --env=PLUGIN_ADDR --env=PLUGIN_NAME --env=PLUGIN_PLATFORM kokuwaio/buildctl
 ```
 ## Settings
-| Settings Name | Environment        | Default   | Description                                                          |
+| Settings Name       | Environment              | Default          | Description                                                                                     |
-| --------------| ------------------ | --------- | -------------------------------------------------------------------- |
+| ------------------- | ------------------------ | ---------------- | ----------------------------------------------------------------------------------------------- |
-| `config-file` | PLUGIN_CONFIG_FILE | `none`    | Configuration file to use, if none is configured [default](https://buildctl.readthedocs.io/en/stable/configuration.html) is used |
+| `addr`              | PLUGIN_ADDR              | `$BUILDKIT_HOST` | Buildkit host to use.                                                                           |
-| `strict`      | PLUGIN_STRICT      | `true`    | Fail on warnings                                                     |
+| `frontend`          | PLUGIN_FRONTEND          | `dockerfile.v0`  | Only dockerfile frontend supported right now                                                    |
-| `no-warnings` | PLUGIN_NO_WARNINGS | `false`   | Output only error level problems                                     |
+| `context`           | PLUGIN_CONTEXT           | `$PWD`           | Context directory to use for build                                                              |
-| `format`      | PLUGIN_FORMAT      | `colored` | Format for parsing output: parsable, standard, colored, github, auto |
+| `dockerfile`        | PLUGIN_DOCKERFILE        | `Dockerfile`     | Dockerfile to use.                                                                              |
 | `platform`          | PLUGIN_PLATFORM          | `none`           | Target platform for container image.                                                            |
 | `source-epoch-date` | PLUGIN_SOURCE_DATE_EPOCH | `0`              | Target platform for container image.                                                            |
 | `name`              | PLUGIN_NAME              | `none`           | Images names where to push the image.                                                           |
 | `annotation`        | PLUGIN_ANNOTATION        | `none`           | Annotations (also known as labels) to add to image                                              |
 | `auth`              | PLUGIN_AUTH              | `none`           | Auth for private registries, see [](https://github.com/moby/buildkit?tab=readme-ov-file#output) |
 | `push`              | PLUGIN_PUSH              | `true`           | Push images if output names are set.                                                            |
 ## Alternatives
-| Image                                                                               | Comment                           | amd64 | arm64 |
+| Image                                                           | Comment                           | amd64 | arm64 |
-| ----------------------------------------------------------------------------------- | --------------------------------- |:-----:|:-----:|
+| --------------------------------------------------------------- | --------------------------------- |:-----:|:-----:|
-| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl)                     | Woodpecker plugin                 | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) |
+| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin                 | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) |
-| [pipelinecomponents/buildctl](https://hub.docker.com/r/pipelinecomponents/buildctl) | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) |
+| [moby/buildkit](https://hub.docker.com/r/moby/buildkit)         | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=amd64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=arm64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) |
-| [giantswarm/buildctl](https://hub.docker.com/r/giantswarm/buildctl)                 | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) |
+| [nordseth/buildctl](https://hub.docker.com/r/nordseth/buildctl) | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) |
-| [cytopia/buildctl](https://hub.docker.com/r/sdesbure/buildctl)                      | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) |
+| [shopstic/buildctl](https://hub.docker.com/r/shopstic/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) |
-| [sdesbure/buildctl](https://hub.docker.com/r/sdesbure/buildctl)                     | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) |
+| [agisoft/buildctl](https://hub.docker.com/r/agisoft/buildctl)   | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) |
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,46 +1,58 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -eu;
 ##
 ## check input
 ##
 BUILDCTL_ADDR=${PLUGIN_ADDR:-${BUILDCTL_ADDR:-}}
 if [[ -z "${BUILDCTL_ADDR:-}" ]]; then
 	echo "Missing buildkit addr."
 	exit 1
 fi
 BUILDCTL_CONTEXT=${PLUGIN_CONTEXT:-$(pwd)}
-BUILDCTL_DOCKERFILE=$(dirname ${PLUGIN_DOCKERFILE:-$BUILDCTL_CONTEXT/Dockerfile})
+BUILDCTL_DOCKERFILE=$(dirname "${PLUGIN_DOCKERFILE:-$BUILDCTL_CONTEXT/Dockerfile}")
 if [[ ! -f $BUILDCTL_DOCKERFILE/Dockerfile ]]; then
 	echo "Dockerfile $BUILDCTL_DOCKERFILE/Dockerfile not found!"
 	exit 1
 fi
 BUILDCTL_FRONTEND=${PLUGIN_FRONTEND:-dockerfile.v0}
 if [[ "$BUILDCTL_FRONTEND" != "dockerfile.v0" ]]; then
 	echo "Only frontend 'dockerfile.v0' testet and supported yet."
 	exit 1
 fi
 SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-0}
 if [[ -n "${PLUGIN_AUTH:-}" ]]; then
 	echo "$PLUGIN_AUTH" | jq -r 'to_entries|map({(.key):{"auth":(.value.username+":"+.value.password)|@base64}})|add|{"auths":.}' > "$HOME/.docker/config.json"
 	echo "Stored credentials at $HOME/.docker/config.json"
 	echo
 fi
 ##
 ## build command
 ##
 COMMAND="buildctl"
 COMMAND="$COMMAND --addr $BUILDCTL_ADDR"
 COMMAND="$COMMAND build"
 if [[ -n "${PLUGIN_ADDR:-}" ]]; then
 	COMMAND="$COMMAND --addr $PLUGIN_ADDR"
 fi
 COMMAND="$COMMAND --frontend $BUILDCTL_FRONTEND"
 COMMAND="$COMMAND --local context='$BUILDCTL_CONTEXT'"
 COMMAND="$COMMAND --local dockerfile='$BUILDCTL_DOCKERFILE'"
 if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'"
 fi
 # https://github.com/moby/buildkit/blob/master/README.md#output
 if [[ ! -z "${PLUGIN_NAME:-}" ]]; then
 	COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAME,push=${PLUGIN_PUSH:-true}"
 fi
-# custom args, e.g. docker run --rm --volume=$(pwd):$(pwd) --workdir=$(pwd) --env=CI=test kokuwaio/buildkit --opt buildarg=foo=bar
+# https://github.com/moby/buildkit/blob/master/README.md#output
 OUTPUT=""
 if [[ -n "${PLUGIN_NAME:-}" ]]; then
 	OUTPUT="--output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true}"
 	OUTPUT="$OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9"
 	OUTPUT="$OUTPUT,rewrite-timestamp=true"
 	OUTPUT="$OUTPUT$(echo "$PLUGIN_ANNOTATION" | jq --join-output 'keys[] as $k|",annotation.\($k)=\"\(.[$k])\""')"
 fi
 COMMAND="$COMMAND $OUTPUT"
 # custom args, e.g. docker run --rm --volume=$HOME:HOME:ro --workdir=$PWD kokuwaio/buildkit --opt buildarg=foo=bar
 if [[ -n "${1:-}" ]]; then
 	COMMAND="$COMMAND $*"
 fi
@ -49,5 +61,21 @@ fi
 ## execute command
 ##
-echo -e "${COMMAND// --/\\n  --}\n"
+echo
 echo Reproduce with docker:
 echo
 echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH docker buildx build ${PLUGIN_CONTEXT:-.}"
 	echo "  --no-cache"
 if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	echo "  --platform='$PLUGIN_PLATFORM'"
 fi
 if [[ -n "${OUTPUT:-}" ]]; then
 	echo "  $OUTPUT"
 fi
 echo
 echo Running now:
 echo
 echo -e "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n  --}"
 echo
 eval "$COMMAND"
--- a/renovate.json
+++ b/renovate.json
@ -39,14 +39,23 @@
 	"customManagers": [
 		{
 			"customType": "regex",
-			"fileMatch": ["Dockerfile", ".woodpecker/build.yaml", ".woodpecker/push.yaml"],
+			"managerFilePatterns": ["Dockerfile", ".woodpecker/build.yaml"],
 			"matchStrings": [
-				"org.opencontainers.image.version=(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
+				"- registry.kokuwa.io/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
-				"SHELLCHECK_VERSION=(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
+				"- docker.io/kokuwaio/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
-				"kokuwaio/shellcheck:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)"
+				"- ghcr.io/kokuwaio/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
 				"org.opencontainers.image.version: (?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
 				"https://github.com/moby/buildkit/releases/download/(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)/buildkit-v[0-9]+\\.[0-9]+\\.[0-9]+.linux-$SUFFIX.tar.gz",
 				"https://github.com/moby/buildkit/releases/download/v[0-9]+\\.[0-9]+\\.[0-9]+/buildkit-(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+).linux-$SUFFIX.tar.gz"
 			],
 			"datasourceTemplate": "github-tags",
 			"packageNameTemplate": "moby/buildkit"
 		},{
 			"customType": "regex",
 			"managerFilePatterns": ["Dockerfile"],
 			"matchStrings": ["https://github.com/jqlang/jq/releases/download/(?<currentValue>jq-[0-9]+\\.[0-9]+\\.[0-9]+)/jq-linux-$SUFFIX"],
 			"datasourceTemplate": "github-tags",
 			"packageNameTemplate": "jqlang/jq"
 		}
 	]
-}
+