a

2025-06-07 21:57:10 +02:00 · 2025-06-07 21:57:10 +02:00 · 0537f521fd
commit 0537f521fd
parent 5de9ffb979
4 changed files with 38 additions and 25 deletions
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@ -1,7 +1,7 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
-  event: [manual, push]
+  event: [manual, push, pull_request]
  branch: main
  path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]

--- a/15
+++ b/15
@ -1,16 +1,19 @@
-FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91
-SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 # ignore pipefail because
 # bash is non-default location https://github.com/tianon/docker-bash/issues/29
 # hadolint only uses default locations https://github.com/hadolint/hadolint/issues/977
-# hadolint ignore=DL4006
+# hadolint global ignore=DL4006
+FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91
+SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 RUN ARCH=$(uname -m) && \
 	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
 	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
 	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
-	set -o pipefail && \
-	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | \
-	tar --gz --extract --directory=/usr/local bin/buildctl
+	wget -q "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-$SUFFIX" --output-document=/usr/local/bin/jq
+RUN ARCH=$(uname -m) && \
+	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
+	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
+	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
+	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | tar --gz --extract --directory=/usr/local bin/buildctl
 COPY --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 USER 1000:1000
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,8 +1,5 @@
 #!/usr/bin/env bash
 set -eu;
-env | sort | grep PLUGIN
-echo $PLUGIN_AUTH | base64 -w0
-

 ##
 ## check input
@ -25,9 +22,10 @@ SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-0}

 if [[ -n "${PLUGIN_AUTH:-}" ]]; then
 	DOCKER_CONFIG=${DOCKER_CONFIG:-$PWD}
-	mkdir -p $DOCKER_CONFIG
-	echo $PLUGIN_AUTH > $DOCKER_CONFIG/config.json
-	echo Stored credentials at $DOCKER_CONFIG/config.json
+	mkdir -p "$DOCKER_CONFIG"
+	echo "$PLUGIN_AUTH" > "$DOCKER_CONFIG/config.json"
+	echo Stored credentials at "$DOCKER_CONFIG/config.json"
+	echo
 fi

 ##
@ -46,17 +44,14 @@ if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'"
 fi
 # https://github.com/moby/buildkit/blob/master/README.md#output
-OUTPUT=""
+BUILDCTL_OUTPUT=""
 if [[ -n "${PLUGIN_NAME:-}" ]]; then
-	OUTPUT="$OUTPUT --output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true},oci-mediatypes=true,oci-artifact=true,compression=estargz"
-	OUTPUT="$OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9"
-	OUTPUT="$OUTPUT,rewrite-timestamp=true"
-	export IFS=";"
-	for PLUGIN_ANNOTATION_ITEM in "${PLUGIN_ANNOTATION:-}"; do
-		OUTPUT="$OUTPUT,annotation.$PLUGIN_ANNOTATION_ITEM"
-	done
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT --output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true}"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT,rewrite-timestamp=true"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT$(echo "$PLUGIN_ANNOTATION" | jq --join-output 'keys[] as $k|",annotation.\($k)=\"\(.[$k])\""')"
 fi
-COMMAND="$COMMAND $OUTPUT"
+COMMAND="$COMMAND $BUILDCTL_OUTPUT"

 # custom args, e.g. docker run --rm --volume=$HOME:HOME:ro --workdir=$PWD kokuwaio/buildkit --opt buildarg=foo=bar
 if [[ -n "${1:-}" ]]; then
@ -67,12 +62,21 @@ fi
 ## execute command
 ##

+echo
+echo Reproduce with docker:
+echo
 echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH docker buildx build ${PLUGIN_CONTEXT:-.}"
+	echo "  --no-cache"
 if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	echo "  --platform='$PLUGIN_PLATFORM'"
-	echo "  $OUTPUT"
 fi
-
-echo -e "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n  --}\n"
+if [[ -n "${PLUGIN_ADDR:-}" ]]; then
+	echo "  $BUILDCTL_OUTPUT"
+fi
+echo
+echo Running now:
+echo
+echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n  --}"
+echo
 eval "$COMMAND"
 echo 1
--- a/renovate.json
+++ b/renovate.json
@ -50,6 +50,12 @@
 			],
 			"datasourceTemplate": "github-tags",
 			"packageNameTemplate": "moby/buildkit"
+		},{
+			"customType": "regex",
+			"managerFilePatterns": ["Dockerfile", ".woodpecker/build.yaml"],
+			"matchStrings": ["https://github.com/jqlang/jq/releases/download/(?<currentValue>jq-[0-9]+\\.[0-9]+\\.[0-9]+)/jq-linux-$SUFFIX"],
+			"datasourceTemplate": "github-tags",
+			"packageNameTemplate": "qlang/jq"
 		}
 	]
 }