From bc68379c52e138afc338cc7a0b60c10295faa472 Mon Sep 17 00:00:00 2001
From: Stephan Schnabel <stephan@schnabel.org>
Date: Sat, 7 Jun 2025 21:57:10 +0200
Subject: [PATCH] a

---
 .woodpecker/build.yaml |  2 +-
 .woodpecker/test.yaml  | 20 ++++++++++++++------
 Dockerfile             | 17 +++++++++++------
 entrypoint.sh          | 40 ++++++++++++++++++++++------------------
 renovate.json          |  6 ++++++
 5 files changed, 54 insertions(+), 31 deletions(-)

diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml
index 955b091..7f1a88f 100644
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@@ -1,7 +1,7 @@
 when:
   instance: ci.kokuwa.io
   repo: woodpecker/buildctl
-  event: [manual, push]
+  event: [manual, push, pull_request]
   branch: main
   path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 
diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml
index 7ad0baa..b096834 100644
--- a/.woodpecker/test.yaml
+++ b/.woodpecker/test.yaml
@@ -1,7 +1,7 @@
 when:
   instance: ci.kokuwa.io
   repo: woodpecker/buildctl
-  event: [manual, push]
+  event: [manual, push, pull_request]
   branch: main
   path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 
@@ -14,17 +14,25 @@ labels:
 
 steps:
 
-  kokuwa.io:
+  pr:
+    image: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER
+    pull: true
+    commands: buildctl --version
+    when:
+      event: pull_request
+
+  kokuwa.io: &version
     image: kokuwa.io/buildctl
     pull: true
     commands: buildctl --version
+    when:
+      event: [manual, push]
+      branch: main
 
   docker.io:
     image: docker.io/kokuwaio/buildctl
-    pull: true
-    commands: buildctl --version
+    <<: *version
 
   ghcr.io:
     image: ghcr.io/kokuwaio/buildctl
-    pull: true
-    commands: buildctl --version
+    <<: *version
diff --git a/Dockerfile b/Dockerfile
index 537c5e1..f2c6b77 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,21 @@
-FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91
-SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 # ignore pipefail because
 # bash is non-default location https://github.com/tianon/docker-bash/issues/29
 # hadolint only uses default locations https://github.com/hadolint/hadolint/issues/977
-# hadolint ignore=DL4006
+# hadolint global ignore=DL4006
+FROM docker.io/library/bash:5.2.37@sha256:01a15c6f48f6a3c08431cd77e11567823530b18159889dca3b7309b707beef91
+SHELL ["/usr/local/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
 RUN ARCH=$(uname -m) && \
 	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
 	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
 	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
-	set -o pipefail && \
-	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | \
-	tar --gz --extract --directory=/usr/local bin/buildctl
+	wget -q "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-$SUFFIX" --output-document=/usr/local/bin/jq && \
+	chmod 555 /usr/local/bin/jq
+RUN ARCH=$(uname -m) && \
+	[[ $ARCH == x86_64 ]] && export SUFFIX=amd64; \
+	[[ $ARCH == aarch64 ]] && export SUFFIX=arm64; \
+	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
+	wget -q "https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-$SUFFIX.tar.gz" --output-document=- | tar --gz --extract --directory=/usr/local bin/buildctl && \
+	chmod 555 /usr/local/bin/jq
 COPY --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 USER 1000:1000
diff --git a/entrypoint.sh b/entrypoint.sh
index 49776d0..3528e05 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,8 +1,5 @@
 #!/usr/bin/env bash
 set -eu;
-env | sort | grep PLUGIN
-echo $PLUGIN_AUTH | base64 -w0
-
 
 ##
 ## check input
@@ -25,9 +22,10 @@ SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-0}
 
 if [[ -n "${PLUGIN_AUTH:-}" ]]; then
 	DOCKER_CONFIG=${DOCKER_CONFIG:-$PWD}
-	mkdir -p $DOCKER_CONFIG
-	echo $PLUGIN_AUTH > $DOCKER_CONFIG/config.json
-	echo Stored credentials at $DOCKER_CONFIG/config.json
+	mkdir -p "$DOCKER_CONFIG"
+	echo "$PLUGIN_AUTH" > "$DOCKER_CONFIG/config.json"
+	echo Stored credentials at "$DOCKER_CONFIG/config.json"
+	echo
 fi
 
 ##
@@ -46,17 +44,14 @@ if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'"
 fi
 # https://github.com/moby/buildkit/blob/master/README.md#output
-OUTPUT=""
+BUILDCTL_OUTPUT=""
 if [[ -n "${PLUGIN_NAME:-}" ]]; then
-	OUTPUT="$OUTPUT --output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true},oci-mediatypes=true,oci-artifact=true,compression=estargz"
-	OUTPUT="$OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9"
-	OUTPUT="$OUTPUT,rewrite-timestamp=true"
-	export IFS=";"
-	for PLUGIN_ANNOTATION_ITEM in "${PLUGIN_ANNOTATION:-}"; do
-		OUTPUT="$OUTPUT,annotation.$PLUGIN_ANNOTATION_ITEM"
-	done
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT --output type=image,\"name=$PLUGIN_NAME\",push=${PLUGIN_PUSH:-true}"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT,oci-mediatypes=true,oci-artifact=true,compression=estargz,compression-level=9"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT,rewrite-timestamp=true"
+	BUILDCTL_OUTPUT="$BUILDCTL_OUTPUT$(echo "$PLUGIN_ANNOTATION" | jq --join-output 'keys[] as $k|",annotation.\($k)=\"\(.[$k])\""')"
 fi
-COMMAND="$COMMAND $OUTPUT"
+COMMAND="$COMMAND $BUILDCTL_OUTPUT"
 
 # custom args, e.g. docker run --rm --volume=$HOME:HOME:ro --workdir=$PWD kokuwaio/buildkit --opt buildarg=foo=bar
 if [[ -n "${1:-}" ]]; then
@@ -67,12 +62,21 @@ fi
 ## execute command
 ##
 
+echo
+echo Reproduce with docker:
+echo
 echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH docker buildx build ${PLUGIN_CONTEXT:-.}"
+	echo "  --no-cache"
 if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	echo "  --platform='$PLUGIN_PLATFORM'"
-	echo "  $OUTPUT"
 fi
-
-echo -e "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n  --}\n"
+if [[ -n "${PLUGIN_ADDR:-}" ]]; then
+	echo "  $BUILDCTL_OUTPUT"
+fi
+echo
+echo Running now:
+echo
+echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH ${COMMAND// --/\\n  --}"
+echo
 eval "$COMMAND"
 echo 1
diff --git a/renovate.json b/renovate.json
index 721919f..5fad364 100644
--- a/renovate.json
+++ b/renovate.json
@@ -50,6 +50,12 @@
 			],
 			"datasourceTemplate": "github-tags",
 			"packageNameTemplate": "moby/buildkit"
+		},{
+			"customType": "regex",
+			"managerFilePatterns": ["Dockerfile", ".woodpecker/build.yaml"],
+			"matchStrings": ["https://github.com/jqlang/jq/releases/download/(?<currentValue>jq-[0-9]+\\.[0-9]+\\.[0-9]+)/jq-linux-$SUFFIX"],
+			"datasourceTemplate": "github-tags",
+			"packageNameTemplate": "qlang/jq"
 		}
 	]
 }