From db4412c87642c90090465b9f43f4366df441f8cc Mon Sep 17 00:00:00 2001 From: Stephan Schnabel Date: Sat, 7 Jun 2025 16:55:01 +0200 Subject: [PATCH] 1 --- .hadolint.yaml | 7 ----- .justfile | 2 +- .woodpecker/build.yaml | 39 ++++++++++++++++++----- .woodpecker/dockerhub.yaml | 2 +- .woodpecker/lint.yaml | 2 +- .woodpecker/push.yaml | 32 ------------------- .woodpecker/test.yaml | 5 +-- README.md | 63 +++++++++++++++++++++++--------------- entrypoint.sh | 11 ++++--- renovate.json | 11 ++++--- 10 files changed, 89 insertions(+), 85 deletions(-) delete mode 100644 .hadolint.yaml delete mode 100644 .woodpecker/push.yaml diff --git a/.hadolint.yaml b/.hadolint.yaml deleted file mode 100644 index d4b1790..0000000 --- a/.hadolint.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# https://github.com/hadolint/hadolint#configure -failure-threshold: style -strict-labels: true -disable-ignore-pragma: true -ignored: -# - DL3008 # Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =` -trustedRegistries: [docker.io] diff --git a/.justfile b/.justfile index b4f9e01..c7e2eab 100644 --- a/.justfile +++ b/.justfile @@ -20,7 +20,7 @@ # Inspect image with docker. [group('image')] -@inspect: +@inspect: build docker image inspect kokuwaio/buildctl # Inspect image layers with `dive`. diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml index d5f1b2f..376dce8 100644 --- a/.woodpecker/build.yaml +++ b/.woodpecker/build.yaml @@ -1,20 +1,43 @@ when: + instance: ci.kokuwa.io + repo: woodpecker/buildctl event: [manual, push, pull_request] branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] steps: build: - image: kokuwaio/buildctl - settings: - name: registry.kokuwa.io/yamllint:$CI_PIPELINE_NUMBER - annotations: - org.opencontainers.image.title: Yamllint Plugin" + image: kokuwaio/buildctl:v0.21.0 + settings: &settings + name: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER + auth1: {from_secret: AUTH} + platform: [linux/amd64, linux/arm64] + annotation: + org.opencontainers.image.title: Buildctl Plugin org.opencontainers.image.description: A Woodpecker CI plugin for yamllint to lint yaml files. org.opencontainers.image.url: $CI_REPO_URL - org.opencontainers.image.documentation: $CI_REPO_URL + org.opencontainers.image.documentation: $CI_REPO_URL/README.md org.opencontainers.image.source: $CI_REPO_CLONE_URL + org.opencontainers.image.revision: $CI_COMMIT_SHA org.opencontainers.image.vendor: kokuwa.io - org.opencontainers.image.licenses: GPL-3.0-or-later + org.opencontainers.image.licenses: EUPL-1.2 + org.opencontainers.image.ref.name: kokuwaio/buildctl org.opencontainers.image.version: v0.21.0 + when: + event: pull_request + + push: + image: kokuwaio/buildctl:v0.21.0 + settings: + <<: *settings + names: + - registry.kokuwa.io/buildctl:latest + - registry.kokuwa.io/buildctl:v0.21.0 + - docker.io/kokuwaio/buildctl:latest + - docker.io/kokuwaio/buildctl:v0.21.0 + - ghcr.io/kokuwaio/buildctl:latest + - ghcr.io/kokuwaio/buildctl:v0.21.0 + when: + event: [manual, push] + branch: main diff --git a/.woodpecker/dockerhub.yaml b/.woodpecker/dockerhub.yaml index b1fa76b..1e6095a 100644 --- a/.woodpecker/dockerhub.yaml +++ b/.woodpecker/dockerhub.yaml @@ -3,7 +3,7 @@ when: repo: woodpecker/buildctl event: push branch: main - path: README.md + path: [.woodpecker/dockerhub.yaml, README.md] steps: diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml index 8a70dee..7f9a83e 100644 --- a/.woodpecker/lint.yaml +++ b/.woodpecker/lint.yaml @@ -23,7 +23,7 @@ steps: dockerfile: image: kokuwaio/hadolint depends_on: [] - when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]] + when: [path: [.woodpecker/lint.yaml, "**/Dockerfile"]] shellcheck: image: kokuwaio/shellcheck diff --git a/.woodpecker/push.yaml b/.woodpecker/push.yaml deleted file mode 100644 index 7e2a14f..0000000 --- a/.woodpecker/push.yaml +++ /dev/null @@ -1,32 +0,0 @@ -when: - instance: ci.kokuwa.io - repo: woodpecker/buildctl - event: push - branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] - -depends_on: [build] -skip_clone: true - -steps: - - docker.io: &push - image: quay.io/skopeo/stable:v1.19.0 - depends_on: [manifest] - commands: - - echo "$AUTH" > /tmp/auth.json - - skopeo copy --all --preserve-digests --dest-precompute-digests - docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER - docker://$URL/kokuwaio/yamllint:1.37.0 - - skopeo copy --all --preserve-digests --dest-precompute-digests - docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER - docker://$URL/kokuwaio/yamllint:latest - environment: - URL: docker.io - AUTH: {from_secret: DOCKER_IO_AUTH} - - ghcr.io: - <<: *push - environment: - URL: ghcr.io - AUTH: {from_secret: GHCR_IO_AUTH} diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml index 92806a6..ea05575 100644 --- a/.woodpecker/test.yaml +++ b/.woodpecker/test.yaml @@ -3,9 +3,10 @@ when: repo: woodpecker/buildctl event: push branch: main - path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] -depends_on: [push] +depends_on: [build] +skip_clone: true matrix: PLATFORM: [amd64, arm64] labels: diff --git a/README.md b/README.md index 36bcae2..3e37a61 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,12 @@ [![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/pulls) [![issues](https://img.shields.io/gitea/issues/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/issues) -A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit instance. +A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit host. Also usable with Gitlab, Github or locally, see examples for usage. ## Features -- preconfigure buildctl parameters +- preconfigured for [reproduceable builds](https://github.com/moby/buildkit/blob/master/docs/build-repro.md) - runnable with local docker daemon ## Example @@ -23,13 +23,15 @@ Woodpecker: steps: buildctl: image: kokuwaio/buildctl - depends_on: [] settings: - no-warnings: true - format: json - when: - event: pull_request - path: [.buildctl.yaml, "**/*.y*ml"] + name: + - registry.example.org/foo:latest + - registry.example.org/foo:0.0.1 + annotation: + org.opencontainers.image.title: My Image + org.opencontainers.image.description: A description. + platform: [linux/amd64, linux/arm64] + auth: {from_secret: AUTH} ``` Gitlab: @@ -40,34 +42,45 @@ buildctl: needs: [] image: kokuwaio/buildctl variables: - PLUGIN_NO_WARNINGS: true - PLUGIN_FORMAT: json + PLUGIN_ADDR: tcp://0.8.1.5:1234 + PLUGIN_NAME: registry.example.org/foo:latest,registry.example.org/foo:0.0.1 + PLUGIN_PLATFORM: linux/amd64,linux/arm64 + PLUGIN_AUTH: '{"auths":{"registry.example.org":{"auth":"changeMe}}}' rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" changes: [.buildctl.yaml, "**/*.y*ml"] ``` -CLI: +CLI (will reuse docker credentials of current user): ```bash -docker run --rm --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/buildctl --no-warnings --format=json +PLUGIN_ADDR=tcp://0.8.1.5:1234 +PLUGIN_NAME=registry.example.org/foo:latest,registry.example.org/foo:0.0.1 +PLUGIN_PLATFORM=linux/amd64,linux/arm64 +docker run --rm --user=$(id -u) --volume=$HOME:$HOME:ro --workdir=$PWD --env=PLUGIN_ADDR --env=PLUGIN_NAME --env=PLUGIN_PLATFORM kokuwaio/buildctl ``` ## Settings -| Settings Name | Environment | Default | Description | -| --------------| ------------------ | --------- | -------------------------------------------------------------------- | -| `config-file` | PLUGIN_CONFIG_FILE | `none` | Configuration file to use, if none is configured [default](https://buildctl.readthedocs.io/en/stable/configuration.html) is used | -| `strict` | PLUGIN_STRICT | `true` | Fail on warnings | -| `no-warnings` | PLUGIN_NO_WARNINGS | `false` | Output only error level problems | -| `format` | PLUGIN_FORMAT | `colored` | Format for parsing output: parsable, standard, colored, github, auto | +| Settings Name | Environment | Default | Description | +| ------------------- | ------------------------ | ---------------- | ----------------------------------------------------------------------------------------------- | +| `addr` | PLUGIN_ADDR | `$BUILDKIT_HOST` | Buildkit host to use. | +| `frontend` | PLUGIN_FRONTEND | `dockerfile.v0` | Only dockerfile frontend supported right now | +| `context` | PLUGIN_CONTEXT | `$PWD` | Context directory to use for build | +| `dockerfile` | PLUGIN_DOCKERFILE | `Dockerfile` | Dockerfile to use. | +| `platform` | PLUGIN_PLATFORM | `none` | Target platform for container image. | +| `source-epoch-date` | PLUGIN_SOURCE_DATE_EPOCH | `0` | Target platform for container image. | +| `name` | PLUGIN_NAME | `none` | Images names where to push the image. | +| `annotation` | PLUGIN_ANNOTATION | `none` | Annotations (also known as labels) to add to image | +| `auth` | PLUGIN_AUTH | `none` | Auth for private registries, see [](https://github.com/moby/buildkit?tab=readme-ov-file#output) | +| `push` | PLUGIN_PUSH | `true` | Push images if output names are set. | ## Alternatives -| Image | Comment | amd64 | arm64 | -| ----------------------------------------------------------------------------------- | --------------------------------- |:-----:|:-----:| -| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | -| [pipelinecomponents/buildctl](https://hub.docker.com/r/pipelinecomponents/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | -| [giantswarm/buildctl](https://hub.docker.com/r/giantswarm/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | -| [cytopia/buildctl](https://hub.docker.com/r/sdesbure/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | -| [sdesbure/buildctl](https://hub.docker.com/r/sdesbure/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | +| Image | Comment | amd64 | arm64 | +| --------------------------------------------------------------- | --------------------------------- |:-----:|:-----:| +| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | +| [moby/buildkit](https://hub.docker.com/r/moby/buildkit) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=amd64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=arm64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | +| [nordseth/buildctl](https://hub.docker.com/r/nordseth/buildctl) | not a Woodpecker plugin | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | +| [shopstic/buildctl](https://hub.docker.com/r/shopstic/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | +| [agisoft/buildctl](https://hub.docker.com/r/agisoft/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | diff --git a/entrypoint.sh b/entrypoint.sh index 10c0739..bd7ffdc 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,11 +1,12 @@ #!/bin/bash -set -eu; +set -exu; +env | sort | grep -v DRONE ## ## check input ## -BUILDCTL_ADDR=${PLUGIN_ADDR:-${BUILDCTL_ADDR:-}} +BUILDKIT_HOST=${PLUGIN_ADDR:-${BUILDKIT_HOST:-}} if [[ -z "${BUILDCTL_ADDR:-}" ]]; then echo "Missing buildkit addr." exit 1 @@ -22,6 +23,8 @@ if [[ "$BUILDCTL_FRONTEND" != "dockerfile.v0" ]]; then exit 1 fi +SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-${SOURCE_DATE_EPOCH:-0}} + ## ## build command ## @@ -36,8 +39,8 @@ if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'" fi # https://github.com/moby/buildkit/blob/master/README.md#output -if [[ ! -z "${PLUGIN_NAME:-}" ]]; then - COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAME,push=${PLUGIN_PUSH:-true}" +if [[ ! -z "${PLUGIN_NAMES:-}" ]]; then + COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAMES,push=${PLUGIN_PUSH:-true}" fi # custom args, e.g. docker run --rm --volume=$(pwd):$(pwd) --workdir=$(pwd) --env=CI=test kokuwaio/buildkit --opt buildarg=foo=bar diff --git a/renovate.json b/renovate.json index 91aa873..4a73a51 100644 --- a/renovate.json +++ b/renovate.json @@ -39,11 +39,14 @@ "customManagers": [ { "customType": "regex", - "fileMatch": ["Dockerfile", ".woodpecker/build.yaml", ".woodpecker/push.yaml"], + "fileMatch": ["Dockerfile", ".woodpecker/build.yaml"], "matchStrings": [ - "org.opencontainers.image.version=(?v[0-9]+\\.[0-9]+\\.[0-9]+)", - "SHELLCHECK_VERSION=(?v[0-9]+\\.[0-9]+\\.[0-9]+)", - "kokuwaio/shellcheck:(?v[0-9]+\\.[0-9]+\\.[0-9]+)" + "https://github.com/moby/buildkit/releases/download/(?v[0-9]+\\.[0-9]+\\.[0-9]+)/buildkit-", + "/buildkit-(?v[0-9]+\\.[0-9]+\\.[0-9]+)\\.linux-", + "registry.kokuwa.io/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "docker.io/kokuwaio/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "ghcr.io/kokuwaio/buildctl:(?v[0-9]+\\.[0-9]+\\.[0-9]+)", + "org.opencontainers.image.version: (?v[0-9]+\\.[0-9]+\\.[0-9]+)" ], "datasourceTemplate": "github-tags", "packageNameTemplate": "moby/buildkit"