1

2025-06-07 16:55:01 +02:00 · 2025-06-07 16:55:01 +02:00 · db4412c876
commit db4412c876
parent f09b6486f9
10 changed files with 89 additions and 85 deletions
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@ -1,7 +0,0 @@
 # https://github.com/hadolint/hadolint#configure
 failure-threshold: style
 strict-labels: true
 disable-ignore-pragma: true
 ignored:
 #  - DL3008  # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
 trustedRegistries: [docker.io]
--- a/.justfile
+++ b/.justfile
@ -20,7 +20,7 @@
 # Inspect image with docker.
 [group('image')]
-@inspect:
+@inspect: build
 	docker image inspect kokuwaio/buildctl
 # Inspect image layers with `dive`.
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@ -1,20 +1,43 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
  event: [manual, push, pull_request]
  branch: main
-  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+  path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 steps:
  build:
-    image: kokuwaio/buildctl
+    image: kokuwaio/buildctl:v0.21.0
-    settings:
+    settings: &settings
-      name: registry.kokuwa.io/yamllint:$CI_PIPELINE_NUMBER
+      name: registry.kokuwa.io/buildctl:$CI_PIPELINE_NUMBER
-      annotations:
+      auth1: {from_secret: AUTH}
-        org.opencontainers.image.title: Yamllint Plugin"
+      platform: [linux/amd64, linux/arm64]
      annotation:
        org.opencontainers.image.title: Buildctl Plugin
        org.opencontainers.image.description: A Woodpecker CI plugin for yamllint to lint yaml files.
        org.opencontainers.image.url: $CI_REPO_URL
-        org.opencontainers.image.documentation: $CI_REPO_URL
+        org.opencontainers.image.documentation: $CI_REPO_URL/README.md
        org.opencontainers.image.source: $CI_REPO_CLONE_URL
        org.opencontainers.image.revision: $CI_COMMIT_SHA
        org.opencontainers.image.vendor: kokuwa.io
-        org.opencontainers.image.licenses: GPL-3.0-or-later
+        org.opencontainers.image.licenses: EUPL-1.2
        org.opencontainers.image.ref.name: kokuwaio/buildctl
        org.opencontainers.image.version: v0.21.0
    when:
      event: pull_request
  push:
    image: kokuwaio/buildctl:v0.21.0
    settings:
      <<: *settings
      names:
        - registry.kokuwa.io/buildctl:latest
        - registry.kokuwa.io/buildctl:v0.21.0
        - docker.io/kokuwaio/buildctl:latest
        - docker.io/kokuwaio/buildctl:v0.21.0
        - ghcr.io/kokuwaio/buildctl:latest
        - ghcr.io/kokuwaio/buildctl:v0.21.0
    when:
      event: [manual, push]
      branch: main
--- a/.woodpecker/dockerhub.yaml
+++ b/.woodpecker/dockerhub.yaml
@ -3,7 +3,7 @@ when:
  repo: woodpecker/buildctl
  event: push
  branch: main
-  path: README.md
+  path: [.woodpecker/dockerhub.yaml, README.md]
 steps:
--- a/.woodpecker/lint.yaml
+++ b/.woodpecker/lint.yaml
@ -23,7 +23,7 @@ steps:
  dockerfile:
    image: kokuwaio/hadolint
    depends_on: []
-    when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]]
+    when: [path: [.woodpecker/lint.yaml, "**/Dockerfile"]]
  shellcheck:
    image: kokuwaio/shellcheck
--- a/.woodpecker/push.yaml
+++ b/.woodpecker/push.yaml
@ -1,32 +0,0 @@
 when:
  instance: ci.kokuwa.io
  repo: woodpecker/buildctl
  event: push
  branch: main
  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
 depends_on: [build]
 skip_clone: true
 steps:
  docker.io: &push
    image: quay.io/skopeo/stable:v1.19.0
    depends_on: [manifest]
    commands:
      - echo "$AUTH" > /tmp/auth.json
      - skopeo copy --all --preserve-digests --dest-precompute-digests
          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
          docker://$URL/kokuwaio/yamllint:1.37.0
      - skopeo copy --all --preserve-digests --dest-precompute-digests
          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
          docker://$URL/kokuwaio/yamllint:latest
    environment:
      URL: docker.io
      AUTH: {from_secret: DOCKER_IO_AUTH}
  ghcr.io:
    <<: *push
    environment:
      URL: ghcr.io
      AUTH: {from_secret: GHCR_IO_AUTH}
--- a/.woodpecker/test.yaml
+++ b/.woodpecker/test.yaml
@ -3,9 +3,10 @@ when:
  repo: woodpecker/buildctl
  event: push
  branch: main
-  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+  path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
-depends_on: [push]
+depends_on: [build]
 skip_clone: true
 matrix:
  PLATFORM: [amd64, arm64]
 labels:
--- a/README.md
+++ b/README.md
@ -7,12 +7,12 @@
 [![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/pulls)
 [![issues](https://img.shields.io/gitea/issues/open/woodpecker/buildctl?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/buildctl/issues)
-A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit instance.
+A [Woodpecker CI](https://woodpecker-ci.org) plugin for [buildctl](https://github.com/moby/buildkit) to build container images using a remote buildkit host.
 Also usable with Gitlab, Github or locally, see examples for usage.
 ## Features
- preconfigure buildctl parameters
+- preconfigured for [reproduceable builds](https://github.com/moby/buildkit/blob/master/docs/build-repro.md)
 - runnable with local docker daemon
 ## Example
@ -23,13 +23,15 @@ Woodpecker:
 steps:
  buildctl:
    image: kokuwaio/buildctl
    depends_on: []
    settings:
-      no-warnings: true
+      name:
-      format: json
+        - registry.example.org/foo:latest
-    when:
+        - registry.example.org/foo:0.0.1
-      event: pull_request
+      annotation:
-      path: [.buildctl.yaml, "**/*.y*ml"]
+        org.opencontainers.image.title: My Image
        org.opencontainers.image.description: A description.
      platform: [linux/amd64, linux/arm64]
      auth: {from_secret: AUTH}
 ```
 Gitlab:
@ -40,34 +42,45 @@ buildctl:
  needs: []
  image: kokuwaio/buildctl
  variables:
-    PLUGIN_NO_WARNINGS: true
+    PLUGIN_ADDR: tcp://0.8.1.5:1234
-    PLUGIN_FORMAT: json
+    PLUGIN_NAME: registry.example.org/foo:latest,registry.example.org/foo:0.0.1
    PLUGIN_PLATFORM: linux/amd64,linux/arm64
    PLUGIN_AUTH: '{"auths":{"registry.example.org":{"auth":"changeMe}}}'
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      changes: [.buildctl.yaml, "**/*.y*ml"]
 ```
-CLI:
+CLI (will reuse docker credentials of current user):
 ```bash
-docker run --rm --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/buildctl --no-warnings --format=json
+PLUGIN_ADDR=tcp://0.8.1.5:1234
 PLUGIN_NAME=registry.example.org/foo:latest,registry.example.org/foo:0.0.1
 PLUGIN_PLATFORM=linux/amd64,linux/arm64
 docker run --rm --user=$(id -u) --volume=$HOME:$HOME:ro --workdir=$PWD --env=PLUGIN_ADDR --env=PLUGIN_NAME --env=PLUGIN_PLATFORM kokuwaio/buildctl
 ```
 ## Settings
-| Settings Name | Environment        | Default   | Description                                                          |
+| Settings Name       | Environment              | Default          | Description                                                                                     |
-| --------------| ------------------ | --------- | -------------------------------------------------------------------- |
+| ------------------- | ------------------------ | ---------------- | ----------------------------------------------------------------------------------------------- |
-| `config-file` | PLUGIN_CONFIG_FILE | `none`    | Configuration file to use, if none is configured [default](https://buildctl.readthedocs.io/en/stable/configuration.html) is used |
+| `addr`              | PLUGIN_ADDR              | `$BUILDKIT_HOST` | Buildkit host to use.                                                                           |
-| `strict`      | PLUGIN_STRICT      | `true`    | Fail on warnings                                                     |
+| `frontend`          | PLUGIN_FRONTEND          | `dockerfile.v0`  | Only dockerfile frontend supported right now                                                    |
-| `no-warnings` | PLUGIN_NO_WARNINGS | `false`   | Output only error level problems                                     |
+| `context`           | PLUGIN_CONTEXT           | `$PWD`           | Context directory to use for build                                                              |
-| `format`      | PLUGIN_FORMAT      | `colored` | Format for parsing output: parsable, standard, colored, github, auto |
+| `dockerfile`        | PLUGIN_DOCKERFILE        | `Dockerfile`     | Dockerfile to use.                                                                              |
 | `platform`          | PLUGIN_PLATFORM          | `none`           | Target platform for container image.                                                            |
 | `source-epoch-date` | PLUGIN_SOURCE_DATE_EPOCH | `0`              | Target platform for container image.                                                            |
 | `name`              | PLUGIN_NAME              | `none`           | Images names where to push the image.                                                           |
 | `annotation`        | PLUGIN_ANNOTATION        | `none`           | Annotations (also known as labels) to add to image                                              |
 | `auth`              | PLUGIN_AUTH              | `none`           | Auth for private registries, see [](https://github.com/moby/buildkit?tab=readme-ov-file#output) |
 | `push`              | PLUGIN_PUSH              | `true`           | Push images if output names are set.                                                            |
 ## Alternatives
-| Image                                                                               | Comment                           | amd64 | arm64 |
+| Image                                                           | Comment                           | amd64 | arm64 |
-| ----------------------------------------------------------------------------------- | --------------------------------- |:-----:|:-----:|
+| --------------------------------------------------------------- | --------------------------------- |:-----:|:-----:|
-| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl)                     | Woodpecker plugin                 | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) |
+| [kokuwaio/buildctl](https://hub.docker.com/r/kokuwaio/buildctl) | Woodpecker plugin                 | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) | [![size](https://img.shields.io/docker/image-size/kokuwaio/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/kokuwaio/buildctl) |
-| [pipelinecomponents/buildctl](https://hub.docker.com/r/pipelinecomponents/buildctl) | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) | [![size](https://img.shields.io/docker/image-size/pipelinecomponents/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/pipelinecomponents/buildctl) |
+| [moby/buildkit](https://hub.docker.com/r/moby/buildkit)         | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=amd64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) | [![size](https://img.shields.io/docker/image-size/moby/buildkit?arch=arm64&label=)](https://hub.docker.com/repository/docker/moby/buildkit) |
-| [giantswarm/buildctl](https://hub.docker.com/r/giantswarm/buildctl)                 | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) | [![size](https://img.shields.io/docker/image-size/giantswarm/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/giantswarm/buildctl) |
+| [nordseth/buildctl](https://hub.docker.com/r/nordseth/buildctl) | not a Woodpecker plugin           | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) | [![size](https://img.shields.io/docker/image-size/nordseth/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/nordseth/buildctl) |
-| [cytopia/buildctl](https://hub.docker.com/r/sdesbure/buildctl)                      | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) | [![size](https://img.shields.io/docker/image-size/cytopia/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/cytopia/buildctl) |
+| [shopstic/buildctl](https://hub.docker.com/r/shopstic/buildctl) | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) | [![size](https://img.shields.io/docker/image-size/shopstic/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/shopstic/buildctl) |
-| [sdesbure/buildctl](https://hub.docker.com/r/sdesbure/buildctl)                     | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) | [![size](https://img.shields.io/docker/image-size/sdesbure/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/sdesbure/buildctl) |
+| [agisoft/buildctl](https://hub.docker.com/r/agisoft/buildctl)   | not a Woodpecker plugin, outdated | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=amd64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) | [![size](https://img.shields.io/docker/image-size/agisoft/buildctl?arch=arm64&label=)](https://hub.docker.com/repository/docker/agisoft/buildctl) |
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,11 +1,12 @@
 #!/bin/bash
-set -eu;
+set -exu;
 env | sort | grep -v DRONE
 ##
 ## check input
 ##
-BUILDCTL_ADDR=${PLUGIN_ADDR:-${BUILDCTL_ADDR:-}}
+BUILDKIT_HOST=${PLUGIN_ADDR:-${BUILDKIT_HOST:-}}
 if [[ -z "${BUILDCTL_ADDR:-}" ]]; then
 	echo "Missing buildkit addr."
 	exit 1
@ -22,6 +23,8 @@ if [[ "$BUILDCTL_FRONTEND" != "dockerfile.v0" ]]; then
 	exit 1
 fi
 SOURCE_DATE_EPOCH=${PLUGIN_SOURCE_DATE_EPOCH:-${SOURCE_DATE_EPOCH:-0}}
 ##
 ## build command
 ##
@ -36,8 +39,8 @@ if [[ "${PLUGIN_PLATFORM:-}" == "true" ]]; then
 	COMMAND="$COMMAND --opt platform='$PLUGIN_PLATFORM'"
 fi
 # https://github.com/moby/buildkit/blob/master/README.md#output
-if [[ ! -z "${PLUGIN_NAME:-}" ]]; then
+if [[ ! -z "${PLUGIN_NAMES:-}" ]]; then
-	COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAME,push=${PLUGIN_PUSH:-true}"
+	COMMAND="$COMMAND --output type=image,name=$PLUGIN_NAMES,push=${PLUGIN_PUSH:-true}"
 fi
 # custom args, e.g. docker run --rm --volume=$(pwd):$(pwd) --workdir=$(pwd) --env=CI=test kokuwaio/buildkit --opt buildarg=foo=bar
--- a/renovate.json
+++ b/renovate.json
@ -39,11 +39,14 @@
 	"customManagers": [
 		{
 			"customType": "regex",
-			"fileMatch": ["Dockerfile", ".woodpecker/build.yaml", ".woodpecker/push.yaml"],
+			"fileMatch": ["Dockerfile", ".woodpecker/build.yaml"],
 			"matchStrings": [
-				"org.opencontainers.image.version=(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
+				"https://github.com/moby/buildkit/releases/download/(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)/buildkit-",
-				"SHELLCHECK_VERSION=(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
+				"/buildkit-(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)\\.linux-",
-				"kokuwaio/shellcheck:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)"
+				"registry.kokuwa.io/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
 				"docker.io/kokuwaio/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
 				"ghcr.io/kokuwaio/buildctl:(?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)",
 				"org.opencontainers.image.version: (?<currentValue>v[0-9]+\\.[0-9]+\\.[0-9]+)"
 			],
 			"datasourceTemplate": "github-tags",
 			"packageNameTemplate": "moby/buildkit"