A thin shim-wrapper around the official Google Kaniko Docker image to make it behave like the Drone Docker plugin.
Go to file
Tomasz Cholewa f7259ac640 Enable use of .tags file for custom tagging 2019-08-06 10:54:47 +02:00
.gitignore Add caching example 2018-11-25 15:59:05 +01:00
Dockerfile update kaniko and example to use caching 2019-06-01 14:09:24 +02:00
Dockerfile.test Add caching example 2018-11-25 15:59:05 +01:00
LICENSE Initial commit 2018-11-21 07:39:41 +01:00
README.md Enable use of .tags file for custom tagging 2019-08-06 10:54:47 +02:00
plugin.sh Enable use of .tags file for custom tagging 2019-08-06 10:54:47 +02:00

README.md

drone-kaniko

A thin shim-wrapper around the official Google Kaniko Docker image to make it behave like the Drone Docker plugin.

Example .drone.yml for Drone 1.0 (pushing to Docker Hub):

kind: pipeline
name: default

steps:
- name: publish
  image: banzaicloud/drone-kaniko
  settings:
    registry: registry.example.com # if not provided index.docker.io is supposed
    repo: registry.example.com/example-project
    tags: ${DRONE_COMMIT_SHA}
    cache: true
    skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
    build_args:
    - COMMIT_SHA=${DRONE_COMMIT_SHA}
    - COMMIT_AUTHOR_EMAIL=${DRONE_COMMIT_AUTHOR_EMAIL}
    username:
      from_secret: docker-username
    password:
      from_secret: docker-password

Pushing to GCR:

kind: pipeline
name: default

steps:
- name: publish
  image: banzaicloud/drone-kaniko
  settings:
    registry: gcr.io
    repo: example.com/example-project
    tags: ${DRONE_COMMIT_SHA}
    cache: true
    json_key:
      from_secret: google-application-credentials

Use .tags file for tagging

Similarily to official drone-docker plugin you can use .tags file to embed some custom logic for creating tags for an image.

kind: pipeline
name: default

steps:
- name: build
  image: golang
  commands:
      - go get 
      - go build
      - make versiontags > .tags
- name: publish
  image: banzaicloud/drone-kaniko
  settings:
    registry: registry.example.com 
    repo: registry.example.com/example-project
    # tags: ${DRONE_COMMIT_SHA} <= it must be left undefined 
    username:
      from_secret: docker-username
    password:
      from_secret: docker-password

Test that it can build

docker run -it --rm -w /src -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test banzaicloud/drone-kaniko

Test that caching works

Start a Docker registry at 127.0.0.1:5000:

docker run -d -p 5000:5000 --restart always --name registry --hostname registry.local registry:2

Add the following lines to plugin.sh's final command and build a new image from it:

+    --cache=true \
+    --cache-repo=127.0.0.1:5000/${PLUGIN_REPO} \
docker build -t banzaicloud/drone-kaniko .

Warm up the alpine image to the cache:

docker run -v $PWD:/cache gcr.io/kaniko-project/warmer:latest --verbosity=debug --image=alpine:3.8

Run the builder (on the host network to be able to access the registry, if any specified) with mounting the local disk cache, this example pushes to Docker Hub:

docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_USERNAME=${DOCKER_USERNAME} -e PLUGIN_PASSWORD=${DOCKER_PASSWORD} -e PLUGIN_REPO=banzaicloud/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true banzaicloud/drone-kaniko

The very same example just pushing to GCR instead of Docker Hub:

docker run --net=host -it --rm -w /src -v $PWD:/cache -v $PWD:/src -e PLUGIN_REGISTRY=gcr.io -e PLUGIN_REPO=paas-dev1/drone-kaniko-test -e PLUGIN_TAGS=test -e PLUGIN_DOCKERFILE=Dockerfile.test -e PLUGIN_CACHE=true -e PLUGIN_JSON_KEY="$(<$HOME/google-application-credentials.json)" banzaicloud/drone-kaniko