Automatically generate buildkit config with registry CA file (#17)
Fixes #14 Buildkit config is actually TOML file not JSON - https://docs.docker.com/engine/reference/commandline/buildx_create/#config Tested using `lafriks/plugin-docker-buildx:latest` image built with these changes Co-authored-by: Lauris BH <lauris@nix.lv> Reviewed-on: https://codeberg.org/woodpecker-plugins/plugin-docker-buildx/pulls/17 Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lafriks@noreply.codeberg.org> Co-committed-by: Lauris BH <lafriks@noreply.codeberg.org>
This commit is contained in:
parent
64aed54d14
commit
8a0424c7a5
12
docs.md
12
docs.md
@ -15,7 +15,15 @@ Woodpecker CI plugin to build multiarch Docker images with buildx. This plugin i
|
|||||||
|
|
||||||
- Build without push
|
- Build without push
|
||||||
- Use custom registries
|
- Use custom registries
|
||||||
- Build based on existing tags when needed.
|
- Build based on existing tags when needed
|
||||||
|
|
||||||
|
It will automatically generate buildkit configuration to use custom CA certificate if following conditions are met:
|
||||||
|
|
||||||
|
- Setting `buildkit_config` is not set
|
||||||
|
- Custom `registry` value is provided
|
||||||
|
- File exists `/etc/docker/certs.d/<registry-value>/ca.crt`
|
||||||
|
|
||||||
|
> NB! To mount custom CA you can use Woodpecker CI runner configuration environment `WOODPECKER_BACKEND_DOCKER_VOLUMES` with value `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/docker/certs.d:/etc/docker/certs.d:ro`. And have created file `/etc/docker/certs.d/<registry-value>/ca.crt` with CA certificate on runner server host.
|
||||||
|
|
||||||
## Settings
|
## Settings
|
||||||
|
|
||||||
@ -86,7 +94,7 @@ Woodpecker CI plugin to build multiarch Docker images with buildx. This plugin i
|
|||||||
| `experimental` | `false` | enables docker daemon experimental mode
|
| `experimental` | `false` | enables docker daemon experimental mode
|
||||||
| `debug` | `false` | enables verbose debug mode for the docker daemon
|
| `debug` | `false` | enables verbose debug mode for the docker daemon
|
||||||
| `daemon_off` | `false` | disables the startup of the docker daemon
|
| `daemon_off` | `false` | disables the startup of the docker daemon
|
||||||
| `buildkit_config` | *none* | sets content of the docker buildkit json config
|
| `buildkit_config` | *none* | sets content of the docker [buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md)
|
||||||
| `context` | `.` | sets the path of the build context to use
|
| `context` | `.` | sets the path of the build context to use
|
||||||
| `default_tags`/`auto_tag` | `false` | generates tag names automatically based on git branch and git tag
|
| `default_tags`/`auto_tag` | `false` | generates tag names automatically based on git branch and git tag
|
||||||
| `default_suffix"`/`auto_tag_suffix`| *none* | generates tag names with the given suffix
|
| `default_suffix"`/`auto_tag_suffix`| *none* | generates tag names with the given suffix
|
||||||
|
@ -5,10 +5,13 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
const dockerExe = "/usr/local/bin/docker"
|
const (
|
||||||
const dockerdExe = "/usr/local/bin/dockerd"
|
dockerExe = "/usr/local/bin/docker"
|
||||||
const dockerHome = "/root/.docker/"
|
dockerdExe = "/usr/local/bin/dockerd"
|
||||||
const buildkitConfig = "/tmp/buildkit.json"
|
dockerHome = "/root/.docker/"
|
||||||
|
buildkitConfig = "/tmp/buildkit.toml"
|
||||||
|
buildkitConfigTemplate = "[registry.\"%s\"]\n ca=[\"%s\"]\n"
|
||||||
|
)
|
||||||
|
|
||||||
func (p Plugin) startDaemon() {
|
func (p Plugin) startDaemon() {
|
||||||
cmd := commandDaemon(p.settings.Daemon)
|
cmd := commandDaemon(p.settings.Daemon)
|
||||||
|
@ -2,6 +2,7 @@ package plugin
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
@ -101,6 +102,32 @@ func (p *Plugin) Validate() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *Plugin) writeBuildkitConfig() error {
|
||||||
|
if p.settings.Daemon.BuildkitConfig == "" && p.settings.Daemon.Registry != "" {
|
||||||
|
registry := p.settings.Daemon.Registry
|
||||||
|
u, err := url.Parse(registry)
|
||||||
|
if err == nil && u.Host != "" {
|
||||||
|
registry = u.Host
|
||||||
|
}
|
||||||
|
|
||||||
|
caPath := fmt.Sprintf("/etc/docker/certs.d/%s/ca.crt", registry)
|
||||||
|
ca, err := os.Open(caPath)
|
||||||
|
if err != nil && !os.IsNotExist(err) {
|
||||||
|
logrus.Warnf("error reading %s: %w", caPath, err)
|
||||||
|
} else if err == nil {
|
||||||
|
ca.Close()
|
||||||
|
p.settings.Daemon.BuildkitConfig = fmt.Sprintf(buildkitConfigTemplate, registry, caPath)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if p.settings.Daemon.BuildkitConfig != "" {
|
||||||
|
err := os.WriteFile(buildkitConfig, []byte(p.settings.Daemon.BuildkitConfig), 0o600)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("error writing buildkit.toml: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// Execute provides the implementation of the plugin.
|
// Execute provides the implementation of the plugin.
|
||||||
func (p *Plugin) Execute() error {
|
func (p *Plugin) Execute() error {
|
||||||
// start the Docker daemon server
|
// start the Docker daemon server
|
||||||
@ -139,11 +166,8 @@ func (p *Plugin) Execute() error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.settings.Daemon.BuildkitConfig != "" {
|
if err := p.writeBuildkitConfig(); err != nil {
|
||||||
err := os.WriteFile(buildkitConfig, []byte(p.settings.Daemon.BuildkitConfig), 0o600)
|
return err
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("error writing buildkit.json: %s", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
|
Loading…
Reference in New Issue
Block a user