Drone APKO Plugin

Drone plugin to built OCI container image using apko

IMPORTANT: This plugin is under development and the parameters are subject to change

Usage

The following settings changes this plugin's behavior,

• config_file: The apko configuration YAML file, path relative to drone pipeline.
• image_repo: The fully qualified image repository where the built OCI image will be pushed.
• publish: Whether to publish the image to image_repo. Defaults to false which will just build the image tarball.
• archs: The linux architecture for which the images will be built. Defaults $(uname -m). Valid values are: amd64, arm64.
• build_output_dir: The output directory relative to config_file where the build artifacts will be generated.
• insecure: Push to insecure registry.

Container Registry Credentials

• image_registry_username: The user name that will be used to push the image to image_repo. Applicable when the image_repo is not GAR, ECR.
• image_registry_password: The user password that will be used to push the image to image_repo. Applicable when the image_repo is not GAR, ECR.

Google Artifact Registry Credentials

• google_application_credentials: The base64 encoded Google application credentials i.e. SA key.json. This parameter is useful only when your image_repo is Google Artifact registry

Elastic Container Registry Credentials

• aws_access_key_id: The AWS AWS_ACCESS_KEY_ID
• aws_secret_access_key: The AWS AWS_SECRET_ACCESS_KEY

kind: pipeline
type: docker
name: default

steps:
  - name: build image
    image: kameshsampath/apko-drone-plugin
    settings:
      config_file: image.yaml
      image_repo: example/hello-world:0.0.1
      publish: false
      archs:
        - amd64
        - arm64

Now load the image using the command,

docker load < ./dist/hello-world-0.0.1_$(uname -m).tar

Examples

Checkout examples in folder examples. You need to have drone CLI to execute the examples locally.

Example	Description
Any OCI Registry	Build and deploy to any OCI compliant registry
Any OCI Registry Multi Architecture	Build and deploy multi architecture images to any OCI compliant registry
Elastic Container Registry	Build and deploy to Elastic Container Registry(ECR)
Google Artifact Registry	Build and deploy to Google Artifact registry(GAR)
No Push	Build OCI tarball without pushing to remote repository.
Multi Architecture	Build multi architecture OCI tarball without pushing to remote repository.

Building Plugin

The plugin relies on apko and melange for build.

The plugin build relies on:

• crane
• limactl
• taskfile

Start lima-vm environment,

task build_env

Build plugin packages,

task build_plugin_packages

Build plugin container image,

task build_plugin

To publish the plugin to remote repository use,

task publish_plugin

Testing

Build plugin packages,

task build_plugin load

Build plugin container image,

task build_plugin

Create .env

cat<<EOF | tee .env
PLUGIN_PUBLISH=false
PLUGIN_CONFIG_FILE=image.yaml
PLUGIN_IMAGE_REPO=example/my-image
PLUGIN_IMAGE_REGISTRY_USERNAME=$DOCKERHUB_USERNAME
PLUGIN_IMAGE_REGISTRY_PASSWORD=$DOCKERHUB_PASSWORD
EOF

Create a image.yaml,

cat<<EOF | tee image.yaml
---
contents:
  repositories:
    - https://dl-cdn.alpinelinux.org/alpine/edge/main
  packages:
    - alpine-base
    - busybox

entrypoint:
  command: /bin/sh "echo 'Hello, welcome to apko world'"

# optional environment configuration
environment:
  PATH: /usr/sbin:/sbin:/usr/bin:/bin
EOF

docker run --rm \
  --env-file=.env \
  --volume "$PWD:/workspace" \