From e4df3dcda15e18e575cf60c89df41962e86a5e04 Mon Sep 17 00:00:00 2001 From: Alexander Svyrydov Date: Wed, 6 Mar 2024 13:06:20 +0100 Subject: [PATCH 1/5] chore: ops-9634 docker pipelines (#1) * chore: ops-9634 docker pipelines * fix * fix * debug: debug * retry * retry fix * arm64 * fix * fix * fix --- .drone.yml | 187 +++++++++++++++++++++++++++--------------- engine/engine_impl.go | 64 +++++++++++++-- 2 files changed, 179 insertions(+), 72 deletions(-) diff --git a/.drone.yml b/.drone.yml index 83936eb..652a426 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,14 +1,11 @@ kind: pipeline -type: vm +type: docker name: testing platform: os: linux arch: amd64 -pool: - use: ubuntu - steps: - name: test image: golang:1.16 @@ -17,119 +14,177 @@ steps: --- kind: pipeline -type: vm +type: docker name: linux-amd64 platform: os: linux arch: amd64 -pool: - use: ubuntu - steps: + - name: dind + image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 + privileged: true + detach: true + commands: + - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" + - name: build image: golang:1.16 commands: - sh scripts/build.sh - - name: publish - image: plugins/docker - pull: if-not-exists - settings: - repo: drone/drone-runner-kube - auto_tag: true - auto_tag_suffix: linux-amd64 - dockerfile: docker/Dockerfile.linux.amd64 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - ref: - - refs/heads/master - - refs/tags/* + + - name: docker-image + image: public.ecr.aws/labster/swissknife:0.6.9 + commands: + - |+ + # Build Docker Image + mkdir /root/.docker + echo $${CONFIG_JSON} > /root/.docker/config.json + docker buildx create --name mybuilder --use + docker buildx inspect --bootstrap + + export IMAGE_TAG="${DRONE_TAG}-amd64" + aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws + export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} + echo $${IMAGE_REPO}:$${IMAGE_TAG} + docker buildx build \ + -t $${IMAGE_REPO}:$${IMAGE_TAG}\ + --platform="linux/amd64" \ + --output type=registry \ + --progress=plain \ + -f ./docker/Dockerfile.linux.amd64 . + environment: + DOCKER_HOST: tcp://dind:2375 + APP_NAME: + from_secret: app_name + ECR_REGION: + from_secret: ecr_region + AWS_ACCESS_KEY_ID: + from_secret: ecr_access_key + AWS_SECRET_ACCESS_KEY: + from_secret: ecr_secret_key + ECR_REGISTRY_ALIAS: + from_secret: ecr_registry_alias depends_on: - testing trigger: ref: - - refs/heads/master - refs/tags/** - - refs/pull/** --- kind: pipeline -type: vm +type: docker name: linux-arm64 platform: os: linux arch: arm64 -pool: - use: ubuntu_arm64 - steps: + - name: dind + image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 + privileged: true + detach: true + commands: + - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" + - name: build image: golang:1.16 commands: - sh scripts/build.sh - - name: publish_arm64 - image: plugins/docker - pull: if-not-exists - settings: - repo: drone/drone-runner-kube - auto_tag: true - auto_tag_suffix: linux-arm64 - dockerfile: docker/Dockerfile.linux.arm64 - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - ref: - - refs/heads/master - - refs/tags/* + + - name: docker-image + image: public.ecr.aws/labster/swissknife:0.6.9 + commands: + - |+ + # Build Docker Image + mkdir /root/.docker + echo $${CONFIG_JSON} > /root/.docker/config.json + docker buildx create --name mybuilder --use + docker buildx inspect --bootstrap + + export IMAGE_TAG="${DRONE_TAG}-arm64" + aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws + export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} + echo $${IMAGE_REPO}:$${IMAGE_TAG} + docker buildx build \ + -t $${IMAGE_REPO}:$${IMAGE_TAG}\ + --platform="linux/arm64" \ + --output type=registry \ + --progress=plain \ + -f ./docker/Dockerfile.linux.arm64 . + environment: + DOCKER_HOST: tcp://dind:2375 + APP_NAME: + from_secret: app_name + ECR_REGION: + from_secret: ecr_region + AWS_ACCESS_KEY_ID: + from_secret: ecr_access_key + AWS_SECRET_ACCESS_KEY: + from_secret: ecr_secret_key + ECR_REGISTRY_ALIAS: + from_secret: ecr_registry_alias depends_on: - testing - + trigger: ref: - - refs/heads/master - refs/tags/** - - refs/pull/** --- kind: pipeline -type: vm +type: docker name: manifest platform: os: linux arch: amd64 -pool: - use: ubuntu - steps: - - name: manifest - image: plugins/manifest - settings: - spec: docker/manifest.tmpl - auto_tag: true - ignore_missing: true - password: - from_secret: docker_password - username: - from_secret: docker_username + - name: dind + image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 + privileged: true + detach: true + commands: + - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" + when: + ref: + - refs/tags/* + + - name: docker-image + image: public.ecr.aws/labster/swissknife:0.6.9 + commands: + - |+ + export DOCKER_CLI_EXPERIMENTAL=enabled + export IMAGE_TAG=${DRONE_TAG} + export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} + aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws + docker buildx imagetools create -t $${IMAGE_REPO}:$${IMAGE_TAG} $${IMAGE_REPO}:$${IMAGE_TAG}-arm64 $${IMAGE_REPO}:$${IMAGE_TAG}-amd64 + environment: + DOCKER_HOST: tcp://dind:2375 + APP_NAME: + from_secret: app_name + ECR_REGION: + from_secret: ecr_region + AWS_ACCESS_KEY_ID: + from_secret: ecr_access_key + AWS_SECRET_ACCESS_KEY: + from_secret: ecr_secret_key + ECR_REGISTRY_ALIAS: + from_secret: ecr_registry_alias + when: + ref: + - refs/tags/* depends_on: - linux-amd64 - linux-arm64 - + trigger: ref: - - refs/heads/master - - refs/tags/** \ No newline at end of file + - refs/tags/** diff --git a/engine/engine_impl.go b/engine/engine_impl.go index 22ea35e..e3c64c6 100644 --- a/engine/engine_impl.go +++ b/engine/engine_impl.go @@ -5,6 +5,7 @@ package engine import ( + "bufio" "context" "errors" "io" @@ -225,9 +226,20 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } - err = k.fetchLogs(ctx, spec, step, output) - if err != nil { - return + var retries int + for retries < 5 { + bytesCopied, err := k.fetchLogs(ctx, spec, step, output) + if err == nil && bytesCopied != 0 { + break + } + + retries++ + + if err != nil && retries >= 5 { + return nil, err + } + + <-time.After(time.Second * 5) } type containerResult struct { @@ -260,7 +272,7 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } -func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, output io.Writer) error { +func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, output io.Writer) (int, error) { // HACK: this timeout delays fetching the logs to ensure there is enough time to stream the logs. // it does not delay the build speed. time.Sleep(k.containerTimeToWaitForLogs) @@ -285,11 +297,11 @@ func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, outp WithField("container", step.ID). WithField("step", step.Name). Error("failed to stream logs") - return err + return 0, err } defer readCloser.Close() - return cancellableCopy(ctx, output, readCloser) + return cancellableCopyNew(ctx, output, readCloser) } func (k *Kubernetes) startContainer(ctx context.Context, spec *Spec, step *Step) <-chan error { @@ -311,3 +323,43 @@ func (k *Kubernetes) startContainer(ctx context.Context, spec *Spec, step *Step) return l.Launch(containerName, containerImage, statusEnvs) } + +func Copy(dst io.Writer, src io.ReadCloser) (int, error) { + var bytesCopied int + r := bufio.NewReader(src) + for { + bytes, readError := r.ReadBytes('\n') + i, writeError := dst.Write(bytes) + bytesCopied += i + if writeError != nil { + return bytesCopied, writeError + } + if readError != nil { + if readError != io.EOF { + return bytesCopied, readError + } + return bytesCopied, nil + } + } +} + +// cancellableCopy method copies from source to destination honoring the context. +// If context.Cancel is called, it will return immediately with context cancelled error. +func cancellableCopyNew(ctx context.Context, dst io.Writer, src io.ReadCloser) (int, error) { + var bytesCopied int + var err error + ch := make(chan error, 1) + go func() { + defer close(ch) + bytesCopied, err = Copy(dst, src) + ch <- err + }() + + select { + case <-ctx.Done(): + src.Close() + return bytesCopied, ctx.Err() + case err := <-ch: + return bytesCopied, err + } +} From f5492111484e5ce2d40774c92a09fd8126087191 Mon Sep 17 00:00:00 2001 From: Alexander Svyrydov Date: Thu, 7 Mar 2024 10:27:37 +0100 Subject: [PATCH 2/5] fix: return from Run (#2) --- engine/engine_impl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/engine_impl.go b/engine/engine_impl.go index e3c64c6..7a8785d 100644 --- a/engine/engine_impl.go +++ b/engine/engine_impl.go @@ -236,7 +236,7 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. retries++ if err != nil && retries >= 5 { - return nil, err + break } <-time.After(time.Second * 5) From 71695923623ee97527110e64e6381f5e6f1716f2 Mon Sep 17 00:00:00 2001 From: Alexander Svyrydov Date: Thu, 7 Mar 2024 16:57:56 +0100 Subject: [PATCH 3/5] chore: wait for restart (#3) * chore: wait for restart * check for placeholder * debug * check every 5 mins * undo fetchLogs * fix: restart * cleanup --- engine/engine_impl.go | 67 ++++------------------------------ engine/podwatcher/container.go | 5 ++- engine/podwatcher/watcher.go | 38 +++++++++++++++++++ 3 files changed, 49 insertions(+), 61 deletions(-) diff --git a/engine/engine_impl.go b/engine/engine_impl.go index 7a8785d..b826a9b 100644 --- a/engine/engine_impl.go +++ b/engine/engine_impl.go @@ -5,7 +5,6 @@ package engine import ( - "bufio" "context" "errors" "io" @@ -191,7 +190,7 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. PodNamespace: podNamespace, PodName: podId, KubeClient: k.client, - Period: 20 * time.Second, + Period: 5 * time.Second, }) log.Trace("PodWatcher started") @@ -202,6 +201,8 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } + // isPlaceholder := image.Match(watcher.GetContainerImage(step.ID), step.Placeholder) + log.Debug("Engine: Starting step") err = <-k.startContainer(ctx, spec, step) @@ -226,21 +227,9 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } - var retries int - for retries < 5 { - bytesCopied, err := k.fetchLogs(ctx, spec, step, output) - if err == nil && bytesCopied != 0 { - break - } - - retries++ - - if err != nil && retries >= 5 { - break - } + watcher.WaitContainerReStart(containerId) - <-time.After(time.Second * 5) - } + k.fetchLogs(ctx, spec, step, output) type containerResult struct { code int @@ -272,7 +261,7 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } -func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, output io.Writer) (int, error) { +func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, output io.Writer) error { // HACK: this timeout delays fetching the logs to ensure there is enough time to stream the logs. // it does not delay the build speed. time.Sleep(k.containerTimeToWaitForLogs) @@ -297,11 +286,11 @@ func (k *Kubernetes) fetchLogs(ctx context.Context, spec *Spec, step *Step, outp WithField("container", step.ID). WithField("step", step.Name). Error("failed to stream logs") - return 0, err + return err } defer readCloser.Close() - return cancellableCopyNew(ctx, output, readCloser) + return cancellableCopy(ctx, output, readCloser) } func (k *Kubernetes) startContainer(ctx context.Context, spec *Spec, step *Step) <-chan error { @@ -323,43 +312,3 @@ func (k *Kubernetes) startContainer(ctx context.Context, spec *Spec, step *Step) return l.Launch(containerName, containerImage, statusEnvs) } - -func Copy(dst io.Writer, src io.ReadCloser) (int, error) { - var bytesCopied int - r := bufio.NewReader(src) - for { - bytes, readError := r.ReadBytes('\n') - i, writeError := dst.Write(bytes) - bytesCopied += i - if writeError != nil { - return bytesCopied, writeError - } - if readError != nil { - if readError != io.EOF { - return bytesCopied, readError - } - return bytesCopied, nil - } - } -} - -// cancellableCopy method copies from source to destination honoring the context. -// If context.Cancel is called, it will return immediately with context cancelled error. -func cancellableCopyNew(ctx context.Context, dst io.Writer, src io.ReadCloser) (int, error) { - var bytesCopied int - var err error - ch := make(chan error, 1) - go func() { - defer close(ch) - bytesCopied, err = Copy(dst, src) - ch <- err - }() - - select { - case <-ctx.Done(): - src.Close() - return bytesCopied, ctx.Err() - case err := <-ch: - return bytesCopied, err - } -} diff --git a/engine/podwatcher/container.go b/engine/podwatcher/container.go index c45f01d..5f6a665 100644 --- a/engine/podwatcher/container.go +++ b/engine/podwatcher/container.go @@ -78,8 +78,9 @@ type containerWatchInfo struct { stepState stepState - exitCode int32 - reason string + exitCode int32 + reason string + restartCount int addedAt time.Time failedAt time.Time diff --git a/engine/podwatcher/watcher.go b/engine/podwatcher/watcher.go index 4b66f0f..54cb5e7 100644 --- a/engine/podwatcher/watcher.go +++ b/engine/podwatcher/watcher.go @@ -6,6 +6,7 @@ package podwatcher import ( "context" + "strconv" "sync" "time" @@ -259,6 +260,8 @@ func (pw *PodWatcher) updateContainers(containers []containerInfo) { s = stepStateRunning } + c.restartCount = int(cs.restartCount) + if s == c.stepState && c.reason == cs.reason { continue // step state unchanged } @@ -418,6 +421,41 @@ func (pw *PodWatcher) WaitContainerStart(containerId string) error { return pw.waitForEvent(containerId, stepStateRunning) } +// WaitContainerReStart waits until a container in the pod restarts. +func (pw *PodWatcher) WaitContainerReStart(containerId string) bool { + logrus. + WithField("pod", pw.podName). + WithField("container", containerId). + Debug("PodWatcher: Waiting to be restated") + retries := 0 + for retries < 60 { + if pw.containerMap[containerId].stepState != stepStateRunning { + return false + } + if pw.containerMap[containerId].restartCount > 0 { + return true + } + retries++ + logrus. + WithField("pod", pw.podName). + WithField("container", containerId). + WithField("restart count", strconv.Itoa(pw.containerMap[containerId].restartCount)). + Debug("PodWatcher: Waiting to be restated") + + <-time.After(time.Second * 5) + } + return false +} + +// GetContainerImage returns an image of container +func (pw *PodWatcher) GetContainerImage(containerId string) string { + logrus. + WithField("pod", pw.podName). + WithField("container", containerId). + Debug("PodWatcher: container image ", pw.containerMap[containerId].image) + return pw.containerMap[containerId].image +} + // WaitContainerTerminated waits until a container in the pod is terminated. func (pw *PodWatcher) WaitContainerTerminated(containerId string) (int, error) { err := pw.waitForEvent(containerId, stepStateFinished) From 9525e66578c3c3dcd85b30bbc40bd6c82bbc554b Mon Sep 17 00:00:00 2001 From: Alexander Svyrydov Date: Mon, 11 Mar 2024 13:45:01 +0100 Subject: [PATCH 4/5] chore: cleanup some changes (#4) --- engine/engine_impl.go | 2 -- engine/podwatcher/watcher.go | 9 --------- 2 files changed, 11 deletions(-) diff --git a/engine/engine_impl.go b/engine/engine_impl.go index b826a9b..33758bb 100644 --- a/engine/engine_impl.go +++ b/engine/engine_impl.go @@ -201,8 +201,6 @@ func (k *Kubernetes) Run(ctx context.Context, specv runtime.Spec, stepv runtime. return } - // isPlaceholder := image.Match(watcher.GetContainerImage(step.ID), step.Placeholder) - log.Debug("Engine: Starting step") err = <-k.startContainer(ctx, spec, step) diff --git a/engine/podwatcher/watcher.go b/engine/podwatcher/watcher.go index 54cb5e7..ead1d1f 100644 --- a/engine/podwatcher/watcher.go +++ b/engine/podwatcher/watcher.go @@ -447,15 +447,6 @@ func (pw *PodWatcher) WaitContainerReStart(containerId string) bool { return false } -// GetContainerImage returns an image of container -func (pw *PodWatcher) GetContainerImage(containerId string) string { - logrus. - WithField("pod", pw.podName). - WithField("container", containerId). - Debug("PodWatcher: container image ", pw.containerMap[containerId].image) - return pw.containerMap[containerId].image -} - // WaitContainerTerminated waits until a container in the pod is terminated. func (pw *PodWatcher) WaitContainerTerminated(containerId string) (int, error) { err := pw.waitForEvent(containerId, stepStateFinished) From c7a848bdb30464f4ae4c2b2a12879c9648187286 Mon Sep 17 00:00:00 2001 From: say5 Date: Mon, 11 Mar 2024 13:47:26 +0100 Subject: [PATCH 5/5] chore: undo drone manifest --- .drone.yml | 187 +++++++++++++++++++---------------------------------- 1 file changed, 66 insertions(+), 121 deletions(-) diff --git a/.drone.yml b/.drone.yml index 652a426..83936eb 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,11 +1,14 @@ kind: pipeline -type: docker +type: vm name: testing platform: os: linux arch: amd64 +pool: + use: ubuntu + steps: - name: test image: golang:1.16 @@ -14,177 +17,119 @@ steps: --- kind: pipeline -type: docker +type: vm name: linux-amd64 platform: os: linux arch: amd64 -steps: - - name: dind - image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 - privileged: true - detach: true - commands: - - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" +pool: + use: ubuntu +steps: - name: build image: golang:1.16 commands: - sh scripts/build.sh - - - name: docker-image - image: public.ecr.aws/labster/swissknife:0.6.9 - commands: - - |+ - # Build Docker Image - mkdir /root/.docker - echo $${CONFIG_JSON} > /root/.docker/config.json - docker buildx create --name mybuilder --use - docker buildx inspect --bootstrap - - export IMAGE_TAG="${DRONE_TAG}-amd64" - aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws - export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} - echo $${IMAGE_REPO}:$${IMAGE_TAG} - docker buildx build \ - -t $${IMAGE_REPO}:$${IMAGE_TAG}\ - --platform="linux/amd64" \ - --output type=registry \ - --progress=plain \ - -f ./docker/Dockerfile.linux.amd64 . - environment: - DOCKER_HOST: tcp://dind:2375 - APP_NAME: - from_secret: app_name - ECR_REGION: - from_secret: ecr_region - AWS_ACCESS_KEY_ID: - from_secret: ecr_access_key - AWS_SECRET_ACCESS_KEY: - from_secret: ecr_secret_key - ECR_REGISTRY_ALIAS: - from_secret: ecr_registry_alias + - name: publish + image: plugins/docker + pull: if-not-exists + settings: + repo: drone/drone-runner-kube + auto_tag: true + auto_tag_suffix: linux-amd64 + dockerfile: docker/Dockerfile.linux.amd64 + username: + from_secret: docker_username + password: + from_secret: docker_password + when: + ref: + - refs/heads/master + - refs/tags/* depends_on: - testing trigger: ref: + - refs/heads/master - refs/tags/** + - refs/pull/** --- kind: pipeline -type: docker +type: vm name: linux-arm64 platform: os: linux arch: arm64 -steps: - - name: dind - image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 - privileged: true - detach: true - commands: - - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" +pool: + use: ubuntu_arm64 +steps: - name: build image: golang:1.16 commands: - sh scripts/build.sh - - - name: docker-image - image: public.ecr.aws/labster/swissknife:0.6.9 - commands: - - |+ - # Build Docker Image - mkdir /root/.docker - echo $${CONFIG_JSON} > /root/.docker/config.json - docker buildx create --name mybuilder --use - docker buildx inspect --bootstrap - - export IMAGE_TAG="${DRONE_TAG}-arm64" - aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws - export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} - echo $${IMAGE_REPO}:$${IMAGE_TAG} - docker buildx build \ - -t $${IMAGE_REPO}:$${IMAGE_TAG}\ - --platform="linux/arm64" \ - --output type=registry \ - --progress=plain \ - -f ./docker/Dockerfile.linux.arm64 . - environment: - DOCKER_HOST: tcp://dind:2375 - APP_NAME: - from_secret: app_name - ECR_REGION: - from_secret: ecr_region - AWS_ACCESS_KEY_ID: - from_secret: ecr_access_key - AWS_SECRET_ACCESS_KEY: - from_secret: ecr_secret_key - ECR_REGISTRY_ALIAS: - from_secret: ecr_registry_alias + - name: publish_arm64 + image: plugins/docker + pull: if-not-exists + settings: + repo: drone/drone-runner-kube + auto_tag: true + auto_tag_suffix: linux-arm64 + dockerfile: docker/Dockerfile.linux.arm64 + username: + from_secret: docker_username + password: + from_secret: docker_password + when: + ref: + - refs/heads/master + - refs/tags/* depends_on: - testing - + trigger: ref: + - refs/heads/master - refs/tags/** + - refs/pull/** --- kind: pipeline -type: docker +type: vm name: manifest platform: os: linux arch: amd64 +pool: + use: ubuntu + steps: - - name: dind - image: public.ecr.aws/docker/library/docker:23.0.6-dind-alpine3.18 - privileged: true - detach: true - commands: - - /bin/sh -c "DOCKER_TLS_CERTDIR='' dockerd-entrypoint.sh --storage-driver=overlay2 --tls=false --experimental" - when: - ref: - - refs/tags/* - - - name: docker-image - image: public.ecr.aws/labster/swissknife:0.6.9 - commands: - - |+ - export DOCKER_CLI_EXPERIMENTAL=enabled - export IMAGE_TAG=${DRONE_TAG} - export IMAGE_REPO=public.ecr.aws/$${ECR_REGISTRY_ALIAS}/$${APP_NAME} - aws ecr-public get-login-password --region $${ECR_REGION} | docker login --username AWS --password-stdin public.ecr.aws - docker buildx imagetools create -t $${IMAGE_REPO}:$${IMAGE_TAG} $${IMAGE_REPO}:$${IMAGE_TAG}-arm64 $${IMAGE_REPO}:$${IMAGE_TAG}-amd64 - environment: - DOCKER_HOST: tcp://dind:2375 - APP_NAME: - from_secret: app_name - ECR_REGION: - from_secret: ecr_region - AWS_ACCESS_KEY_ID: - from_secret: ecr_access_key - AWS_SECRET_ACCESS_KEY: - from_secret: ecr_secret_key - ECR_REGISTRY_ALIAS: - from_secret: ecr_registry_alias - when: - ref: - - refs/tags/* + - name: manifest + image: plugins/manifest + settings: + spec: docker/manifest.tmpl + auto_tag: true + ignore_missing: true + password: + from_secret: docker_password + username: + from_secret: docker_username depends_on: - linux-amd64 - linux-arm64 - + trigger: ref: - - refs/tags/** + - refs/heads/master + - refs/tags/** \ No newline at end of file