chainguard.svg

APKO

by kameshsampath


Plugin to build OCI images from APK packages without Dockerfile. Learn more about apko at https://github.com/chainguard-dev/apko.

Example

kind: pipeline
type: docker
name: default

steps:
- name: build image
  image: kameshsampath/apko-drone-plugin
  settings:
    config_file: image.yaml
    image_repo: example/hello-world:0.0.1
    publish: false
    archs:
      - amd64
      - arm64

Properties

  • config_file

    stringrequired

    The apko configuration YAML file, a path relative to drone pipeline. https://github.com/chainguard-dev/apko/blob/main/docs/apko_file.md">

    Default: none

  • image_repo

    stringrequired

    The fully qualified image repository where the built OCI image will be pushed. e.g. quay.io/kameshsampath/my-app:1.0.0

    Secret recommended

    Default: none

  • publish

    booleanoptional

    Whether to publish the image to "image_repo". Defaults to "false" which will just build the image tarball in "$PROJECT_HOME/dist" folder.

    Default: false

  • insecure

    booleanoptional

    Push to insecure registry.

    Default: false

  • archs

    arrayoptional

    The "linux" architecture for which the images will be built. Defaults "$(uname -m)". Valid values are: "amd64", "arm64".

    Default: $(uname -m)

  • build_output_dir

    stringoptional

    The output directory relative to `config_file` where the build artifacts will be generated.

    Default: dist

  • image_registry_username

    stringoptional

    The user name that will be used to push the image to `image_repo`. Applicable when the `image_repo` is not GAR, ECR.

    Secret recommended

    Default: none

  • image_registry_password

    stringoptional

    The user password that will be used to push the image to `image_repo`. Applicable when the `image_repo` is not GAR, ECR.

    Secret recommended

    Default: none

  • aws_access_key_id

    stringoptional

    The AWS "AWS_ACCESS_KEY_ID" that will be used to authenticate "image_repo". Valid only if "publish is true" and "image_repo" is a ECR repo

    Secret recommended

    Default: none

  • aws_secret_access_key

    stringoptional

    The AWS "AWS_SECRET_ACCESS_KEY" that will be used to authenticate "image_repo". Valid only if "publish is true" and "image_repo" is a ECR repo

    Secret recommended

    Default: none

  • google_application_credentials

    stringoptional

    The base64 encoded Google application credentials i.e. SA key.json. This parameter is useful only when your "image_repo" is [Google Artifact registry](https://cloud.google.com/artifact-registry/docs). NOTE: Use GNU base64 when encoding key.json e.g using jq tool `cat "$GOOGLE_APPLICATION_CREDENTIALS" | jq -r -c . | gbase64 --wrap=0 | pbcopy`

    Secret recommended

    Default: none