Commit Graph

11 Commits

Author SHA1 Message Date
Tonis Tiigi 198407c56b vendor: update buildkit to 62e55427
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-04-02 23:40:56 -07:00
Akihiro Suda db7399a016 build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.

  $ eval $(ssh-agent)
  $ ssh-add ~/.ssh/id_rsa
  (Input your passphrase here)
  $ docker build --ssh default=$SSH_AUTH_SOCK ...

This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .

Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.

However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".

The Dockerfile for the Dockerfile frontend is available at  github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .

An example Dockerfile with `RUN --mount=type=ssh`:

  # syntax = tonistiigi/dockerfile:ssh20181002
  FROM alpine
  RUN apk add --no-cache openssh-client
  RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
  # "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here

More info available at moby/buildkit#608, moby/buildkit#655

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-05 19:56:32 +09:00
Akihiro Suda 846c38cbd7 bump up buildkit
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-05 18:14:03 +09:00
Sebastiaan van Stijn 8cfd24049f
Bump buildkit and dependencies to 39404586a50d1b9d0fb1c578cf0f4de7bdb7afe5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-26 15:45:48 +02:00
Tibor Vass c4c4825591 build: implement build secrets with buildkit
This patch implements `docker build --secret id=mysecret,src=/secret/file`
for buildkit frontends that request the mysecret secret.

It is currently implemented in the tonistiigi/dockerfile:secrets20180808
frontend via RUN --mount=type=secret,id=mysecret

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 14:01:32 +00:00
Tibor Vass ed75f6202b build: add experimental --no-console flag to support non-tty human-readable output with buildkit
Unfortunately, this is for now the only way to see the output of RUN commands when using buildkit.
It is equivalent to `DOCKER_BUILDKIT=1 docker build . 2>&1 | cat`

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-06-13 18:32:28 +00:00
Tonis Tiigi 0f97642915 build: basic buildkit progress support
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-09 20:51:34 +00:00
Tonis Tiigi 656fe85c74 build: add experimental buildkit base
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-09 20:51:30 +00:00
Vincent Demeester b1065767cd
Bump moby version (and its dependencies)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 11:26:10 +02:00
Sebastiaan van Stijn 98dbfeee76
bump moby/moby and dependencies to 14ce1f1cf48e9859223c6311de58aec4dc0f046c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-29 17:44:49 +02:00
Simon Ferquel a0113c3a44 updated vendoring
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-09-01 19:41:06 -04:00