Commit Graph

171 Commits

Author SHA1 Message Date
Sebastiaan van Stijn c44c18e088
docker build: check experimental --platform on pre-run
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a88a1bea23)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-29 17:12:21 +02:00
Sebastiaan van Stijn 4fe6b837b7
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c0e93063b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:43:18 +02:00
Sebastiaan van Stijn 25d53feb65
Annotate flags that are not supported by Buildkit
Before this patch:

```

Usage:	docker build [OPTIONS] PATH | URL | -

Build an image from a Dockerfile

Options:
      --add-host list           Add a custom host-to-IP mapping (host:ip)
      --build-arg list          Set build-time variables
      --cache-from strings      Images to consider as cache sources
      --cgroup-parent string    Optional parent cgroup for the container
      --cpu-period int          Limit the CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int           Limit the CPU CFS (Completely Fair Scheduler) quota
  -c, --cpu-shares int          CPU shares (relative weight)
      --cpuset-cpus string      CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string      MEMs in which to allow execution (0-3, 0,1)
      --disable-content-trust   Skip image verification (default true)
  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --force-rm                Always remove intermediate containers
      --iidfile string          Write the image ID to the file
      --isolation string        Container isolation technology
      --label list              Set metadata for an image
  -m, --memory bytes            Memory limit
      --memory-swap bytes       Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --network string          Set the networking mode for the RUN instructions during build (default "default")
      --no-cache                Do not use cache when building the image
  -o, --output stringArray      Output destination (format: type=local,dest=path)
      --platform string         Set platform if server is multi-platform capable
      --progress string         Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto")
      --pull                    Always attempt to pull a newer version of the image
  -q, --quiet                   Suppress the build output and print image ID on success
      --rm                      Remove intermediate containers after a successful build (default true)
      --secret stringArray      Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret
      --security-opt strings    Security options
      --shm-size bytes          Size of /dev/shm
      --squash                  Squash newly built layers into a single new layer
      --ssh stringArray         SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
  -t, --tag list                Name and optionally a tag in the 'name:tag' format
      --target string           Set the target build stage to build.
      --ulimit ulimit           Ulimit options (default [])
```

With this patch applied:

```
DOCKER_BUILDKIT=1 docker build --help

Usage:	docker build [OPTIONS] PATH | URL | -

Build an image from a Dockerfile

Options:
      --add-host list           Add a custom host-to-IP mapping (host:ip)
      --build-arg list          Set build-time variables
      --cache-from strings      Images to consider as cache sources
      --disable-content-trust   Skip image verification (default true)
  -f, --file string             Name of the Dockerfile (Default is 'PATH/Dockerfile')
      --iidfile string          Write the image ID to the file
      --isolation string        Container isolation technology
      --label list              Set metadata for an image
      --network string          Set the networking mode for the RUN instructions during build (default "default")
      --no-cache                Do not use cache when building the image
  -o, --output stringArray      Output destination (format: type=local,dest=path)
      --platform string         Set platform if server is multi-platform capable
      --progress string         Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto")
      --pull                    Always attempt to pull a newer version of the image
  -q, --quiet                   Suppress the build output and print image ID on success
      --secret stringArray      Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret
      --squash                  Squash newly built layers into a single new layer
      --ssh stringArray         SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
  -t, --tag list                Name and optionally a tag in the 'name:tag' format
      --target string           Set the target build stage to build.
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7eecbb96af)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 15:57:30 +01:00
Silvin Lubecki 7a9a020688
Merge pull request #2265 from thaJeztah/19.03_backport_fix_pull_test
[19.03 backport] fix(pull_test): for quiet option
2020-01-17 14:49:03 +01:00
Sam 5761759e43
fix formatting issue of encoded url
Signed-off-by: Sam <samashah@microsoft.com>
(cherry picked from commit ee76ac8f93)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 13:48:54 +01:00
knqyf263 8291738733
fix(pull_test): for quiet option
Signed-off-by: Teppei Fukuda <knqyf263@gmail.com>
(cherry picked from commit 7634872a39)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 13:40:54 +01:00
Sebastiaan van Stijn b083f625e4
cli: remove unnecessary newlines (whitespace)
```
cli/config/config_test.go:465: unnecessary trailing newline (whitespace)

}
cli/compose/interpolation/interpolation.go:56: unnecessary leading newline (whitespace)
	switch value := value.(type) {

cli/compose/interpolation/interpolation.go:94: unnecessary trailing newline (whitespace)

	}
cli/command/image/build/context.go:348: unnecessary trailing newline (whitespace)

		}
internal/licenseutils/client_test.go:98: unnecessary leading newline (whitespace)
func (c *fakeLicensingClient) LoadLocalLicense(ctx context.Context, dclnt licensing.WrappedDockerClient) (*model.Subscription, error) {

cli/registry/client/fetcher.go:211: unnecessary leading newline (whitespace)
	for _, endpoint := range endpoints {
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 612d83d6df)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:57 +01:00
Sebastiaan van Stijn fbe24f3e54
cli/command/image: SA1006: printf-style with no further arguments (staticcheck)
cli/command/image/build.go:434:32: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck)
    		fmt.Fprintf(dockerCli.Out(), imageID)
    		                             ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 709728e723)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:49 +01:00
Sebastiaan van Stijn acec6cb56f
cli/command/image/build: G107: Potential HTTP request made with variable url (gosec)
cli/command/image/build/context.go:235: G107: Potential HTTP request made with variable url (gosec)
    	if resp, err = http.Get(url); err != nil {

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0e4bd30cfe)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:47 +01:00
Silvin Lubecki 98d2661522
cli/command/image/build/context_test.go:244:38: `createTestTempDir` - `prefix` always receives `"builder-context-test"` (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit b83545ebbc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:44 +01:00
Silvin Lubecki a3912a4713
cli/command/image/build_session.go:133:45: getBuildSharedKey - result 1 (error) is always nil (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit 75c60c1af7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:36 +01:00
Silvin Lubecki 20ae2a6c4e
cli/command/image/build_buildkit.go:450:56: parseSSH - result 1 (error) is always nil (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit 28ac2f82c6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:36 +01:00
Silvin Lubecki 9c7b701de5
cli/command/image/build/context_test.go:252:71: `createTestTempFile` - `perm` always receives `0777` (`511`) (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit 0ce2eae5a2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:35 +01:00
Silvin Lubecki 6f91e46b7b
cli/command/image/build/context_test.go:244:38: `createTestTempDir` - `dir` always receives `""` (unparam)
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
(cherry picked from commit 70bd64d037)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-06 13:16:35 +01:00
Tibor Vass 25168137bd vendor: update buildkit to docker-19.03
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-24 00:36:30 +00:00
Tibor Vass c15fb3a8e5
vendor buildkit to f238f1e
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 529ef6e89a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 18:43:13 -07:00
Tibor Vass 8758cdca10
build: add --platform local
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit daca70d820)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 09:13:25 -07:00
Tibor Vass 529b1e7ec7
build: honor BUILDKIT_PROGRESS env config
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8adcedd658)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 09:13:17 -07:00
Tibor Vass 45ec86b10f vendor github.com/docker/docker to bcaa613d823
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-03 20:57:18 +00:00
Sebastiaan van Stijn 7ad850e58d
Merge pull request #1800 from tonistiigi/update-buildkit
vendor: update buildkit to 62e55427
2019-04-03 16:56:05 +02:00
Tonis Tiigi 198407c56b vendor: update buildkit to 62e55427
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-04-02 23:40:56 -07:00
Nao YONASHIRO 446762dc19 test: add filepathMatches test
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:22:11 +09:00
Nao YONASHIRO b41ddc6058 feat: improves ValidateContextDirectory performance
Signed-off-by: Nao YONASHIRO <owan.orisano@gmail.com>
2019-03-28 01:20:42 +09:00
Lifubang 06e250d37b add test case for DetectArchiveReader
Signed-off-by: Lifubang <lifubang@acmcoder.com>
2019-03-21 15:38:31 -07:00
Kir Kolyshkin 0c20554f69 image build: fix archive detection
As pointed out in #1459, docker cli fails to detect that the input is a tarball,
in case it is generated by `git archive --format=tgz`.

This happens because `git archive` adds some metadata to the initial tar header,
and so it is more than 1 block (of 512 bytes) long, while we only provide 1 block
to archive/tar.Next() and it fails.

To fix, give it 2 blocks :)

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-03-21 15:38:07 -07:00
Tonis Tiigi ca6eb5049b build: allow setting buildkit outputs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-21 10:27:59 -07:00
Sebastiaan van Stijn f2424bd375
Fix labels copying value from environment variables
This patch fixes a bug where labels use the same behavior as `--env`, resulting
in a value to be copied from environment variables with the same name as the
label if no value is set (i.e. a simple key, no `=` sign, no value).

An earlier pull request addressed similar cases for `docker run`;
2b17f4c8a8, but this did not address the
same situation for (e.g.) `docker service create`.

Digging in history for this bug, I found that use of the `ValidateEnv`
function for  labels was added in the original implementation of the labels feature in
abb5e9a077 (diff-ae476143d40e21ac0918630f7365ed3cR34)

However, the design never intended it to expand environment variables,
and use of this function was either due to either a "copy/paste" of the
equivalent `--env` flags, or a misunderstanding (the name `ValidateEnv` does
not communicate that it also expands environment variables), and the existing
`ValidateLabel` was designed for _engine_ labels (which required a value to
be set).

Following the initial implementation, other parts of the code followed
the same (incorrect) approach, therefore leading the bug to be introduced
in services as well.

This patch:

- updates the `ValidateLabel` to match the expected validation
  rules (this function is no longer used since 31dc5c0a9a),
  and the daemon has its own implementation)
- corrects various locations in the code where `ValidateEnv` was used instead of `ValidateLabel`.

Before this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker service inspect --format '{{json .Spec.Labels}}' test
{"SOME_ENV_VAR":"I_AM_SOME_ENV_VAR"}
```

After this patch:

```bash
export SOME_ENV_VAR=I_AM_SOME_ENV_VAR
docker service create --label SOME_ENV_VAR --tty --name test busybox

docker container inspect --format '{{json .Config.Labels}}' test
{"SOME_ENV_VAR":""}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 03:01:57 +01:00
Tonis Tiigi 2caffb12c7 build: enable platform flag for build if buildkit
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-03-18 10:37:08 -07:00
Silvin Lubecki b1d27091e5
Merge pull request #1515 from sw-pschmied/1514-prevent-replacing-irregular-files
Prevent overwriting irregular files (cp, save, export commands)
2019-02-07 10:05:02 +01:00
Philipp Schmied 7632776b35 Prevent overwriting irregular files (cp, save, export commands)
Signed-off-by: Philipp Schmied <pschmied@schutzwerk.com>
2019-02-07 09:17:35 +01:00
Tonis Tiigi 27b2797f7d Remove docker api dependency from cli/config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-01-31 21:25:43 +00:00
Silvin Lubecki eb0ba4f8d5 Extract streams helpers from command package to their own package to remove a cyclic dependency from command to internal/containerizedengine
Aliasing old types
* streams.InStream -> streams.In
* streams.NewInStream -> streams.NewIn
* streams.OutStream -> streams.Out
* streams.NewOutStream -> streams.NewOut

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-01-28 14:36:00 +01:00
Vincent Demeester dd3407b6cc
Add option to pull images quietly
Add `--quiet` to the `docker image pull` subcommand that will not pull
the image quietly.

```
$ docker pull -q golang
Using default tag: latest
```

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-12-19 13:48:41 +01:00
Tibor Vass b991b6236a prune: use filters.Args.Clone()
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-12-10 16:48:59 +00:00
Sebastiaan van Stijn 1e1dd5bca4
Fix panic when pruning images with label-filter
Before this change:

    docker image prune --force --filter "label=foobar"
    panic: assignment to entry in nil map

    goroutine 1 [running]:
    github.com/docker/cli/vendor/github.com/docker/docker/api/types/filters.Args.Add(...)
    /go/src/github.com/docker/cli/vendor/github.com/docker/docker/api/types/filters/parse.go:167
    github.com/docker/cli/cli/command/image.runPrune(0x1db3a20, 0xc000344cf0, 0x16e0001, 0xc00015e600, 0x4, 0x3, 0xc00024e160, 0xc000545c70, 0x5ab4b5)
    /go/src/github.com/docker/cli/cli/command/image/prune.go:79 +0xbaf
    github.com/docker/cli/cli/command/image.NewPruneCommand.func1(0xc00029ef00, 0xc0004a8180, 0x0, 0x3, 0x0, 0x0)
    /go/src/github.com/docker/cli/cli/command/image/prune.go:32 +0x64
    github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).execute(0xc00029ef00, 0xc000038210, 0x3, 0x3, 0xc00029ef00, 0xc000038210)
    /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:762 +0x473
    github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc000127180, 0xc000272770, 0x1836ce0, 0xc000272780)
    /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:852 +0x2fd
    github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).Execute(0xc000127180, 0xc000127180, 0x1d60880)
    /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:800 +0x2b
    main.main()
    /go/src/github.com/docker/cli/cmd/docker/docker.go:180 +0xdc

With this patch applied:

    docker image prune --force --filter "label=foobar"
    Total reclaimed space: 0B

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-07 17:56:31 +01:00
Tibor Vass 6c10abb247 prune: move image pruning before build cache pruning
This is cleaner because running system prune twice in a row
now results in a no-op the second time.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-11-21 05:33:36 +00:00
Vincent Demeester 69fdd2a4ad
formatter package heavy refactoring
- make it possible to extract the formatter implementation from the
  "common" code, that way, the formatter package stays small
- extract some formatter into their own packages

This is essentially moving the "formatter" implementation of each type
in their respective packages. The *main* reason to do that, is to be
able to depend on `cli/command/formatter` without depending of the
implementation detail of the formatter. As of now, depending on
`cli/command/formatter` means we depend on `docker/docker/api/types`,
`docker/licensing`, … — that should not be the case. `formatter`
should hold the common code (or helpers) to easily create formatter,
not all formatter implementations.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-10-23 17:05:44 +02:00
Tibor Vass 3e8c41beb0 build: update session support detection
Avoid testing for session support in non-buildkit builder to support
servers that falsely report as `1.39` compatible

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-10-22 20:52:56 +00:00
Tibor Vass bbd01fe3df build: only show buildkit-specific flags if buildkit is enabled
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-10-10 21:09:22 +00:00
Tibor Vass ab50c2f2b2
Merge pull request #1419 from AkihiroSuda/dfssh
build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
2018-10-09 13:43:27 -07:00
Li Yi 814ced4b30 Using strings.Builder instead of string appending
Signed-off-by: Li Yi <denverdino@gmail.com>
2018-10-09 10:38:21 +08:00
Akihiro Suda db7399a016 build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.

  $ eval $(ssh-agent)
  $ ssh-add ~/.ssh/id_rsa
  (Input your passphrase here)
  $ docker build --ssh default=$SSH_AUTH_SOCK ...

This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .

Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.

However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".

The Dockerfile for the Dockerfile frontend is available at  github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .

An example Dockerfile with `RUN --mount=type=ssh`:

  # syntax = tonistiigi/dockerfile:ssh20181002
  FROM alpine
  RUN apk add --no-cache openssh-client
  RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
  # "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here

More info available at moby/buildkit#608, moby/buildkit#655

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-05 19:56:32 +09:00
Akihiro Suda 846c38cbd7 bump up buildkit
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-05 18:14:03 +09:00
John Howard b55a0b681f LCOW: --platform on import (already in API)
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-09-13 15:04:04 -07:00
Sebastiaan van Stijn a500c394df
Move "session" support out of experimental for API 1.39 and up
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-22 00:51:19 +02:00
Sebastiaan van Stijn 60c75fda67
Remove "experimental" annotations for buildkit
BuildKit can now be enabled without the daemon having
experimental features enabled.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-22 00:38:59 +02:00
Anda Xu acf43b62b5 vendor dependency
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-20 15:32:25 -07:00
Anda Xu ef09ca8987 enable buildkit as builder from daemon; no env var needs to be set
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-20 11:59:39 -07:00
Tibor Vass 50f918801f build: Remove API requirement for --progress as it is CLI only
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 16:24:02 +00:00
Tibor Vass c4c4825591 build: implement build secrets with buildkit
This patch implements `docker build --secret id=mysecret,src=/secret/file`
for buildkit frontends that request the mysecret secret.

It is currently implemented in the tonistiigi/dockerfile:secrets20180808
frontend via RUN --mount=type=secret,id=mysecret

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 14:01:32 +00:00