Commit Graph

9552 Commits

Author SHA1 Message Date
Jonathan A. Sternberg 8f45f1495c
command: include default otel error handler for the cli
This adds a default otel error handler for the cli in the debug package.
It uses logrus to log the error on the debug level and should work out
of the box with the `--debug` flag and `DEBUG` environment variable.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-04-03 12:01:28 -05:00
Bjorn Neergaard e3f45bf68f
Merge pull request #4972 from vvoland/community-slack
CONTRIBUTING.md: update Slack link
2024-03-28 14:25:54 -06:00
Laura Brehm 400a8bb4a2
Merge pull request #4940 from krissetto/otel-init
Initial otel implementation
2024-03-28 17:21:00 +00:00
Christopher Petito efd82e1e31 Initial otel impl using our utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:23:01 +00:00
Christopher Petito b6e2eca4b8 Enable overriding of the otel exporter otlp endpoint via env var for testing purposes
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:53 +00:00
Christopher Petito 160f65d9db Added some telemetry utils
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-03-28 16:22:43 +00:00
Paweł Gronowski 9a1b0f8bb3
CONTRIBUTING.md: update Slack link
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-28 09:38:11 +01:00
Laura Brehm b8d5454963
Merge pull request #4957 from Benehiko/prompt-test-flakiness
fix: flaky prompt termination on reader close test
2024-03-26 13:03:02 +00:00
Alano Terblanche 7ea10d5ced
refactor: prompt tests
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-26 10:07:01 +01:00
Bjorn Neergaard b39bbb4e3b
Merge pull request #4889 from jsternberg/universal-telemetry-client
cli: add otel sdk tracing and metric providers to the core cli
2024-03-25 10:47:06 -06:00
Jonathan A. Sternberg 89db01ef97
cli: add otel sdk tracing and metric providers to the core cli
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.

At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.

This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-25 11:11:34 -05:00
Sebastiaan van Stijn b4d03289a7
Merge pull request #4933 from Xeonacid/riscv-CGO_ENABLED
Set CGO_ENABLED=1 on riscv64
2024-03-25 12:04:11 +01:00
Bjorn Neergaard 799bf52680
Merge pull request #4376 from laurazard/plugin-hooks
Introduce support for CLI plugin hooks
2024-03-22 14:34:14 -06:00
Laura Brehm c5016c6d5b
cli-plugins: Introduce support for hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-03-22 17:30:18 +00:00
Bjorn Neergaard ac5421665f
Merge pull request #4963 from neersighted/plugin_comments
plugin: drop explicit unlink
2024-03-22 10:19:25 -06:00
Paweł Gronowski 3a8f292a3f
Merge pull request #4961 from vvoland/vendor-master-docker-v26.0.0
vendor: github.com/docker/docker v26.0.0
2024-03-22 17:15:02 +01:00
Bjorn Neergaard 509123f935
plugin: drop explicit unlink
Go's `net` package [will unlink][1] for us, as long as we used Listen &
friends to create the Unix socket.

Go will even skip the unlink when the socket appears to be abstract
(starts with a NUL, represented by an @), though we must be cautious to
only create sockets with an abstract address on platforms that actually
support it -- this caused [several][2] [bugs][3] before.

  [1]: https://pkg.go.dev/net#UnixListener.SetUnlinkOnClose
  [2]: https://github.com/docker/cli/pull/4783
  [3]: https://github.com/docker/cli/pull/4863

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-03-22 10:12:40 -06:00
Bjorn Neergaard 9aae5e4f6b
Merge pull request #4960 from neersighted/plugin_comments
plugin: update/improve process lifecycle documentation
2024-03-22 08:54:26 -06:00
Paweł Gronowski fdb48a0664
vendor: github.com/docker/docker v26.0.0
no changes in vendored files

full diff: https://github.com/docker/docker/compare/8b79278316b5...v26.0.0

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-22 11:41:42 +01:00
Bjorn Neergaard 542e82caeb
plugin: update/improve process lifecycle documentation
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-03-22 01:07:05 -06:00
Bjorn Neergaard 318911b404
Merge pull request #4905 from cpuguy83/plugin_notify_conn_cleanup
plugin: closer-based plugin notification socket
2024-03-21 21:52:30 -06:00
Brian Goff d68cc0e8d0
plugin: closer-based plugin notification socket
This changes things to rely on a plugin server that manages all
connections made to the server.

An optional handler can be passed into the server when the caller wants
to do extra things with the connection.

It is the caller's responsibility to close the server.
When the server is closed, first all existing connections are closed
(and new connections are prevented).

Now the signal loop only needs to close the server and not deal with
`net.Conn`'s directly (or double-indirects as the case was before this
change).

The socket, when present in the filesystem, is no longer unlinked
eagerly, as reconnections require it to be present for the lifecycle of
the plugin server.

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-03-21 15:08:19 -06:00
Alano Terblanche 4468148f37
Merge pull request #4891 from Lussebullen/test-coverage
Add tests for increased coverage.
2024-03-21 16:05:27 +01:00
Alano Terblanche d2ea5adfe4
fix: flaky prompt termination on reader close test
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-21 10:53:30 +01:00
Mathias Duedahl ccfd0b2cc2 test/ Improve test coverage in volume.go
Co-authored-by: Adam Siraj <40822894+asirago@users.noreply.github.com>
Co-authored-by: Emil Sjölander <72094310+emilsjol@users.noreply.github.com>
Co-authored-by: Omar Askar Vergara <71982892+Omar-AV@users.noreply.github.com>
Co-authored-by: Emir Catir <emir.catir@gmail.com>

Signed-off-by: Mathias Duedahl <64321057+Lussebullen@users.noreply.github.com>
2024-03-20 19:53:33 +01:00
Bjorn Neergaard 2ae903e86c
Merge pull request #4929 from dvdksn/privileged-flag
docs: clarify what the --privileged flag does
2024-03-20 09:10:03 -06:00
Bjorn Neergaard 5931a2f592
Merge pull request #4956 from vvoland/vendor-docker-26.0.0-dev
vendor: github.com/docker/docker 8b79278316b5 (master)
2024-03-20 09:08:50 -06:00
Paweł Gronowski ed9dd75575
Merge pull request #4949 from akerouanton/remove-short-cid-alias
docs/deprecated: update status of short cid alias deprecation
2024-03-20 16:05:01 +01:00
Paweł Gronowski 69575f6175
vendor: github.com/docker/docker 8b79278316b5 (master)
no changes in vendored files

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-20 15:45:19 +01:00
Paweł Gronowski fa84cfd802
Merge pull request #4950 from vvoland/vendor-docker-26.0.0-rc3-dev
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
2024-03-19 14:40:12 +01:00
Paweł Gronowski b70a26deaf
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
full diff: 70e46f2c7c...330d777c53

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-19 14:31:41 +01:00
Paweł Gronowski 23563728bc
Merge pull request #4944 from thaJeztah/update_engine
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
2024-03-19 11:00:31 +01:00
Sebastiaan van Stijn ea3201c575
Merge pull request #4945 from thaJeztah/remove_gocompat
scripts/vendor: remove -compat=1.19
2024-03-18 12:29:42 +01:00
Sebastiaan van Stijn c050bf0909
Merge pull request #4946 from thaJeztah/bump_gofumpt
Dockerfile: update mvdan/gofumpt to v0.6.0
2024-03-18 12:24:26 +01:00
Paweł Gronowski 4eef4afbf4
Merge pull request #4893 from vvoland/deprecate-container
docs/deprecated: Deprecate Container fields in image inspect
2024-03-18 12:14:10 +01:00
Sebastiaan van Stijn 396a0823f8
Merge pull request #4947 from thaJeztah/fix_codeql
ci: fix CodeQL 2.16.4 autobuild
2024-03-18 12:07:08 +01:00
Albin Kerouanton f96d8e78c4 docs/deprecated: update status of short cid alias deprecation
Starting with API v1.45, the container short ID is removed from the
container Aliases.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-03-18 10:39:14 +01:00
Sebastiaan van Stijn b120b96ac7
ci: set DISABLE_WARN_OUTSIDE_CONTAINER=1 for CodeQL action
CodeQL autobuild uses the makefile, but outside of a container, so let's
set this variable to prevent it having to wait 10 seconds;

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 14:49:49 +01:00
Sebastiaan van Stijn 24186d8008
ci: fix CodeQL 2.16.4 autobuild
CodeQL 2.16.4's auto-build added support for multi-module repositories,
and is trying to be smart by searching for modules in every directory,
including vendor directories. If no module is found, it's creating one
which is ... not what we want, so let's give it a "go.mod".

Here's from a run in CI;

    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
    {
      "productName" : "CodeQL",
      "vendor" : "GitHub",
      "version" : "2.16.4",
      "sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
      "branches" : [
        "codeql-cli-2.16.4"
      ],
      "copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
      "unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
      "configFileLocation" : "/home/runner/.config/codeql/config",
      "configFileFound" : false,
      "features" : {
        "analysisSummaryV2Option" : true,
        "buildModeOption" : true,
        "bundleSupportsIncludeDiagnostics" : true,
        "featuresInVersionResult" : true,
        "indirectTracingSupportsStaticBinaries" : false,
        "informsAboutUnsupportedPathFilters" : true,
        "supportsPython312" : true,
        "mrvaPackCreate" : true,
        "threatModelOption" : true,
        "traceCommandUseBuildMode" : true,
        "v2ramSizing" : true,
        "mrvaPackCreateMultipleQueries" : true,
        "setsCodeqlRunnerEnvVar" : true
      }
    }

With 2.16.4, first it is unable to correlate files with the project, considering
them "stray" files;

    Attempting to automatically build go code
    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
    2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
    2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
    2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
    ...

It then tries to build the binary, but in go modules mode, which fails (it also
seems to be doing this for each and every directory);

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

    ./scripts/build/binary
    Building static docker-linux-amd64
    + go build -o build/docker-linux-amd64 -tags  osusergo pkcs11 -ldflags  -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
    cannot find package "github.com/docker/cli/cmd/docker" in any of:
        /opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
        /home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
    make: *** [Makefile:62: binary] Error 1
    2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
    2024/03/16 17:20:38 Build failed, continuing to install dependencies.
    2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
    2024/03/16 17:20:38 Import path is 'github.com/docker/cli'

If also seems to be doing this for ... every package?

    cat 0_codeql.log | grep 'you are not in a container' | wc -l
    497

After which it starts to create modules out of every directory;

    The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
    The code in opts seems to be missing a go.mod file. Attempting to initialize one...
    The code in service seems to be missing a go.mod file. Attempting to initialize one...
    The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
    The code in templates seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
    ...
    Skipping dependency package regexp.
    Skipping dependency package github.com/opencontainers/go-digest.
    Skipping dependency package github.com/distribution/reference.
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 14:27:10 +01:00
Sebastiaan van Stijn 48b5efee03
Dockerfile: update mvdan/gofumpt to v0.6.0
- full diff: https://github.com/mvdan/gofumpt/compare/v0.4.0...v0.6.0
- v0.6.0 release notes: https://github.com/mvdan/gofumpt/releases/tag/v0.6.0
- v0.5.0 release notes: https://github.com/mvdan/gofumpt/releases/tag/v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-17 13:48:13 +01:00
Sebastiaan van Stijn 38c3ff67aa
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
full diff: https://github.com/docker/docker/compare/v26.0.0-rc2...70e46f2c7c2df8d8cc483d9831a907b12efa201b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:53:20 +01:00
Sebastiaan van Stijn f8fc5b6bc3
scripts/vendor: remove -compat=1.19
We originally added this -compat to keep a consistent format of
the vendor.mod files for cases where there were differences
between go versions.

I don't think we really need this anymore, so let's remove.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:44:25 +01:00
Sebastiaan van Stijn a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
full diffs:

- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4

From the Go security announcement list;

> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.

In a follow-up post;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

govulncheck results in our code shows that this does not affect the CLI:

    govulncheck ./...
    Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 1 vulnerability in packages you import and 0
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn 115c8d56e5
vendor: github.com/containerd/containerd v1.7.14
no changes in vendored files, but now requires go1.21

full diff: https://github.com/containerd/containerd/compare/v1.7.13...v1.7.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:38 +01:00
Sebastiaan van Stijn 38fcd1ca63
Merge pull request #4943 from jsternberg/correct-build-command-path
builder: correct the command path for docker build
2024-03-16 15:30:43 +01:00
Jonathan A. Sternberg 9392831817
builder: correct the command path for docker build
The command path sent for `docker build` should be `docker` rather than
`docker build` to be consistent with the other command paths.

* `docker buildx build` has a command path of `docker buildx`
* `docker builder build` has a command path of `docker builder`
* `docker image build` has a command path of `docker image`

The reason this gets set to `docker buildx` rather than `docker buildx
build` is because the `build` portion of the command path is processed
by the plugin. So the command path only contains the portions of the
command path that were processed by this tool.

Since the `build` of `docker build` gets forwarded to `buildx`, it is
not included in the command path.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-15 11:36:38 -05:00
Paweł Gronowski 4e9abfecf5
Merge pull request #4916 from dvdksn/docs-typos-corrections
docs: typo fixes and other corrections
2024-03-14 13:20:39 +01:00
Paweł Gronowski dc4163fb1a
docs/deprecated: Deprecate Container fields in image inspect
See moby#46939

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-14 12:42:31 +01:00
Sebastiaan van Stijn 8adf1ddb86
Merge pull request #4928 from dvdksn/deprecate-nontls-tcp
docs: deprecate TCP connection without TLS
2024-03-14 12:29:42 +01:00
Paweł Gronowski c8e470057a
Merge pull request #4938 from thaJeztah/deprecate_legacy_images
deprecate legacy image formats
2024-03-14 12:20:17 +01:00