Commit Graph

9970 Commits

Author SHA1 Message Date
Will Wang a85a37e3f3
better to limit the scope of err
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-24 14:36:34 +08:00
Will Wang 40df26561b
use os.PathError to avoid an extra import
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-24 13:26:44 +08:00
Will Wang efaf3c92e6
extract path from error when NotExist error occurs
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-24 13:22:06 +08:00
Will Wang c6d1de3397
allow for dangling symlinks
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-24 12:10:32 +08:00
Will Wang 115fdd979b
Update cli/config/configfile/file.go
use filepath.EvalSymlink instead of check with filepath.IsAbs

Co-authored-by: Paweł Gronowski <me@woland.xyz>
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-23 23:17:09 +08:00
Will Wang c90705a413
fix bug with config file being a relative symlink
Signed-off-by: Will Wang <willww64@gmail.com>
2024-07-23 22:16:41 +08:00
Paweł Gronowski a69c0365b6
Merge pull request #5273 from thaJeztah/vendor_containerd_1.7.20
vendor: github.com/containerd/containerd v1.7.20
2024-07-23 14:59:23 +02:00
Laura Brehm 8f20c9a238
Merge pull request #5259 from thaJeztah/move_file_warning
cli/config/credentials: move warning to fileStore
2024-07-22 17:59:14 +01:00
Sebastiaan van Stijn d5f90ed547
Merge pull request #5236 from thaJeztah/cleanup_run_errors
cli/command/container: remove reportError, and put StatusError to use
2024-07-22 17:56:16 +02:00
Sebastiaan van Stijn 6559d86217
Merge pull request #5145 from psaintlaurent/ENGINE-903
Add OomScoreAdj to "docker service create" and "docker compose"
2024-07-19 19:09:28 +02:00
plaurent aa2c2cd906 Allow for OomScoreAdj
Signed-off-by: plaurent <patrick@saint-laurent.us>
2024-07-19 13:02:01 -04:00
Sebastiaan van Stijn 401048b9cb
vendor: github.com/containerd/containerd v1.7.20
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.7.19...v1.7.20

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 19:01:54 +02:00
Sebastiaan van Stijn 5568565b54
Merge pull request #5098 from thaJeztah/custom_headers_env_var
add support for DOCKER_CUSTOM_HEADERS env-var (experimental)
2024-07-19 16:43:56 +02:00
Sebastiaan van Stijn 6638deb9d6
add support for DOCKER_CUSTOM_HEADERS env-var (experimental)
This environment variable allows for setting additional headers
to be sent by the client. Headers set through this environment
variable are added to headers set through the config-file (through
the HttpHeaders field).

This environment variable can be used in situations where headers
must be set for a specific invocation of the CLI, but should not
be set by default, and therefore cannot be set in the config-file.

WARNING: If both config and environment-variable are set, the environment
variable currently overrides all headers set in the configuration file.
This behavior may change in a future update, as we are considering the
environment variable to be appending to existing headers (and to only
override headers with the same name).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 15:04:26 +02:00
Sebastiaan van Stijn cd92610bca
Merge pull request #5268 from thaJeztah/add_macos_apple_silicon
gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)
2024-07-19 13:29:35 +02:00
Sebastiaan van Stijn 9617e8d0ce
gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 13:05:43 +02:00
Sebastiaan van Stijn ef8b0bf066
Merge pull request #5262 from thaJeztah/relax_pr_check
gha: check-pr-branch: verify major version only
2024-07-19 12:48:41 +02:00
Sebastiaan van Stijn 6d8fcbb233
gha: check-pr-branch: verify major version only
We'll be using release branches for minor version updates, so instead
of (e.g.) a 27.0 branch, we'll be using 27.x and continue using the
branch for minor version updates.

This patch changes the validation step to only compare against the
major version.

Co-authored-by: Cory Snider <corhere@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 12:19:57 +02:00
Sebastiaan van Stijn 659a3bebf2
Merge pull request #5264 from thaJeztah/bump_buildx_compose
Dockerfile: update buildx to v0.16.1, compose to v2.29.0
2024-07-19 10:22:33 +02:00
Sebastiaan van Stijn 77c0d83602
Dockerfile: update compose to v2.29.0
This is the version used in the dev-container, and for testing.

release notes: https://github.com/docker/compose/releases/tag/v2.29.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 02:44:06 +02:00
Sebastiaan van Stijn d00e1abf55
Dockerfile: update buildx to v0.16.1
This is the version used in the dev-container, and for testing.

release notes:
https://github.com/docker/buildx/releases/tag/v0.16.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 02:42:47 +02:00
Sebastiaan van Stijn ab80ea355f
cli/config/credentials: move warning to fileStore
The fileStore itself is aware that it's insecure, so we can make it
responsible for printing the warning. It's not "perfect", as we use
`os.Stderr` unconditionally (not `dockerCli.Err()`), but probably won't
make a difference in _most_ cases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 01:42:01 +02:00
Sebastiaan van Stijn 26b412e491
Merge pull request #5258 from thaJeztah/cleanup_unencrypted_warning
login: slightly cleanup warning about unencrypted store
2024-07-19 01:41:35 +02:00
Sebastiaan van Stijn fcefe44bda
login: slightly cleanup warning about unencrypted store
- Add an empty line before the warning to separate it from the command's output
- Use the `/go/` redirect URL that we have available.
- Put quotes around the filename used for storage.
- Use present tense for the message, as the message is printed while saving.
- User "credentials" instead of "password" for consistency with "credentials-store"

Before:

    docker login myregistry.example.com
    Username: thajeztah
    Password:
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credential-stores

    Login Succeeded

After:

    docker login myregistry.example.com
    Username: thajeztah
    Password:

    WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/go/credential-store/

    Login Succeeded

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-18 18:22:13 +02:00
Sebastiaan van Stijn a78ab63801
login: don't print "unencrypted" warning when failing to save credentials
If we fail to save credentials, make sure that the error about saving
doesn't get lost in the warning about credentials being stored unencrypted.

Also discard errors about printing the warning, as those would be unlikely,
and if they would occur, probably would fail to be printed as well.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-18 18:15:12 +02:00
Sebastiaan van Stijn 90058df305
cli/command/container: remove reportError, and put StatusError to use
The `reportError` utility was present because cli.StatusError would print
the error decorated with `Status: <error-message>, Code: <exit-code>`.
That was not desirable in many cases as it would mess-up the output. To
prevent this, the CLI had code to check for an empty `Status` (error message)
in which case the error would be "ignored" (and only used for the exit-status),
and the `reportError` utility would be used to manually print a custom error
message before returning the error.

Now that bca2090061 fixed the output format
of `cli.StatusError`, and 3dd6fc365d and
350a0b68a9 no longer discard these error,
we can get rid of this utility, and just set the error-message for
the status-error.

This patch:

- Introduces a `withHelp` which takes care of decorating errors with
  a "Run --help" hint for the user.
- Introduces a `toStatusError` utility that detects certain errors in
  the container to assign a corresponding exit-code (these error-codes
  can be used to distinguish "client" errors from "container" errors).
- Removes the `reportError` utility, and removes code that manually
  printed errors before returning.

Behavior is mostly unmodified, with the exception of some slight reformatting
of the errors:

- `withHelp` adds a `docker:` prefix to the error, to indicate the error
  is produced by the `docker` command. This prefix was already present
  in most cases.
- The "--help" hint is slightly updated ("Run 'docker run --help' for
  more information" instead of "See 'docker run --help'"), to make it
  more clear that it's a "call to action".
- An empty is added before the "--help" hint to separate it better from
  the error-message.

Before this patch:

    $ docker run --pull=invalid-option alpine
    docker: invalid pull option: 'invalid-option': must be one of "always", "missing" or "never".
    See 'docker run --help'.
    $ echo $?
    125

    $ docker run --rm alpine nosuchcommand
    docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "nosuchcommand": executable file not found in $PATH: unknown.
    $ echo $?
    127

With this patch:

    $ docker run --pull=invalid-option alpine
    docker: invalid pull option: 'invalid-option': must be one of "always", "missing" or "never"

    Run 'docker run --help' for more information
    $ echo $?
    125

    $ docker run --rm alpine nosuchcommand
    docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "nosuchcommand": executable file not found in $PATH: unknown.

    Run 'docker run --help' for more information
    $ echo $?
    127

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 15:59:30 +02:00
Sebastiaan van Stijn 07baebe90b
Merge pull request #5255 from thaJeztah/bump_docs_tool
vendor: github.com/docker/cli-docs-tool v0.8.0
2024-07-17 15:59:18 +02:00
Sebastiaan van Stijn 2da5f06962
Merge pull request #5238 from thaJeztah/completion_improvements
various improvements to shell completions
2024-07-17 15:35:14 +02:00
Sebastiaan van Stijn 64a3fb82dc
docs: fix typos and version for cli-docs-tool scripts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 15:25:37 +02:00
Sebastiaan van Stijn e3e9b99015
vendor: github.com/docker/cli-docs-tool v0.8.0
no changes in vendored code

full diff: https://github.com/docker/cli-docs-tool/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 15:23:23 +02:00
Sebastiaan van Stijn 05a808166b
Merge pull request #5233 from thaJeztah/nicer_errors
cli: FlagErrorFunc: don't print long usage output for invalid flags
2024-07-17 14:00:52 +02:00
Sebastiaan van Stijn f28fc7f82f
cli: FlagErrorFunc: don't print long usage output for invalid flags
When trying to use an invalid flag, the CLI currently prints the a short
error message, instructions to use the `--help` flag to learn about the
correct usage, followed by the command's usage output.

While this is a common convention, and may have been a nice gesture when
docker was still young and only had a few commands and options ("you did
something wrong, but here's an overview of what you can use"), that's no
longer the case, and many commands have a _very_ long output.

The result of this is that the error message, which is the relevant
information in this case - "You mis-typed something" - is lost in the
output, and hard to find (sometimes even requiring scrolling back).

The output is also confusing, because it _looks_ like something ran
successfully (most of the output is not about the error!).

Even further; the suggested resolution (try `--help` to see the correct
options) is rather redundant, because running teh command with `--help`
produces _exactly_ the same output as was just showh, baring the error
message. As a fun fact, due to the usage output being printed, the
output even contains not one, but _two_ "call to actions";

- `See 'docker volume --help'.` (under the erro message)
- `Run 'docker volume COMMAND --help' for more information on a command.`
  (under the usage output)

In short; the output is too verbose, confusing, and doesn't provide
a good UX. Let's reduce the output produced so that the focus is on the
important information.

This patch:

- Changes the usage to the short-usage.
- Prefixes the error message with the binary / root-command name
  (usually `docker:`) to be consistent with `unknon command`, and helps
  to distinguish where the message originated from (the `docker` CLI in
  this case).
- Adds an empty line between the error-message and the "call to action"
  (`Run 'docker volume --help' ...` in the example below). This helps
  separating the error message ("unkown flag") from the call-to-action.

Before this patch:

    docker volume --no-such-flag
    unknown flag: --no-such-flag
    See 'docker volume --help'.

    Usage:  docker volume COMMAND

    Manage volumes

    Commands:
      create      Create a volume
      inspect     Display detailed information on one or more volumes
      ls          List volumes
      prune       Remove unused local volumes
      rm          Remove one or more volumes
      update      Update a volume (cluster volumes only)

    Run 'docker volume COMMAND --help' for more information on a command.

With this patch:

    docker volume --no-such-flag
    docker: unknown flag: --no-such-flag

    Usage:  docker volume COMMAND

    Run 'docker volume --help' for more information

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 13:22:31 +02:00
Sebastiaan van Stijn b1c0ddca02
cli/command/container: add completion for --stop-signal
With this patch:

    docker run --stop-signal <TAB>
    ABRT  IOT      RTMAX-4   RTMIN     RTMIN+11  TSTP
    ALRM  KILL     RTMAX-5   RTMIN+1   RTMIN+12  TTIN
    BUS   PIPE     RTMAX-6   RTMIN+2   RTMIN+13  TTOU
    CHLD  POLL     RTMAX-7   RTMIN+3   RTMIN+14  URG
    CLD   PROF     RTMAX-8   RTMIN+4   RTMIN+15  USR1
    CONT  PWR      RTMAX-9   RTMIN+5   SEGV      USR2
    FPE   QUIT     RTMAX-10  RTMIN+6   STKFLT    VTALRM
    HUP   RTMAX    RTMAX-11  RTMIN+7   STOP      WINCH
    ILL   RTMAX-1  RTMAX-12  RTMIN+8   SYS       XCPU
    INT   RTMAX-2  RTMAX-13  RTMIN+9   TERM      XFSZ
    IO    RTMAX-3  RTMAX-14  RTMIN+10  TRAP

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:34 +02:00
Sebastiaan van Stijn d6f78cdbb1
cli/command/container: add completion for --volumes-from
With this patch:

    docker run --volumes-from amazing_nobel
    amazing_cannon     boring_wozniak         determined_banzai
    elegant_solomon    reverent_booth         amazing_nobel

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:34 +02:00
Sebastiaan van Stijn 7fe7223c2c
cli/command/container: add completion for --restart
With this patch:

    docker run --restart <TAB>
    always  no  on-failure  unless-stopped

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:34 +02:00
Sebastiaan van Stijn f30158dbf8
cli/command/container: add completion for --cap-add, --cap-drop
With this patch:

    docker run --cap-add <TAB>
    ALL                     CAP_KILL                CAP_SETUID
    CAP_AUDIT_CONTROL       CAP_LEASE               CAP_SYSLOG
    CAP_AUDIT_READ          CAP_LINUX_IMMUTABLE     CAP_SYS_ADMIN
    CAP_AUDIT_WRITE         CAP_MAC_ADMIN           CAP_SYS_BOOT
    CAP_BLOCK_SUSPEND       CAP_MAC_OVERRIDE        CAP_SYS_CHROOT
    CAP_BPF                 CAP_MKNOD               CAP_SYS_MODULE
    CAP_CHECKPOINT_RESTORE  CAP_NET_ADMIN           CAP_SYS_NICE
    CAP_CHOWN               CAP_NET_BIND_SERVICE    CAP_SYS_PACCT
    CAP_DAC_OVERRIDE        CAP_NET_BROADCAST       CAP_SYS_PTRACE
    CAP_DAC_READ_SEARCH     CAP_NET_RAW             CAP_SYS_RAWIO
    CAP_FOWNER              CAP_PERFMON             CAP_SYS_RESOURCE
    CAP_FSETID              CAP_SETFCAP             CAP_SYS_TIME
    CAP_IPC_LOCK            CAP_SETGID              CAP_SYS_TTY_CONFIG
    CAP_IPC_OWNER           CAP_SETPCAP             CAP_WAKE_ALARM

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:33 +02:00
Sebastiaan van Stijn e4dd8b1898
cli/context/store: Names(): fix panic when called with nil-interface
Before this, it would panic when a nil-interface was passed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:33 +02:00
Sebastiaan van Stijn 42b68a3ed7
cmd/docker: fix completion for --context
registerCompletionFuncForGlobalFlags was called from newDockerCommand,
at which time no context-store is initialized yet, so it would return
a nil value, probably resulting in `store.Names` to panic, but these
errors are not shown when running the completion. As a result, the flag
completion would fall back to completing from filenames.

This patch changes the function to dynamically get the context-store;
this fixes the problem mentioned above, because at the time the completion
function is _invoked_, the CLI is fully initialized, and does have a
context-store available.

A (non-exported) interface is defined to allow the function to accept
alternative implementations (not requiring a full command.DockerCLI).

Before this patch:

    docker context create one
    docker context create two

    docker --context <TAB>
    .DS_Store                   .idea/                      Makefile
    .dockerignore               .mailmap                    build/
    ...

With this patch:

    docker context create one
    docker context create two

    docker --context <TAB>
    default  one      two

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:33 +02:00
Sebastiaan van Stijn 162d9748b9
cli/command/container: provide flag-completion for "docker create"
"docker run" and "docker create" are mostly identical, so we can copy
the same completion functions,

We could possibly create a utility for this (similar to `addFlags()` which
configures both commands with the flags they share). I considered combining
his with `addFlags()`, but that utility is also used in various tests, in
which we don't need this feature, so keeping that for a future exercise.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:33 +02:00
Sebastiaan van Stijn 5e7bcbeac6
cli/command/completion: add FromList utility
It's an alias for cobra.FixedCompletions but takes a variadic list
of strings, so that it's not needed to construct an array for this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:33 +02:00
Sebastiaan van Stijn e3427f341b
cli/command/completion: add EnvVarNames utility
EnvVarNames offers completion for environment-variable names. This
completion can be used for "--env" and "--build-arg" flags, which
allow obtaining the value of the given environment-variable if present
in the local environment, so we only should complete the names of the
environment variables, and not their value. This also prevents the
completion script from printing values of environment variables
containing sensitive values.

For example;

    export MY_VAR=hello
    docker run --rm --env MY_VAR alpine printenv MY_VAR
    hello

Before this patch:

    docker run --env GO
    GO111MODULE=auto        GOLANG_VERSION=1.21.12  GOPATH=/go              GOTOOLCHAIN=local

With this patch:

    docker run --env GO<tab>
    GO111MODULE     GOLANG_VERSION  GOPATH          GOTOOLCHAIN

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:32 +02:00
Sebastiaan van Stijn 9207ff1046
cli/command/completion: add FileNames utility
This is just a convenience function to allow defining completion to
use the default (complete with filenames and directories).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:32 +02:00
Sebastiaan van Stijn eed0e5b02a
cli/command/container: NewRunCommand: slight cleanup of completion
- explicitly suppress unhandled errors
- remove names for unused arguments

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-17 01:25:32 +02:00
Sebastiaan van Stijn ce4469a696
Merge pull request #5234 from thaJeztah/nicer_missing_commands
cli: improve output and consistency for unknown (sub)commands
2024-07-17 01:22:03 +02:00
Sebastiaan van Stijn 45fc3b33eb
Merge pull request #5251 from thaJeztah/bump_engine
vendor: github.com/docker/docker aae044039ca4 (master, v-next)
2024-07-17 00:20:13 +02:00
Sebastiaan van Stijn e8baee9c7c
vendor: github.com/docker/docker aae044039ca4 (master, v-next)
full diff: 508cc7c612...aae044039c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-16 19:01:14 +02:00
Sebastiaan van Stijn a77ba7eda8
vendor: google.golang.org/genproto/googleapis/api 49dd2c1f3d0b
No changes in vendored files. This one got out of sync with the other modules
from the same repository.

full diff: d307bd883b...49dd2c1f3d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-16 19:00:14 +02:00
Sebastiaan van Stijn caa5d15e98
vendor: github.com/prometheus/procfs v0.15.1
full diff: https://github.com/prometheus/procfs/compare/v0.12.0...v0.15.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-16 18:46:30 +02:00
Sebastiaan van Stijn 0f712827f1
vendor: github.com/containerd/containerd v1.7.19
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.7.18...v1.7.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-16 18:45:37 +02:00
Sebastiaan van Stijn b28a1cd029
vendor: golang.org/x/sync v0.7.0
no changes in vendored code

full diff: https://github.com/golang/sync/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-16 18:44:28 +02:00