Commit Graph

9446 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 1609916f2c
Revert "Dockerfile/binary: Output the binary directly"
Looks like this change caused docker-ce-packaging to fail;

    dest=$PWD/build/mac; cd /home/ubuntu/workspace/release-packaging_ce-nightly/packaging/src/github.com/docker/cli/build && for platform in *; do \
        arch=$(echo $platform | cut -d_ -f2); \
        mkdir -p $dest/$arch/docker; \
        cp $platform/docker-darwin-* $dest/$arch/docker/docker && \
        tar -C $dest/$arch -c -z -f $dest/$arch/docker-25.0.0-rc.2.tgz docker; \
    done
    cp: cannot stat 'darwin_amd64/docker-darwin-*': No such file or directory
    cp: cannot stat 'darwin_arm64/docker-darwin-*': No such file or directory

This reverts commit 6ad07f2a4b.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 22:39:30 +01:00
Sebastiaan van Stijn ff25c4334b
Revert "ci: Add bin-image workflow"
This reverts commit 15d4c99f38.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 22:39:05 +01:00
Sebastiaan van Stijn 688de6db16
Merge pull request #4769 from laurazard/signal-handling-fix-tty
plugins: run plugin with new process group ID
2024-01-12 22:06:23 +01:00
Laura Brehm ef5e5fa03f
plugins: run plugin with new process group ID
Changes were made in 1554ac3b5f to provide
a mechanism for the CLI to notify running plugin processes that they
should exit, in order to improve the general CLI/plugin UX. The current
implementation boils down to:
1. The CLI creates a socket
2. The CLI executes the plugin
3. The plugin connects to the socket
4. (When) the CLI receives a termination signal, it uses the socket to
   notify the plugin that it should exit
5. The plugin's gets notified via the socket, and cancels it's `cmd.Context`,
   which then gets handled appropriately

This change works in most cases and fixes the issue it sets out to solve
(see: https://github.com/docker/compose/pull/11292) however, in the case
where the user has a TTY attached and the plugin is not already handling
received signals, steps 4+ changes:
4. (When) the CLI receives a termination signal, before it can use the
   socket to notify the plugin that it should exit, the plugin process
   also receives a signal due to sharing the pgid with the CLI

Since we now have a proper "job control" mechanism, we can simplify the
scenarios by executing the plugins with their own process group id,
thereby removing the "double notification" issue and making it so that
plugins can handle the same whether attached to a TTY or not.

In order to make this change "plugin-binary" backwards-compatible, in
the case that a plugin does not connect to the socket, the CLI passes
the signal to the plugin process.

Co-authored-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 13:53:28 -07:00
Sebastiaan van Stijn ad12276ea0
Merge pull request #4783 from laurazard/fix-no-abstract-sockets
cli-plugins: don't use abstract sockets on macOS
2024-01-12 21:40:06 +01:00
Sebastiaan van Stijn a226502619
Merge pull request #4784 from thaJeztah/vendor_containerd
vendor: github.com/containerd/containerd v1.7.12
2024-01-12 21:14:36 +01:00
Bjorn Neergaard 6d0b329b0d
cli-plugins: use non-abstract socket on darwin
As macOS does not support the abstract socket namespace, use a temporary
socket in $TMPDIR to connect with the plugin. Ensure this socket is
cleaned up even in the case of crash/ungraceful termination by removing
it after the first connection is accepted.

Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 12:30:27 -07:00
Bjorn Neergaard dbf992f91f
cli-plugins: move socket code into common package
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-01-12 11:49:25 -07:00
Sebastiaan van Stijn 8b6ffbdf77
vendor: github.com/containerd/containerd v1.7.12
- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 19:31:12 +01:00
Sebastiaan van Stijn 52b740ac27
Merge pull request #4781 from thaJeztah/bump_buildx_compose
Dockerfile: update buildx to v0.12.1
2024-01-12 18:32:47 +01:00
Sebastiaan van Stijn d469be256e
Merge pull request #4752 from vvoland/ci-bin-image
ci: Add bin-image workflow
2024-01-12 15:50:30 +01:00
Sebastiaan van Stijn ccc7ad2f2c
Dockerfile: update buildx to v0.12.1
Update the version of buildx used in CI to the latest version.

- full diff: https://github.com/docker/buildx/compare/v0.12.0...v0.12.1
- release notes: https://github.com/docker/buildx/releases/tag/v0.12.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 15:29:58 +01:00
Sebastiaan van Stijn 708d1136d6
Merge pull request #4782 from thaJeztah/bump_compose
Dockerfile: update docker compose to v2.24.0
2024-01-12 15:29:33 +01:00
Sebastiaan van Stijn fdcb78a0fe
Dockerfile: update docker compose to v2.24.0
Update the version of compose used in CI to the latest version.

- full diff: https://github.com/docker/compose/compare/v2.22.0...v2.24.0
- release notes: https://github.com/docker/compose/releases/tag/v2.24.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 14:39:08 +01:00
Paweł Gronowski 15d4c99f38
ci: Add bin-image workflow
Build and push an image containing a static CLI binary for master branch
and every release branch and tag.

This is a slightly adjusted copy of the bin-image workflow from
docker/buildx (by @crazy-max).

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:20 +01:00
Paweł Gronowski ecf338f43b
scripts/build: Handle VERSION containing git ref
Transform `VERSION` variable if it contains a git ref.
This is the same as moby does (with "<<<" bashism removed).

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:18 +01:00
Paweł Gronowski 6ad07f2a4b
Dockerfile/binary: Output the binary directly
`scripts/make/binary` produces `docker` file that is a symlink to a
`docker-<platform>` file.
Make the `binary` Dockerfile target produce an image that only contains
the `docker` binary and not the symlink.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-12 12:28:15 +01:00
Sebastiaan van Stijn 859154b94c
Merge pull request #4778 from thaJeztah/cmd_docker_smaller_interface
cmd/docker: registerCompletionFuncForGlobalFlags: take store.Store as argument
2024-01-11 22:50:47 +01:00
Sebastiaan van Stijn 76e09dd44b
Merge pull request #4777 from thaJeztah/pluginmanager_smaller_interface
cli-plugins/manager: getPluginDirs: take ConfigFile as argument
2024-01-11 22:50:31 +01:00
Sebastiaan van Stijn a745bffb86
Merge pull request #4776 from thaJeztah/fix_shadow
cli-plugins: helloworld: rename var that collided with import
2024-01-11 22:50:12 +01:00
Sebastiaan van Stijn e5d225de16
Merge pull request #4775 from thaJeztah/move_main
cmd/docker: move main() to the top
2024-01-11 22:49:48 +01:00
Sebastiaan van Stijn 0e37dd49f0
cmd/docker: registerCompletionFuncForGlobalFlags: take store.Store as argument
Update this function to accept a smaller interface, as it doesn't need
all of "CLI". Also return errors encountered during its operation (although
the caller currently has no error return on its own).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:31:17 +01:00
Sebastiaan van Stijn c0a0b05dc8
cli-plugins: helloworld: rename var that collided with import
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:25:15 +01:00
Sebastiaan van Stijn 11b2e871bc
cmd/docker: move main() to the top
It was hidden half-way the file; let's move it to the top, where I'd expect
to find it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 22:19:17 +01:00
Sebastiaan van Stijn 4dc2c895b1
cli-plugins/manager: getPluginDirs: take ConfigFile as argument
Update this function to accept a smaller interface, as it doesn't need
all of "CLI".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 18:15:30 +01:00
Sebastiaan van Stijn c825db8a69
Merge pull request #4773 from thaJeztah/daemon_fix_env_table
docs: dockerd: fix markdown table, and rephrase environment-variables intro
2024-01-11 15:31:56 +01:00
Sebastiaan van Stijn 79992184e0
docs: dockerd: rephrase environment-variables intro
Slightly rephrase the intro (remove "easy reference"), and cross-reference
the corresponding section on the docker CLI page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 14:55:16 +01:00
Sebastiaan van Stijn 4d2b4e7fba
docs: dockerd: fix stray column-separateor in env-var table
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-11 13:54:39 +01:00
Sebastiaan van Stijn 5a31004bdb
Merge pull request #4772 from thaJeztah/update_credential_helpers
vendor: github.com/docker/docker-credential-helpers v0.8.1
2024-01-10 23:00:53 +01:00
Sebastiaan van Stijn a5e5563f13
vendor: github.com/docker/docker-credential-helpers v0.8.1
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 22:35:03 +01:00
Sebastiaan van Stijn bc6b9d9c4b
Merge pull request #4766 from thaJeztah/update_golang_1.21.6
update to go1.21.6
2024-01-10 17:59:42 +01:00
Sebastiaan van Stijn 4f49508861
update to go1.21.6
go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and
the crypto/tls, maps, and runtime/pprof packages. See the Go 1.21.6 milestone on
our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 09:41:03 +01:00
Sebastiaan van Stijn cfe18f5e03
Merge pull request #4760 from thaJeztah/improve_asserts
cli/compose/loader: use golden.Assert() for readability
2024-01-08 16:59:16 +01:00
Sebastiaan van Stijn 26f59b2f66
cli/compose/loader: use golden.Assert() for readability
golden.AssertBytes prints the failure as a bytes-array, which makes
it not human-readable; let's compare strings instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 14:16:19 +01:00
Sebastiaan van Stijn 5c6ca07208
Merge pull request #4758 from thaJeztah/bump_assorted
vendor: update some (test) dependencies
2024-01-08 12:39:50 +01:00
Sebastiaan van Stijn 9db56ea2f6
vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
removes dependency on golang.org/x/sys/execabs

full diff:

- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
Sebastiaan van Stijn efae960e5a
vendor: golang.org/x/net v0.19.0
drops various code to support go1.17 and older

full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn 996cce9098
vendor: golang.org/x/sync v0.6.0
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
Sebastiaan van Stijn 4b10e55256
vendor: github.com/google/go-cmp v0.6.0
- removes purego fallbacks

full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:25:45 +01:00
Sebastiaan van Stijn 1ebc233b4b
vendor: github.com/creack/pty v1.1.21
full diff: https://github.com/creack/pty/compare/v1.18.0...v1.21.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:22:09 +01:00
Sebastiaan van Stijn 4b06a93c5e
Merge pull request #4757 from thaJeztah/go_connection_0.5.0
vendor: github.com/docker/go-connections v0.5.0
2024-01-05 23:01:04 +01:00
Sebastiaan van Stijn b4fe77a124
vendor: github.com/docker/go-connections v0.5.0
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:25:04 +01:00
Sebastiaan van Stijn acbc2540ae
Merge pull request #4748 from thaJeztah/update_nosec
change back nolint -> nosec
2024-01-05 17:17:10 +01:00
Paweł Gronowski 1df7161b4b
Merge pull request #4756 from dvdksn/fix-run-flag-example-heading-levels
docs: fix incorrect heading levels in docker run reference
2024-01-05 16:52:29 +01:00
David Karlsson 909111b3ad docs: fix incorrect heading levels in docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-01-05 16:41:26 +01:00
Sebastiaan van Stijn 26e3eb32ce
Merge pull request #4753 from thaJeztah/bump_engine
vendor: github.com/docker/docker v25.0.0-rc.1
2024-01-05 14:56:51 +01:00
Sebastiaan van Stijn b36c16d38d
Merge pull request #4754 from thaJeztah/fix_seccomp_defaults
cli/command/container: parseSecurityOpts: fix --security-opt seccomp=builtin
2024-01-05 14:30:33 +01:00
Sebastiaan van Stijn bce868bdfd
Merge pull request #4252 from ChrisChinchilla/chrisward/cmd-build-refresh
Docker build command docs refresh
2024-01-05 14:30:05 +01:00
Sebastiaan van Stijn b43ea528b8
vendor: github.com/docker/docker v25.0.0-rc.1
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.3...v25.0.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:23:48 +01:00
Sebastiaan van Stijn 6d0aa0a52d
cli/command/container: parseSecurityOpts: fix --security-opt seccomp=builtin
Docker v23.0 and up allow the daemon to be configured to have seccomp disabled
by default (using the "unconfined" profile as default), and introduced a new
"builtin" profile-name for the default (see [moby@f8795ed364586acd][1] and
[mnoby@ac449d6b5ad29a50][2]).

However, the CLI had no special handling for the "builtin" profile, which
resulted in it trying to load it as a file, which would fail;

    docker run -it --rm --security-opt seccomp=builtin busybox
    docker: opening seccomp profile (builtin) failed: open builtin: no such file or directory.
    See 'docker run --help'.

This patch adds a special case for the "builtin" profile, to allow using the
default profile on daemons with seccomp disabled (unconfined) by default.

[1]: f8795ed364
[2]: ac449d6b5a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 12:19:00 +01:00