Commit Graph

10007 Commits

Author SHA1 Message Date
Paweł Gronowski 9714adc6c7
Merge pull request #5034 from vvoland/vendor-docker
vendor: github.com/docker/docker v26.1.0-dev (c8af8ebe4a89)
2024-04-22 19:00:04 +02:00
Paweł Gronowski aec1d364bf
vendor: github.com/docker/docker v26.1.0-dev (c8af8ebe4a89)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-22 18:53:51 +02:00
Paweł Gronowski e397e505d9
Merge pull request #5033 from laurazard/hooks-error-message
hooks: pass command execution error to plugins
2024-04-22 18:49:19 +02:00
Laura Brehm 43cb06e1ae
hooks: pass command execution error to plugins
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-22 17:12:53 +01:00
Paweł Gronowski d8fc76ea56
Merge pull request #5030 from laurazard/hooks-plugin-name
hooks: include plugin name in hook data
2024-04-22 17:22:08 +02:00
Laura Brehm 9d8320de9d
hooks: include full configured command
Before, for plugin commands, only the plugin name (such as `buildx`)
would be both included as `RootCmd` when passed to the hook plugin,
which isn't enough information for a plugin to decide whether to execute
a hook or not since plugins implement multiple varied commands (`buildx
build`, `buildx prune`, etc.).

This commit changes the hook logic to account for this situation, so
that the the entire configured hook is passed, i.e., if a user has a
hook configured for `buildx imagetools inspect` and the command
`docker buildx imagetools inspect alpine` is called, then the plugin
hooks will be passed `buildx imagetools inspect`.

This logic works for aliased commands too, so whether `docker build ...`
or `docker buildx build` is executed (unless Buildx is disabled) the
hook will be invoked with `buildx build`.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>

hooks: include full match when invoking plugins

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-22 13:16:26 +01:00
Paweł Gronowski 118d6bafe0
Merge pull request #4981 from vvoland/ci-validate-pr
ci: Require changelog description
2024-04-19 19:24:55 +02:00
Laura Brehm 4eeb776247
Merge pull request #5031 from vvoland/vendor-docker
vendor: github.com/docker/docker v26.1.0-dev (ee8b788538ea)
2024-04-19 14:06:46 +01:00
Paweł Gronowski 6ad512068c
vendor: github.com/docker/docker v26.1.0-dev (ee8b788538ea)
no changes in vendored files

full diff: f9dfd139ec...ee8b788538

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 15:04:28 +02:00
Paweł Gronowski c3243a8cc3
ci/validate-pr: Use `::error::` command to print errors
This will make Github render the log line as an error.

(copied from moby/moby fb92caf2aa6cf3664e11dc06ee10d114af300826)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:20 +02:00
Paweł Gronowski f92fcdef1b
github/ci: Check if backport is opened against the expected branch
(copied from moby/moby 61269e718fbdbbad397b0089105ec910fc0e62ca)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:16 +02:00
Paweł Gronowski 745704d7b4
ci: Require changelog description
Any PR that is labeled with any `impact/*` label should have a
description for the changelog and an `area/*` label.

(copied from moby/moby 1d473549e865ef6b90ee936c280f4bda677de39b)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:11 +02:00
Paweł Gronowski 1cc2e445af
Merge pull request #4967 from robmry/windows-no-dns-proxy
Feature option 'windows-dns-proxy'
2024-04-19 13:42:15 +02:00
Albin Kerouanton 762a85a103 Warn about deprecation of windows-dns-proxy flag
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-04-19 13:32:32 +02:00
racequite dccfd6e4d0 chore: fix function names in comment
Signed-off-by: racequite <quiterace@gmail.com>
2024-04-19 12:24:42 +08:00
Paweł Gronowski b9828336c5
Merge pull request #5027 from laurazard/run-hooks-reexec-env-var
hooks: set expected environment when executing
2024-04-18 11:19:42 +02:00
Laura Brehm 78089c5394
Merge pull request #5024 from laurazard/run-hooks-error
plugins/hooks: run hooks when exit code != 0
2024-04-18 01:05:52 +01:00
Laura Brehm b31c9e1e0c
Merge pull request #5025 from krissetto/fix-otel-otlp-override
Fix OTLP env var overriding
2024-04-17 17:05:44 +01:00
Laura Brehm 5011759056
hooks: set expected environment when executing
During normal plugin execution (from the CLI), the CLI configures the
plugin command it's about to execute in order to pass all environment
variables on, as well as to set the ReExec env var that informs the
plugin about how it was executed, and which plugins rely on to check
whether they are being run standalone or not.

This commit adds the same behavior to hook invocations, which is
necessary for some plugins to know that they are not running standalone
so that they expose their root command at the correct level.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 16:57:44 +01:00
Christopher Petito d6796c002f Fix OTLP env var overriding
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-04-17 14:32:41 +00:00
Laura Brehm c449c1a49d
plugins/hooks: run hooks when exit code != 0
Particularly for cases such as `docker exec -it`, it's relevant that the CLI
still executes hooks even if the exec exited with a non-zero exit code,
since this is can be part of a normal `docker exec` invocation depending on
how the user exits.

In the future, this might also be interesting to allow plugins to run
hooks after an error so they can offer error-state recovery suggestions,
although this would require additional work to give the plugin more
information about the failed execution.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 15:21:08 +01:00
Rob Murray 287f482e31 Feature option 'windows-dns-proxy'
Document feature option 'windows-dns-proxy', which can be used to
enable or disable forwarding of DNS requests from the daemon's
internal resolver to external servers.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-04-16 11:27:23 +01:00
Bjorn Neergaard 116db4fc82
docs: tidy up CDI docs
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2024-04-15 15:05:53 -07:00
Laura Brehm c0cc22db58
Merge pull request #5019 from laurazard/multiple-plugin-hooks
plugins/templates: break on newlines when printing hooks
2024-04-15 13:55:33 +01:00
Laura Brehm 867061b007
plugins/templates: break on newlines when printing hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-15 12:59:53 +01:00
njucjc 73959eef71 chore: remove deprecated DualStack field
Signed-off-by: njucjc <njucjc@gmail.com>
2024-04-15 17:53:35 +08:00
David Karlsson 78012b0ee5
Merge pull request #4989 from dvdksn/docs-systempaths-unconfined
docs: add systempaths=unconfined security-opt
2024-04-12 14:53:35 +02:00
Paweł Gronowski 249b5a401f
Merge pull request #5005 from vvoland/cli-bin-exe
cli-bin/windows: Add .exe extension
2024-04-11 11:35:26 +02:00
Paweł Gronowski 718203d50b
cli-bin/windows: Add .exe extension
Before this commit, the CLI binary in `dockereng/cli-bin` image was
named `docker` regardless of platform.

Change the binary name to `docker.exe` in Windows images.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 18:48:37 +02:00
Sebastiaan van Stijn b6c5522128
Merge pull request #5003 from laurazard/vendor-moby-dirty-26.1
vendor: github.com/docker/docker f9dfd139ec0d (master)
2024-04-10 17:37:31 +02:00
Paweł Gronowski 1433df8fee
bake/bin-image-cross: Add darwin
So we can also have darwin binaries in the `dockereng/cli-bin` image.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:50 +02:00
Paweł Gronowski 0c2697d779
Dockerfile: Remove xx-sdk-extras
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:49 +02:00
Paweł Gronowski 094af6ea07
darwin/build: Disallow CGO_ENABLED=1 when cross-compiling
Cross compiling CGO to Darwin requires an Apple SDK.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 17:28:48 +02:00
Laura Brehm 5515b86514
vendor: github.com/docker/docker v26.0.1-0.20240410103514-f9dfd139ec0d+incompatible (master)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:07:09 +01:00
Laura Brehm c1053bf9d4
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240227173239-911c97650f2e
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:02:34 +01:00
Laura Brehm 8a3a7b9458
vendor: github.com/containerd/containerd v1.7.15
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 15:52:37 +01:00
David Karlsson 4585809848 docs: add systempaths=unconfined security-opt
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-10 15:16:30 +02:00
Sebastiaan van Stijn 870ad7f4b9
Merge pull request #4998 from thaJeztah/bump_x_net
vendor: golang.org/x/sys v0.18.0, golang.org/x/term v0.18.0, golang.org/x/crypto v0.21.0, golang.org/x/net v0.23.0
2024-04-09 16:24:15 +02:00
Sebastiaan van Stijn 5fcbbde4b9
vendor: golang.org/x/net v0.23.0
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:52:51 +02:00
Sebastiaan van Stijn 4745b957d2
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
full diffs changes relevant to vendored code:

- https://github.com/golang/net/compare/v0.19.0...v0.22.0
    - http2: remove suspicious uint32->v conversion in frame code
    - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
    - (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:50:53 +02:00
Sebastiaan van Stijn c7a50ebb9f
vendor: golang.org/x/term v0.18.0
no changes in vendored code

full diff: https://github.com/golang/term/compare/v0.15.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:47:48 +02:00
Sebastiaan van Stijn 9a2133f2d4
vendor: golang.org/x/sys v0.18.0
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:46:54 +02:00
David Karlsson faf096b25c docs: clarify that --data-path-addr doesn't restrict access
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-09 13:08:21 +02:00
Laura Brehm c23a404698
Merge pull request #4986 from vvoland/update-go
update to go1.21.9
2024-04-05 15:35:47 +01:00
Paweł Gronowski 0a5bd6c75b
update to go1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone on our issue tracker for
details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.9
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-05 12:43:24 +02:00
Laura Brehm b2fe82a23e
Merge pull request #4985 from laurazard/otel-exit-code-int
otel: capture exit code as int64
2024-04-05 10:21:52 +01:00
Laura Brehm cefcba9871
otel: capture exit code as int64
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 19:11:56 +01:00
Bjorn Neergaard 10b9810989
Merge pull request #4978 from laurazard/otel-add-tty
otel: capture whether process was invoked from a terminal
2024-04-04 06:09:48 -06:00
Laura Brehm 204b324291
Merge pull request #4975 from jsternberg/otel-error-handler
command: include default otel error handler for the cli
2024-04-04 03:56:41 +01:00
Laura Brehm ee1b2836af
otel: capture whether process was invoked from a terminal
This commit adds a "terminal" attribute to `BaseMetricAttributes`
that allows us to discern whether an invocation was from an interactive
terminal or not.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-04 03:28:17 +01:00