add support for git remote resources #10811
Conversation
|
Btw you can consider my review a LGTM, I just didn't approve (yet) since this is PR is blocked on waiting for new |
|
This really is just a prototype implementation used as demonstration purpose. questions like #10811 (comment) are to be addressed - makes me wonder, how does builkit manage this scenario? |
ndeloof
force-pushed
the
remote_resource
branch
from
f00f0b9 to
1f5b53e
Compare
ndeloof
requested review from
a team,
StefanScherer,
glours,
laurazard,
milas,
nicksieger and
ulyssessouza
and removed request for
a team
ndeloof
force-pushed
the
remote_resource
branch
5 times, most recently
from
19ca4aa to
462a08d
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #10811 +/- ##
==========================================
- Coverage 58.71% 58.10% -0.62%
==========================================
Files 120 121 +1
Lines 10477 10622 +145
==========================================
+ Hits 6152 6172 +20
- Misses 3722 3839 +117
- Partials 603 611 +8
☔ View full report in Codecov by Sentry. |
ndeloof
force-pushed
the
remote_resource
branch
from
462a08d to
eefdc9a
Compare
milas
left a comment
milas
left a comment
There was a problem hiding this comment.
A few robustness suggestions but nothing major.
My "blocking" concern right now is gating this somehow since it's not formally part of the spec and we're still experimenting somewhat here.
cmd/compose/compose.go
Outdated
| func (o *ProjectOptions) WithServices(fn ProjectServicesFunc) func(cmd *cobra.Command, args []string) error { | ||
| return Adapt(func(ctx context.Context, args []string) error { | ||
| project, err := o.ToProject(args, cli.WithResolvedPaths(true), cli.WithDiscardEnvFile) | ||
| git, err := remote.NewGitRemoteLoader() |
There was a problem hiding this comment.
I think we should put this behind a flag for now, e.g. COMPOSE_EXPERIMENTAL_INCLUDE_REMOTE=1.
It's not part of the spec at the moment, so I don't think it should be enabled by default until we've done that and ironed out ambiguities, etc.
pkg/remote/git.go
Outdated
| if cache_home, ok := os.LookupEnv("XDG_CACHE_HOME"); ok { | ||
| base = cache_home |
There was a problem hiding this comment.
| if cache_home, ok := os.LookupEnv("XDG_CACHE_HOME"); ok { | |
| base = cache_home | |
| if cacheHome := os.GetEnv("XDG_CACHE_HOME"); cacheHome != "" { | |
| base = cacheHome |
Unlikely, but if it's set and empty, we should still fallback to ~/.cache
| if len(out) < 40 { | ||
| return "", fmt.Errorf("repository does not contain ref %s, output: %q", path, string(out)) | ||
| } | ||
| sha := string(out[:40]) | ||
| if !commitSHA.MatchString(sha) { | ||
| return "", fmt.Errorf("invalid commit sha %q", sha) | ||
| } |
There was a problem hiding this comment.
Can use --exit-code instead of trying to match on stdout:
--exit-code
Exit with status "2" when no matching refs are found in the remote repository. Usually the command exits with status "0" to indicate it
successfully talked with the remote repository, whether it found any matching refs.
pkg/remote/git.go
Outdated
| return "", err | ||
| } | ||
|
|
||
| cmd = exec.CommandContext(ctx, "git", "fetch", "origin", ref.Commit) |
There was a problem hiding this comment.
I'd add --depth=1 here, we don't need the history
pkg/remote/git.go
Outdated
| func findFile(names []string, pwd string) (string, error) { | ||
| for _, n := range names { | ||
| f := filepath.Join(pwd, n) | ||
| if _, err := os.Stat(f); err == nil { |
There was a problem hiding this comment.
| if _, err := os.Stat(f); err == nil { | |
| if fi, err := os.Stat(f); err == nil && !fi.IsDir() { |
(I mean, I hope nobody has a directory named compose.yaml because that's just chaotic evil but 🤷🏻)
|
|
||
| var commitSHA = regexp.MustCompile(`^[a-f0-9]{40}$`) | ||
|
|
||
| func (g gitRemoteLoader) Load(ctx context.Context, path string) (string, error) { |
There was a problem hiding this comment.
Doing background Git fetches is always tricky because of credential helpers.
Take a look at https://github.com/tilt-dev/go-get/blob/295ccc6550921a9766a7294360a77a4d8704d826/get.go#L18-L55
I'd clone os.Environ() and then conditionally add GIT_TERMINAL_PROMPT / GIT_SSH_COMMAND to the env passed to the exec'd processes.
ndeloof
force-pushed
the
remote_resource
branch
5 times, most recently
from
ce535e2 to
91bb372
Compare
Signed-off-by: Nicolas De Loof <[email protected]>
ndeloof
force-pushed
the
remote_resource
branch
from
91bb372 to
d02f0f0
Compare
|
There should be entitlements for this feature and I don't think there is any in this implementation. An attacker could potentially read any files from the host if remote repo is compromised such as: include:
- [email protected]:hacked/test.gitCompromised compose file on remote repo: services:
db:
image: haxxor-mariadb:latest
volumes:
- "db:/var/lib/mysql"
- "$HOME/.aws/credentials:/aws_credentials"
restart: always
volumes:
db:
|
|
@crazy-max sure, but AFAICT this is the case for any form of "sharing compose file" scenario. Any suggestion ? |
3 participants
What I did
This use of compose-spec/compose-go#435 to add support for git remotes as resources in
includeorextends.Uses same syntax as
docker build:<GIT_URL>#<branch>:<path>. If path is not set, looks for a canonicalcompose.yamlfile or other supported file names.Remote repo is cloned under
~/.cache/docker-composein a sub-folder named by commit sha1, so that we can easily detect a known remote is available locally.Related issue
https://docker.atlassian.net/browse/ENV-251
(not mandatory) A picture of a cute animal, if possible in relation to what you did