[pull] master from moby:master #179
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
cache(gha): set user-agent for github cache service requests
Signed-off-by: CrazyMax <[email protected]>
cache(gha): fix missing user-agent for importer
refactor: avoid unnecessary calls to platforms.DefaultSpec()
tests: frontend/dockerfile: update integration tests for windows/wcow (revisited)
Currently, mounts are not supported for WCOW builds, see #5678. This commit introduces support for bind and cache mounts. The remaining two require a little more work and consultation with the platform teams for enlightment. WIP Checklist: - [x] Support for bind mounts - [x] Support for cache mounts - [x] add frontend/dockerfile integration tests - [x] add client integration tests (not all, `llb.AddMount` not complete) Fixes #5603 Signed-off-by: Anthony Nandaa <[email protected]>
The call to CheckSystemDriveAndRemoveDriveLetter() does not preserve the trailing `/` or `\\`. This happens because `filepath.Clean()` strips away any trailing slashes. For example `/sample/` will be `\\sample` on Windows and `/sample` on Linux. This function was mainly written for Windows scenarios, which have System Drive Letters like C:/, etc. This was causing cases like `COPY testfile /testdir/` to be intepreted as `COPY testfile /testdir`, and if `testdir` is not explictly created before the call, it ends up being treated as a destination file other than a directory. Fix this by checking that if we have a trailing `/` or `\\`, we preserve it after the call to `filepath.Clean()`. Also refactor `CheckSystemDriveAndRemoveDriveLetter` function to take an extra keepSlash bool param, to be consistent with what is passed to `NormalizePath`. The rest of the calls to this function has left keepSlash = false as the default behavior. Fixes #5249 PS. Also fixed for cross-building from Linux scenario, taking care for paths like `\\sample\\` that are not changed when run through `filepath.Clean()`. Signed-off-by: Anthony Nandaa <[email protected]>
Signed-off-by: Dan Duvall <[email protected]>
Support authentication for HTTP sources. - llb: Define general `llb.AuthOption` interface composed of `HTTPOption` and `GitOption`. - llb: Refactor `llb.AuthHeaderSecret` to return an `llb.AuthOption` so it may be used with both `llb.Git` and `llb.HTTP`. - llb: Define `HTTPInfo.AuthHeaderSecret`. - llb: Define and flag new `source.http.auth` capability when `HTTPInfo.AuthHeaderSecret` is set. - solver: Define new `http.auth` source attribute. - source/http: If an `http.auth` attribute is specified, resolve a secret named by its value and set the "Authorization" request header. Signed-off-by: Dan Duvall <[email protected]>
feat: wcow: add support for bind and cache mounts
http: Support authentication
Fix issue 5763 - Discourage `--oci-worker-no-process-sandbox`, due to the leakage of the processes (by design). Instead, encourage setting `systempaths=unconfined` in `docker run`. This corresponds to `securityContext.procMount: Unmasked` in Kubernetes, however, the configuration is hard on Kubernetes, as it has to be used in conjunction with `hostUsers: false`. - Remove `--device /dev/fuse`, as fuse-overlayfs is no longer used typically. - Use the new Kubernetes struct for AppArmor - Add a hint about `kernel.apparmor_restrict_unprivileged_userns` - Remove `$` from command snippets for ease of copypasting - Make `job.*.yaml` more practical - Add `*.userns.yaml`. Needs `UserNamespaceSupport` feature gate to be enabled. Signed-off-by: Akihiro Suda <[email protected]>
Support additional request header fields for HTTP sources, "Accept" and "User-Agent" as a start. The "Accept" header is required in some cases and some servers may vary the response body based on the header value. The "User-Agent" header may be useful in custom frontends and potentially other cases. - llb: Add `llb.Header` and `HTTPInfo.Header` to allow `client/llb` users to set these header fields on HTTP sources. The argument to `llb.Header` is a struct to effectively limit header fields to a subset. - llb: Define and flag new `source.http.header` capability when `llb.Header` is used. - solver: Define new `http.header.` source attribute prefix. Giving each header field its own attribute (opposed to JSON encoding the header struct) will allow source policy to make assertions on individual header fields. - source/http: Parse `http.header.` attributes into a sorted slice and include them in cache key digest. - source/http: Set request headers accordingly. Signed-off-by: Dan Duvall <[email protected]>
http: Support additional request headers
Copies a slim version of the docker client with only the necessary methods so we can break our dependency on the client in moby. This client is only used in an integration test so it's not really needed and we don't really actively need updates or to be on the most recent API version since we just do an unversioned ping and then call the hijack method. This was created by copying the package into `testutil` and then deleting unused sections of code. Signed-off-by: Jonathan A. Sternberg <[email protected]>
testutil: copy slim version of the docker client into testutil
Signed-off-by: Tonis Tiigi <[email protected]>
Base image may use unnormalized platform so if platform is inherited normalize needs to be called again. Signed-off-by: Tonis Tiigi <[email protected]>
vendor: cdi v0.8.1 for panic fix
Signed-off-by: CrazyMax <[email protected]>
Trace blob is created 3 seconds after build completion. If this happens after test has cleaned all history records and before it checks for leaked blobs, test can report the trace blob as leaked. In practice it would be cleaned up next time containerd GC gets triggered. Signed-off-by: Tonis Tiigi <[email protected]>
Copies out the one function we use from `github.com/docker/go-connections` that is used by the dockerd client. Signed-off-by: Jonathan A. Sternberg <[email protected]>
dockerfile: normalize platform in image config
hack(images): set EXPORT_BASE and BUILDKITD_TAGS args
Removes the recursive invocation of `Write` from the `Write` implementation that chunked the bytes message writes. This is better suited for a non-recursive algorithm. The recursive version will create a new stackframe for each chunk which can be a problem from a performance and stability perspective. The code is now changed to a simple for loop that writes each chunk. Signed-off-by: Jonathan A. Sternberg <[email protected]>
testutil: remove go-connections/sockets dependency
Signed-off-by: Tonis Tiigi <[email protected]>
vendor: update fsutil to 13604323
lint: fix after merge conflict
Signed-off-by: CrazyMax <[email protected]>
cdi: fix device request by class annotation
Signed-off-by: CrazyMax <[email protected]>
Signed-off-by: CrazyMax <[email protected]>
dockerfile: run device docs
dockerfile: update cni to 1.7.1
no changes in vendored code full diff: containerd/accelerated-container-image@v1.2.3...v1.3.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
…image vendor: github.com/containerd/accelerated-container-image v1.3.0
Signed-off-by: Tonis Tiigi <[email protected]>
project: update wrong flag name
Not integrated to util/giturl, as PR 5974 is not merged yet. Signed-off-by: Akihiro Suda <[email protected]>
Signed-off-by: Akihiro Suda <[email protected]>
Signed-off-by: Tonis Tiigi <[email protected]>
Signed-off-by: Tonis Tiigi <[email protected]>
Allows similar time-based filter that is allowed for prune requests so that DiskUsage request can be used to check which records would be candidates for pruning. Signed-off-by: Tonis Tiigi <[email protected]>
git source: add AttrGitChecksum
allow duration based filters on diskusage requests
Still investigating `testCachedMounts`, skipping for now to avoid blocking the CI. ref: #5906 Signed-off-by: Anthony Nandaa <[email protected]>
tests: client: skip flaky test on windows
-S, --show-error: show an error on failure -f, --fail: fail fast with no output at all on server errors Prior to this commit, curl was just saving an error HTML as the content Signed-off-by: Akihiro Suda <[email protected]>
Dockerfile: curl: add -S -f
The existing instructions result in `Failed to get git revision, make sure --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 is set when building from Git directly`. Following those directions does allow the image to be successfully created. Signed-off-by: Roberto Villarreal <[email protected]>
Signed-off-by: CrazyMax <[email protected]>
Signed-off-by: CrazyMax <[email protected]>
Signed-off-by: CrazyMax <[email protected]>
Fix instructions for building directly from repo
ci(validate): split by platform
Massé is a BuildKit frontend that allows users to express complex container image build configurations in CUE. It provides CUE definitions for most of the LLB API and allows users to author and share their own higher-level build definitions as CUE modules. Signed-off-by: Dan Duvall <[email protected]>
README.md: Add Massé to the list of frontends
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )