Dockerfile validation #918
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BarDweller
force-pushed
the
extensions-phase-2
branch
2 times, most recently
from
221885c
to
1442946
Compare
jabrown85
reviewed
Sep 29, 2022
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
BarDweller
force-pushed
the
extensions-phase-2
branch
from
fafc4a3
to
aaf2ef3
Compare
jabrown85
approved these changes
Oct 4, 2022
|
Thank you @BarDweller this is great! |
natalieparellano
added a commit
that referenced
this pull request
Oct 7, 2022
* Consolidate logic in the platform package - Remove the platform/launch package as it is not needed to avoid having the launcher depend on the lifecycle Signed-off-by: Natalie Arellano <narellano@vmware.com> * Reinstate platform/launch package to keep the launcher binary smaller Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix constant Signed-off-by: Natalie Arellano <narellano@vmware.com> * Remove comment Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP Signed-off-by: Natalie Arellano <narellano@vmware.com> * Don't mount layers fixture in container This way changes from the first build (/layers/config/metadata.toml, /layers/sbom, etc.) are not propagated to the second build. Signed-off-by: Natalie Arellano <narellano@vmware.com> * Set environment variables from the extended build image in the build context Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix format string Signed-off-by: Natalie Arellano <narellano@vmware.com> * Restorer pulls builder manifest and config Signed-off-by: Natalie Arellano <narellano@vmware.com> * Copy extend-config.toml from extension output to /layers/generated Signed-off-by: Natalie Arellano <narellano@vmware.com> * Only import kaniko on linux Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: units pass Refactor buildpack build, detect, and generate to separate data model from service Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: fixed some TODOs Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: addressed some more TODOs, units pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: units pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * WIP: acceptance tests pass Signed-off-by: Natalie Arellano <narellano@vmware.com> * Address some minor TODOs Signed-off-by: Natalie Arellano <narellano@vmware.com> * When running extender acceptance, don't mount in /workspace directory This leads to incorrect permissions issues when running on linux Signed-off-by: Natalie Arellano <narellano@vmware.com> * Don't try to check for specific curl version This appears flaky Signed-off-by: Natalie Arellano <narellano@vmware.com> * fixes from testing. (#902) Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * Lint Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add tests and TODO Signed-off-by: Natalie Arellano <narellano@vmware.com> * Change CNB_BUILDPACK_DIR -> CNB_EXTENSION_DIR Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fill in default generated dir Signed-off-by: Natalie Arellano <narellano@vmware.com> * Ensure kaniko doesn't try to pull 'oci:/kaniko/cache/base/sha256:XXX' from a remote registry Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add test Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix panic Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix assertion Signed-off-by: Natalie Arellano <narellano@vmware.com> * Pass build_id as UUID to Dockerfile Signed-off-by: Natalie Arellano <narellano@vmware.com> * Add tests for selective package Signed-off-by: Natalie Arellano <narellano@vmware.com> * Remove kaniko fork - Fix acceptance by adding CacheRunLayers option and moving 'ARG build_id=0' statements Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix windows Signed-off-by: Natalie Arellano <narellano@vmware.com> * Dockerfile validation (#918) * Add Dockerfile Validation Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * use mobi buildkit dockerfile parsing Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> * Add units for Dockerfile validation Signed-off-by: Natalie Arellano <narellano@vmware.com> * Fix launcher Signed-off-by: Natalie Arellano <narellano@vmware.com> * Minor improvements - Test ReadGroup for extensions - Ensure stderr is captured for acceptance test that might expect it - Read group.toml into an accurate struct (that has extension and optional set for extensions) and set these fields to false before writing out to TOML or JSON Signed-off-by: Natalie Arellano <narellano@vmware.com> * Skip image extensions tests on Windows Signed-off-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Ozzy Osborne <bardweller@gmail.com> Co-authored-by: Javier Romero <rjavier@vmware.com> Co-authored-by: Ozzy Osborne <bardweller@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Validation by simple dockerfile parser..
Validation added as additional step after generation before dockerfiles are copied. Build fails if validation fails.
Currently instruction validation is MUST, to weaken to SHOULD, modify VerifyBuildDockerfile/VerifyRunDockerfile appropriately to just print the err from the verify(Build|Run)Verbs invocation, rather than returning it.
All dockerfile logic moved to dockerfile.go, uses small visitor to inspect each instruction (skipping comments, and directives, and multiline continues).. assumes 1st arg for instruction is on same line with instruction, will most likely be true for the only args we care about (ARG and FROM).
Original checkNewRunImage dockerfile logic patched to use new parser to be tolerant of comments / empty lines in dockerfile