Properly handle build --pull=false

buildah build --pull=false is documented to never pull the image, but it is currently ignored. Fixes: https://github.com/containers/podman/issues/21783 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-02-22 05:08:24 -05:00 · 2024-02-22 05:08:24 -05:00 · 63975b5418
parent 5f2e014da5
commit 63975b5418
5 changed files with 23 additions and 14 deletions
--- a/pkg/parse/parse.go
+++ b/pkg/parse/parse.go
@ -491,7 +491,9 @@ func PullPolicyFromFlagSet(flags *pflag.FlagSet, findFlagFunc func(name string)
 	if err != nil {
 		return 0, err
 	}
-	if pullNeverFlagValue || strings.EqualFold(pullFlagValue, "never") {
+	if pullNeverFlagValue ||
+		strings.EqualFold(pullFlagValue, "never") ||
+		strings.EqualFold(pullFlagValue, "false") {
 		pullPolicy = define.PullNever
 	}
 	logrus.Debugf("Pull Policy for pull [%v]", pullPolicy)
--- a/tests/bud.bats
+++ b/tests/bud.bats
@ -4188,6 +4188,9 @@ _EOF
  run_buildah 125 build $WITH_POLICY_JSON -t ${target} --pull-never $BUDFILES/pull
  expect_output --substring "busybox: image not known"

+  run_buildah 125 build $WITH_POLICY_JSON -t ${target} --pull=false $BUDFILES/pull
+  expect_output --substring "busybox: image not known"
+
  run_buildah build $WITH_POLICY_JSON -t ${target} --pull $BUDFILES/pull
  expect_output --substring "COMMIT pull"

@ -4197,8 +4200,8 @@ _EOF

@test "bud pull false no local image" {
  target=pull
-  run_buildah build $WITH_POLICY_JSON -t ${target} --pull=false $BUDFILES/pull
-  expect_output --substring "COMMIT pull"
+  run_buildah 125 build $WITH_POLICY_JSON -t ${target} --pull=false $BUDFILES/pull
+  expect_output --substring "Error: creating build container: busybox: image not known"
 }

@test "bud with Containerfile should fail with nonexistent authfile" {
@ -4471,7 +4474,7 @@ EOM

  ${OCI} --version
  _prefetch alpine
-  _prefetch debian
+  _prefetch busybox

  run_buildah build --build-arg base=alpine --build-arg toolchainname=busybox --build-arg destinationpath=/tmp --pull=false $WITH_POLICY_JSON -f $BUDFILES/from-with-arg/Containerfile .
  expect_output --substring "FROM alpine"
@ -4866,20 +4869,20 @@ _EOF
  expect_output --substring image-a
 }

-@test "bud --pull=false --arch test" {
+@test "bud --pull=ifmissing --arch test" {
  mytmpdir=${TEST_SCRATCH_DIR}/my-dir
  mkdir -p ${mytmpdir}
 cat > $mytmpdir/Containerfile << _EOF
 FROM $SAFEIMAGE
 _EOF
-  run_buildah build --pull=false -q --arch=amd64 -t image-amd $WITH_POLICY_JSON ${mytmpdir}
+  run_buildah build --pull=ifmissing -q --arch=amd64 -t image-amd $WITH_POLICY_JSON ${mytmpdir}
  run_buildah inspect --format '{{ .OCIv1.Architecture }}' image-amd
  expect_output amd64

  # Tag the image to localhost/safeimage to make sure that the image gets
  # pulled since the local one does not match the requested architecture.
  run_buildah tag image-amd localhost/${SAFEIMAGE_NAME}:${SAFEIMAGE_TAG}
-  run_buildah build --pull=false -q --arch=arm64 -t image-arm $WITH_POLICY_JSON ${mytmpdir}
+  run_buildah build --pull=ifmissing -q --arch=arm64 -t image-arm $WITH_POLICY_JSON ${mytmpdir}
  run_buildah inspect --format '{{ .OCIv1.Architecture }}' image-arm
  expect_output arm64

--- a/tests/from.bats
+++ b/tests/from.bats
@ -371,7 +371,11 @@ load helpers
  echo "$output"
  expect_output --substring "busybox: image not known"

-  run_buildah from $WITH_POLICY_JSON --pull=false busybox
+  run_buildah 125 from $WITH_POLICY_JSON --pull=false busybox
+  echo "$output"
+  expect_output --substring "busybox: image not known"
+
+  run_buildah from $WITH_POLICY_JSON --pull=ifmissing busybox
  echo "$output"
  expect_output --substring "busybox-working-container"

--- a/tests/registries.bats
+++ b/tests/registries.bats
@ -8,11 +8,11 @@ load helpers
    image2=$2

    # Create a container by specifying the image with one name.
-    run_buildah --retry from --quiet --pull=false $WITH_POLICY_JSON $image1
+    run_buildah --retry from --quiet --pull=ifmissing $WITH_POLICY_JSON $image1
    cid1=$output

    # Create a container by specifying the image with another name.
-    run_buildah --retry from --quiet --pull=false $WITH_POLICY_JSON $image2
+    run_buildah --retry from --quiet --pull=ifmissing $WITH_POLICY_JSON $image2
    cid2=$output

    # Get their image IDs.  They should be the same one.
--- a/tests/run.bats
+++ b/tests/run.bats
@ -554,7 +554,7 @@ function configure_and_check_user() {
@test "run-builtin-volume-omitted" {
 	# This image is known to include a volume, but not include the mountpoint
 	# in the image.
-	run_buildah from --quiet --pull=false $WITH_POLICY_JSON quay.io/libpod/registry:volume_omitted
+	run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON quay.io/libpod/registry:volume_omitted
 	cid=$output
 	run_buildah mount $cid
 	mnt=$output
@ -803,7 +803,7 @@ $output"
@test "run --network=none and --isolation chroot must conflict" {
 	skip_if_no_runtime

-	run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
+	run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
 	cid=$output
 	# should fail by default
 	run_buildah 125 run --isolation=chroot --network=none $cid wget google.com
@ -813,7 +813,7 @@ $output"
@test "run --network=private must mount a fresh /sys" {
 	skip_if_no_runtime

-	run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
+	run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
 	cid=$output
        # verify there is no /sys/kernel/security in the container, that would mean /sys
        # was bind mounted from the host.
@ -823,7 +823,7 @@ $output"
@test "run --network should override build --network" {
 	skip_if_no_runtime

-	run_buildah from --network=none --quiet --pull=false $WITH_POLICY_JSON alpine
+	run_buildah from --network=none --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
 	cid=$output
 	# should fail by default
 	run_buildah 1 run $cid wget google.com