Currently if the buildah image has a label that was built with
an older version of buildah, we don't update to the latest version.
This PR Will cause the new version to use the current label.
Fixes:https://github.com/containers/buildah/issues/3035
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the name of the base image being used by the build
in the comments of the first layer created.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When a COPY command was being targeted at an empty new directory,
the copy would fail. It could be "worked around" by putting a dummy
file into the directory.
Addresses: #2964
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
When a COPY command was being targeted at an empty new directory,
the copy would fail. It could be "worked around" by putting a dummy
file into the directory.
Addresses: #2964
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This fixes a regression introduced in
9b299588c0.
ib.Run() is only really needed in the ARG step. On all the other steps,
it can cause potentially expensive commands to be executed unecessarily.
Closes https://github.com/containers/buildah/issues/2992
Signed-off-by: Antonio Terceiro <antonio.terceiro@linaro.org>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Prefix the image ID with the hash prefix when using `--iidfile` to be
compatible with Docker. The absence of the hash can cause
docker-compose to error out.
Reported-in: github.com/containers/podman/issues/9260
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Buildah bud --manifest XYZ was not working.
The manifest was never created. This PR Finishes
the plumbing and allows users to create a manifest
while building an image in one single command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Check whether the ARG in the containerfile is changed by
either the --build-arg flag or local environment and use
the cached layer or rebuild the layer accordingly.
Add tests for this use case as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
If a user sets the ENV to be used with the build-arg flag in
the local environment by exporting it, look it up and use the
value set there for that ENV.
Add tests to cover this use case as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This test fails after updating to new VM images which include
https://github.com/containers/common/pull/319
Work around the problem by adding in the capabilities expected
to be present. Thanks to @edsantiago and @giuseppe for the fix.
Signed-off-by: Chris Evich <cevich@redhat.com>
Remove --override-os and --override-arch flags.
Also use --platform option if specified when generating the SystemContext.
Conflict --platform option with --os, --arch and --variant options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Some commands within a Containerfile, might need input from users.
For example confirmation commands from Apt.
Adding a --stdin flag will allows users to interact with containers
while running inside of buildah bud.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
These changes will allow the "FROM" statement in a Containerfile
to be overridden with a new `--from` option. If I have this Dockerfile.fedora
```
FROM fedora
```
This command will instead build an alpine image:
```
STEP 1: FROM alpine
Completed short name "alpine" with unqualified-search registries (origin: /etc/containers/registries.conf)
Getting image source signatures
Copying blob 188c0c94c7c5 done
Copying config d6e46aa247 done
Writing manifest to image destination
Storing signatures
STEP 2: COMMIT tom
--> d6e46aa2470
d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0
```
Addresses: #2404
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Currently if you give a bogus --network flag,
buildah just ignores it and continues on.
This change will throw proper errors.
Add tests to make sure it works correctly.
Also remove some stuttering to clean up error messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to override location of the .dockerignore file.
If user specified an --ignorefile flag, buildah will read the
file and pass in the exclude lines based on the .dockerignore
contents.
Also add a --contextdir flag to buildah copy and buildah add to
specify where the context directory is located. For these two
commands the --ignorefile flag requires the --contextdir flag.
When the --ignorefile flag is passed in, the .dockerignore files
in the context directory will be ignored.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Always handle RUN instructions with no pseudo terminal, which matches
what I see with docker build 19.03. Interactive 'buildah run' will
still have the same default behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Incorporate the value of the --chown option when digesting content added
from a URL, so that build caching will take it into account. Add tests
to ensure that layer caching takes into account the changed ownership of
items that we're adding or copying.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When evaluating cache candidates during a build, only consider an image
if it's in the same format that we're attempting to build. That way, we
won't mistakenly try to use an OCI format image as a cache when we're
attempting to build an image in Docker format because we're using
configuration features specific to that format, but we forgot to specify
the format during a previous attempt.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fixes: https://github.com/containers/podman/issues/8066
Is reporting that buildah is eating stdin. I don't beleive
we should be using stdin when doing a buildah bud command
unless `buildah bud -` is specified. After this PR, the
`-` Dockerfile is still handled.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Golang built in functions like os.Create and others print the name of
the file system object when they fail. Wrapping them a second time
with the file system object, makes the error message look like crap
when reported to the user.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When adding a hard link entry to an archive, don't try to make the path
of the link's target name be relative to the link's location in the
filesystem if they're in the same directory, since receivers don't
interpret it that way.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Currently we are not setting the timestamp on the history lines.
Even though this does not effect the image timestamp, these lines
should match the other content in the previously created images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Gating tests run in a temp directory; relative paths (bud/foo/bar)
will pass in CI but cause gating-test failures.
Solution is trivial: always use ${TESTSDIR}/bud/etc
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add following tests:
1. bud capabilities test
2. from with non buildah container
3. pull image into a full storage
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Update imagebuildah.StageExecutor.intermediateImageExists() to recognize
images based on scratch as viable candidates for cache images when we
ourselves are based on scratch.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We recieved feedback on the --omit-timestamp that
users would rather specify the timestamp seconds
rather then just use EPOCH.
This PR removes --omit-timestamp from buildah bud
since this has never been released.
We also hide --omit-timestamp from buildah commit
and allow users to continue to use it, but it conflicts
with --timestamp.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a flag to imagebuildah.BuildOptions that will log timing and i/o
information at each step of the build process, and enable it if we're
given the hidden --log-rusage flag in the CLI.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The "bud with .dockerignore" test shouldn't be able to copy "subdir"
from the build context to the build container when "subdir" is the next
to last item listed in the build context's .dockerignore file, even
though the "!*/sub1* after it might suggest otherwise, for
compatibility. Add a second Dockerfile which includes every step except
the last one, which we now expect to fail, to ensure that we succeed up
until that point.
The "bud with .dockerignore - 3" test shouldn't expect to be able to
copy "test1.txt" from the build context, when it's the last item
mentioned in the build context's .dockerignore file.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2536: Avoid feeding run_buildah to pipe r=TomSweeneyRedHat a=edsantiago
The usage 'run_buildah ... | grep' (or pipe whatever) works,
but it's a super bad pattern. Replace all instances of it
with a one-two of 'run_buildah' and 'expect_output'. Some
of these needed a little minor massaging.
Also: 'run_buildah ... || true' -> 'run_buildah 125 ...'.
I don't review all buildah PRs, so this one slipped by me.
Also: clean up trailing whitespace
Digression: why is 'run_buildah | grep' bad? Because:
- it is inaccurate. run_buildah does 'echo $output',
but it also emits other output (the buildah command
itself, and possible expected-status mismatch).
It is possible that a pipe-grep could trigger
on one of these.
- the reason run_buildah emits these things is so
a human can look at debug output on failure and
recognize what command was run, what the output
was. If we pipe-grep, we lose that.
- it is possible that a pipe-grep will mask
a failing run_buildah (I'm not sure about this)
- expect_output is more precise anyway, hence
makes a better test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
<!--
Thanks for sending a pull request!
Please make sure you've read and understood our contributing guidelines
(https://github.com/containers/buildah/blob/master/CONTRIBUTING.md) as well as ensuring
that all your commits are signed with `git commit -s`.
-->
#### What type of PR is this?
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
> /kind api-change
> /kind bug
> /kind cleanup
> /kind deprecation
> /kind design
> /kind documentation
> /kind failing-test
> /kind feature
> /kind flake
> /kind other
#### What this PR does / why we need it:
#### How to verify it
#### Which issue(s) this PR fixes:
<!--
Automatically closes linked issue when PR is merged.
Uncomment the following comment block and include the issue
number or None on one line.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`, or `None`.
-->
<!--
Fixes #
or
None
-->
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
If no, just write `None` in the release-note block below. If yes, a release note
is required: Enter your extended release note in the block below. If the PR
requires additional action from users switching to the new release, include the
string "action required".
For more information on release notes please follow the kubernetes model:
https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
```
2537: Vendor in containers/storage v1.23.0 r=TomSweeneyRedHat a=rhatdan
Also drop runc vendor back to v1.0.0-rc91 since this vendor
brings in an unreleased version of runtime-spec which breaks runtime-tools
Finally lower version of runtime-spec
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<!--
Thanks for sending a pull request!
Please make sure you've read and understood our contributing guidelines
(https://github.com/containers/buildah/blob/master/CONTRIBUTING.md) as well as ensuring
that all your commits are signed with `git commit -s`.
-->
#### What type of PR is this?
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
> /kind api-change
> /kind bug
> /kind cleanup
> /kind deprecation
> /kind design
> /kind documentation
> /kind failing-test
> /kind feature
> /kind flake
> /kind other
#### What this PR does / why we need it:
#### How to verify it
#### Which issue(s) this PR fixes:
<!--
Automatically closes linked issue when PR is merged.
Uncomment the following comment block and include the issue
number or None on one line.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`, or `None`.
-->
<!--
Fixes #
or
None
-->
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
If no, just write `None` in the release-note block below. If yes, a release note
is required: Enter your extended release note in the block below. If the PR
requires additional action from users switching to the new release, include the
string "action required".
For more information on release notes please follow the kubernetes model:
https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
```
2538: conformance testing: ignore buildah.BuilderIdentityAnnotation labels r=TomSweeneyRedHat a=nalind
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
Ignore the buildah.BuilderIdentityAnnotation label when comparing images that we build with images built using other tools, which of course don't automatically set that label.
#### How to verify it:
Conformance tests should now account for #2510.
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
The conformance tests don't all pass even with this change; that's ongoing work.
#### Does this PR introduce a user-facing change?
```
None
```
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Co-authored-by: Nalin Dahyabhai <nalin@redhat.com>
The usage 'run_buildah ... | grep' (or pipe whatever) works,
but it's a super bad pattern. Replace all instances of it
with a one-two of 'run_buildah' and 'expect_output'. Some
of these needed a little minor massaging.
Also: 'run_buildah ... || true' -> 'run_buildah 125 ...'.
I don't review all buildah PRs, so this one slipped by me.
Also: clean up trailing whitespace
Digression: why is 'run_buildah | grep' bad? Because:
- it is inaccurate. run_buildah does 'echo $output',
but it also emits other output (the buildah command
itself, and possible expected-status mismatch).
It is possible that a pipe-grep could trigger
on one of these.
- the reason run_buildah emits these things is so
a human can look at debug output on failure and
recognize what command was run, what the output
was. If we pipe-grep, we lose that.
- it is possible that a pipe-grep will mask
a failing run_buildah (I'm not sure about this)
- expect_output is more precise anyway, hence
makes a better test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currently you can only do deterministic builds with commit command
this change will cause the metadata in the container image to be
epoch 0.
Next step is to save the data in the tar balls as 0.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When an argument was passed into "COPY --from" command in
a Containerfile like
COPY --from=${toolchainname}
The argument was never resolved to the value that it had been
set to.
Addresses: #2496
It may also address #2404 but I've not yet tested.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Users want an annotation embeded in the image identifying the
version of the tool used to build the images.
We were adding this for buildah commit but not for buildah bud.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2418: buildah, bud: support --jobs=N for parallel execution r=rhatdan a=giuseppe
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
/kind feature
#### What this PR does / why we need it:
it enables running multi stages Containerfiles in parallel
#### How to verify it
buildah bud --jobs=$(nproc) .....
#### Which issue(s) this PR fixes:
None
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
add support for running multi stages Containerfiles in parallel
```
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
We recently made a couple of commits to the imagebuilder
project to address #2345 and #2192. Tests were created
in that project, but I thought it best to add some
regression tests here in Buildah too.
FYI: @petr-motejlek and @tachoknight
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Display a warning message when there is a building
argument without a default value in the Dockerfile (e.g. "ARG MYVAR")
and no value is set to it using "--build-argument"
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
When initializing a build stage, don't assume that the working container
will be useful for COPY instructions in subsequent stages that reference
the image that we're building FROM.
When locating previously-completed stages referenced in COPY
instructions in later stages, be consistent about requiring that those
stages need to have been completed before we can accept them as
alternate contexts for the sources being copied.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Buildah run was exiting with the correct exit code, when a container
failed. Buildah bud was not, so this should fix this.
Also switched to the proper exit codes when containers fail. When
Buildah fails to execute it will exit with a 125 exit code like
Podman does. If a command fails to execute inside of a container
we will exit with a 126. Currently we do not support the 127 for
exiting when the command does not exist.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rpm 4.16 alpha in rawhide has broken our koji build:
https://github.com/containers/buildah/issues/2264https://github.com/rpm-software-management/rpm/issues/1159
TL;DR we can no longer package the 'circular-symlink' file
used in tests. This PR removes that and other symlinks from
the git working tree, and reworks the test so it runs from
a temporary directory and creates all necessary symlinks.
Also, since the test as written was simply checking "did it
run" without actually testing anything, add a test to confirm
that the files added to the image are exactly what we expect.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fix three issues identified in #2036:
- the 'gitrepo and branch' test was pulling from a place
that took four minutes; change it to our own repo,
suggested by Dan, which takes just a few seconds.
-- also, remove what I think is an unnecessary dup.
If buildah can pull from a branch, it can pull
from master.
- the httpd tests were really confusing, with lots of
copy/pasted code differing in only small ways. Refactor
to make the purpose of each test more apparent, and
to make it easier to add new ones as needed.
- combine bud-http-context-dir-with-Dockerfile -pre and -post,
since they were identical. (Context: they started off being
different tests, with command-line options in different
order, but as of #493 the -post form of options no longer
works so the -post test is no longer relevant)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Previously, every build-arg was recorded in the image history
even if the arg was not accessible to that layer when the build
was run.
This commit fixes that by ensuring that args are only added to
history when they are in scope. This is tracked in the
imagebuilder.Builder struct which is now accessible through
the stage reference in the StageExecutor
Fixes#2210
Signed-off-by: Nick Carboni <ncarboni@redhat.com>
The correct args are already contained in the RunOptions.
They were resolved by the imagebuilder library's Step
(edcddd8483/builder.go (L311-L317))
function
This was previously adding args that should not have been accessible
in the current stage as they were not first referenced by an ARG
command
Signed-off-by: Nick Carboni <ncarboni@redhat.com>
2216: Preserve volume uid and gid through subsequent commands r=TomSweeneyRedHat a=carbonin
<!--
Thanks for sending a pull request!
Please make sure you've read and understood our contributing guidelines
(https://github.com/containers/buildah/blob/master/CONTRIBUTING.md) as well as ensuring
that all your commits are signed with `git commit -s`.
-->
#### What type of PR is this?
<!--
Please label this pull request according to what type of issue you are
addressing, especially if this is a release targeted pull request.
Uncomment only one `/kind <>` line, hit enter to put that in a new line, and
remove leading whitespace from that line:
-->
/kind bug
#### What this PR does / why we need it:
This PR pulls the UID and GID fields from the stored file stat when reconstructing a volume after subsequent commands
#### How to verify it
Build the following Dockerfile:
```Dockerfile
FROM centos:8
RUN dnf -y install --setopt=tsflags=nodocs postgresql-server
VOLUME [ "/var/lib/pgsql/data" ]
RUN touch /root/test
```
Observe the output of the following command:
```bash
$ podman run --rm <image> ls -l /var/lib/pgsql
total 0
drwx------. 1 postgres postgres 0 May 31 2019 backups
drwx------. 1 postgres postgres 0 Mar 10 23:37 data
```
#### Which issue(s) this PR fixes:
<!--
Automatically closes linked issue when PR is merged.
Uncomment the following comment block and include the issue
number or None on one line.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`, or `None`.
-->
Fixes#2202
#### Does this PR introduce a user-facing change?
No
<!--
If no, just write `None` in the release-note block below. If yes, a release note
is required: Enter your extended release note in the block below. If the PR
requires additional action from users switching to the new release, include the
string "action required".
For more information on release notes please follow the kubernetes model:
https://git.k8s.io/community/contributors/guide/release-notes.md
-->
```release-note
None
```
Co-authored-by: Nick Carboni <ncarboni@redhat.com>
When a COPY command in a Container file looked like "../file.txt"
SecureJoin would secure the file by lopping off the "../".
However, the code would then append that file name to the passed in
context directory and look for the file. That would fail as in most
cases there was no `{context-dir}/file.txt`, rather the file was at
`{context-dir}/../file.txt`. Using a relative directory like this
outside of the context directory can be a security risk. Docker
doesn't allow it nor should we.
This change now errors out when a file that starts with `../` is
presented as a copy from target.
Addresses: https://github.com/containers/libpod/issues/5035
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Also: images json test: rewrite to actually check for
keys instead of just number of lines. Reason: when using
older podman to prefetch (in f29), 'history' key is lost,
giving us 26 lines of output instead of 30.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Show of hands: who here loves submitting a PR, then coming back
hours later to find one job failed, then spending time poring
over logs and finding a network error? Anyone? Anyone?
This is a lame attempt to minimize such flakes by caching
commonly-used images and restoring them on demand. We
introduce a new helper, _prefetch(), which podman-pulls
an image the first time, podman-saves it, then on
subsequent calls (for the same image) podman-loads it:
@test foo {
_prefetch alpine busybox
...tests that run buildah-from either
}
This is an imperfect solution: it is incomplete and will
grow more so over time as new tests are added. It is
difficult to verify its coverage. I'm really unhappy
with it but if it works, the Total Sum Of Unhappiness
might decrease overall thanks to fewer flakes. If it
doesn't work, it's trivial to remove _prefetch calls
using a sed script. Shall we give it a chance?
Signed-off-by: Ed Santiago <santiago@redhat.com>
When we are given a linked tar file as a source file, we were setting the
destination to the original destination plus the name of the link.
This created a directory using the links name and then everything was
copied under that directory. The link name should not be used as part
of the directory structure.
Fixes: #2102
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2112
Approved by: rhatdan
When building images we now allow the architecture and operating system
to be overwritten via the new `--os` and `--arch` flags. This allows the
use case of packing pre-built or cross-compiled binaries into container
images with specifying the correct environment. The `--platform` flag
now takes the `os/arch` format into account as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Closes: #2097
Approved by: rhatdan
If a Containerfile had lines like:
```
FROM alpine
ENV VERSION=0.0.1
COPY file-${VERSION}.txt /
```
Buildah would not resolve the VERSION variable in the copy statement.
If the 'ENV' in the above Containerfile was changed to ARG, then this
would work.
A recent change to the handling of variables now only looks at variables
set by 'ARG' and not the ones set by the 'ENV' command. This PR
adds the the variables set by the `ENV` to the list of `ARG` variables
when those variables are being resolved by the code.
This also includes added test to guard against this regression in the future.
Addresses: https://github.com/containers/libpod/issues/4878
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2095
Approved by: giuseppe
PR #2039 broke system tests, because they're installed in /usr:
# buildah bud -v /usr/share/buildah/test/system:/testdir:rw,z /usr/share/buildah/test/system/bud/mount
...
error building at STEP "RUN mount": error resolving mountpoints for container "173c5e567e95f2604b5ea677f5e5364839d5b455a9081cdb4101f20242997e5e": relabeling "/usr/share/buildah/test/system" failed: relabeling content in /usr is not allowed
Solution: mount a volume from TESTDIR (singular), which is in TMPDIR,
not TESTSDIR (plural), which is our test source dir.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2065
Approved by: vrothberg
If the volume option was specified like: `--volume "${HOME}/.cache/zae9ujei:/myvol:rw,Z"`,
the COBRA code that processed the input from the user was considering the value to be a
SliceVar with two volumes `${HOME}/.cache/zae9ujei:/myvol:rw` and `Z` due to the comma.
Converted the COBRA code to consider the input as an ArrayVar instead and the value is
handled appropriately. Also increased the testing to catch this going forward.
Addresses: #2000
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2039
Approved by: rhatdan
This is the manual part of the cleanup.
- remove most 'buildah rm's from cleanup steps
- remove unused variables
- use expect_output when possible, not 'test [ x = y ]'
- includes fixing some not-what-you-think-it-is uses
of run_buildah | grep
- be careful not to leave droppings in current directory
Special attention to:
- authenticate.bats: create Dockerfile in temp dir, not pwd!
- push.bats: remove broken output check
- registries.bats: refactor, remove duplicate tests & code
- rmi.bats: better checking of messages
- secrets.bats: use TESTDIR (tmp), not TESTSDIR (/usr/share) !
We don't want to leave droppings behind if we fail; this has
bitten us before. And, since there's only one test, there's
no need to override setup() / teardown(). Do setup inline,
and take advantage of existing defaults.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2029
Approved by: rhatdan
Replace plain 'buildah' invocations with run_buildah
For ease of review, this commit was entirely machine-generated via:
$ perl -pi -e 's/^(\s+)buildah(\s)/${1}run_buildah${2}/' *.bats
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2029
Approved by: rhatdan
Replace this pattern:
cid=$(buildah ...)
with:
run_buildah ...
cid=$output
As a special case, if the buildah command is 'from' and the
string 'scratch' does not appear in the arguments, add '--quiet'.
Otherwise we'll get Pulling messages as part of $output. This
is an overkill solution.
For ease of review, this commit was entirely machine-generated via:
$ perl -pi -e 's{^(\s+)(\S+)=\$\(buildah (.*)\)$}{$indent=$1;$var=$2;$cmd=$3; $cmd =~ s/(\bfrom)\s(?!.*scratch)/$1 --quiet $2/; "${indent}run_buildah $cmd\n$indent$var=\$output"}e' *.bats
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2029
Approved by: rhatdan
PR #1935 removed the default --debug logging; so all run_buildah
calls now use the default (error). It is safe to remove unnecessary
instances of --log-level=error .
For ease of review, this commit was entirely machine-generated via:
$ perl -pi -e 's/ --log-level=error / /' *.bats
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2029
Approved by: rhatdan
In #1977 we disallowed the use of a URL for both the
COPY and ADD commands in a Dockerfile. Upon further
reflection we should have done that only for the COPY
command.
Addresses: https://github.com/containers/libpod/issues/4686
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #2019
Approved by: rhatdan
PR 1966 has languished for three weeks without activity from
submitter. In the interests of getting it online, I have
taken it over and:
- rebased
- fixed several misunderstandings (bugs) noted in review feedback
- fixed a few more
I also slightly rewrote two tests (tag by id, commit with name)
that were incomprehensible to me: unnecessary mount/umount and
no actual testing of anything other than checking exit status.
I believe the new code is closer to the intention of testing
but please pay closer attention to those bits.
Also: fixed the basic 'inspect' test. It looks like at some
point in the last month #1917 added a version string to
the buildah-inspect output. The test was fixed on master,
but ypu's PR did not incorporate those fixes and the
test was breaking. I took the liberty of cleaning up
the entire test for readability and maintainability.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #2004
Approved by: rhatdan
When buildah bud runs without layers (default), it hands off the parsing
of the Dockerfile steps to imagebuilder. However if the the --layers
option is in use, then we start parsing the steps before we hand stuff
off to imagebuilder.
The COPY --chown, ADD --chown, and COPY --from commands in a Dockerfile
were failing if there was not an '=' sign after them like "COPY --chown=2374:3256".
This moves the parsing into the code that handles the layer processing.
Fixes: #1984
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1997
Approved by: vrothberg
close#1846
buildah bud COPY can download the URL to the container working directory. This is not compatible with Docker.
So after this path, buildah bud COPY URL will return an error.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Closes: #1977
Approved by: QiWang19
We should be outputing just the imageID when doing a buildah bud quiet.
Currently the stdout from containers is showing up on the screen.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1963
Approved by: TomSweeneyRedHat
(Replaces #1873 as it had lint issues that were timing out tests that I couldn't
track down easily)
Prior to this fix, if someone did `buildah bud --pull=false .` and the image in
the Containerfile's FROM statement was not local, the build would fail. The same
build on Docker will succeed. In Docker, when `--pull` is set to false, it only
pulls the image from the registry if there was not one locally. Buildah would never
pull the image and if the image was not locally available, it would throw an error.
In certain Kubernetes environments, this was especially troublesome.
To retain the old `--pull=false` functionality, I've created a new `--pull-never`
option that fails if an image is not locally available just like the old
`--pull=false` option used to do.
In addition, if there was a newer version of the image on the repository than
the one locally, the `--pull=true` option would not pull the image as it should
have, this corrects that.
Changes both the from and bud commands.
Addresses: #1675
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1959
Approved by: rhatdan
Refactor many cumbersome BUILDAH_ISOLATION and 'which runc'
checks into common 'skip_if_{ chroot, rootless, no_runtime}'
calls.
This is in preparation for the next PR, which introduces
additional cgroups-v2 skips.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #1965
Approved by: rhatdan
After #1955 merged, @edsantiago had suggestions for
tweaks to the test that was part of that merge.
This PR addresses those comments.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
- add explicit --log-level=debug in some buildah-bud invocations
where we need to check debug output
- use expect_line_count() in one place, to get better diagnostics
- formats test: refactor, make more readable
- imgtype invoker: remove -debug
- fix one more instance of 'step' needing to be 'STEP'
- fix one mkdir to mkdir -p, and run rm -rf beforehand, to deal
with a failed prior run that might have left state
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #1935
Approved by: giuseppe
First, and possibly most controversial, remove --debug flag.
Output on test failure is painful to read. It is unlikely
(but not inconceivable) that --debug will be of any use.
Second, fix a failure message so it properly uses %s instead
of string interpolation. (If the test name itself includes
a percent sign, we get undefined behavior on output).
Fix a few instances of 'buildah' to be 'run_buildah'.
Remove some unnecessary 'run/echo/check-status' sequences,
sticking with the much cleaner 'test'. When BATS shows
an error of the form 'this failed: [ $status -eq 0 ]'
I weep in despair.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #1935
Approved by: giuseppe
If the context directory was specified as a git repo with a
branch reference ala
```
buildah bud --layers -t test git://github.com/containers/skopeo#master
```
The internal `git clone` command executed by buildah would fail as the
`#master` branch specification needed to be removed and specified with
the `-b` option like:
```
git clone -b master git://github.com/containers/skopeo /var/tmp/buildah12332
```
rather than:
```
git clone git://github.com/containers/skopeo#master /var/tmp/buildah12332
```
Addresses #1934
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1941
Approved by: rhatdan
When passing an environment variable to a Containerfile using an `ARG` command,
the dry-run processing for `COPY` and `ADD` isn't resolving the environment
variable for the source and is causing a failure.
Now convert the source if it's an environment variable to its value and then
proceed on. The destination doesn't have a similar issue at this point
but we'll convert it too just in case.
Addresses: #1871
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1874
Approved by: nalind
Some consumers of the docker command line API expect to be able to pass
a tar or a Dockerfile into the build command via stdin, which causes a
build failure when it hits 'buildah bud' or 'podman build', which calls
buildah. A good example of this is the `linuxkit pkg build $dir`
command, which will append a `-` to the build command.
To improve compatibility with `docker build` support for `-` is added to
mean "read from stdin".
While a user could pass /dev/stdin or /proc/self/fd/0, or a path to some
other character device, as such tricks are common when attempting to get
programs to read from stdin, `docker build` does not support this, thus
this leaves out a bit of complexity while improving 'docker build' cli
compatibility.
Signed-off-by: Sachi King <nakato@nakato.io>
Closes: #1870
Approved by: rhatdan
Use the file named "Containerfile" if no build file is specified. If
not found, fall back to Dockerfile.
This is the initial PR, we probably will have more doc tweaking to do overtime.
```
STEP 1: FROM alpine
STEP 2: COMMIT tom
961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4
STEP 1: FROM alpine
STEP 2: COMMIT tom
961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4
```
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1860
Approved by: rhatdan
Some Dockerfiles (fuse-overlay) require additional devices to be in the
build environment.
This patch allows the user to specify additional devices.
Also I noticed that CapAdd and CapDrop was not working in buildah bud situations,
so this patch also fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1820
Approved by: @TomSweeneyRedHat
If Squash is set, then we're only committing one layer, so if EmptyLayer
is set, which would normally tell us to skip committing the final layer,
we should ignore the EmptyLayer flag.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1839
Approved by: TomSweeneyRedHat
OpenShift Merge Robot
Jakub Guzik
Daniel J Walsh
caiges
Ashley
Diego
TomSweeneyRedHat
Antonio Terceiro
Valentin Rothberg
Urvashi Mohnani
Chris Evich
Josh Soref
Nalin Dahyabhai
Nikolay Edigaryev
Ed Santiago
Yiqiao Pu
bors[bot]
dependabot-preview[bot]
Giuseppe Scrivano
Boaz Shuster
Brandon Lum
Nick Carboni
Sascha Grunert
Qi Wang
Sachi King