When we're told to add built images to a manifest list, manipulate the
list ourselves, so that if we're creating a list, we won't have a
partially-populated list if some of the builds fail.
This also lets us include all of the platform information (including
variant info, which we can't sniff out after the fact) that we were
given when we started building the images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When the terminatedStage map has its entry for a stage set, make sure
that we set the corresponding entry in the imageMap while holding the
mutex for it, eliminating the sliver of time when the first is set but
the second isn't, which could bite StageExecutor.Execute(), which waits
for the first and then reads the second.
Make terminatedStage record the error if a stage doesn't complete
successfully, and have waitForStage() return that error if it's set.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When firing up a minimal server to serve up content so that we can
retrieve it using HTTP, make it possible to let the kernel assign us
which port to use, so that the script that's calling us doesn't have to
make a(n occasionally bad) guess.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
While vendoring c/storage v1.34.0 I was having issues
with io/fs not being able to be vendored via calls in the
latest BurntSushi. Fortunately I remembered a change to
the Skopeo Makefile that @vrothberg had made recently and
viola, that fixed it.
Also per @nalind's review, I've bumped Go from 1.13 to 1.6 in the
.cirrus.yml file.
[NO NEW TESTS NEEDED]
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Move multiple-platform build juggling logic from the CLI wrapper
directly into the imagebuildah package, to make using it easier for
packages that consume us as a library.
This requires reading Dockerfiles into byte slices so that we can
re-parse them for each per-platform build, rather than parsing them
directly, as we used to, since building modifies the parsed tree.
When building for multiple platforms, prefix progress log messages with
the platform description.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Following function generates a permanent overlayfs struct as compared to tempdir.
[NO NEW TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Allow ssh socket from host or certain ssh keys to be exposed to a
certain RUN instruction, but not any other instructions, as well as not
showing up in the final image.
This is done by spawining a new agent from buildah and mounting
the listening socket inside the run. SSH_AUTH_SOCK inside the container
will be set to the socket mountpoint. The defualt mountpoint is
/run/buildkit/ssh_agent.{i}
Signed-off-by: Ashley Cui <acui@redhat.com>
Make sure to use the correct resolv.conf in case of systemd-resolved.
Also filter out 127... nameserver when run in private netns.
Fixes#2780
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
[NO TESTS NEEDED] since I've no idea how to force it.
Reported-in: containers/podman/issues/11148
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
It looks like there's some behavior difference between the 1.13 that CI
uses and the 1.16 on my system.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a pkg/parse.PlatformsFromOptions() which understands a "variant"
value as an optional third value in an OS/ARCH[/VARIANT] argument value,
which accepts a comma-separated list of them, and which returns a list
of platforms.
Teach "from" and "pull" about the --platform option and add integration
tests for them, warning if --platform was given multiple values.
Add a define.BuildOptions.JobSemaphore which an imagebuildah executor
will use in preference to one that it might allocate for itself.
In main(), allocate a JobSemaphore if the number of jobs is not 0 (which
we treat as "unlimited", and continue to allow executors to do).
In addManifest(), take a lock on the manifest list's image ID so that we
don't overwrite changes that another thread might be making while we're
attempting to make changes to it. In main(), create an empty list if
the list doesn't already exist before we start down this path, so that
we don't get two threads trying to create that manifest list at the same
time later on. Two processes could still try to create the same list
twice, but it's an incremental improvement.
Finally, if we've been given multiple platforms to build for, run their
builds concurrently and gather up their results.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Since opencontainers/image-spec/pull/822/ the OCI spec supports two new
annotations to set the fully-qualified name and the digest of the base
image.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
OpenShift Merge Robot
dependabot[bot]
Daniel J Walsh
openshift-ci[bot]
Nalin Dahyabhai
TomSweeneyRedHat
flouthoc
Ashley Cui
Paul Holzinger
Valentin Rothberg