Merge pull request 'master' (#1) from wagshome/buildx:master into master

Reviewed-on: #1
2023-10-29 19:36:47 +00:00
parent f35b2b7cab 008ce88567
commit 8d85ad5269
11 changed files with 121 additions and 31 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,25 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the
 // README at: https://github.com/devcontainers/templates/tree/main/src/go
 {
 	"name": "Go",
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
 	"image": "mcr.microsoft.com/devcontainers/go:1-1.21-bullseye",
 	"features": {
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {}
 	}
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// "forwardPorts": [],
 	// Use 'postCreateCommand' to run commands after the container is created.
 	// "postCreateCommand": "go version",
 	// Configure tool-specific properties.
 	// "customizations": {},
 	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
 	// "remoteUser": "root"
 }
--- a/2
+++ b/2
@@ -121,7 +121,7 @@ RUN --mount=from=binaries \
  --mount=type=bind,from=buildx-version,source=/buildx-version,target=/buildx-version <<EOT
  set -e
  mkdir -p /out
-  cp buildx* "/out/buildx-$(cat /buildx-version/version).$(echo $TARGETPLATFORM | sed 's/\//-/g')$(ls buildx* | sed -e 's/^buildx//')"
+  cp buildx* "/out/buildx" 
 EOT
 FROM scratch AS release
--- a/builder/node.go
+++ b/builder/node.go
@@ -109,7 +109,7 @@ func (b *Builder) LoadNodes(ctx context.Context, withData bool) (_ []Node, err e
 					}
 				}
-				d, err := driver.GetDriver(ctx, "buildx_buildkit_"+n.Name, factory, n.Endpoint, dockerapi, imageopt.Auth, kcc, n.Flags, n.Files, n.DriverOpts, n.Platforms, b.opts.contextPathHash)
+				d, err := driver.GetDriver(ctx, "buildx_buildkit_"+n.Name, factory, n.Endpoint, dockerapi, imageopt.Auth, kcc, n.Flags, n.Files, n.DriverOpts, n.SecurityOpts, n.Platforms, b.opts.contextPathHash)
 				if err != nil {
 					node.Err = err
 					return nil
--- a/commands/create.go
+++ b/commands/create.go
@@ -42,6 +42,7 @@ type createOptions struct {
 	flags        string
 	configFile   string
 	driverOpts   []string
 	securityOpts []string
 	bootstrap    bool
 	// upgrade      bool // perform upgrade of the driver
 }
@@ -239,6 +240,11 @@ func runCreate(dockerCli command.Cli, in createOptions, args []string) error {
 			return err
 		}
 		s, err := csvToMap(in.securityOpts)
 		if err != nil {
 			return err
 		}
 		if in.configFile == "" {
 			// if buildkit config is not provided, check if the default one is
 			// available and use it
@@ -248,7 +254,7 @@ func runCreate(dockerCli command.Cli, in createOptions, args []string) error {
 			}
 		}
-		if err := ng.Update(in.nodeName, ep, in.platform, setEp, in.actionAppend, flags, in.configFile, m); err != nil {
+		if err := ng.Update(in.nodeName, ep, in.platform, setEp, in.actionAppend, flags, in.configFile, m, s); err != nil {
 			return err
 		}
 	}
@@ -340,6 +346,7 @@ func createCmd(dockerCli command.Cli) *cobra.Command {
 	flags.StringVar(&options.configFile, "config", "", "BuildKit config file")
 	flags.StringArrayVar(&options.platform, "platform", []string{}, "Fixed platforms for current node")
 	flags.StringArrayVar(&options.driverOpts, "driver-opt", []string{}, "Options for the driver")
 	flags.StringArrayVar(&options.securityOpts, "security-opt", []string{}, "Options for the security profile of driver")
 	flags.BoolVar(&options.bootstrap, "bootstrap", false, "Boot builder after creation")
 	flags.BoolVar(&options.actionAppend, "append", false, "Append a node to builder instead of changing it")
--- a/commands/inspect.go
+++ b/commands/inspect.go
@@ -82,6 +82,13 @@ func runInspect(dockerCli command.Cli, in inspectOptions) error {
 			if len(driverOpts) > 0 {
 				fmt.Fprintf(w, "Driver Options:\t%s\n", strings.Join(driverOpts, " "))
 			}
 			var securityOpts []string
 			for k, v := range n.SecurityOpts {
 				securityOpts = append(securityOpts, fmt.Sprintf("%s=%q", k, v))
 			}
 			if len(securityOpts) > 0 {
 				fmt.Fprintf(w, "Security Options:\t%s\n", strings.Join(driverOpts, " "))
 			}
 			if err := n.Err; err != nil {
 				fmt.Fprintf(w, "Error:\t%s\n", err.Error())
--- a/driver/docker-container/driver.go
+++ b/driver/docker-container/driver.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync/atomic"
 	"time"
@@ -41,6 +42,7 @@ type Driver struct {
 	netMode      string
 	image        string
 	cgroupParent string
 	securityOpts map[string]string
 	env          []string
 }
@@ -109,7 +111,6 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 	if d.InitConfig.BuildkitFlags != nil {
 		cfg.Cmd = d.InitConfig.BuildkitFlags
 	}
 	useInit := true // let it cleanup exited processes created by BuildKit's container API
 	if err := l.Wrap("creating container "+d.Name, func() error {
 		hc := &container.HostConfig{
@@ -127,6 +128,13 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 			hc.NetworkMode = container.NetworkMode(d.netMode)
 		}
 		if info, err := d.DockerAPI.Info(ctx); err == nil {
 			secOpts, err := dockertypes.DecodeSecurityOptions(info.SecurityOptions)
 			l.Wrap("driverOpts"+info.CgroupDriver, func() error {
 				return nil
 			})
 			if err != nil {
 				return err
 			}
 			if info.CgroupDriver == "cgroupfs" {
 				// Place all buildkit containers inside this cgroup by default so limits can be attached
 				// to all build activity on the host.
@@ -135,18 +143,27 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 					hc.CgroupParent = d.cgroupParent
 				}
 			}
 			secOpts, err := dockertypes.DecodeSecurityOptions(info.SecurityOptions)
 			if err != nil {
 				return err
 			}
 			for _, f := range secOpts {
 				if f.Name == "userns" {
 					hc.UsernsMode = "host"
 					break
 				}
 			}
-
+			for i, k := range d.securityOpts {
 				switch {
 				case i == "systempaths":
 					hc.MaskedPaths = []string{}
 					hc.ReadonlyPaths = []string{}
 				case i == "privileged":
 					val, err := strconv.ParseBool(k)
 					if err != nil {
 						return errors.Errorf("invalid value privleged security option, options are true/false")
 					}
 					hc.Privileged = val
 				default:
 					hc.SecurityOpt = append(hc.SecurityOpt, i+"="+k)
 				}
 			}
 		}
 		_, err := d.DockerAPI.ContainerCreate(ctx, cfg, hc, &network.NetworkingConfig{}, nil, d.Name)
 		if err != nil && !errdefs.IsConflict(err) {
--- a/driver/docker-container/factory.go
+++ b/driver/docker-container/factory.go
@@ -40,6 +40,7 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		return nil, errors.Errorf("%s driver requires docker API access", f.Name())
 	}
 	d := &Driver{factory: f, InitConfig: cfg}
 	d.securityOpts = make(map[string]string)
 	for k, v := range cfg.DriverOpts {
 		switch {
 		case k == "network":
@@ -57,11 +58,32 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 				return nil, errors.Errorf("invalid env option %q, expecting env.FOO=bar", k)
 			}
 			d.env = append(d.env, fmt.Sprintf("%s=%s", envName, v))
 		case k == "seccomp":
 			d.securityOpts[k] = v
 		case k == "apparmor":
 			d.securityOpts[k] = v
 		case k == "systempaths":
 			d.securityOpts[k] = v
 		case k == "privileged":
 			d.securityOpts[k] = v
 		default:
 			return nil, errors.Errorf("invalid driver option %s for docker-container driver", k)
 		}
 	}
-
+	for i, _ := range cfg.SecurityOpts {
 		switch {
 		case i == "seccomp":
 			continue
 		case i == "apparmor":
 			continue
 		case i == "systempaths":
 			continue
 		case i == "privileged":
 			continue
 		default:
 			return nil, errors.Errorf("invalid Security option %s for docker-container driver", i)
 		}
 	}
 	return d, nil
 }
--- a/driver/driver.go
+++ b/driver/driver.go
@@ -80,7 +80,6 @@ func Boot(ctx, clientContext context.Context, d *DriverHandle, pw progress.Write
 				return nil, err
 			}
 		}
 		c, err := d.Client(clientContext)
 		if err != nil {
 			if errors.Cause(err) == ErrNotRunning && try <= 2 {
--- a/driver/manager.go
+++ b/driver/manager.go
@@ -56,6 +56,7 @@ type InitConfig struct {
 	BuildkitFlags    []string
 	Files            map[string][]byte
 	DriverOpts       map[string]string
 	SecurityOpts     map[string]string
 	Auth             Auth
 	Platforms        []specs.Platform
 	// ContextPathHash can be used for determining pods in the driver instance
@@ -104,7 +105,7 @@ func GetFactory(name string, instanceRequired bool) (Factory, error) {
 	return nil, errors.Errorf("failed to find driver %q", name)
 }
-func GetDriver(ctx context.Context, name string, f Factory, endpointAddr string, api dockerclient.APIClient, auth Auth, kcc KubeClientConfig, flags []string, files map[string][]byte, do map[string]string, platforms []specs.Platform, contextPathHash string) (*DriverHandle, error) {
+func GetDriver(ctx context.Context, name string, f Factory, endpointAddr string, api dockerclient.APIClient, auth Auth, kcc KubeClientConfig, flags []string, files map[string][]byte, do map[string]string, so map[string]string, platforms []specs.Platform, contextPathHash string) (*DriverHandle, error) {
 	ic := InitConfig{
 		EndpointAddr:     endpointAddr,
 		DockerAPI:        api,
@@ -112,6 +113,7 @@ func GetDriver(ctx context.Context, name string, f Factory, endpointAddr string,
 		Name:             name,
 		BuildkitFlags:    flags,
 		DriverOpts:       do,
 		SecurityOpts:     so,
 		Auth:             auth,
 		Platforms:        platforms,
 		ContextPathHash:  contextPathHash,
--- a/out/buildx
+++ b/out/buildx
--- a/store/nodegroup.go
+++ b/store/nodegroup.go
@@ -24,11 +24,12 @@ type NodeGroup struct {
 }
 type Node struct {
-	Name       string
+	Name         string
-	Endpoint   string
+	Endpoint     string
-	Platforms  []specs.Platform
+	Platforms    []specs.Platform
-	Flags      []string
+	Flags        []string
-	DriverOpts map[string]string
+	DriverOpts   map[string]string
 	SecurityOpts map[string]string
 	Files map[string][]byte
 }
@@ -48,7 +49,7 @@ func (ng *NodeGroup) Leave(name string) error {
 	return nil
 }
-func (ng *NodeGroup) Update(name, endpoint string, platforms []string, endpointsSet bool, actionAppend bool, flags []string, configFile string, do map[string]string) error {
+func (ng *NodeGroup) Update(name, endpoint string, platforms []string, endpointsSet bool, actionAppend bool, flags []string, configFile string, do map[string]string, so map[string]string) error {
 	if ng.Dynamic {
 		return errors.New("dynamic node group does not support Update")
 	}
@@ -91,6 +92,10 @@ func (ng *NodeGroup) Update(name, endpoint string, platforms []string, endpoints
 			n.DriverOpts = do
 			needsRestart = true
 		}
 		if so != nil {
 			n.SecurityOpts = so
 			needsRestart = true
 		}
 		if configFile != "" {
 			for k, v := range files {
 				n.Files[k] = v
@@ -118,12 +123,13 @@ func (ng *NodeGroup) Update(name, endpoint string, platforms []string, endpoints
 	}
 	n := Node{
-		Name:       name,
+		Name:         name,
-		Endpoint:   endpoint,
+		Endpoint:     endpoint,
-		Platforms:  pp,
+		Platforms:    pp,
-		Flags:      flags,
+		Flags:        flags,
-		DriverOpts: do,
+		DriverOpts:   do,
-		Files:      files,
+		SecurityOpts: so,
 		Files:        files,
 	}
 	ng.Nodes = append(ng.Nodes, n)
@@ -156,6 +162,10 @@ func (n *Node) Copy() *Node {
 	for k, v := range n.DriverOpts {
 		driverOpts[k] = v
 	}
 	securityOpts := map[string]string{}
 	for k, v := range n.SecurityOpts {
 		securityOpts[k] = v
 	}
 	files := map[string][]byte{}
 	for k, v := range n.Files {
 		vv := []byte{}
@@ -163,12 +173,13 @@ func (n *Node) Copy() *Node {
 		files[k] = vv
 	}
 	return &Node{
-		Name:       n.Name,
+		Name:         n.Name,
-		Endpoint:   n.Endpoint,
+		Endpoint:     n.Endpoint,
-		Platforms:  platforms,
+		Platforms:    platforms,
-		Flags:      flags,
+		Flags:        flags,
-		DriverOpts: driverOpts,
+		DriverOpts:   driverOpts,
-		Files:      files,
+		SecurityOpts: securityOpts,
 		Files:        files,
 	}
 }