Tibor Vass
@@ -500,6 +500,7 @@ Options:
|
|||||||
|
|
||||||
| Flag | Description |
|
| Flag | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
|
| --allow stringArray | Allow extra privileged entitlement, e.g. network.host, security.insecure
|
||||||
| -f, --file stringArray | Build definition file
|
| -f, --file stringArray | Build definition file
|
||||||
| --no-cache | Do not use cache when building the image
|
| --no-cache | Do not use cache when building the image
|
||||||
| --print | Print the options without building
|
| --print | Print the options without building
|
||||||
@@ -507,6 +508,10 @@ Options:
|
|||||||
| --pull | Always attempt to pull a newer version of the image
|
| --pull | Always attempt to pull a newer version of the image
|
||||||
| --set stringArray | Override target value (eg: target.key=value)
|
| --set stringArray | Override target value (eg: target.key=value)
|
||||||
|
|
||||||
|
#### `--allow=ENTITLEMENT`
|
||||||
|
|
||||||
|
Same as [`build --allow`](#--allowentitlement).
|
||||||
|
|
||||||
#### `-f, --file FILE`
|
#### `-f, --file FILE`
|
||||||
|
|
||||||
Specifies the bake definition file. The file can be a Docker Compose, JSON or HCL file. If multiple files are specified they are all read and configurations are combined. By default, if no files are specified, the following are parsed:
|
Specifies the bake definition file. The file can be a Docker Compose, JSON or HCL file. If multiple files are specified they are all read and configurations are combined. By default, if no files are specified, the following are parsed:
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ import (
|
|||||||
"github.com/docker/buildx/util/platformutil"
|
"github.com/docker/buildx/util/platformutil"
|
||||||
"github.com/docker/docker/pkg/urlutil"
|
"github.com/docker/docker/pkg/urlutil"
|
||||||
"github.com/moby/buildkit/session/auth/authprovider"
|
"github.com/moby/buildkit/session/auth/authprovider"
|
||||||
|
"github.com/moby/buildkit/util/entitlements"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -248,10 +249,10 @@ func (t *Target) normalize() {
|
|||||||
t.Outputs = removeDupes(t.Outputs)
|
t.Outputs = removeDupes(t.Outputs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]build.Options, error) {
|
func TargetsToBuildOpt(m map[string]Target, noCache, pull bool, allow []entitlements.Entitlement) (map[string]build.Options, error) {
|
||||||
m2 := make(map[string]build.Options, len(m))
|
m2 := make(map[string]build.Options, len(m))
|
||||||
for k, v := range m {
|
for k, v := range m {
|
||||||
bo, err := toBuildOpt(v, noCache, pull)
|
bo, err := toBuildOpt(v, noCache, pull, allow)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -260,7 +261,7 @@ func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]buil
|
|||||||
return m2, nil
|
return m2, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) {
|
func toBuildOpt(t Target, noCache, pull bool, allow []entitlements.Entitlement) (*build.Options, error) {
|
||||||
if v := t.Context; v != nil && *v == "-" {
|
if v := t.Context; v != nil && *v == "-" {
|
||||||
return nil, errors.Errorf("context from stdin not allowed in bake")
|
return nil, errors.Errorf("context from stdin not allowed in bake")
|
||||||
}
|
}
|
||||||
@@ -291,6 +292,7 @@ func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) {
|
|||||||
Labels: t.Labels,
|
Labels: t.Labels,
|
||||||
NoCache: noCache,
|
NoCache: noCache,
|
||||||
Pull: pull,
|
Pull: pull,
|
||||||
|
Allow: allow,
|
||||||
}
|
}
|
||||||
|
|
||||||
platforms, err := platformutil.Parse(t.Platforms)
|
platforms, err := platformutil.Parse(t.Platforms)
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/docker/buildx/bake"
|
"github.com/docker/buildx/bake"
|
||||||
|
"github.com/docker/buildx/build"
|
||||||
"github.com/docker/cli/cli/command"
|
"github.com/docker/cli/cli/command"
|
||||||
"github.com/moby/buildkit/util/appcontext"
|
"github.com/moby/buildkit/util/appcontext"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
@@ -51,7 +52,12 @@ func runBake(dockerCli command.Cli, targets []string, in bakeOptions) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull)
|
allow, err := build.ParseEntitlements(in.allow)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull, allow)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -44,8 +44,6 @@ type buildOptions struct {
|
|||||||
squash bool
|
squash bool
|
||||||
quiet bool
|
quiet bool
|
||||||
|
|
||||||
allow []string
|
|
||||||
|
|
||||||
// hidden
|
// hidden
|
||||||
// untrusted bool
|
// untrusted bool
|
||||||
// ulimits *opts.UlimitOpt
|
// ulimits *opts.UlimitOpt
|
||||||
@@ -67,6 +65,7 @@ type commonOptions struct {
|
|||||||
noCache bool
|
noCache bool
|
||||||
progress string
|
progress string
|
||||||
pull bool
|
pull bool
|
||||||
|
allow []string
|
||||||
}
|
}
|
||||||
|
|
||||||
func runBuild(dockerCli command.Cli, in buildOptions) error {
|
func runBuild(dockerCli command.Cli, in buildOptions) error {
|
||||||
@@ -222,8 +221,6 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
|
|||||||
|
|
||||||
flags.StringVar(&options.target, "target", "", "Set the target build stage to build.")
|
flags.StringVar(&options.target, "target", "", "Set the target build stage to build.")
|
||||||
|
|
||||||
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
|
|
||||||
|
|
||||||
// not implemented
|
// not implemented
|
||||||
flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
|
flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
|
||||||
flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
|
flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
|
||||||
@@ -287,6 +284,7 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func commonFlags(options *commonOptions, flags *pflag.FlagSet) {
|
func commonFlags(options *commonOptions, flags *pflag.FlagSet) {
|
||||||
|
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
|
||||||
flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
|
flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
|
||||||
flags.StringVar(&options.progress, "progress", "auto", "Set type of progress output (auto, plain, tty). Use plain to show container output")
|
flags.StringVar(&options.progress, "progress", "auto", "Set type of progress output (auto, plain, tty). Use plain to show container output")
|
||||||
flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
|
flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
|
||||||
|
|||||||
Reference in New Issue
Block a user