publicWagsHome
/
buildx
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bake: add --allow support

Browse Source 
Signed-off-by: Tibor Vass <tibor@docker.com>
pull/126/head
Tibor Vass 6 years ago
parent 7ec8912591
commit cd086fc8d6
4 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File

5
README.md
Unescape Escape View File

@ -500,6 +500,7 @@ Options:
| Flag | Description | | Flag | Description |
| --- | --- | | --- | --- |
| --allow stringArray | Allow extra privileged entitlement, e.g. network.host, security.insecure
| -f, --file stringArray | Build definition file | -f, --file stringArray | Build definition file
| --no-cache | Do not use cache when building the image | --no-cache | Do not use cache when building the image
| --print | Print the options without building | --print | Print the options without building
@ -507,6 +508,10 @@ Options:
| --pull | Always attempt to pull a newer version of the image | --pull | Always attempt to pull a newer version of the image
| --set stringArray | Override target value (eg: target.key=value) | --set stringArray | Override target value (eg: target.key=value)
#### `--allow=ENTITLEMENT`
Same as [`build --allow`](#--allowentitlement).
#### `-f, --file FILE` #### `-f, --file FILE`
Specifies the bake definition file. The file can be a Docker Compose, JSON or HCL file. If multiple files are specified they are all read and configurations are combined. By default, if no files are specified, the following are parsed: Specifies the bake definition file. The file can be a Docker Compose, JSON or HCL file. If multiple files are specified they are all read and configurations are combined. By default, if no files are specified, the following are parsed:

8
bake/bake.go
Unescape Escape View File

@ -11,6 +11,7 @@ import (
"github.com/docker/buildx/util/platformutil" "github.com/docker/buildx/util/platformutil"
"github.com/docker/docker/pkg/urlutil" "github.com/docker/docker/pkg/urlutil"
"github.com/moby/buildkit/session/auth/authprovider" "github.com/moby/buildkit/session/auth/authprovider"
"github.com/moby/buildkit/util/entitlements"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -248,10 +249,10 @@ func (t *Target) normalize() {
t.Outputs = removeDupes(t.Outputs) t.Outputs = removeDupes(t.Outputs)
} }
func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]build.Options, error) { func TargetsToBuildOpt(m map[string]Target, noCache, pull bool, allow []entitlements.Entitlement) (map[string]build.Options, error) {
m2 := make(map[string]build.Options, len(m)) m2 := make(map[string]build.Options, len(m))
for k, v := range m { for k, v := range m {
bo, err := toBuildOpt(v, noCache, pull) bo, err := toBuildOpt(v, noCache, pull, allow)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -260,7 +261,7 @@ func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]buil
return m2, nil return m2, nil
} }
func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) { func toBuildOpt(t Target, noCache, pull bool, allow []entitlements.Entitlement) (*build.Options, error) {
if v := t.Context; v != nil && *v == "-" { if v := t.Context; v != nil && *v == "-" {
return nil, errors.Errorf("context from stdin not allowed in bake") return nil, errors.Errorf("context from stdin not allowed in bake")
} }
@ -291,6 +292,7 @@ func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) {
Labels: t.Labels, Labels: t.Labels,
NoCache: noCache, NoCache: noCache,
Pull: pull, Pull: pull,
Allow: allow,
} }
platforms, err := platformutil.Parse(t.Platforms) platforms, err := platformutil.Parse(t.Platforms)

8
commands/bake.go
Unescape Escape View File

@ -6,6 +6,7 @@ import (
"os" "os"
"github.com/docker/buildx/bake" "github.com/docker/buildx/bake"
"github.com/docker/buildx/build"
"github.com/docker/cli/cli/command" "github.com/docker/cli/cli/command"
"github.com/moby/buildkit/util/appcontext" "github.com/moby/buildkit/util/appcontext"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -51,7 +52,12 @@ func runBake(dockerCli command.Cli, targets []string, in bakeOptions) error {
return nil return nil
} }
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull) allow, err := build.ParseEntitlements(in.allow)
if err != nil {
return err
}
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull, allow)
if err != nil { if err != nil {
return err return err
} }

6
commands/build.go
Unescape Escape View File

@ -44,8 +44,6 @@ type buildOptions struct {
squash bool squash bool
quiet bool quiet bool
allow []string
// hidden // hidden
// untrusted bool // untrusted bool
// ulimits *opts.UlimitOpt // ulimits *opts.UlimitOpt
@ -67,6 +65,7 @@ type commonOptions struct {
noCache bool noCache bool
progress string progress string
pull bool pull bool
allow []string
} }
func runBuild(dockerCli command.Cli, in buildOptions) error { func runBuild(dockerCli command.Cli, in buildOptions) error {
@ -222,8 +221,6 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
flags.StringVar(&options.target, "target", "", "Set the target build stage to build.") flags.StringVar(&options.target, "target", "", "Set the target build stage to build.")
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
// not implemented // not implemented
flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success") flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build") flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
@ -287,6 +284,7 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
} }
func commonFlags(options *commonOptions, flags *pflag.FlagSet) { func commonFlags(options *commonOptions, flags *pflag.FlagSet) {
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image") flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
flags.StringVar(&options.progress, "progress", "auto", "Set type of progress output (auto, plain, tty). Use plain to show container output") flags.StringVar(&options.progress, "progress", "auto", "Set type of progress output (auto, plain, tty). Use plain to show container output")
flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image") flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")

Write Preview
Loading…
Cancel
Save