Tibor Vass
@@ -500,6 +500,7 @@ Options:
|
||||
|
||||
| Flag | Description |
|
||||
| --- | --- |
|
||||
| --allow stringArray | Allow extra privileged entitlement, e.g. network.host, security.insecure
|
||||
| -f, --file stringArray | Build definition file
|
||||
| --no-cache | Do not use cache when building the image
|
||||
| --print | Print the options without building
|
||||
@@ -507,6 +508,10 @@ Options:
|
||||
| --pull | Always attempt to pull a newer version of the image
|
||||
| --set stringArray | Override target value (eg: target.key=value)
|
||||
|
||||
#### `--allow=ENTITLEMENT`
|
||||
|
||||
Same as [`build --allow`](#--allowentitlement).
|
||||
|
||||
#### `-f, --file FILE`
|
||||
|
||||
Specifies the bake definition file. The file can be a Docker Compose, JSON or HCL file. If multiple files are specified they are all read and configurations are combined. By default, if no files are specified, the following are parsed:
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
"github.com/docker/buildx/util/platformutil"
|
||||
"github.com/docker/docker/pkg/urlutil"
|
||||
"github.com/moby/buildkit/session/auth/authprovider"
|
||||
"github.com/moby/buildkit/util/entitlements"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
@@ -248,10 +249,10 @@ func (t *Target) normalize() {
|
||||
t.Outputs = removeDupes(t.Outputs)
|
||||
}
|
||||
|
||||
func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]build.Options, error) {
|
||||
func TargetsToBuildOpt(m map[string]Target, noCache, pull bool, allow []entitlements.Entitlement) (map[string]build.Options, error) {
|
||||
m2 := make(map[string]build.Options, len(m))
|
||||
for k, v := range m {
|
||||
bo, err := toBuildOpt(v, noCache, pull)
|
||||
bo, err := toBuildOpt(v, noCache, pull, allow)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -260,7 +261,7 @@ func TargetsToBuildOpt(m map[string]Target, noCache, pull bool) (map[string]buil
|
||||
return m2, nil
|
||||
}
|
||||
|
||||
func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) {
|
||||
func toBuildOpt(t Target, noCache, pull bool, allow []entitlements.Entitlement) (*build.Options, error) {
|
||||
if v := t.Context; v != nil && *v == "-" {
|
||||
return nil, errors.Errorf("context from stdin not allowed in bake")
|
||||
}
|
||||
@@ -291,6 +292,7 @@ func toBuildOpt(t Target, noCache, pull bool) (*build.Options, error) {
|
||||
Labels: t.Labels,
|
||||
NoCache: noCache,
|
||||
Pull: pull,
|
||||
Allow: allow,
|
||||
}
|
||||
|
||||
platforms, err := platformutil.Parse(t.Platforms)
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"os"
|
||||
|
||||
"github.com/docker/buildx/bake"
|
||||
"github.com/docker/buildx/build"
|
||||
"github.com/docker/cli/cli/command"
|
||||
"github.com/moby/buildkit/util/appcontext"
|
||||
"github.com/pkg/errors"
|
||||
@@ -51,7 +52,12 @@ func runBake(dockerCli command.Cli, targets []string, in bakeOptions) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull)
|
||||
allow, err := build.ParseEntitlements(in.allow)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
bo, err := bake.TargetsToBuildOpt(m, in.noCache, in.pull, allow)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -44,8 +44,6 @@ type buildOptions struct {
|
||||
squash bool
|
||||
quiet bool
|
||||
|
||||
allow []string
|
||||
|
||||
// hidden
|
||||
// untrusted bool
|
||||
// ulimits *opts.UlimitOpt
|
||||
@@ -67,6 +65,7 @@ type commonOptions struct {
|
||||
noCache bool
|
||||
progress string
|
||||
pull bool
|
||||
allow []string
|
||||
}
|
||||
|
||||
func runBuild(dockerCli command.Cli, in buildOptions) error {
|
||||
@@ -222,8 +221,6 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
|
||||
|
||||
flags.StringVar(&options.target, "target", "", "Set the target build stage to build.")
|
||||
|
||||
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
|
||||
|
||||
// not implemented
|
||||
flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the build output and print image ID on success")
|
||||
flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
|
||||
@@ -287,6 +284,7 @@ func buildCmd(dockerCli command.Cli) *cobra.Command {
|
||||
}
|
||||
|
||||
func commonFlags(options *commonOptions, flags *pflag.FlagSet) {
|
||||
flags.StringSliceVar(&options.allow, "allow", []string{}, "Allow extra privileged entitlement, e.g. network.host, security.insecure")
|
||||
flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
|
||||
flags.StringVar(&options.progress, "progress", "auto", "Set type of progress output (auto, plain, tty). Use plain to show container output")
|
||||
flags.BoolVar(&options.pull, "pull", false, "Always attempt to pull a newer version of the image")
|
||||
|
||||
Reference in New Issue
Block a user