From 7441c3ab79a455035f4d324d16371bbdbdcc7df8 Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Mon, 27 Jan 2025 10:03:26 +0100 Subject: [PATCH 1/5] fix support for ssh key from CLI flags Signed-off-by: Nicolas De Loof --- pkg/compose/build_bake.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/compose/build_bake.go b/pkg/compose/build_bake.go index 2ff8c6b29cb..76289a345eb 100644 --- a/pkg/compose/build_bake.go +++ b/pkg/compose/build_bake.go @@ -165,7 +165,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project Platforms: build.Platforms, Target: build.Target, Secrets: toBakeSecrets(project, build.Secrets), - SSH: toBakeSSH(build.SSH), + SSH: toBakeSSH(append(build.SSH, options.SSHs...)), Pull: options.Pull, NoCache: options.NoCache, } From e103dd01545e636097e2d1d044238a4877436ed5 Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Mon, 27 Jan 2025 12:13:02 +0100 Subject: [PATCH 2/5] fix bake support for secret target Signed-off-by: Nicolas De Loof --- pkg/compose/build_bake.go | 50 ++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/pkg/compose/build_bake.go b/pkg/compose/build_bake.go index 76289a345eb..1d0c93299e1 100644 --- a/pkg/compose/build_bake.go +++ b/pkg/compose/build_bake.go @@ -93,19 +93,20 @@ type bakeGroup struct { } type bakeTarget struct { - Context string `json:"context,omitempty"` - Dockerfile string `json:"dockerfile,omitempty"` - Args map[string]string `json:"args,omitempty"` - Labels map[string]string `json:"labels,omitempty"` - Tags []string `json:"tags,omitempty"` - CacheFrom []string `json:"cache-from,omitempty"` - CacheTo []string `json:"cache-to,omitempty"` - Secrets []string `json:"secret,omitempty"` - SSH []string `json:"ssh,omitempty"` - Platforms []string `json:"platforms,omitempty"` - Target string `json:"target,omitempty"` - Pull bool `json:"pull,omitempty"` - NoCache bool `json:"no-cache,omitempty"` + Context string `json:"context,omitempty"` + Dockerfile string `json:"dockerfile,omitempty"` + Args map[string]string `json:"args,omitempty"` + Labels map[string]string `json:"labels,omitempty"` + Tags []string `json:"tags,omitempty"` + CacheFrom []string `json:"cache-from,omitempty"` + CacheTo []string `json:"cache-to,omitempty"` + Secrets []string `json:"secret,omitempty"` + SSH []string `json:"ssh,omitempty"` + Platforms []string `json:"platforms,omitempty"` + Target string `json:"target,omitempty"` + Pull bool `json:"pull,omitempty"` + NoCache bool `json:"no-cache,omitempty"` + Entitlements []string `json:"entitlements,omitempty"` } type bakeMetadata map[string]buildStatus @@ -162,12 +163,13 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project CacheFrom: build.CacheFrom, // CacheTo: TODO - Platforms: build.Platforms, - Target: build.Target, - Secrets: toBakeSecrets(project, build.Secrets), - SSH: toBakeSSH(append(build.SSH, options.SSHs...)), - Pull: options.Pull, - NoCache: options.NoCache, + Platforms: build.Platforms, + Target: build.Target, + Secrets: toBakeSecrets(project, build.Secrets), + SSH: toBakeSSH(append(build.SSH, options.SSHs...)), + Pull: options.Pull, + NoCache: options.NoCache, + Entitlements: build.Entitlements, } group.Targets = append(group.Targets, image) } @@ -236,7 +238,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project err = eg.Wait() if err != nil { - return nil, err + return nil, WrapCategorisedComposeError(err, BuildFailure) } b, err = os.ReadFile(metadata.Name()) @@ -270,11 +272,15 @@ func toBakeSecrets(project *types.Project, secrets []types.ServiceSecretConfig) var s []string for _, ref := range secrets { def := project.Secrets[ref.Source] + target := ref.Target + if target == "" { + target = ref.Source + } switch { case def.Environment != "": - s = append(s, fmt.Sprintf("id=%s,type=env,env=%s", ref.Source, def.Environment)) + s = append(s, fmt.Sprintf("id=%s,type=env,env=%s", target, def.Environment)) case def.File != "": - s = append(s, fmt.Sprintf("id=%s,type=file,src=%s", ref.Source, def.File)) + s = append(s, fmt.Sprintf("id=%s,type=file,src=%s", target, def.File)) } } return s From 28ef81e5d2b897972662da56fae594537be644cb Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Mon, 27 Jan 2025 15:30:04 +0100 Subject: [PATCH 3/5] fix support privileged build with bake Signed-off-by: Nicolas De Loof --- pkg/compose/build_bake.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/compose/build_bake.go b/pkg/compose/build_bake.go index 1d0c93299e1..ea3a7168a24 100644 --- a/pkg/compose/build_bake.go +++ b/pkg/compose/build_bake.go @@ -154,6 +154,11 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project image := api.GetImageNameOrDefault(service, project.Name) + entitlements := build.Entitlements + if build.Privileged { + entitlements = append(entitlements, "security.insecure") + } + cfg.Targets[image] = bakeTarget{ Context: build.Context, Dockerfile: dockerFilePath(build.Context, build.Dockerfile), @@ -169,7 +174,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project SSH: toBakeSSH(append(build.SSH, options.SSHs...)), Pull: options.Pull, NoCache: options.NoCache, - Entitlements: build.Entitlements, + Entitlements: entitlements, } group.Targets = append(group.Targets, image) } From 3270f25fa729e0cde0e7bf711262d36179797aeb Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Mon, 27 Jan 2025 15:55:10 +0100 Subject: [PATCH 4/5] fix support for building with non-default builder Signed-off-by: Nicolas De Loof --- pkg/compose/build_bake.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/compose/build_bake.go b/pkg/compose/build_bake.go index ea3a7168a24..b6e1ac2df75 100644 --- a/pkg/compose/build_bake.go +++ b/pkg/compose/build_bake.go @@ -107,6 +107,7 @@ type bakeTarget struct { Pull bool `json:"pull,omitempty"` NoCache bool `json:"no-cache,omitempty"` Entitlements []string `json:"entitlements,omitempty"` + Outputs []string `json:"output,omitempty"` } type bakeMetadata map[string]buildStatus @@ -138,7 +139,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project } var group bakeGroup - for _, service := range serviceToBeBuild { + for serviceName, service := range serviceToBeBuild { if service.Build == nil { continue } @@ -159,7 +160,12 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project entitlements = append(entitlements, "security.insecure") } - cfg.Targets[image] = bakeTarget{ + outputs := []string{"type=docker"} + if options.Push { + outputs = append(outputs, "type=image,push=true") + } + + cfg.Targets[serviceName] = bakeTarget{ Context: build.Context, Dockerfile: dockerFilePath(build.Context, build.Dockerfile), Args: args, @@ -175,8 +181,9 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project Pull: options.Pull, NoCache: options.NoCache, Entitlements: entitlements, + Outputs: outputs, } - group.Targets = append(group.Targets, image) + group.Targets = append(group.Targets, serviceName) } cfg.Groups["default"] = group From 864b749dc162eb0fb26da4c0fb30e43567a390ee Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Mon, 27 Jan 2025 16:04:19 +0100 Subject: [PATCH 5/5] fix support for ulimits and shmsize Signed-off-by: Nicolas De Loof --- pkg/compose/build_bake.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/compose/build_bake.go b/pkg/compose/build_bake.go index b6e1ac2df75..a1260f52318 100644 --- a/pkg/compose/build_bake.go +++ b/pkg/compose/build_bake.go @@ -106,6 +106,8 @@ type bakeTarget struct { Target string `json:"target,omitempty"` Pull bool `json:"pull,omitempty"` NoCache bool `json:"no-cache,omitempty"` + ShmSize string `json:"shm-size,omitempty"` + Ulimits []string `json:"ulimits,omitempty"` Entitlements []string `json:"entitlements,omitempty"` Outputs []string `json:"output,omitempty"` } @@ -180,6 +182,8 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project SSH: toBakeSSH(append(build.SSH, options.SSHs...)), Pull: options.Pull, NoCache: options.NoCache, + ShmSize: fmt.Sprint(build.ShmSize), + Ulimits: toBakeUlimits(build.Ulimits), Entitlements: entitlements, Outputs: outputs, } @@ -272,6 +276,18 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project return results, nil } +func toBakeUlimits(ulimits map[string]*types.UlimitsConfig) []string { + s := []string{} + for u, l := range ulimits { + if l.Single > 0 { + s = append(s, fmt.Sprintf("%s=%d", u, l.Single)) + } else { + s = append(s, fmt.Sprintf("%s=%d:%d", u, l.Soft, l.Hard)) + } + } + return s +} + func toBakeSSH(ssh types.SSHConfig) []string { var s []string for _, key := range ssh {