Sourcepolicy#3332
Merged
tonistiigi merged 15 commits intomoby:masterfrom Dec 13, 2022
Merged
Conversation
cpuguy83
force-pushed
the
sourcepolicy
branch
3 times, most recently
from
e8f8a03 to
4e308ac
Compare
tonistiigi
reviewed
Nov 29, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
6 times, most recently
from
1ad024c to
43e8ffb
Compare
Member
Author
|
Marking this ready, looks like it's gonna be all 💚 |
cpuguy83
force-pushed
the
sourcepolicy
branch
from
43e8ffb to
c196502
Compare
jedevc
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
| } | ||
|
|
||
| func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor) (_ *client.SolveResponse, err error) { | ||
| func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor, srcPol *sourcepolicypb.Policy) (_ *client.SolveResponse, err error) { |
Member
There was a problem hiding this comment.
The SolverResponse should contain a (boolean?) value that indicates whether the policy was consumed or not
Member
Author
There was a problem hiding this comment.
Consumed in what way? Policy applied to sources?
Member
Author
There was a problem hiding this comment.
I think a boolean here is not very useful except for just 1-off testing cases.
Probably it would be best to look at the build metadata to see what sources were actually used... maybe we could add something to trace policy usage in that metadata, but this will require a bit more effort.
AkihiroSuda
reviewed
Nov 30, 2022
AkihiroSuda
reviewed
Nov 30, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
3 times, most recently
from
f491e5f to
9502353
Compare
Member
Author
|
This is updated with suggestions. |
cpuguy83
force-pushed
the
sourcepolicy
branch
2 times, most recently
from
32a6668 to
2bce7d0
Compare
jedevc
reviewed
Dec 5, 2022
tonistiigi
reviewed
Dec 8, 2022
tonistiigi
reviewed
Dec 13, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
2 times, most recently
from
87725f9 to
385f4f0
Compare
tonistiigi
reviewed
Dec 13, 2022
cpuguy83
force-pushed
the
sourcepolicy
branch
from
385f4f0 to
aeca4e1
Compare
Alternative to PR 2816 ("dockerfile: support Dockerfile.pin for pinning sources")
This version is implemented on the llbsolver side and agnostic to the LLB frontends.
See `solver/llbsolver/vertex.go:loadLLB()`.
See `docs/build-repro.md` for the usage.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This defines a better type for wildcard matching as well as a more appropritate package (contributed by Akihiro) for doing wildcard matching. Also some improvements to caching state such as compiled regexes. Co-authored-by: Akihiro Suda <suda.kyoto@gmail.com> Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes destination more symetrical with sources. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Allows frontends to pass in a list of policies in the solve request. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
These were just there while figuring out how things would work and are not needed now. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Per our discussion on github, each policy should be evaluated on it's own. ie. an "allow" in one policy should be able to change to a "deny" in another policy. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes it so a deny is always a deny regardless of if it was allowed in a prior rule. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This turns the closure into a proper recursive funciton. It also ensures there isn't a chance of infinite recursion due to changes to op inputs. Signed-off-by: Brian Goff <cpuguy83@gmail.com> fix
Updates the field names for source policies to be a little less confusing: `Source` -> `Selector`, `Destination` -> `Updates`. Also collapse `Type` into the `Identifier` which matches how the rest of buildkit works and greatly simplifies matching.. and generally makes it so the policy engine doesn't need to care about schemes. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
tonistiigi
force-pushed
the
sourcepolicy
branch
from
aeca4e1 to
c40f30e
Compare
tonistiigi
approved these changes
Dec 13, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add source policy in LLB as described in #2943 (comment)
Replaces #2943
Closes #2943