diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go index a1304e831577233fb298ec6b448454cd5e350dc6..40d9a2e23fd2137d0362bcf803fda9366d77512e 100644 --- a/builder/builder-next/worker/worker.go +++ b/builder/builder-next/worker/worker.go @@ -7,6 +7,7 @@ import ( "io/ioutil" nethttp "net/http" "runtime" + "strings" "time" "github.com/containerd/containerd/content" @@ -43,6 +44,7 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" + bolt "go.etcd.io/bbolt" ) const labelCreatedAt = "buildkit/createdat" @@ -257,6 +259,47 @@ func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIf }, nil } +// PruneCacheMounts removes the current cache snapshots for specified IDs +func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error { + mu := ops.CacheMountsLocker() + mu.Lock() + defer mu.Unlock() + + for _, id := range ids { + id = "cache-dir:" + id + sis, err := w.MetadataStore.Search(id) + if err != nil { + return err + } + for _, si := range sis { + for _, k := range si.Indexes() { + if k == id || strings.HasPrefix(k, id+":") { + if siCached := w.CacheManager.Metadata(si.ID()); siCached != nil { + si = siCached + } + if err := cache.CachePolicyDefault(si); err != nil { + return err + } + si.Queue(func(b *bolt.Bucket) error { + return si.SetValue(b, k, nil) + }) + if err := si.Commit(); err != nil { + return err + } + // if ref is unused try to clean it up right away by releasing it + if mref, err := w.CacheManager.GetMutable(ctx, si.ID()); err == nil { + go mref.Release(context.TODO()) + } + break + } + } + } + } + + ops.ClearActiveCacheMounts() + return nil +} + // FromRemote converts a remote snapshot reference to a local one func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) { rootfs, err := getLayers(ctx, remote.Descriptors) diff --git a/vendor.conf b/vendor.conf index 92dd40121446b4ec423cba5b1024ae11816142b8..3acc763e3244764020cc49de39b2334913688403 100644 --- a/vendor.conf +++ b/vendor.conf @@ -27,7 +27,7 @@ github.com/imdario/mergo 7c29201646fa3de8506f70121347 golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c # buildkit -github.com/moby/buildkit a258bd18b2c55aac4e8a10a3074757d66d45cef6 +github.com/moby/buildkit f5a55a9516d1c6e2ade9bec22b83259caeed3a84 github.com/tonistiigi/fsutil 3bbb99cdbd76619ab717299830c60f6f2a533a6b github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7 diff --git a/vendor/github.com/moby/buildkit/README.md b/vendor/github.com/moby/buildkit/README.md index 0605693caf82c102294681468e8f2baa9038ce17..90dd0bee358fd8088df76a778cd8d6b6cc0c8922 100644 --- a/vendor/github.com/moby/buildkit/README.md +++ b/vendor/github.com/moby/buildkit/README.md @@ -1,27 +1,25 @@ [![asciicinema example](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU.png)](https://asciinema.org/a/gPEIEo1NzmDTUu2bEPsUboqmU) - ## BuildKit [![GoDoc](https://godoc.org/github.com/moby/buildkit?status.svg)](https://godoc.org/github.com/moby/buildkit/client/llb) [![Build Status](https://travis-ci.org/moby/buildkit.svg?branch=master)](https://travis-ci.org/moby/buildkit) [![Go Report Card](https://goreportcard.com/badge/github.com/moby/buildkit)](https://goreportcard.com/report/github.com/moby/buildkit) - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: -- Automatic garbage collection -- Extendable frontend formats -- Concurrent dependency resolution -- Efficient instruction caching -- Build cache import/export -- Nested build job invocations -- Distributable workers -- Multiple output formats -- Pluggable architecture -- Execution without root privileges +- Automatic garbage collection +- Extendable frontend formats +- Concurrent dependency resolution +- Efficient instruction caching +- Build cache import/export +- Nested build job invocations +- Distributable workers +- Multiple output formats +- Pluggable architecture +- Execution without root privileges Read the proposal from https://github.com/moby/moby/issues/32925 @@ -33,20 +31,21 @@ Introductory blog post https://blog.mobyproject.org/introducing-buildkit-17e056c BuildKit is used by the following projects: -- [Moby & Docker](https://github.com/moby/moby/pull/37151) -- [img](https://github.com/genuinetools/img) -- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) -- [container build interface](https://github.com/containerbuilding/cbi) -- [Knative Build Templates](https://github.com/knative/build-templates) -- [vab](https://github.com/stellarproject/vab) -- [Rio](https://github.com/rancher/rio) (on roadmap) +- [Moby & Docker](https://github.com/moby/moby/pull/37151) +- [img](https://github.com/genuinetools/img) +- [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud) +- [container build interface](https://github.com/containerbuilding/cbi) +- [Knative Build Templates](https://github.com/knative/build-templates) +- [the Sanic build tool](https://github.com/distributed-containers-inc/sanic) +- [vab](https://github.com/stellarproject/vab) +- [Rio](https://github.com/rancher/rio) (on roadmap) ### Quick start Dependencies: -- [runc](https://github.com/opencontainers/runc) -- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) +- [runc](https://github.com/opencontainers/runc) +- [containerd](https://github.com/containerd/containerd) (if you want to use containerd worker) The following command installs `buildkitd` and `buildctl` to `/usr/local/bin`: @@ -58,14 +57,13 @@ You can also use `make binaries-all` to prepare `buildkitd.containerd_only` and #### Starting the buildkitd daemon: -``` +```bash buildkitd --debug --root /var/lib/buildkit ``` The buildkitd daemon supports two worker backends: OCI (runc) and containerd. -By default, the OCI (runc) worker is used. -You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. +By default, the OCI (runc) worker is used. You can set `--oci-worker=false --containerd-worker=true` to use the containerd worker. We are open to adding more backends. @@ -73,44 +71,46 @@ We are open to adding more backends. BuildKit builds are based on a binary intermediate format called LLB that is used for defining the dependency graph for processes running part of your build. tl;dr: LLB is to Dockerfile what LLVM IR is to C. -- Marshaled as Protobuf messages -- Concurrently executable -- Efficiently cacheable -- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) +- Marshaled as Protobuf messages +- Concurrently executable +- Efficiently cacheable +- Vendor-neutral (i.e. non-Dockerfile languages can be easily implemented) See [`solver/pb/ops.proto`](./solver/pb/ops.proto) for the format definition. Currently, following high-level languages has been implemented for LLB: -- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) -- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) -- (open a PR to add your own language) +- Dockerfile (See [Exploring Dockerfiles](#exploring-dockerfiles)) +- [Buildpacks](https://github.com/tonistiigi/buildkit-pack) +- (open a PR to add your own language) For understanding the basics of LLB, `examples/buildkit*` directory contains scripts that define how to build different configurations of BuildKit itself and its dependencies using the `client` package. Running one of these scripts generates a protobuf definition of a build graph. Note that the script itself does not execute any steps of the build. You can use `buildctl debug dump-llb` to see what data is in this definition. Add `--dot` to generate dot layout. ```bash -go run examples/buildkit0/buildkit.go | buildctl debug dump-llb | jq . +go run examples/buildkit0/buildkit.go \ + | buildctl debug dump-llb \ + | jq . ``` -To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. +To start building use `buildctl build` command. The example script accepts `--with-containerd` flag to choose if containerd binaries and support should be included in the end result as well. ```bash -go run examples/buildkit0/buildkit.go | buildctl build +go run examples/buildkit0/buildkit.go \ + | buildctl build ``` `buildctl build` will show interactive progress bar by default while the build job is running. If the path to the trace file is specified, the trace file generated will contain all information about the timing of the individual steps and logs. Different versions of the example scripts show different ways of describing the build definition for this project to show the capabilities of the library. New versions have been added when new features have become available. -- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. -- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. -- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. -- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` -- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes -- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies - +- `./examples/buildkit0` - uses only exec operations, defines a full stage per component. +- `./examples/buildkit1` - cloning git repositories has been separated for extra concurrency. +- `./examples/buildkit2` - uses git sources directly instead of running `git clone`, allowing better performance and much safer caching. +- `./examples/buildkit3` - allows using local source files for separate components eg. `./buildkit3 --runc=local | buildctl build --local runc-src=some/local/path` +- `./examples/dockerfile2llb` - can be used to convert a Dockerfile to LLB for debugging purposes +- `./examples/gobuild` - shows how to use nested invocation to generate LLB for Go package internal dependencies #### Exploring Dockerfiles @@ -120,9 +120,18 @@ During development, Dockerfile frontend (dockerfile.v0) is also part of the Buil ##### Building a Dockerfile with `buildctl` -``` -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. -buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --opt target=foo --opt build-arg:foo=bar +```bash +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. +# or +buildctl build \ + --frontend=dockerfile.v0 \ + --local context=. \ + --local dockerfile=. \ + --opt target=foo \ + --opt build-arg:foo=bar ``` `--local` exposes local source files from client to the builder. `context` and `dockerfile` are the names Dockerfile frontend looks for build context and Dockerfile location. @@ -131,8 +140,9 @@ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. - For people familiar with `docker build` command, there is an example wrapper utility in `./examples/build-using-dockerfile` that allows building Dockerfiles with BuildKit using a syntax similar to `docker build`. -``` -go build ./examples/build-using-dockerfile && sudo install build-using-dockerfile /usr/local/bin +```bash +go build ./examples/build-using-dockerfile \ + && sudo install build-using-dockerfile /usr/local/bin build-using-dockerfile -t myimage . build-using-dockerfile -t mybuildkit -f ./hack/dockerfiles/test.Dockerfile . @@ -145,10 +155,18 @@ docker inspect myimage External versions of the Dockerfile frontend are pushed to https://hub.docker.com/r/docker/dockerfile-upstream and https://hub.docker.com/r/docker/dockerfile and can be used with the gateway frontend. The source for the external frontend is currently located in `./frontend/dockerfile/cmd/dockerfile-frontend` but will move out of this repository in the future ([#163](https://github.com/moby/buildkit/issues/163)). For automatic build from master branch of this repository `docker/dockerfile-upsteam:master` or `docker/dockerfile-upstream:master-experimental` image can be used. +```bash +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --local context=. \ + --local dockerfile=. +buildctl build \ + --frontend gateway.v0 \ + --opt source=docker/dockerfile \ + --opt context=git://github.com/moby/moby \ + --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org ``` -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --local context=. --local dockerfile=. -buildctl build --frontend gateway.v0 --opt source=docker/dockerfile --opt context=git://github.com/moby/moby --opt build-arg:APT_MIRROR=cdn-fastly.deb.debian.org -```` ##### Building a Dockerfile with experimental features like `RUN --mount=type=(bind|cache|tmpfs|secret|ssh)` @@ -162,29 +180,29 @@ By default, the build result and intermediate cache will only remain internally The containerd worker needs to be used -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image ctr --namespace=buildkit images ls ``` ##### Push resulting image to registry -``` +```bash buildctl build ... --output type=image,name=docker.io/username/image,push=true ``` If credentials are required, `buildctl` will attempt to read Docker configuration file. - ##### Exporting build result back to client The local client will copy the files directly to the client. This is useful if BuildKit is being used for building something else than container images. -``` +```bash buildctl build ... --output type=local,dest=path/to/output-dir ``` To export specific files use multi-stage builds with a scratch stage and copy the needed files into that stage with `COPY --from`. + ```dockerfile ... FROM scratch as testresult @@ -193,28 +211,27 @@ COPY --from=builder /usr/src/app/testresult.xml . ... ``` -``` +```bash buildctl build ... --opt target=testresult --output type=local,dest=path/to/output-dir ``` Tar exporter is similar to local exporter but transfers the files through a tarball. -``` +```bash buildctl build ... --output type=tar,dest=out.tar buildctl build ... --output type=tar > out.tar ``` - ##### Exporting built image to Docker -``` +```bash # exported tarball is also compatible with OCI spec buildctl build ... --output type=docker,name=myimage | docker load ``` ##### Exporting [OCI Image Format](https://github.com/opencontainers/image-spec) tarball to client -``` +```bash buildctl build ... --output type=oci,dest=path/to/output.tar buildctl build ... --output type=oci > output.tar ``` @@ -223,14 +240,14 @@ buildctl build ... --output type=oci > output.tar #### To/From registry -``` +```bash buildctl build ... --export-cache type=registry,ref=localhost:5000/myrepo:buildcache buildctl build ... --import-cache type=registry,ref=localhost:5000/myrepo:buildcache ``` #### To/From local filesystem -``` +```bash buildctl build ... --export-cache type=local,dest=path/to/output-dir buildctl build ... --import-cache type=local,src=path/to/input-dir ``` @@ -238,27 +255,29 @@ buildctl build ... --import-cache type=local,src=path/to/input-dir The directory layout conforms to OCI Image Spec v1.0. #### `--export-cache` options -* `mode=min` (default): only export layers for the resulting image -* `mode=max`: export all the layers of all intermediate steps -* `ref=docker.io/user/image:tag`: reference for `registry` cache exporter -* `dest=path/to/output-dir`: directory for `local` cache exporter + +- `mode=min` (default): only export layers for the resulting image +- `mode=max`: export all the layers of all intermediate steps +- `ref=docker.io/user/image:tag`: reference for `registry` cache exporter +- `dest=path/to/output-dir`: directory for `local` cache exporter #### `--import-cache` options -* `ref=docker.io/user/image:tag`: reference for `registry` cache importer -* `src=path/to/input-dir`: directory for `local` cache importer -* `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` + +- `ref=docker.io/user/image:tag`: reference for `registry` cache importer +- `src=path/to/input-dir`: directory for `local` cache importer +- `digest=sha256:deadbeef`: digest of the manifest list to import for `local` cache importer. Defaults to the digest of "latest" tag in `index.json` ### Other #### View build cache -``` +```bash buildctl du -v ``` #### Show enabled workers -``` +```bash buildctl debug workers -v ``` @@ -268,14 +287,14 @@ BuildKit can also be used by running the `buildkitd` daemon inside a Docker cont We provide `buildkitd` container images as [`moby/buildkit`](https://hub.docker.com/r/moby/buildkit/tags/): -* `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) -* `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) -* `moby/buildkit:master`: built from the master branch -* `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:latest`: built from the latest regular [release](https://github.com/moby/buildkit/releases) +- `moby/buildkit:rootless`: same as `latest` but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) +- `moby/buildkit:master`: built from the master branch +- `moby/buildkit:master-rootless`: same as master but runs as an unprivileged user, see [`docs/rootless.md`](docs/rootless.md) To run daemon in a container: -``` +```bash docker run -d --privileged -p 1234:1234 moby/buildkit:latest --addr tcp://0.0.0.0:1234 export BUILDKIT_HOST=tcp://0.0.0.0:1234 buildctl build --help @@ -283,26 +302,50 @@ buildctl build --help To run client and an ephemeral daemon in a single container ("daemonless mode"): +```bash +docker run \ + -it \ + --rm \ + --privileged \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master \ + build \ + --frontend dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work ``` -docker run -it --rm --privileged -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work -``` + or -``` -docker run -it --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox -v /path/to/dir:/tmp/work --entrypoint buildctl-daemonless.sh moby/buildkit:master-rootless build --frontend dockerfile.v0 --local context=/tmp/work --local dockerfile=/tmp/work -``` -The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). -Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. +```bash +docker run \ + -it \ + --rm \ + --security-opt seccomp=unconfined \ + --security-opt apparmor=unconfined \ + -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox \ + -v /path/to/dir:/tmp/work \ + --entrypoint buildctl-daemonless.sh \ + moby/buildkit:master-rootless \ + build \ + --frontend \ + dockerfile.v0 \ + --local context=/tmp/work \ + --local dockerfile=/tmp/work +``` + +The images can be also built locally using `./hack/dockerfiles/test.Dockerfile` (or `./hack/dockerfiles/test.buildkit.Dockerfile` if you already have BuildKit). Run `make images` to build the images as `moby/buildkit:local` and `moby/buildkit:local-rootless`. #### Connection helpers If you are running `moby/buildkit:master` or `moby/buildkit:master-rootless` as a Docker/Kubernetes container, you can use special `BUILDKIT_HOST` URL for connecting to the BuildKit daemon in the container: -``` +```bash export BUILDKIT_HOST=docker-container:// ``` -``` +```bash export BUILDKIT_HOST=kube-pod:// ``` @@ -310,15 +353,13 @@ export BUILDKIT_HOST=kube-pod:// BuildKit supports opentracing for buildkitd gRPC API and buildctl commands. To capture the trace to [Jaeger](https://github.com/jaegertracing/jaeger), set `JAEGER_TRACE` environment variable to the collection address. - -``` +```bash docker run -d -p6831:6831/udp -p16686:16686 jaegertracing/all-in-one:latest export JAEGER_TRACE=0.0.0.0:6831 # restart buildkitd and buildctl so they know JAEGER_TRACE # any buildctl command should be traced to http://127.0.0.1:16686/ ``` - ### Supported runc version During development, BuildKit is tested with the version of runc that is being used by the containerd repository. Please refer to [runc.md](https://github.com/containerd/containerd/blob/v1.2.1/RUNC.md) for more information. @@ -329,5 +370,4 @@ Please refer to [`docs/rootless.md`](docs/rootless.md). ### Contributing -Want to contribute to BuildKit? Awesome! You can find information about -contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) +Want to contribute to BuildKit? Awesome! You can find information about contributing to this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) diff --git a/vendor/github.com/moby/buildkit/cache/manager.go b/vendor/github.com/moby/buildkit/cache/manager.go index 0c7ec789ede00228509c6e33233503bfad2ca8a6..ebf12e310d75214e3ab0fb7638771ac71230fbfd 100644 --- a/vendor/github.com/moby/buildkit/cache/manager.go +++ b/vendor/github.com/moby/buildkit/cache/manager.go @@ -36,6 +36,7 @@ type Accessor interface { New(ctx context.Context, s ImmutableRef, opts ...RefOption) (MutableRef, error) GetMutable(ctx context.Context, id string) (MutableRef, error) // Rebase? IdentityMapping() *idtools.IdentityMapping + Metadata(string) *metadata.StorageItem } type Controller interface { @@ -124,6 +125,16 @@ func (cm *cacheManager) GetFromSnapshotter(ctx context.Context, id string, opts return cm.get(ctx, id, true, opts...) } +func (cm *cacheManager) Metadata(id string) *metadata.StorageItem { + cm.mu.Lock() + defer cm.mu.Unlock() + r, ok := cm.records[id] + if !ok { + return nil + } + return r.Metadata() +} + // get requires manager lock to be taken func (cm *cacheManager) get(ctx context.Context, id string, fromSnapshotter bool, opts ...RefOption) (*immutableRef, error) { rec, err := cm.getRecord(ctx, id, fromSnapshotter, opts...) diff --git a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go index f43da001562bf1cddee8dcc25bd6d5750bd88810..42e8cb4011df8d886fe1f9f6a14c014449229cbc 100644 --- a/vendor/github.com/moby/buildkit/cache/metadata/metadata.go +++ b/vendor/github.com/moby/buildkit/cache/metadata/metadata.go @@ -250,6 +250,10 @@ func (s *StorageItem) Update(fn func(b *bolt.Bucket) error) error { return s.storage.Update(s.id, fn) } +func (s *StorageItem) Metadata() *StorageItem { + return s +} + func (s *StorageItem) Keys() []string { keys := make([]string, 0, len(s.values)) for k := range s.values { @@ -333,6 +337,15 @@ func (s *StorageItem) Indexes() (out []string) { func (s *StorageItem) SetValue(b *bolt.Bucket, key string, v *Value) error { if v == nil { + if old, ok := s.values[key]; ok { + if old.Index != "" { + b, err := b.Tx().CreateBucketIfNotExists([]byte(indexBucket)) + if err != nil { + return errors.WithStack(err) + } + b.Delete([]byte(indexKey(old.Index, s.ID()))) // ignore error + } + } if err := b.Put([]byte(key), nil); err != nil { return err } diff --git a/vendor/github.com/moby/buildkit/cache/refs.go b/vendor/github.com/moby/buildkit/cache/refs.go index ca839c01dd9a306da72f4ffe2c8ccb72b5e3c8f6..4b64714aeb2b66a01ebe3bc60bacf08ba0d83dc0 100644 --- a/vendor/github.com/moby/buildkit/cache/refs.go +++ b/vendor/github.com/moby/buildkit/cache/refs.go @@ -2,6 +2,7 @@ package cache import ( "context" + "strings" "sync" "github.com/containerd/containerd/mount" @@ -429,6 +430,10 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { return nil, err } for i, m := range mounts { + if m.Type == "overlay" { + mounts[i].Options = readonlyOverlay(m.Options) + continue + } opts := make([]string, 0, len(m.Options)) for _, opt := range m.Options { if opt != "rw" { @@ -440,3 +445,23 @@ func (m *readOnlyMounter) Mount() ([]mount.Mount, error) { } return mounts, nil } + +func readonlyOverlay(opt []string) []string { + out := make([]string, 0, len(opt)) + upper := "" + for _, o := range opt { + if strings.HasPrefix(o, "upperdir=") { + upper = strings.TrimPrefix(o, "upperdir=") + } else if !strings.HasPrefix(o, "workdir=") { + out = append(out, o) + } + } + if upper != "" { + for i, o := range out { + if strings.HasPrefix(o, "lowerdir=") { + out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=") + } + } + } + return out +} diff --git a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go index fa87e5f4af735191e9491471f504239a074eeb70..0638b17aff3632cec61825441369850a4bda4b33 100644 --- a/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go +++ b/vendor/github.com/moby/buildkit/cache/remotecache/v1/utils.go @@ -67,8 +67,8 @@ func sortConfig(cc *CacheConfig) { if ri.Digest != rj.Digest { return ri.Digest < rj.Digest } - if len(ri.Inputs) != len(ri.Inputs) { - return len(ri.Inputs) < len(ri.Inputs) + if len(ri.Inputs) != len(rj.Inputs) { + return len(ri.Inputs) < len(rj.Inputs) } for i, inputs := range ri.Inputs { if len(ri.Inputs[i]) != len(rj.Inputs[i]) { @@ -76,7 +76,7 @@ func sortConfig(cc *CacheConfig) { } for j := range inputs { if ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector { - return ri.Inputs[i][j].Selector != rj.Inputs[i][j].Selector + return ri.Inputs[i][j].Selector < rj.Inputs[i][j].Selector } return cc.Records[ri.Inputs[i][j].LinkIndex].Digest < cc.Records[rj.Inputs[i][j].LinkIndex].Digest } diff --git a/vendor/github.com/moby/buildkit/client/solve.go b/vendor/github.com/moby/buildkit/client/solve.go index 17b3810cdcd5e5c8f00429bb817664ee61344fc5..d09c5f764e25191c0399aa201e36e969fad154ea 100644 --- a/vendor/github.com/moby/buildkit/client/solve.go +++ b/vendor/github.com/moby/buildkit/client/solve.go @@ -46,8 +46,8 @@ type SolveOpt struct { type ExportEntry struct { Type string Attrs map[string]string - Output io.WriteCloser // for ExporterOCI and ExporterDocker - OutputDir string // for ExporterLocal + Output func(map[string]string) (io.WriteCloser, error) // for ExporterOCI and ExporterDocker + OutputDir string // for ExporterLocal } type CacheOptionsEntry struct { diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go index 18c8538a6cb015d4e326265782f9faee6b948f50..d426bd79b22cef60f9573d7fd061d5a59cdd062f 100644 --- a/vendor/github.com/moby/buildkit/control/control.go +++ b/vendor/github.com/moby/buildkit/control/control.go @@ -38,13 +38,13 @@ type Opt struct { } type Controller struct { // TODO: ControlService + buildCount int64 opt Opt solver *llbsolver.Solver cache solver.CacheManager gatewayForwarder *controlgateway.GatewayForwarder throttledGC func() gcmu sync.Mutex - buildCount int64 } func NewController(opt Opt) (*Controller, error) { diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go index fb4f34a4399c979b2cbc839676417ec14eead6e1..66a2c440dcd4c9ece2d8ba5e6d3d0eb11c6b3ba4 100644 --- a/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go +++ b/vendor/github.com/moby/buildkit/executor/oci/spec_unix.go @@ -101,11 +101,11 @@ func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mou } if meta.SecurityMode == pb.SecurityMode_INSECURE { - //make sysfs rw mount for insecure mode. - for _, m := range s.Mounts { - if m.Type == "sysfs" { - m.Options = []string{"nosuid", "noexec", "nodev", "rw"} - } + if err = oci.WithWriteableCgroupfs(ctx, nil, c, s); err != nil { + return nil, nil, err + } + if err = oci.WithWriteableSysfs(ctx, nil, c, s); err != nil { + return nil, nil, err } } diff --git a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go index 741c8b897845a118bae31b8605881c25ad4060c3..7434409d62d5a21a416804639893f12026b681c5 100644 --- a/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go +++ b/vendor/github.com/moby/buildkit/executor/runcexecutor/executor.go @@ -236,8 +236,10 @@ func (w *runcExecutor) Exec(ctx context.Context, meta executor.Meta, root cache. if err != nil { return errors.Wrapf(err, "working dir %s points to invalid target", newp) } - if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { - return errors.Wrapf(err, "failed to create working directory %s", newp) + if _, err := os.Stat(newp); err != nil { + if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { + return errors.Wrapf(err, "failed to create working directory %s", newp) + } } if err := setOOMScoreAdj(spec); err != nil { diff --git a/vendor/github.com/moby/buildkit/exporter/tar/export.go b/vendor/github.com/moby/buildkit/exporter/tar/export.go index 12de8da9f074ffe76464694945353f772201c093..365dc576375dc90c72651493f4ae2f52328a41f3 100644 --- a/vendor/github.com/moby/buildkit/exporter/tar/export.go +++ b/vendor/github.com/moby/buildkit/exporter/tar/export.go @@ -147,7 +147,7 @@ func (e *localExporterInstance) Export(ctx context.Context, inp exporter.Source) fs = d.FS } - w, err := filesync.CopyFileWriter(ctx, e.caller) + w, err := filesync.CopyFileWriter(ctx, nil, e.caller) if err != nil { return nil, err } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go index 787956beafe1af4996d55844ac1f66c0c8d4046b..fbd4c42b0a93fc9fff5f8b511ac7772bde7e437f 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go @@ -34,6 +34,7 @@ const ( keyFilename = "filename" keyCacheFrom = "cache-from" // for registry only. deprecated in favor of keyCacheImports keyCacheImports = "cache-imports" // JSON representation of []CacheOptionsEntry + keyCacheNS = "build-arg:BUILDKIT_CACHE_MOUNT_NS" defaultDockerfileName = "Dockerfile" dockerignoreFilename = ".dockerignore" buildArgPrefix = "build-arg:" @@ -322,6 +323,7 @@ func Build(ctx context.Context, c client.Client) (*client.Result, error) { MetaResolver: c, BuildArgs: filter(opts, buildArgPrefix), Labels: filter(opts, labelPrefix), + CacheIDNamespace: opts[keyCacheNS], SessionID: c.BuildOpts().SessionID, BuildContext: buildContext, Excludes: excludes, diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go index f368fe6b49c8535dc036906f6da2a6a4a6ad5191..126d8b6c4120f8ff0c282179f3fa24e6ddd3a59a 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go @@ -461,7 +461,7 @@ type dispatchOpt struct { func dispatch(d *dispatchState, cmd command, opt dispatchOpt) error { if ex, ok := cmd.Command.(instructions.SupportsSingleWordExpansion); ok { err := ex.Expand(func(word string) (string, error) { - return opt.shlex.ProcessWordWithMap(word, toEnvMap(d.buildArgs, d.image.Config.Env)) + return opt.shlex.ProcessWord(word, d.state.Env()) }) if err != nil { return err @@ -626,14 +626,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE args = withShell(d.image, args) } env := d.state.Env() - opt := []llb.RunOption{llb.Args(args)} - for _, arg := range d.buildArgs { - if arg.Value != nil { - env = append(env, fmt.Sprintf("%s=%s", arg.Key, arg.ValueString())) - opt = append(opt, llb.AddEnv(arg.Key, arg.ValueString())) - } - } - opt = append(opt, dfCmd(c)) + opt := []llb.RunOption{llb.Args(args), dfCmd(c)} if d.ignoreCache { opt = append(opt, llb.IgnoreCache) } @@ -647,6 +640,11 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE } opt = append(opt, runMounts...) + err = dispatchRunSecurity(d, c) + if err != nil { + return err + } + shlex := *dopt.shlex shlex.RawQuotes = true shlex.SkipUnsetEnv = true @@ -656,7 +654,7 @@ func dispatchRun(d *dispatchState, c *instructions.RunCommand, proxy *llb.ProxyE opt = append(opt, llb.AddExtraHost(h.Host, h.IP)) } d.state = d.state.Run(opt...).Root() - return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs), true, &d.state) + return commitToHistory(&d.image, "RUN "+runCommandString(args, d.buildArgs, shell.BuildEnvs(env)), true, &d.state) } func dispatchWorkdir(d *dispatchState, c *instructions.WorkdirCommand, commit bool, opt *dispatchOpt) error { @@ -927,7 +925,7 @@ func dispatchHealthcheck(d *dispatchState, c *instructions.HealthCheckCommand) e func dispatchExpose(d *dispatchState, c *instructions.ExposeCommand, shlex *shell.Lex) error { ports := []string{} for _, p := range c.Ports { - ps, err := shlex.ProcessWordsWithMap(p, toEnvMap(d.buildArgs, d.image.Config.Env)) + ps, err := shlex.ProcessWords(p, d.state.Env()) if err != nil { return err } @@ -1000,6 +998,10 @@ func dispatchArg(d *dispatchState, c *instructions.ArgCommand, metaArgs []instru } } + if buildArg.Value != nil { + d.state = d.state.AddEnv(buildArg.Key, *buildArg.Value) + } + d.buildArgs = append(d.buildArgs, buildArg) return commitToHistory(&d.image, commitStr, false, nil) } @@ -1065,21 +1067,6 @@ func setKVValue(kvpo instructions.KeyValuePairOptional, values map[string]string return kvpo } -func toEnvMap(args []instructions.KeyValuePairOptional, env []string) map[string]string { - m := shell.BuildEnvs(env) - - for _, arg := range args { - // If key already exists, keep previous value. - if _, ok := m[arg.Key]; ok { - continue - } - if arg.Value != nil { - m[arg.Key] = arg.ValueString() - } - } - return m -} - func dfCmd(cmd interface{}) llb.ConstraintsOpt { // TODO: add fmt.Stringer to instructions.Command to remove interface{} var cmdStr string @@ -1094,10 +1081,14 @@ func dfCmd(cmd interface{}) llb.ConstraintsOpt { }) } -func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional) string { +func runCommandString(args []string, buildArgs []instructions.KeyValuePairOptional, envMap map[string]string) string { var tmpBuildEnv []string for _, arg := range buildArgs { - tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+arg.ValueString()) + v, ok := envMap[arg.Key] + if !ok { + v = arg.ValueString() + } + tmpBuildEnv = append(tmpBuildEnv, arg.Key+"="+v) } if len(tmpBuildEnv) > 0 { tmpBuildEnv = append([]string{fmt.Sprintf("|%d", len(tmpBuildEnv))}, tmpBuildEnv...) diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go new file mode 100644 index 0000000000000000000000000000000000000000..bc37ff43c850645aa95e7bec6ebeaae5990f1e1a --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_norunsecurity.go @@ -0,0 +1,11 @@ +// +build !dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/moby/buildkit/frontend/dockerfile/instructions" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go index 1ff4c1a30766571d0644a9afd194ea1265fcfae7..3d9a83c31dc0511491e30568e890eb2ca0afeaa4 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runmount.go @@ -124,6 +124,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* if mount.CacheSharing == instructions.MountSharingLocked { sharing = llb.CacheMountLocked } + if mount.CacheID == "" { + mount.CacheID = path.Clean(mount.Target) + } mountOpts = append(mountOpts, llb.AsPersistentCacheDir(opt.cacheIDNamespace+"/"+mount.CacheID, sharing)) } target := mount.Target @@ -144,7 +147,9 @@ func dispatchRunMounts(d *dispatchState, c *instructions.RunCommand, sources []* out = append(out, llb.AddMount(target, st, mountOpts...)) - d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + if mount.From == "" { + d.ctxPaths[path.Join("/", filepath.ToSlash(mount.Source))] = struct{}{} + } } return out, nil } diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go new file mode 100644 index 0000000000000000000000000000000000000000..7b1f0994647b228486b06eb58611a3e077c0c3cc --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert_runsecurity.go @@ -0,0 +1,27 @@ +// +build dfrunsecurity + +package dockerfile2llb + +import ( + "github.com/pkg/errors" + + "github.com/moby/buildkit/frontend/dockerfile/instructions" + "github.com/moby/buildkit/solver/pb" +) + +func dispatchRunSecurity(d *dispatchState, c *instructions.RunCommand) error { + security := instructions.GetSecurity(c) + + for _, sec := range security { + switch sec { + case instructions.SecurityInsecure: + d.state = d.state.Security(pb.SecurityMode_INSECURE) + case instructions.SecuritySandbox: + d.state = d.state.Security(pb.SecurityMode_SANDBOX) + default: + return errors.Errorf("unsupported security mode %q", sec) + } + } + + return nil +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go index 143525ea828a2527b2de55f51201125086e8fa3d..442877d8662cbf0c567224a440fc150c9e591ef3 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runmount.go @@ -142,6 +142,8 @@ func parseMount(value string) (*Mount, error) { if m.Type == "secret" || m.Type == "ssh" { m.Required = true continue + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) } } } @@ -176,6 +178,16 @@ func parseMount(value string) (*Mount, error) { } m.ReadOnly = !rw roAuto = false + case "required": + if m.Type == "secret" || m.Type == "ssh" { + v, err := strconv.ParseBool(value) + if err != nil { + return nil, errors.Errorf("invalid value for %s: %s", key, value) + } + m.Required = v + } else { + return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type) + } case "id": m.CacheID = value case "sharing": diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go new file mode 100644 index 0000000000000000000000000000000000000000..b83b6f2f85eb8b65f44608ae08619608e0608326 --- /dev/null +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/instructions/commands_runsecurity.go @@ -0,0 +1,83 @@ +// +build dfrunsecurity + +package instructions + +import ( + "encoding/csv" + "strings" + + "github.com/pkg/errors" +) + +const ( + SecurityInsecure = "insecure" + SecuritySandbox = "sandbox" +) + +var allowedSecurity = map[string]struct{}{ + SecurityInsecure: {}, + SecuritySandbox: {}, +} + +func isValidSecurity(value string) bool { + _, ok := allowedSecurity[value] + return ok +} + +type securityKeyT string + +var securityKey = securityKeyT("dockerfile/run/security") + +func init() { + parseRunPreHooks = append(parseRunPreHooks, runSecurityPreHook) + parseRunPostHooks = append(parseRunPostHooks, runSecurityPostHook) +} + +func runSecurityPreHook(cmd *RunCommand, req parseRequest) error { + st := &securityState{} + st.flag = req.flags.AddStrings("security") + cmd.setExternalValue(securityKey, st) + return nil +} + +func runSecurityPostHook(cmd *RunCommand, req parseRequest) error { + st := getSecurityState(cmd) + if st == nil { + return errors.Errorf("no security state") + } + + for _, value := range st.flag.StringValues { + csvReader := csv.NewReader(strings.NewReader(value)) + fields, err := csvReader.Read() + if err != nil { + return errors.Wrap(err, "failed to parse csv security") + } + + for _, field := range fields { + if !isValidSecurity(field) { + return errors.Errorf("security %q is not valid", field) + } + + st.security = append(st.security, field) + } + } + + return nil +} + +func getSecurityState(cmd *RunCommand) *securityState { + v := cmd.getExternalValue(securityKey) + if v == nil { + return nil + } + return v.(*securityState) +} + +func GetSecurity(cmd *RunCommand) []string { + return getSecurityState(cmd).security +} + +type securityState struct { + flag *Flag + security []string +} diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go index 6153f50d63a457d102b07d17bfea029ca5e0a87b..f9eb26f48b2d6d26fdea6e6cbdc236f6408d7f1e 100644 --- a/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go +++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/shell/lex.go @@ -417,10 +417,7 @@ func BuildEnvs(env []string) map[string]string { k := e[:i] v := e[i+1:] - // If key already exists, keep previous value. - if _, ok := envs[k]; ok { - continue - } + // overwrite value if key already exists envs[k] = v } } diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod index 3d54653c7592f4605160eeb1adcbb1feca05a3a9..7f76ec255888019f6d9855f5f0f1983247047192 100644 --- a/vendor/github.com/moby/buildkit/go.mod +++ b/vendor/github.com/moby/buildkit/go.mod @@ -9,12 +9,14 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect github.com/containerd/cgroups v0.0.0-20190226200435-dbea6f2bd416 // indirect github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 - github.com/containerd/containerd v1.3.0-0.20190426060238-3a3f0aac8819 + github.com/containerd/containerd v1.3.0-0.20190507210959-7c1e88399ec0 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect + github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7 // indirect github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd // indirect + github.com/containernetworking/cni v0.6.1-0.20180218032124-142cde0c766c // indirect github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e github.com/docker/cli v0.0.0-20190321234815-f40f9c240ab0 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible @@ -41,7 +43,7 @@ require ( github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.1 - github.com/opencontainers/runc v1.0.1-0.20190307181833-2b18fe1d885e + github.com/opencontainers/runc v1.0.0-rc8 github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470 github.com/opentracing-contrib/go-stdlib v0.0.0-20171029140428-b1a47cfbdd75 github.com/opentracing/opentracing-go v0.0.0-20171003133519-1361b9cd60be diff --git a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go index b82e3fc1c9f56efc0da555b6170ccf1c7810b1ef..f1d7d78ee36cd25a0bee2419ee2fa5815fc6d02b 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go +++ b/vendor/github.com/moby/buildkit/session/filesync/diffcopy.go @@ -40,6 +40,12 @@ type streamWriterCloser struct { func (wc *streamWriterCloser) Write(dt []byte) (int, error) { if err := wc.ClientStream.SendMsg(&BytesMessage{Data: dt}); err != nil { + // SendMsg return EOF on remote errors + if errors.Cause(err) == io.EOF { + if err := errors.WithStack(wc.ClientStream.RecvMsg(struct{}{})); err != nil { + return 0, err + } + } return 0, errors.WithStack(err) } return len(dt), nil diff --git a/vendor/github.com/moby/buildkit/session/filesync/filesync.go b/vendor/github.com/moby/buildkit/session/filesync/filesync.go index b345569bf0ff3786735e978a11b13ca857cc78bf..a45abe02e787995284170c25490385ea935bf26a 100644 --- a/vendor/github.com/moby/buildkit/session/filesync/filesync.go +++ b/vendor/github.com/moby/buildkit/session/filesync/filesync.go @@ -18,11 +18,12 @@ import ( ) const ( - keyOverrideExcludes = "override-excludes" - keyIncludePatterns = "include-patterns" - keyExcludePatterns = "exclude-patterns" - keyFollowPaths = "followpaths" - keyDirName = "dir-name" + keyOverrideExcludes = "override-excludes" + keyIncludePatterns = "include-patterns" + keyExcludePatterns = "exclude-patterns" + keyFollowPaths = "followpaths" + keyDirName = "dir-name" + keyExporterMetaPrefix = "exporter-md-" ) type fsSyncProvider struct { @@ -238,16 +239,16 @@ func NewFSSyncTargetDir(outdir string) session.Attachable { } // NewFSSyncTarget allows writing into an io.WriteCloser -func NewFSSyncTarget(w io.WriteCloser) session.Attachable { +func NewFSSyncTarget(f func(map[string]string) (io.WriteCloser, error)) session.Attachable { p := &fsSyncTarget{ - outfile: w, + f: f, } return p } type fsSyncTarget struct { - outdir string - outfile io.WriteCloser + outdir string + f func(map[string]string) (io.WriteCloser, error) } func (sp *fsSyncTarget) Register(server *grpc.Server) { @@ -258,11 +259,26 @@ func (sp *fsSyncTarget) DiffCopy(stream FileSend_DiffCopyServer) error { if sp.outdir != "" { return syncTargetDiffCopy(stream, sp.outdir) } - if sp.outfile == nil { + + if sp.f == nil { return errors.New("empty outfile and outdir") } - defer sp.outfile.Close() - return writeTargetFile(stream, sp.outfile) + opts, _ := metadata.FromIncomingContext(stream.Context()) // if no metadata continue with empty object + md := map[string]string{} + for k, v := range opts { + if strings.HasPrefix(k, keyExporterMetaPrefix) { + md[strings.TrimPrefix(k, keyExporterMetaPrefix)] = strings.Join(v, ",") + } + } + wc, err := sp.f(md) + if err != nil { + return err + } + if wc == nil { + return status.Errorf(codes.AlreadyExists, "target already exists") + } + defer wc.Close() + return writeTargetFile(stream, wc) } func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress func(int, bool)) error { @@ -281,7 +297,7 @@ func CopyToCaller(ctx context.Context, fs fsutil.FS, c session.Caller, progress return sendDiffCopy(cc, fs, progress) } -func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, error) { +func CopyFileWriter(ctx context.Context, md map[string]string, c session.Caller) (io.WriteCloser, error) { method := session.MethodURL(_FileSend_serviceDesc.ServiceName, "diffcopy") if !c.Supports(method) { return nil, errors.Errorf("method %s not supported by the client", method) @@ -289,6 +305,13 @@ func CopyFileWriter(ctx context.Context, c session.Caller) (io.WriteCloser, erro client := NewFileSendClient(c.Conn()) + opts := make(map[string][]string, len(md)) + for k, v := range md { + opts[keyExporterMetaPrefix+k] = []string{v} + } + + ctx = metadata.NewOutgoingContext(ctx, opts) + cc, err := client.DiffCopy(ctx) if err != nil { return nil, errors.WithStack(err) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go index e5d362d80c2ec03b26591e3cb0983072713f5bdd..42f2a8ce4f409aceb64626defe6ff0d6c97884d7 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/bridge.go @@ -29,6 +29,7 @@ type llbBridge struct { builder solver.Builder frontends map[string]frontend.Frontend resolveWorker func() (worker.Worker, error) + eachWorker func(func(worker.Worker) error) error resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc cms map[string]solver.CacheManager cmsMu sync.Mutex @@ -91,11 +92,25 @@ func (b *llbBridge) Solve(ctx context.Context, req frontend.SolveRequest) (res * if err != nil { return nil, err } + dpc := &detectPrunedCacheID{} - edge, err := Load(req.Definition, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) + edge, err := Load(req.Definition, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), RuntimePlatforms(b.platforms), WithValidateCaps()) if err != nil { return nil, errors.Wrap(err, "failed to load LLB") } + + if len(dpc.ids) > 0 { + ids := make([]string, 0, len(dpc.ids)) + for id := range dpc.ids { + ids = append(ids, id) + } + if err := b.eachWorker(func(w worker.Worker) error { + return w.PruneCacheMounts(ctx, ids) + }); err != nil { + return nil, err + } + } + ref, err := b.builder.Build(ctx, edge) if err != nil { return nil, errors.Wrap(err, "failed to build LLB") diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go index 99902a83320bec0f79ad25092aff9c0b3bb90cc0..d0de3802114bd13569d5facecf94a404e08142a7 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go @@ -221,11 +221,13 @@ func (e *execOp) getMountDeps() ([]dep, error) { } func (e *execOp) getRefCacheDir(ctx context.Context, ref cache.ImmutableRef, id string, m *pb.Mount, sharing pb.CacheSharingOpt) (mref cache.MutableRef, err error) { - key := "cache-dir:" + id if ref != nil { key += ":" + ref.ID() } + mu := CacheMountsLocker() + mu.Lock() + defer mu.Unlock() if ref, ok := e.cacheMounts[key]; ok { return ref.clone(), nil @@ -792,10 +794,17 @@ type cacheRefs struct { shares map[string]*cacheRefShare } -func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { - r.mu.Lock() - defer r.mu.Unlock() +// ClearActiveCacheMounts clears shared cache mounts currently in use. +// Caller needs to hold CacheMountsLocker before calling +func ClearActiveCacheMounts() { + sharedCacheRefs.shares = nil +} + +func CacheMountsLocker() sync.Locker { + return &sharedCacheRefs.mu +} +func (r *cacheRefs) get(key string, fn func() (cache.MutableRef, error)) (cache.MutableRef, error) { if r.shares == nil { r.shares = map[string]*cacheRefShare{} } diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go index 9ae116399db328e749a89912cbb326f623e8a387..9e4525a55eaa58855c2e1c68e8c87732c8fc9202 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/solver.go @@ -39,6 +39,7 @@ type Solver struct { workerController *worker.Controller solver *solver.Solver resolveWorker ResolveWorkerFunc + eachWorker func(func(worker.Worker) error) error frontends map[string]frontend.Frontend resolveCacheImporterFuncs map[string]remotecache.ResolveCacheImporterFunc platforms []specs.Platform @@ -51,6 +52,7 @@ func New(wc *worker.Controller, f map[string]frontend.Frontend, cache solver.Cac s := &Solver{ workerController: wc, resolveWorker: defaultResolver(wc), + eachWorker: allWorkers(wc), frontends: f, resolveCacheImporterFuncs: resolveCI, gatewayForwarder: gatewayForwarder, @@ -87,6 +89,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { builder: b, frontends: s.frontends, resolveWorker: s.resolveWorker, + eachWorker: s.eachWorker, resolveCacheImporterFuncs: s.resolveCacheImporterFuncs, cms: map[string]solver.CacheManager{}, platforms: s.platforms, @@ -285,6 +288,20 @@ func defaultResolver(wc *worker.Controller) ResolveWorkerFunc { return wc.GetDefault() } } +func allWorkers(wc *worker.Controller) func(func(w worker.Worker) error) error { + return func(f func(worker.Worker) error) error { + all, err := wc.List() + if err != nil { + return err + } + for _, w := range all { + if err := f(w); err != nil { + return err + } + } + return nil + } +} func oneOffProgress(ctx context.Context, id string) func(err error) error { pw, _, _ := progress.FromContext(ctx) diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go index 91875461677e680fcd6ec607dc2d573cb7f02551..7de9fd0f2adbe68e5c8beed6c9710be52b8c0e3a 100644 --- a/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go +++ b/vendor/github.com/moby/buildkit/solver/llbsolver/vertex.go @@ -131,6 +131,34 @@ func ValidateEntitlements(ent entitlements.Set) LoadOpt { } } +type detectPrunedCacheID struct { + ids map[string]struct{} +} + +func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.VertexOptions) error { + if md == nil || !md.IgnoreCache { + return nil + } + switch op := op.Op.(type) { + case *pb.Op_Exec: + for _, m := range op.Exec.GetMounts() { + if m.MountType == pb.MountType_CACHE { + if m.CacheOpt != nil { + id := m.CacheOpt.ID + if id == "" { + id = m.Dest + } + if dpc.ids == nil { + dpc.ids = map[string]struct{}{} + } + dpc.ids[id] = struct{}{} + } + } + } + } + return nil +} + func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) { return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { opMetadata := def.Metadata[dgst] diff --git a/vendor/github.com/moby/buildkit/solver/result.go b/vendor/github.com/moby/buildkit/solver/result.go index b217ae083e4c54deb92cc1c4568b299627f9fa34..c7e100b08cc7e32ab36cd0033980b37fef3fb152 100644 --- a/vendor/github.com/moby/buildkit/solver/result.go +++ b/vendor/github.com/moby/buildkit/solver/result.go @@ -40,9 +40,9 @@ func dup(res Result) (Result, Result) { } type splitResult struct { - Result released int64 sem *int64 + Result } func (r *splitResult) Release(ctx context.Context) error { diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go new file mode 100644 index 0000000000000000000000000000000000000000..580f152f94476f827fb954a495814f262e089f90 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_binary.go @@ -0,0 +1,8 @@ +// +build !386 + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binary386 = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xec\xd8\x31\x6e\xc2\x30\x14\x06\xe0\xdf\x8d\xdb\x26\x6a\x07\x1f\x20\xaa\x3a\x74\xe8\x64\xb5\x52\xae\x00\x2c\x88\x8d\x03\x80\x14\xc1\x94\x44\x89\x91\x60\x22\x47\x60\xe0\x20\x8c\x8c\x5c\x80\x13\x70\x19\xf4\xe2\x67\x91\x81\x25\xfb\xfb\xa4\x5f\x16\xcf\xe6\x29\xeb\x7b\xfb\xd1\x74\xac\x94\x42\xf0\x82\x08\xdd\xaf\x83\x8e\x33\x00\x7f\xc6\xd7\x33\x7c\x23\xc2\x2f\x74\xb8\x27\xad\x8e\x29\x27\x00\x14\x4d\x35\x03\x7f\x6f\x7c\x0f\x4a\x02\x80\xf2\xca\x75\x7a\x77\xa4\xb4\x3a\xa6\xa4\x00\x52\xfe\x7f\xc8\x27\xbf\x9f\xcc\xe6\xd4\xef\x42\xb5\xc7\x57\x0a\x21\x84\x10\x42\x08\x21\x84\x10\x62\x88\x33\x0d\xd5\xff\xb7\x6b\x0b\xdb\xac\x1b\x57\xbb\xc5\x12\xb6\x28\x5d\x6e\x57\xc5\xc6\x56\x75\x59\xe5\xb5\xdb\xc1\xba\x7c\xeb\x86\xf4\xfd\x00\xf0\xde\xed\x13\x78\xce\xe7\x19\x3f\xd0\x7c\x7e\xf1\x5c\xff\xc6\x3b\x07\x18\xbf\x2b\x08\x54\xef\x8c\x7a\xf5\xc4\x00\x3f\x4f\xde\xdd\x03\x00\x00\xff\xff\x8d\xf7\xd2\x72\xd0\x10\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go new file mode 100644 index 0000000000000000000000000000000000000000..8137d35047b9751340459eb1dbefddf1f7deeb0c --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check.go @@ -0,0 +1,7 @@ +// +build !386 + +package binfmt_misc + +func i386Supported() error { + return check(Binary386) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go new file mode 100644 index 0000000000000000000000000000000000000000..2b2ab45be453d2a94b4f77eaa8ca52a16e9d83c9 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/386_check_386.go @@ -0,0 +1,7 @@ +// +build 386 + +package binfmt_misc + +func i386Supported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go index 27af7207d21eeae7b15a2aef7b2e8d8726d3e4e5..1a250a5d6d9fced7650d0f25199a975c8515f5e9 100644 --- a/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/detect.go @@ -24,6 +24,15 @@ func SupportedPlatforms() []string { if p := "linux/riscv64"; def != p && riscv64Supported() == nil { arr = append(arr, p) } + if p := "linux/ppc64le"; def != p && ppc64leSupported() == nil { + arr = append(arr, p) + } + if p := "linux/s390x"; def != p && s390xSupported() == nil { + arr = append(arr, p) + } + if p := "linux/386"; def != p && i386Supported() == nil { + arr = append(arr, p) + } if !strings.HasPrefix(def, "linux/arm/") && armSupported() == nil { arr = append(arr, "linux/arm/v7", "linux/arm/v6") } else if def == "linux/arm/v7" { @@ -55,6 +64,21 @@ func WarnIfUnsupported(pfs []string) { printPlatfromWarning(p, err) } } + if p == "linux/ppc64le" { + if err := ppc64leSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/s390x" { + if err := s390xSupported(); err != nil { + printPlatfromWarning(p, err) + } + } + if p == "linux/386" { + if err := i386Supported(); err != nil { + printPlatfromWarning(p, err) + } + } if strings.HasPrefix(p, "linux/arm/v6") || strings.HasPrefix(p, "linux/arm/v7") { if err := armSupported(); err != nil { printPlatfromWarning(p, err) diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go new file mode 100644 index 0000000000000000000000000000000000000000..511db714c70af2c222b6ebe778d28ef4e800dfa2 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_binary.go @@ -0,0 +1,8 @@ +// +build !ppc64le + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binaryppc64le = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x64\x64\x80\x01\x26\x06\x51\x06\x10\xaf\x82\x81\x41\x00\xc4\x77\x80\x8a\x2f\x80\xcb\x83\xc4\x2c\x18\x18\x19\x1c\x18\x58\x18\x98\xc1\x6a\x59\x19\x50\x80\x00\x32\xdd\x02\xe5\xb4\xc0\xa5\x19\x61\xa4\x05\x03\x43\x82\x05\x13\x03\x83\x0b\x83\x5e\x71\x46\x71\x49\x51\x49\x62\x12\x83\x5e\x49\x6a\x45\x09\x83\x5e\x6a\x46\x7c\x5a\x51\x62\x6e\x2a\x03\xc5\x80\x1b\x6a\x23\x1b\x94\x0f\xf3\x57\x05\x94\xcf\x83\xa6\x9e\x03\x8d\x2f\x08\xd5\xcf\x84\xf0\x87\x00\xaa\x7f\x50\x01\x0b\x1a\x1f\xa4\x97\x19\x8b\x3a\x98\x7e\x69\x2c\xea\x91\x01\x20\x00\x00\xff\xff\xce\xf7\x15\x75\xa0\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go new file mode 100644 index 0000000000000000000000000000000000000000..4d5b3bf877a18d430aa53d2bf9305f973e493475 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check.go @@ -0,0 +1,7 @@ +// +build !ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return check(Binaryppc64le) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go new file mode 100644 index 0000000000000000000000000000000000000000..27e4ab8f1a9343595fbea2a73ce365b05ec89c46 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/ppc64le_check_ppc64le.go @@ -0,0 +1,7 @@ +// +build ppc64le + +package binfmt_misc + +func ppc64leSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go new file mode 100644 index 0000000000000000000000000000000000000000..3d34c2e5ace3618680a00692c0dbea2ed0ddc113 --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_binary.go @@ -0,0 +1,8 @@ +// +build !s390x + +package binfmt_misc + +// This file is generated by running make inside the binfmt_misc package. +// Do not edit manually. + +const Binarys390x = "\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xaa\x77\xf5\x71\x63\x62\x62\x64\x80\x03\x26\x06\x31\x06\x06\x06\xb0\x00\x23\x03\x43\x05\x54\xd4\x01\x4a\xcf\x80\xf2\x2c\x18\x18\x19\x1c\x18\x98\x19\x98\xa0\x6a\x59\x19\x90\x00\x23\x1a\xcd\xc0\xc0\xd0\x80\x4a\x0b\x30\x2c\xd7\x64\x60\xe0\x62\x64\x67\x67\xd0\x2b\xce\x28\x2e\x29\x2a\x49\x4c\x62\xd0\x2b\x49\xad\x28\x61\xa0\x1e\xe0\x46\x72\x02\x1b\x9a\x7f\x60\x34\x07\x9a\x1e\x16\x34\x6f\x30\xe3\x30\x1b\xe6\x1f\x41\x34\x71\xb8\x97\x01\x01\x00\x00\xff\xff\x0c\x76\x9a\xe1\x58\x01\x00\x00" diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go new file mode 100644 index 0000000000000000000000000000000000000000..1d5b4a08c3dfd19167524d5e2365fcb30308b7df --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check.go @@ -0,0 +1,7 @@ +// +build !s390x + +package binfmt_misc + +func s390xSupported() error { + return check(Binarys390x) +} diff --git a/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go new file mode 100644 index 0000000000000000000000000000000000000000..92554221ba63e83a028cebc3b506319d9db2487e --- /dev/null +++ b/vendor/github.com/moby/buildkit/util/binfmt_misc/s390x_check_s390x.go @@ -0,0 +1,7 @@ +// +build s390x + +package binfmt_misc + +func s390xSupported() error { + return nil +} diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go index 9b7ba8755a4817acbe208392e060d39ce9f25b07..120be2f1255594c5413492b21253809b7fec8ae0 100644 --- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go +++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go @@ -72,16 +72,18 @@ func (g *Group) do(ctx context.Context, key string, fn func(ctx context.Context) g.mu.Lock() delete(g.m, key) g.mu.Unlock() + close(c.cleaned) }() g.mu.Unlock() return c.wait(ctx) } type call struct { - mu sync.Mutex - result interface{} - err error - ready chan struct{} + mu sync.Mutex + result interface{} + err error + ready chan struct{} + cleaned chan struct{} ctx *sharedContext ctxs []context.Context @@ -97,6 +99,7 @@ func newCall(fn func(ctx context.Context) (interface{}, error)) *call { c := &call{ fn: fn, ready: make(chan struct{}), + cleaned: make(chan struct{}), progressState: newProgressState(), } ctx := newContext(c) // newSharedContext @@ -127,6 +130,7 @@ func (c *call) wait(ctx context.Context) (v interface{}, err error) { select { case <-c.ready: // could return if no error c.mu.Unlock() + <-c.cleaned return nil, errRetry default: } diff --git a/vendor/github.com/moby/buildkit/util/network/network.go b/vendor/github.com/moby/buildkit/util/network/network.go index 055a52da8bce4f8a77976bf851273ffaf4c0f6f0..70b0cccad47d7385c0398fec2e3d8579900bace9 100644 --- a/vendor/github.com/moby/buildkit/util/network/network.go +++ b/vendor/github.com/moby/buildkit/util/network/network.go @@ -3,20 +3,9 @@ package network import ( "io" - "github.com/moby/buildkit/solver/pb" specs "github.com/opencontainers/runtime-spec/specs-go" ) -// Default returns the default network provider set -func Default() map[pb.NetMode]Provider { - return map[pb.NetMode]Provider{ - // FIXME: still uses host if no provider configured - pb.NetMode_UNSET: NewHostProvider(), - pb.NetMode_HOST: NewHostProvider(), - pb.NetMode_NONE: NewNoneProvider(), - } -} - // Provider interface for Network type Provider interface { New() (Namespace, error) @@ -28,10 +17,3 @@ type Namespace interface { // Set the namespace on the spec Set(*specs.Spec) } - -// NetworkOpts hold network options -type NetworkOpts struct { - Type string - CNIConfigPath string - CNIPluginPath string -} diff --git a/vendor/github.com/moby/buildkit/worker/worker.go b/vendor/github.com/moby/buildkit/worker/worker.go index 6485af57d27cd596940665f50215ad0381963923..38cc7db03989a0022291d4a59055a0ec21121785 100644 --- a/vendor/github.com/moby/buildkit/worker/worker.go +++ b/vendor/github.com/moby/buildkit/worker/worker.go @@ -33,6 +33,7 @@ type Worker interface { Prune(ctx context.Context, ch chan client.UsageInfo, opt ...client.PruneInfo) error GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool) (*solver.Remote, error) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) + PruneCacheMounts(ctx context.Context, ids []string) error } // Pre-defined label keys