diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 063a36df7..755e0833c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -336,6 +336,110 @@ jobs: if: always() uses: crazy-max/ghaction-dump-context@v1 + quiet: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + - + name: Build + uses: ./ + with: + context: ./test + tags: name/app:latest + load: true + quiet: true + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + shm-size: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/shmsize.Dockerfile + tags: name/app:latest + shm-size: 2g + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + ulimit: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/ulimit.Dockerfile + tags: name/app:latest + ulimit: | + nofile=1024:1024 + nproc=3 + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + cgroup-parent: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/cgroup.Dockerfile + tags: name/app:latest + cgroup-parent: foo + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + multi: runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e70538d7a..fd97e7c47 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -3,7 +3,7 @@ name: e2e on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' push: branches: - master diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 0e2eb0414..4ad2ab761 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -1,9 +1,9 @@ -# This workflow is provided just as an usage example and not for repo testing/verification +# This workflow is provided just as an example and not for repo testing/verification name: example on: schedule: - - cron: '0 10 * * 0' # everyday sunday at 10am + - cron: '0 10 * * 0' push: branches: - '**' diff --git a/.github/workflows/virtual-env.yml b/.github/workflows/virtual-env.yml index 1b7f44e81..13c08a884 100644 --- a/.github/workflows/virtual-env.yml +++ b/.github/workflows/virtual-env.yml @@ -3,7 +3,7 @@ name: virtual-env on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' jobs: os: diff --git a/README.md b/README.md index f77ec79ed..aa31fb2d8 100644 --- a/README.md +++ b/README.md @@ -190,11 +190,12 @@ Following inputs can be used as `step.with` keys | Name | Type | Description | |---------------------|----------|------------------------------------| -| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) | +| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `build-args` | List | List of build-time variables | -| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) | -| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) | +| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) | +| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) | +| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build | | `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) | | `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) | | `labels` | List | List of metadata for an image | @@ -205,11 +206,14 @@ Following inputs can be used as `step.with` keys | `platforms` | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build | | `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) | | `push` | Bool | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) | -| `secrets` | List | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) | -| `secret-files` | List | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) | +| `quiet` | Bool | Suppress the build output and print image ID on success (default `false`) | +| `secrets` | List | List of secrets to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) | +| `secret-files` | List | List of secret files to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) | +| `shm-size` | String | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) | | `ssh` | List | List of SSH agent socket or keys to expose to the build | | `tags` | List/CSV | List of tags | | `target` | String | Sets the target stage to build | +| `ulimit` | List | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) | ### outputs diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts index bb917cf65..5b8a05f02 100644 --- a/__tests__/context.test.ts +++ b/__tests__/context.test.ts @@ -147,7 +147,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -164,7 +165,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -183,7 +185,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -204,7 +207,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -224,7 +228,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -241,7 +246,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -259,7 +265,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -278,7 +285,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -301,7 +309,8 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -336,7 +345,8 @@ ccc"`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -374,7 +384,8 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -404,7 +415,8 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -428,7 +440,8 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -450,7 +463,8 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], + ['quiet', 'false'], ]), [ 'buildx', @@ -463,6 +477,36 @@ ccc`], '.' ] ], + [ + 14, + '0.7.0', + new Map([ + ['context', '.'], + ['file', './test/Dockerfile'], + ['cgroup-parent', 'foo'], + ['shm-size', '2g'], + ['ulimit', `nofile=1024:1024 +nproc=3`], + ['load', 'false'], + ['no-cache', 'false'], + ['push', 'false'], + ['pull', 'false'], + ['quiet', 'true'], + ]), + [ + 'buildx', + 'build', + '--cgroup-parent', 'foo', + '--file', './test/Dockerfile', + '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--quiet', + '--shm-size', '2g', + '--ulimit', 'nofile=1024:1024', + '--ulimit', 'nproc=3', + '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file', + '.' + ] + ], ])( '[%d] given %p with %p as inputs, returns %p', async (num: number, buildxVersion: string, inputs: Map, expected: Array) => { diff --git a/action.yml b/action.yml index abcfe2f18..ea20b6766 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ branding: inputs: allow: - description: "List of extra privileged entitlement (eg. network.host,security.insecure)" + description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" required: false build-args: description: "List of build-time variables" @@ -17,10 +17,13 @@ inputs: description: "Builder instance" required: false cache-from: - description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)" + description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)" required: false cache-to: - description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)" + description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)" + required: false + cgroup-parent: + description: "Optional parent cgroup for the container used in the build" required: false context: description: "Build's context is the set of files located in the specified PATH or URL" @@ -56,11 +59,18 @@ inputs: description: "Push is a shorthand for --output=type=registry" required: false default: 'false' + quiet: + description: "Suppress the build output and print image ID on success" + required: false + default: 'false' secrets: - description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)" + description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" required: false secret-files: - description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)" + description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" + required: false + shm-size: + description: "Size of /dev/shm (e.g., 2g)" required: false ssh: description: "List of SSH agent socket or keys to expose to the build" @@ -71,6 +81,9 @@ inputs: target: description: "Sets the target stage to build" required: false + ulimit: + description: "Ulimit options (e.g., nofile=1024:1024)" + required: false github-token: description: "GitHub Token used to authenticate against a repository for Git context" default: ${{ github.token }} diff --git a/dist/index.js b/dist/index.js index 2064a02ad..8f77eb65f 100644 --- a/dist/index.js +++ b/dist/index.js @@ -274,6 +274,7 @@ function getInputs(defaultContext) { builder: core.getInput('builder'), cacheFrom: yield getInputList('cache-from', true), cacheTo: yield getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: yield getInputList('labels', true), @@ -284,11 +285,14 @@ function getInputs(defaultContext) { platforms: yield getInputList('platforms'), pull: core.getBooleanInput('pull'), push: core.getBooleanInput('push'), + quiet: core.getBooleanInput('quiet'), secrets: yield getInputList('secrets', true), secretFiles: yield getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: yield getInputList('ssh'), tags: yield getInputList('tags'), target: core.getInput('target'), + ulimit: yield getInputList('ulimit', true), githubToken: core.getInput('github-token') }; }); @@ -319,6 +323,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () { args.push('--cache-to', cacheTo); })); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); + } if (inputs.file) { args.push('--file', inputs.file); } @@ -334,6 +341,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.platforms.length > 0) { args.push('--platform', inputs.platforms.join(',')); } + if (inputs.quiet) { + args.push('--quiet'); + } yield exports.asyncForEach(inputs.secrets, (secret) => __awaiter(this, void 0, void 0, function* () { try { args.push('--secret', yield buildx.getSecretString(secret)); @@ -353,6 +363,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', yield buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } yield exports.asyncForEach(inputs.ssh, (ssh) => __awaiter(this, void 0, void 0, function* () { args.push('--ssh', ssh); })); @@ -362,6 +375,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.target) { args.push('--target', inputs.target); } + yield exports.asyncForEach(inputs.ulimit, (ulimit) => __awaiter(this, void 0, void 0, function* () { + args.push('--ulimit', ulimit); + })); return args; }); } diff --git a/src/context.ts b/src/context.ts index 0759ea423..6d5607e39 100644 --- a/src/context.ts +++ b/src/context.ts @@ -18,6 +18,7 @@ export interface Inputs { builder: string; cacheFrom: string[]; cacheTo: string[]; + cgroupParent: string; context: string; file: string; labels: string[]; @@ -28,11 +29,14 @@ export interface Inputs { platforms: string[]; pull: boolean; push: boolean; + quiet: boolean; secrets: string[]; secretFiles: string[]; + shmSize: string; ssh: string[]; tags: string[]; target: string; + ulimit: string[]; githubToken: string; } @@ -68,6 +72,7 @@ export async function getInputs(defaultContext: string): Promise { builder: core.getInput('builder'), cacheFrom: await getInputList('cache-from', true), cacheTo: await getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: await getInputList('labels', true), @@ -78,11 +83,14 @@ export async function getInputs(defaultContext: string): Promise { platforms: await getInputList('platforms'), pull: core.getBooleanInput('pull'), push: core.getBooleanInput('push'), + quiet: core.getBooleanInput('quiet'), secrets: await getInputList('secrets', true), secretFiles: await getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: await getInputList('ssh'), tags: await getInputList('tags'), target: core.getInput('target'), + ulimit: await getInputList('ulimit', true), githubToken: core.getInput('github-token') }; } @@ -109,6 +117,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio await asyncForEach(inputs.cacheTo, async cacheTo => { args.push('--cache-to', cacheTo); }); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); + } if (inputs.file) { args.push('--file', inputs.file); } @@ -124,6 +135,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.platforms.length > 0) { args.push('--platform', inputs.platforms.join(',')); } + if (inputs.quiet) { + args.push('--quiet'); + } await asyncForEach(inputs.secrets, async secret => { try { args.push('--secret', await buildx.getSecretString(secret)); @@ -141,6 +155,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } await asyncForEach(inputs.ssh, async ssh => { args.push('--ssh', ssh); }); @@ -150,6 +167,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.target) { args.push('--target', inputs.target); } + await asyncForEach(inputs.ulimit, async ulimit => { + args.push('--ulimit', ulimit); + }); return args; } diff --git a/test/cgroup.Dockerfile b/test/cgroup.Dockerfile new file mode 100644 index 000000000..d0301444a --- /dev/null +++ b/test/cgroup.Dockerfile @@ -0,0 +1,2 @@ +FROM alpine +RUN cat /proc/self/cgroup diff --git a/test/shmsize.Dockerfile b/test/shmsize.Dockerfile new file mode 100644 index 000000000..0524f22f7 --- /dev/null +++ b/test/shmsize.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN mount | grep /dev/shm diff --git a/test/ulimit.Dockerfile b/test/ulimit.Dockerfile new file mode 100644 index 000000000..279e70647 --- /dev/null +++ b/test/ulimit.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN ulimit -a