diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 063a36df7..2f6fbae9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -336,6 +336,86 @@ jobs: if: always() uses: crazy-max/ghaction-dump-context@v1 + shm-size: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/shmsize.Dockerfile + tags: name/app:latest + shm-size: 2g + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + ulimit: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/ulimit.Dockerfile + tags: name/app:latest + ulimit: | + nofile=1024:1024 + nproc=3 + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + cgroup-parent: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/cgroup.Dockerfile + tags: name/app:latest + cgroup-parent: foo + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + multi: runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e70538d7a..fd97e7c47 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -3,7 +3,7 @@ name: e2e on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' push: branches: - master diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 0e2eb0414..4ad2ab761 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -1,9 +1,9 @@ -# This workflow is provided just as an usage example and not for repo testing/verification +# This workflow is provided just as an example and not for repo testing/verification name: example on: schedule: - - cron: '0 10 * * 0' # everyday sunday at 10am + - cron: '0 10 * * 0' push: branches: - '**' diff --git a/.github/workflows/virtual-env.yml b/.github/workflows/virtual-env.yml index 1b7f44e81..13c08a884 100644 --- a/.github/workflows/virtual-env.yml +++ b/.github/workflows/virtual-env.yml @@ -3,7 +3,7 @@ name: virtual-env on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' jobs: os: diff --git a/README.md b/README.md index f77ec79ed..ffd1ab4e4 100644 --- a/README.md +++ b/README.md @@ -190,11 +190,12 @@ Following inputs can be used as `step.with` keys | Name | Type | Description | |---------------------|----------|------------------------------------| -| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) | +| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `build-args` | List | List of build-time variables | -| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) | -| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) | +| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) | +| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) | +| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build | | `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) | | `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) | | `labels` | List | List of metadata for an image | @@ -205,11 +206,13 @@ Following inputs can be used as `step.with` keys | `platforms` | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build | | `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) | | `push` | Bool | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) | -| `secrets` | List | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) | -| `secret-files` | List | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) | +| `secrets` | List | List of secrets to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) | +| `secret-files` | List | List of secret files to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) | +| `shm-size` | String | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) | | `ssh` | List | List of SSH agent socket or keys to expose to the build | | `tags` | List/CSV | List of tags | | `target` | String | Sets the target stage to build | +| `ulimit` | List | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) | ### outputs diff --git a/__tests__/buildx.test.ts b/__tests__/buildx.test.ts index e64ac90a7..028b00140 100644 --- a/__tests__/buildx.test.ts +++ b/__tests__/buildx.test.ts @@ -28,10 +28,8 @@ jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => { describe('getImageID', () => { it('matches', async () => { const imageIDFile = await buildx.getImageIDFile(); - console.log(`imageIDFile: ${imageIDFile}`); await fs.writeFileSync(imageIDFile, digest); const imageID = await buildx.getImageID(); - console.log(`imageID: ${imageID}`); expect(imageID).toEqual(digest); }); }); @@ -39,10 +37,8 @@ describe('getImageID', () => { describe('getMetadata', () => { it('matches', async () => { const metadataFile = await buildx.getMetadataFile(); - console.log(`metadataFile: ${metadataFile}`); await fs.writeFileSync(metadataFile, metadata); const expected = await buildx.getMetadata(); - console.log(`metadata: ${expected}`); expect(expected).toEqual(metadata); }); }); @@ -132,7 +128,6 @@ describe('getVersion', () => { 'valid', async () => { const version = await buildx.getVersion(); - console.log(`version: ${version}`); expect(semver.valid(version)).not.toBeNull(); }, 100000 @@ -179,10 +174,8 @@ describe('getSecret', () => { secret = await buildx.getSecretString(kvp); } expect(true).toBe(!invalid); - console.log(`secret: ${secret}`); expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`); const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8'); - console.log(`secretValue: ${secretValue}`); expect(secretValue).toEqual(exValue); } catch (err) { expect(true).toBe(invalid); diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts index 3435701e1..7b6c16409 100644 --- a/__tests__/context.test.ts +++ b/__tests__/context.test.ts @@ -140,13 +140,14 @@ describe('getArgs', () => { // prettier-ignore test.each([ [ + 0, '0.4.1', new Map([ ['context', '.'], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -156,13 +157,14 @@ describe('getArgs', () => { ] ], [ + 1, '0.4.2', new Map([ ['build-args', 'MY_ARG=val1,val2,val3\nARG=val'], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -174,24 +176,26 @@ describe('getArgs', () => { ] ], [ + 2, '0.4.2', new Map([ ['tags', 'name/app:7.4, name/app:latest'], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', + '--iidfile', '/tmp/.docker-build-push-jest/iidfile', '--tag', 'name/app:7.4', '--tag', 'name/app:latest', - '--iidfile', '/tmp/.docker-build-push-jest/iidfile', 'https://github.com/docker/build-push-action.git#refs/heads/test-jest' ] ], [ + 3, '0.4.2', new Map([ ['context', '.'], @@ -200,7 +204,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -212,6 +216,7 @@ describe('getArgs', () => { ] ], [ + 4, '0.4.1', new Map([ ['context', '.'], @@ -219,7 +224,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -229,13 +234,14 @@ describe('getArgs', () => { ] ], [ + 5, '0.4.1', new Map([ ['context', '.'], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -245,6 +251,7 @@ describe('getArgs', () => { ] ], [ + 6, '0.4.2', new Map([ ['context', '.'], @@ -252,7 +259,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -263,6 +270,7 @@ describe('getArgs', () => { ] ], [ + 7, '0.4.2', new Map([ ['github-token', 'abcdefghijklmno0123456789'], @@ -270,7 +278,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -281,6 +289,7 @@ describe('getArgs', () => { ] ], [ + 8, '0.4.2', new Map([ ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'], @@ -292,21 +301,22 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', - '--platform', 'linux/amd64,linux/arm64', + '--file', './test/Dockerfile', '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--platform', 'linux/amd64,linux/arm64', '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest', - '--file', './test/Dockerfile', '--builder', 'builder-git-context-2', '--push', 'https://github.com/docker/build-push-action.git#refs/heads/master' ] ], [ + 9, '0.4.2', new Map([ ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'], @@ -326,24 +336,25 @@ ccc"`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', - '--platform', 'linux/amd64,linux/arm64', + '--file', './test/Dockerfile', '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--platform', 'linux/amd64,linux/arm64', '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest', - '--file', './test/Dockerfile', '--builder', 'builder-git-context-2', '--push', 'https://github.com/docker/build-push-action.git#refs/heads/master' ] ], [ + 10, '0.4.2', new Map([ ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'], @@ -363,24 +374,25 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', - '--platform', 'linux/amd64,linux/arm64', + '--file', './test/Dockerfile', '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--platform', 'linux/amd64,linux/arm64', '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest', '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest', - '--file', './test/Dockerfile', '--builder', 'builder-git-context-2', '--push', 'https://github.com/docker/build-push-action.git#refs/heads/master' ] ], [ + 11, '0.5.1', new Map([ ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'], @@ -392,14 +404,14 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', + '--file', './test/Dockerfile', '--iidfile', '/tmp/.docker-build-push-jest/iidfile', '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest', - '--file', './test/Dockerfile', '--builder', 'builder-git-context-2', '--network', 'host', '--push', @@ -407,6 +419,7 @@ ccc`], ] ], [ + 12, '0.4.2', new Map([ ['context', '.'], @@ -415,7 +428,7 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -427,6 +440,7 @@ ccc`], ] ], [ + 13, '0.6.0', new Map([ ['context', '.'], @@ -436,30 +450,56 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', 'build', + '--file', './test/Dockerfile', '--iidfile', '/tmp/.docker-build-push-jest/iidfile', '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file', - '--file', './test/Dockerfile', '--network', 'host', '--push', '.' ] ], + [ + 14, + '0.7.0', + new Map([ + ['context', '.'], + ['file', './test/Dockerfile'], + ['cgroup-parent', 'foo'], + ['shm-size', '2g'], + ['ulimit', `nofile=1024:1024 +nproc=3`], + ['load', 'false'], + ['no-cache', 'false'], + ['push', 'false'], + ['pull', 'false'], + ]), + [ + 'buildx', + 'build', + '--cgroup-parent', 'foo', + '--file', './test/Dockerfile', + '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--shm-size', '2g', + '--ulimit', 'nofile=1024:1024', + '--ulimit', 'nproc=3', + '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file', + '.' + ] + ], ])( - 'given %p with %p as inputs, returns %p', - async (buildxVersion: string, inputs: Map, expected: Array) => { + '[%d] given %p with %p as inputs, returns %p', + async (num: number, buildxVersion: string, inputs: Map, expected: Array) => { await inputs.forEach((value: string, name: string) => { setInput(name, value); }); const defContext = context.defaultContext(); const inp = await context.getInputs(defContext); - console.log(inp); const res = await context.getArgs(inp, defContext, buildxVersion); - console.log(res); expect(res).toEqual(expected); } ); @@ -469,63 +509,54 @@ describe('getInputList', () => { it('single line correctly', async () => { await setInput('foo', 'bar'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar']); }); it('multiline correctly', async () => { setInput('foo', 'bar\nbaz'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz']); }); it('empty lines correctly', async () => { setInput('foo', 'bar\n\nbaz'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz']); }); it('comma correctly', async () => { setInput('foo', 'bar,baz'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz']); }); it('empty result correctly', async () => { setInput('foo', 'bar,baz,'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz']); }); it('different new lines correctly', async () => { setInput('foo', 'bar\r\nbaz'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz']); }); it('different new lines and comma correctly', async () => { setInput('foo', 'bar\r\nbaz,bat'); const res = await context.getInputList('foo'); - console.log(res); expect(res).toEqual(['bar', 'baz', 'bat']); }); it('multiline and ignoring comma correctly', async () => { setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir'); const res = await context.getInputList('cache-from', true); - console.log(res); expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']); }); it('different new lines and ignoring comma correctly', async () => { setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir'); const res = await context.getInputList('cache-from', true); - console.log(res); expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']); }); @@ -539,7 +570,6 @@ ccccccccc" FOO=bar` ); const res = await context.getInputList('secrets', true); - console.log(res); expect(res).toEqual([ 'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', `MYSECRET=aaaaaaaa @@ -563,7 +593,6 @@ bbbb ccc"` ); const res = await context.getInputList('secrets', true); - console.log(res); expect(res).toEqual([ 'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', `MYSECRET=aaaaaaaa @@ -587,7 +616,6 @@ ccccccccc FOO=bar` ); const res = await context.getInputList('secrets', true); - console.log(res); expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']); }); @@ -598,7 +626,6 @@ FOO=bar` FOO=bar` ); const res = await context.getInputList('secrets', true); - console.log(res); expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']); }); @@ -612,7 +639,6 @@ ccccccccc" FOO=bar` ); const res = await context.getInputList('secrets', true); - console.log(res); expect(res).toEqual([ 'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', `MYSECRET=aaaaaaaa diff --git a/action.yml b/action.yml index abcfe2f18..9f94b261a 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ branding: inputs: allow: - description: "List of extra privileged entitlement (eg. network.host,security.insecure)" + description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" required: false build-args: description: "List of build-time variables" @@ -17,10 +17,13 @@ inputs: description: "Builder instance" required: false cache-from: - description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)" + description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)" required: false cache-to: - description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)" + description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)" + required: false + cgroup-parent: + description: "Optional parent cgroup for the container used in the build" required: false context: description: "Build's context is the set of files located in the specified PATH or URL" @@ -57,10 +60,13 @@ inputs: required: false default: 'false' secrets: - description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)" + description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" required: false secret-files: - description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)" + description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" + required: false + shm-size: + description: "Size of /dev/shm (e.g., 2g)" required: false ssh: description: "List of SSH agent socket or keys to expose to the build" @@ -71,6 +77,9 @@ inputs: target: description: "Sets the target stage to build" required: false + ulimit: + description: "Ulimit options (e.g., nofile=1024:1024)" + required: false github-token: description: "GitHub Token used to authenticate against a repository for Git context" default: ${{ github.token }} diff --git a/dist/index.js b/dist/index.js index 88ca69a73..af2cd489a 100644 --- a/dist/index.js +++ b/dist/index.js @@ -274,6 +274,7 @@ function getInputs(defaultContext) { builder: core.getInput('builder'), cacheFrom: yield getInputList('cache-from', true), cacheTo: yield getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: yield getInputList('labels', true), @@ -286,9 +287,11 @@ function getInputs(defaultContext) { push: core.getBooleanInput('push'), secrets: yield getInputList('secrets', true), secretFiles: yield getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: yield getInputList('ssh'), tags: yield getInputList('tags'), target: core.getInput('target'), + ulimit: yield getInputList('ulimit', true), githubToken: core.getInput('github-token') }; }); @@ -298,7 +301,7 @@ function getArgs(inputs, defaultContext, buildxVersion) { return __awaiter(this, void 0, void 0, function* () { let args = ['buildx']; args.push.apply(args, yield getBuildArgs(inputs, defaultContext, buildxVersion)); - args.push.apply(args, yield getCommonArgs(inputs)); + args.push.apply(args, yield getCommonArgs(inputs, buildxVersion)); args.push(inputs.context); return args; }); @@ -307,39 +310,36 @@ exports.getArgs = getArgs; function getBuildArgs(inputs, defaultContext, buildxVersion) { return __awaiter(this, void 0, void 0, function* () { let args = ['build']; + if (inputs.allow.length > 0) { + args.push('--allow', inputs.allow.join(',')); + } yield exports.asyncForEach(inputs.buildArgs, (buildArg) => __awaiter(this, void 0, void 0, function* () { args.push('--build-arg', buildArg); })); - yield exports.asyncForEach(inputs.labels, (label) => __awaiter(this, void 0, void 0, function* () { - args.push('--label', label); + yield exports.asyncForEach(inputs.cacheFrom, (cacheFrom) => __awaiter(this, void 0, void 0, function* () { + args.push('--cache-from', cacheFrom); })); - yield exports.asyncForEach(inputs.tags, (tag) => __awaiter(this, void 0, void 0, function* () { - args.push('--tag', tag); + yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () { + args.push('--cache-to', cacheTo); })); - if (inputs.target) { - args.push('--target', inputs.target); - } - if (inputs.allow.length > 0) { - args.push('--allow', inputs.allow.join(',')); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); } - if (inputs.platforms.length > 0) { - args.push('--platform', inputs.platforms.join(',')); + if (inputs.file) { + args.push('--file', inputs.file); } - yield exports.asyncForEach(inputs.outputs, (output) => __awaiter(this, void 0, void 0, function* () { - args.push('--output', output); - })); if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) { args.push('--iidfile', yield buildx.getImageIDFile()); } - if (buildx.satisfies(buildxVersion, '>=0.6.0')) { - args.push('--metadata-file', yield buildx.getMetadataFile()); - } - yield exports.asyncForEach(inputs.cacheFrom, (cacheFrom) => __awaiter(this, void 0, void 0, function* () { - args.push('--cache-from', cacheFrom); + yield exports.asyncForEach(inputs.labels, (label) => __awaiter(this, void 0, void 0, function* () { + args.push('--label', label); })); - yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () { - args.push('--cache-to', cacheTo); + yield exports.asyncForEach(inputs.outputs, (output) => __awaiter(this, void 0, void 0, function* () { + args.push('--output', output); })); + if (inputs.platforms.length > 0) { + args.push('--platform', inputs.platforms.join(',')); + } yield exports.asyncForEach(inputs.secrets, (secret) => __awaiter(this, void 0, void 0, function* () { try { args.push('--secret', yield buildx.getSecretString(secret)); @@ -359,33 +359,45 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', yield buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } yield exports.asyncForEach(inputs.ssh, (ssh) => __awaiter(this, void 0, void 0, function* () { args.push('--ssh', ssh); })); - if (inputs.file) { - args.push('--file', inputs.file); + yield exports.asyncForEach(inputs.tags, (tag) => __awaiter(this, void 0, void 0, function* () { + args.push('--tag', tag); + })); + if (inputs.target) { + args.push('--target', inputs.target); } + yield exports.asyncForEach(inputs.ulimit, (ulimit) => __awaiter(this, void 0, void 0, function* () { + args.push('--ulimit', ulimit); + })); return args; }); } -function getCommonArgs(inputs) { +function getCommonArgs(inputs, buildxVersion) { return __awaiter(this, void 0, void 0, function* () { let args = []; - if (inputs.noCache) { - args.push('--no-cache'); - } if (inputs.builder) { args.push('--builder', inputs.builder); } - if (inputs.pull) { - args.push('--pull'); - } if (inputs.load) { args.push('--load'); } + if (buildx.satisfies(buildxVersion, '>=0.6.0')) { + args.push('--metadata-file', yield buildx.getMetadataFile()); + } if (inputs.network) { args.push('--network', inputs.network); } + if (inputs.noCache) { + args.push('--no-cache'); + } + if (inputs.pull) { + args.push('--pull'); + } if (inputs.push) { args.push('--push'); } diff --git a/src/context.ts b/src/context.ts index b951a9be8..e538ac719 100644 --- a/src/context.ts +++ b/src/context.ts @@ -18,6 +18,7 @@ export interface Inputs { builder: string; cacheFrom: string[]; cacheTo: string[]; + cgroupParent: string; context: string; file: string; labels: string[]; @@ -30,9 +31,11 @@ export interface Inputs { push: boolean; secrets: string[]; secretFiles: string[]; + shmSize: string; ssh: string[]; tags: string[]; target: string; + ulimit: string[]; githubToken: string; } @@ -68,6 +71,7 @@ export async function getInputs(defaultContext: string): Promise { builder: core.getInput('builder'), cacheFrom: await getInputList('cache-from', true), cacheTo: await getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: await getInputList('labels', true), @@ -80,9 +84,11 @@ export async function getInputs(defaultContext: string): Promise { push: core.getBooleanInput('push'), secrets: await getInputList('secrets', true), secretFiles: await getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: await getInputList('ssh'), tags: await getInputList('tags'), target: core.getInput('target'), + ulimit: await getInputList('ulimit', true), githubToken: core.getInput('github-token') }; } @@ -90,46 +96,43 @@ export async function getInputs(defaultContext: string): Promise { export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise> { let args: Array = ['buildx']; args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion)); - args.push.apply(args, await getCommonArgs(inputs)); + args.push.apply(args, await getCommonArgs(inputs, buildxVersion)); args.push(inputs.context); return args; } async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise> { let args: Array = ['build']; + if (inputs.allow.length > 0) { + args.push('--allow', inputs.allow.join(',')); + } await asyncForEach(inputs.buildArgs, async buildArg => { args.push('--build-arg', buildArg); }); - await asyncForEach(inputs.labels, async label => { - args.push('--label', label); + await asyncForEach(inputs.cacheFrom, async cacheFrom => { + args.push('--cache-from', cacheFrom); }); - await asyncForEach(inputs.tags, async tag => { - args.push('--tag', tag); + await asyncForEach(inputs.cacheTo, async cacheTo => { + args.push('--cache-to', cacheTo); }); - if (inputs.target) { - args.push('--target', inputs.target); - } - if (inputs.allow.length > 0) { - args.push('--allow', inputs.allow.join(',')); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); } - if (inputs.platforms.length > 0) { - args.push('--platform', inputs.platforms.join(',')); + if (inputs.file) { + args.push('--file', inputs.file); } - await asyncForEach(inputs.outputs, async output => { - args.push('--output', output); - }); if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) { args.push('--iidfile', await buildx.getImageIDFile()); } - if (buildx.satisfies(buildxVersion, '>=0.6.0')) { - args.push('--metadata-file', await buildx.getMetadataFile()); - } - await asyncForEach(inputs.cacheFrom, async cacheFrom => { - args.push('--cache-from', cacheFrom); + await asyncForEach(inputs.labels, async label => { + args.push('--label', label); }); - await asyncForEach(inputs.cacheTo, async cacheTo => { - args.push('--cache-to', cacheTo); + await asyncForEach(inputs.outputs, async output => { + args.push('--output', output); }); + if (inputs.platforms.length > 0) { + args.push('--platform', inputs.platforms.join(',')); + } await asyncForEach(inputs.secrets, async secret => { try { args.push('--secret', await buildx.getSecretString(secret)); @@ -147,32 +150,44 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } await asyncForEach(inputs.ssh, async ssh => { args.push('--ssh', ssh); }); - if (inputs.file) { - args.push('--file', inputs.file); + await asyncForEach(inputs.tags, async tag => { + args.push('--tag', tag); + }); + if (inputs.target) { + args.push('--target', inputs.target); } + await asyncForEach(inputs.ulimit, async ulimit => { + args.push('--ulimit', ulimit); + }); return args; } -async function getCommonArgs(inputs: Inputs): Promise> { +async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise> { let args: Array = []; - if (inputs.noCache) { - args.push('--no-cache'); - } if (inputs.builder) { args.push('--builder', inputs.builder); } - if (inputs.pull) { - args.push('--pull'); - } if (inputs.load) { args.push('--load'); } + if (buildx.satisfies(buildxVersion, '>=0.6.0')) { + args.push('--metadata-file', await buildx.getMetadataFile()); + } if (inputs.network) { args.push('--network', inputs.network); } + if (inputs.noCache) { + args.push('--no-cache'); + } + if (inputs.pull) { + args.push('--pull'); + } if (inputs.push) { args.push('--push'); } diff --git a/test/cgroup.Dockerfile b/test/cgroup.Dockerfile new file mode 100644 index 000000000..d0301444a --- /dev/null +++ b/test/cgroup.Dockerfile @@ -0,0 +1,2 @@ +FROM alpine +RUN cat /proc/self/cgroup diff --git a/test/shmsize.Dockerfile b/test/shmsize.Dockerfile new file mode 100644 index 000000000..0524f22f7 --- /dev/null +++ b/test/shmsize.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN mount | grep /dev/shm diff --git a/test/ulimit.Dockerfile b/test/ulimit.Dockerfile new file mode 100644 index 000000000..279e70647 --- /dev/null +++ b/test/ulimit.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN ulimit -a