Commit Graph

4295 Commits

Author SHA1 Message Date
Milas Bowman 636c13f818 build: do not attempt to push unnamed service images
When building, if images are being pushed, ensure that only
named images (i.e. services with a populated `image` field)
are attempted to be pushed.

Services without `image` get an auto-generated name, which
will be a "Docker library" reference since they're in the
format `$project-$service`, which is implicitly the same as
`docker.io/library/$project-$service`. A push for that is
never desirable / will always fail.

The key here is that we cannot overwrite the `<svc>.image`
field when doing builds, as we need to be able to check for
its presence to determine whether a push makes sense.

Fixes #10813.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-19 09:58:37 +02:00
Guillaume Lours 5a072b1ad5
Merge pull request #10792 from glours/add-depends_on-required
add support of depends_on.required attribute
2023-07-19 09:53:49 +02:00
Guillaume Lours 2d16a05afa
only check if a dependency is required when something unexpected happens
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-07-18 23:45:31 +02:00
Guillaume Lours bb94ea034e add support of depends_on.required attribute
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-07-18 23:13:47 +02:00
Milas Bowman 0938c7e96f
Merge pull request #10827 from thaJeztah/bump_buildx_buildkit
go.mod: buildx v0.11.2, buildkit v0.12, docker/cli v24.0.5-dev
2023-07-18 16:43:24 -04:00
Sebastiaan van Stijn f429ee958a
go.mod: github.com/docker/docker v24.0.5-dev (tip of 24 release branch)
full diff: 8443a06149...f329397077

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-18 22:25:50 +02:00
Sebastiaan van Stijn e9ded2c518
go.mod: github.com/docker/buildx v0.11.2
full diff:

- https://github.com/docker/buildx/compare/v0.11.1...v0.11.2
- https://github.com/moby/buildkit/v0.12.0...faa0cc7da353

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-18 21:57:42 +02:00
Sebastiaan van Stijn 54e6e0bd8f
go.mod: github.com/moby/buildkit v0.12.0
Switching to back to released versions / release-branche. The old version
was a commit from master (v0.12.0-dev).

full diff:

- https://github.com/moby/buildkit/compare/2d91ddcceedc...v0.12.0
- https://github.com/tonistiigi/fsutil/compare/9e7a6df48576...36ef4d8c0dbb

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-18 21:54:49 +02:00
Milas Bowman 3bc871e64b test: speed up the e2e test suite
Lots of our phony Compose files launch pointless long-lived processes
so we can assert on state. However, this means they often don't respond
well to signals on their own, requiring Compose to timeout and kill
them when doing a `down`.

Add in lots of `init: true` where appropriate so that we don't block
for no reason while running E2E tests all over the place.

Additionally, a couple tests have gotten a cleanup so they don't leave
behind containers. I still want to build this into the framework in
the future, but this is easier for the moment and won't cause any
trouble in the future.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-18 11:08:06 +02:00
Milas Bowman 6ff15d9472
Merge pull request #10812 from thaJeztah/update_go_1.20.6
update go to go1.20.6
2023-07-17 12:08:05 -04:00
Sebastiaan van Stijn 49bc0603e3
update go to go1.20.6
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 17:35:48 +02:00
Sebastiaan van Stijn ce8a09b53f
go.mod: github.com/docker/docker 8443a06149b5 (v24.0.5-dev) (#10810)
relevant changes:

- client: define a "dummy" hostname to use for local connections
  fixes "http: invalid Host header" errors when compiling with
  go1.20.6 or go1.19.11

full diff: https://github.com/docker/docker/compare/v24.0.4...8443a06149b5ba9c0763b92f832698474bcf2a13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 10:47:52 -04:00
Milas Bowman 3dc8734897
watch: add end-to-end test (#10801)
Add an end-to-end test that covers the core watch functionality,
i.e. CRUD on files & directories.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-17 10:47:36 -04:00
Guillaume Lours 852e192820
bump buildkit to version v0.11.0-rc3.0.20230620112432-2d91ddcceedc (#10794)
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-07-12 08:23:02 -04:00
dependabot[bot] d9e7859664
build(deps): bump github.com/docker/cli from 24.0.2+incompatible to 24.0.4+incompatible (#10799)
build(deps): bump github.com/docker/cli

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 24.0.2+incompatible to 24.0.4+incompatible.
- [Commits](https://github.com/docker/cli/compare/v24.0.2...v24.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-12 08:21:46 -04:00
Guillaume Lours e28b223650
Merge pull request #10793 from milas/dockerfile-cache-mounts
ci: speed up a couple Dockerfile targets w/ cache mount
2023-07-10 19:26:41 +02:00
Milas Bowman 1964693074 ci: speed up a couple Dockerfile targets w/ cache mount
The local Go package module path was missing from a couple of jobs,
which made them slower than needed since they were re-downloading
a bunch of dependencies.

In particular, this makes `make lint` waaaay faster!

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-10 13:13:10 -04:00
Guillaume Lours dc74e6aa0e
Merge pull request #10776 from docker/dependabot/go_modules/github.com/docker/buildx-0.11.1
build(deps): bump github.com/docker/buildx from 0.11.0 to 0.11.1
2023-07-10 18:15:39 +02:00
dependabot[bot] b182cf6850
build(deps): bump github.com/docker/buildx from 0.11.0 to 0.11.1
Bumps [github.com/docker/buildx](https://github.com/docker/buildx) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/docker/buildx/releases)
- [Commits](https://github.com/docker/buildx/compare/v0.11.0...v0.11.1)

---
updated-dependencies:
- dependency-name: github.com/docker/buildx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 15:51:31 +00:00
Guillaume Lours f330b24632
Merge pull request #10788 from docker/dependabot/go_modules/github.com/docker/docker-24.0.4incompatible
build(deps): bump github.com/docker/docker from 24.0.2+incompatible to 24.0.4+incompatible
2023-07-10 17:49:45 +02:00
Guillaume Lours 8339269e13
Merge pull request #10789 from ndeloof/run_no_deps
Apply no-deps before we select and mutate target service
2023-07-10 15:46:01 +02:00
Guillaume Lours ee6aeed84e
Merge pull request #10700 from ndeloof/attach
support `attach`
2023-07-10 15:17:44 +02:00
Guillaume Lours 7a9dfa4284
Merge pull request #10790 from milas/e2e-process-leak
test: fix process leak in wait e2e test
2023-07-10 15:09:41 +02:00
Guillaume Lours 29daae3d6e
Merge pull request #10784 from shantanoo-desai/v2
fix(secrets): file permission value does not comply with spec
2023-07-10 14:54:16 +02:00
Milas Bowman 8dea7b5cae test: fix process leak in wait e2e test
* Run `down` before and after test to not leave around containers
* Kill the `wait` process that's waiting on `infinity`
  * NOTE: If the test is actually working, this should exit once
    the `down` happens, but this ensures that we kill everything
    we start

I'd like to generalize more of this into the framework, but this
is a quick fix to prevent filling up CI machines with tons of
processes over time.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-10 08:42:09 -04:00
Guillaume Lours bc6ad2e4a4
Merge pull request #10764 from docker/dependabot/go_modules/github.com/opencontainers/image-spec-1.1.0-rc4
build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc4
2023-07-10 14:39:44 +02:00
Nicolas De Loof e6a7694b8d
Apply no-deps before we select and mutate target service
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-07-10 14:37:42 +02:00
Nicolas De Loof 46d936c750 support `attach`
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-07-10 14:34:28 +02:00
dependabot[bot] 15bc7850bb build(deps): bump github.com/opencontainers/image-spec
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc3 to 1.1.0-rc4.
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0-rc3...v1.1.0-rc4)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 14:17:14 +02:00
Guillaume Lours 8a64ab56a0
Merge pull request #10760 from docker/dependabot/go_modules/gotest.tools/v3-3.5.0
build(deps): bump gotest.tools/v3 from 3.4.0 to 3.5.0
2023-07-10 14:16:34 +02:00
dependabot[bot] 1178c51e6a build(deps): bump gotest.tools/v3 from 3.4.0 to 3.5.0
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/gotestyourself/gotest.tools/releases)
- [Commits](https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: gotest.tools/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 12:40:37 +02:00
dependabot[bot] 3b3fd3e56c
build(deps): bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.2+incompatible to 24.0.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.2...v24.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 10:39:23 +00:00
Guillaume Lours b1e10f559e
Merge pull request #10781 from milas/deps-docs-0.6
deps: bump docker/cli-docs-tool to v0.6.0
2023-07-10 12:38:04 +02:00
Milas Bowman baea5a48f5 deps: bump docker/cli-docs-tool to v0.6.0
Required re-running `make docs` to pick up changes.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-10 12:23:48 +02:00
Guillaume Lours cb3a6ce52b
Merge pull request #10787 from docker/dependabot/go_modules/google.golang.org/grpc-1.56.2
build(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.2
2023-07-10 12:23:25 +02:00
dependabot[bot] 28f3802a07
build(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.2
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.0 to 1.56.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.0...v1.56.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 09:23:22 +00:00
Shan Desai fd0e0a2cbd
fix(secrets): file permission value does not comply with spec
closes #10783

Compose Spec mentions that default values for secrets is `0444` aka. world-readable permissions. However, the value was previously set to `0400`. 


Signed-off-by: Shan Desai <shantanoo.desai@gmail.com>
2023-07-07 18:58:21 +02:00
Guillaume Lours e90df62bb0
Merge pull request #10763 from ndeloof/exec_index
when --index is not set select first service container
2023-07-07 14:39:50 +02:00
Nicolas De Loof b0af2deb2b when --index is not set select first service container
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-07-07 14:08:24 +02:00
Milas Bowman be22bc735a network: fix random missing network when service has more than one
As part of the fix for #10668, the logic was adjusted so that the
default (highest-priority) network is used in the `ContainerCreate`,
and then the remaining networks are connected via calls to
`NetworkConnect` before starting the container.

Unfortunately, `ServiceConfig::NetworksByPriority` is neither
deterministic nor stable when networks have the same priority.

It's non-deterministic because the order of networks from parsing
YAML is random, since they are loaded into a Go map (which have
random iteration order). Additionally, it's not using a `SortStable`
in `compose-go`, so even if the load order was predictable, it
still might produce different results.

While I look at improving `compose-go` here to prevent this from
tripping us up in the future, this fix looks at _all_ networks for
a service and ignores the "default" one now. Before, it would
always skip the first one in the slice since that _should_ have
been the "default".

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-07-07 09:18:01 +02:00
Nicolas De Loof b5f5e27597 don't use unitialized cli to setup DryRunClient
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-07-06 14:27:57 +02:00
Guillaume Lours b1334b8dfc
Merge pull request #10768 from cloud-native-team/v2
fix some comments
2023-07-06 10:06:05 +02:00
cui fliter 25ca75db4d fix some comments
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-07-04 11:34:49 +08:00
Guillaume Lours 827e864ed0
Merge pull request #10745 from glours/add-builder-support
add support of --builder and BUILDX_BUILDER
2023-07-03 10:46:02 +02:00
Guillaume Lours 28301fb1a4 add support of --builder and BUILDX_BUILDER
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-07-03 10:11:18 +02:00
Ulysses Souza fa3e16c66b
Merge pull request #10742 from ulyssessouza/add-wait
Add `docker compose wait`
2023-07-02 13:54:34 +02:00
Ulysses Souza edd76bfd70 Add `docker compose wait`
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2023-06-30 16:07:03 +02:00
Milas Bowman c496c23071
ci: upgrade compose-go to v1.15.1 (#10757)
* Fix for "`build.context` is required" errors

https://github.com/compose-spec/compose-go/releases/tag/v1.15.1

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-06-29 16:50:10 -04:00
Guillaume Lours 02284378bf
Merge pull request #10756 from milas/network-race
up: fix race condition on network connect
2023-06-29 22:47:29 +02:00
Milas Bowman 10b290e682 up: fix race condition on network connect
Engine API only allows at most one network to be connected as
part of the ContainerCreate API request. Compose will pick the
highest priority network.

Afterwards, the remaining networks (if any) are connected before
the container is actually started.

The big change here is that, previously, the highest-priority
network was connected in the create, and then disconnected and
immediately reconnected along with all the others. This was
racy because evidently connecting the container to the network
as part of the create isn't synchronous, so sometimes when Compose
tried to disconnect it, the API would return an error like:
```
container <id> is not connected to the network <network>
```

To avoid needing to disconnect and immediately reconnect, the
network config logic has been refactored to ensure that it sets
up the network config correctly the first time.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-06-29 16:00:55 -04:00