Commit Graph

3724 Commits

Author SHA1 Message Date
Ulysses Souza bac398aa9f Fix .env and --envfile priorities
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-28 12:13:37 +02:00
Guillaume Lours def189fae1
Merge pull request #9677 from glours/use-google-addlicence
use Google addlicense instead of kunalkushwaha/ltag
2022-07-28 11:45:13 +02:00
Laura Brehm 085d8e9bb7
Merge pull request #9474 from ndeloof/pull_no_pull
introduce --pull
2022-07-27 11:35:46 +02:00
Guillaume Lours e83d940a3c
add pull & build config to project before create
add pull flag to create and up documentation

Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-27 11:25:53 +02:00
Nicolas De Loof 9976077e24 introduce --pull
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-07-27 11:24:00 +02:00
Guillaume Lours 70ccc98f17
Merge pull request #9676 from glours/update-cli-docs-tool
update cli-doc-tool and update the doc with this new version
2022-07-27 10:50:38 +02:00
Guillaume Lours 4eb56fd840
use Google addlicense instead of kunalkushwaha/ltag
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-26 15:13:34 +02:00
Guillaume Lours 0e6adb2884
update cli-doc-tool and update the doc with this new version
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-26 14:58:08 +02:00
Guillaume Lours ce1829a46a
Merge pull request #9675 from glours/update-gh-workflow
use env variable for golang version and updates gh actions from v2 to v3
2022-07-26 11:41:15 +02:00
Guillaume Lours dae4231810
remove usage of GO111MODULE option in gh actions
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-26 10:42:38 +02:00
Guillaume Lours a4c2c4a832
use env variable for golang version and updates gh actions from v2 to v3
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-25 23:20:35 +02:00
Guillaume Lours 60621dca1a
Merge pull request #9670 from crazy-max/docs-workflow-fork
ci(docs): use push-to-fork when creating pr
2022-07-22 18:03:41 +02:00
CrazyMax e1e8c37885 ci(docs): use push-to-fork when creating pr
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-07-22 17:54:14 +02:00
Guillaume Lours dcf086c3c8
Merge pull request #9673 from glours/fix-linter-unused-arg-issue-build
remove unused sessionConfig param for addSecretsConfig function
2022-07-22 17:53:51 +02:00
Guillaume Lours c4b9ec6301
remove unused sessionConfig param for addSecretsConfig function
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-22 17:37:42 +02:00
Guillaume Lours 0b2281348b
Merge pull request #9664 from ulyssessouza/bump-compose-go-1.2.9
Bump compose-go -> v1.2.9
2022-07-19 17:15:48 +02:00
Ulysses Souza 1d6f2a3dc3 Bump compose-go -> v1.2.9
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-19 17:05:23 +02:00
Guillaume Lours 81ac8657f5
Merge pull request #9663 from docker/dependabot/go_modules/github.com/sirupsen/logrus-1.9.0
build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
2022-07-19 16:56:13 +02:00
Guillaume Lours 75bbd245c7
Merge pull request #9647 from glours/add-test-named-networks
add 2 named networks with close name in the networks test suite to gu…
2022-07-19 16:55:26 +02:00
dependabot[bot] 3ff744a7b0
build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-19 09:26:47 +00:00
Guillaume Lours d85751f6d4
Merge pull request #9641 from glours/fix-volumes_from
keep the container reference when volumes_from target a container and not a service
2022-07-15 18:29:14 +02:00
Ulysses Souza 58dcfcdfbc
Merge pull request #9643 from ulyssessouza/add-gocritic-linter
Add gocritic to linters
2022-07-13 21:26:50 +02:00
Ulysses Souza fc723acb3b Fix nolint issues
Reference -> https://golangci-lint.run/usage/false-positives/#nolint-directive

Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-13 19:33:06 +02:00
Ulysses Souza 96cbb1cbcf Add "style" tag to gocritic
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-13 19:33:06 +02:00
Ulysses Souza d42adf6efb Add "opinionated" tag to gocritic
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-13 19:33:06 +02:00
Ulysses Souza a81f23a199 Add "diagnostic" tag to gocritic
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-13 19:33:06 +02:00
Ulysses Souza 2e96829607 Add gocritic to linters
Signed-off-by: Ulysses Souza <ulyssessouza@gmail.com>
2022-07-13 19:33:03 +02:00
Guillaume Lours 966cbb59ac
add 2 named networks with close name in the networks test suite to guarantee the good distinction on network names
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-13 15:09:38 +02:00
Guillaume Lours 923e01d151
Merge pull request #9645 from thaJeztah/bump_go_1.18.4
update go to 1.18.4
2022-07-13 12:50:15 +02:00
Sebastiaan van Stijn d54cd0445e
update go to 1.18.4
go1.18.4 (released 2022-07-12) includes security fixes to the compress/gzip,
encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath
packages, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package. See the Go 1.18.4 milestone on the
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.4+label%3ACherryPickApproved

This update addresses:

CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631,
CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, and CVE-2022-32148.

Full diff: https://github.com/golang/go/compare/go1.18.3...go1.18.4

From the security announcement;
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

We have just released Go versions 1.18.4 and 1.17.12, minor point releases. These
minor releases include 9 security fixes following the security policy:

- net/http: improper sanitization of Transfer-Encoding header

  The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating
  a "chunked" encoding. This could potentially allow for request smuggling, but
  only if combined with an intermediate server that also improperly failed to
  reject the header as invalid.

  This is CVE-2022-1705 and https://go.dev/issue/53188.

- When `httputil.ReverseProxy.ServeHTTP` was called with a `Request.Header` map
  containing a nil value for the X-Forwarded-For header, ReverseProxy would set
  the client IP as the value of the X-Forwarded-For header, contrary to its
  documentation. In the more usual case where a Director function set the
  X-Forwarded-For header value to nil, ReverseProxy would leave the header
  unmodified as expected.

  This is https://go.dev/issue/53423 and CVE-2022-32148.

  Thanks to Christian Mehlmauer for reporting this issue.

- compress/gzip: stack exhaustion in Reader.Read

  Calling Reader.Read on an archive containing a large number of concatenated
  0-length compressed files can cause a panic due to stack exhaustion.

  This is CVE-2022-30631 and Go issue https://go.dev/issue/53168.

- encoding/xml: stack exhaustion in Unmarshal

  Calling Unmarshal on a XML document into a Go struct which has a nested field
  that uses the any field tag can cause a panic due to stack exhaustion.

  This is CVE-2022-30633 and Go issue https://go.dev/issue/53611.

- encoding/xml: stack exhaustion in Decoder.Skip

  Calling Decoder.Skip when parsing a deeply nested XML document can cause a
  panic due to stack exhaustion. The Go Security team discovered this issue, and
  it was independently reported by Juho Nurminen of Mattermost.

  This is CVE-2022-28131 and Go issue https://go.dev/issue/53614.

- encoding/gob: stack exhaustion in Decoder.Decode

  Calling Decoder.Decode on a message which contains deeply nested structures
  can cause a panic due to stack exhaustion.

  This is CVE-2022-30635 and Go issue https://go.dev/issue/53615.

- path/filepath: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-30632 and Go issue https://go.dev/issue/53416.

- io/fs: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  This is CVE-2022-30630 and Go issue https://go.dev/issue/53415.

- go/parser: stack exhaustion in all Parse* functions

  Calling any of the Parse functions on Go source code which contains deeply
  nested types or declarations can cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-1962 and Go issue https://go.dev/issue/53616.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 12:40:24 +02:00
Guillaume Lours 9fdd7d81b3
Merge pull request #9640 from glours/fix-close-network-name-issue
Fix issue with close networks name on up and down command
2022-07-13 10:46:13 +02:00
Guillaume Lours f30f9d9692
keep the container reference when volumes_from target a container and not a service
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-12 13:17:46 +02:00
Guillaume Lours 6c8ff02c07
Merge pull request #9579 from paroque28/patch-1
build.go: initialize CustomLabels map if nil
2022-07-12 12:44:49 +02:00
Pablo Rodriguez Quesada eb06e1ca56
build.go: Access customLabels directly instead of by reference
Accesing the map directly instead of the copy value, otherwise the label doesn't get set.

Signed-off-by: Pablo Rodriguez <pablo.aarch64@gmail.com>
2022-07-11 08:52:23 -06:00
Guillaume Lours 50aa9750ee
check the exact network's name before creating or stopping it
NetworkList API doesn't return the extact name match, so we can retrieve more than one network with a request

Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-11 12:17:22 +02:00
IKEDA Yasuyuki 630c600929 Link to BUILDING.md for testing instructions
Signed-off-by: IKEDA Yasuyuki <devld@ikedam.jp>
2022-07-09 12:05:22 +09:00
Guillaume Lours 5bc4016e70
Merge pull request #9626 from Oriun/patch-1
Fix typo in compose pull documentation
2022-07-08 13:55:00 +02:00
Guillaume Lours ea1ac9d7b7
Merge pull request #9631 from docker/dependabot/go_modules/github.com/cnabio/cnab-to-oci-0.3.5
build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.4 to 0.3.5
2022-07-07 12:11:04 +02:00
dependabot[bot] b8a53cd2a5
build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.4 to 0.3.5
Bumps [github.com/cnabio/cnab-to-oci](https://github.com/cnabio/cnab-to-oci) from 0.3.4 to 0.3.5.
- [Release notes](https://github.com/cnabio/cnab-to-oci/releases)
- [Commits](https://github.com/cnabio/cnab-to-oci/compare/v0.3.4...v0.3.5)

---
updated-dependencies:
- dependency-name: github.com/cnabio/cnab-to-oci
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-07 10:01:05 +00:00
Guillaume Lours 7969667097
Merge pull request #9623 from glours/add-build-and-run-e2e-targets
add new targets to build Compose binary before running e2e tests
2022-07-05 16:45:43 +02:00
Guillaume Lours 40063b4faa
Merge pull request #9615 from glours/use-env-secret-on-build
add support of environment secret during build step
2022-07-05 16:36:40 +02:00
Emmanuel Nuiro f06ab29a84 Fix typo in docker_compose_pull
Signed-off-by: Emmanuel Nuiro <emmanuel@nuiro.me>
2022-07-04 22:29:06 +02:00
Emmanuel Nuiro 7f5c166ec9 Fix typo in compose pull documentation
There was an invalid character between the two backticks at the end of the last snippet, causing the styling to break on the online documentation.

Signed-off-by: Emmanuel Nuiro <emmanuel@nuiro.me>
2022-07-04 21:45:53 +02:00
Vedant Koditkar 960453fa22 Merge branch 'v2' into 8768-avoid-pulling-same-image-multiple-times 2022-07-04 22:00:04 +05:30
Guillaume Lours 978b2f8265
add new targets to build Compose binary before running e2e tests
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-04 15:53:08 +02:00
Guillaume Lours 83744f7e99
Merge pull request #9619 from Jeldo/Fix-syntax-error-on-golangci-run-configuration
Fix golangci syntax error in run configuration
2022-07-04 14:40:11 +02:00
Guillaume Lours 5a1fea8272
Merge pull request #9507 from TheodosiouTh/tc/simplify-flag-conversion
TC: Use switch case to simplify flag conversion and avoid multiple if statements
2022-07-04 09:19:21 +02:00
TaeyoungKwak 94f50b520c Fix golangci syntax error in run configuration
Signed-off-by: TaeyoungKwak <astrokwak@gmail.com>
2022-07-03 01:45:52 +09:00
Guillaume Lours 4debb133a7
add support of environment secret during build step
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
2022-07-01 11:21:49 +02:00
ThedosiouTh 115ac6d529 Use switch/case instead of static map for simplicity
Signed-off-by: ThedosiouTh <thanosthd@gmail.com>
2022-06-30 18:50:24 +03:00