Commit Graph

4248 Commits

Author SHA1 Message Date
Guillaume Lours 0b6133f75b
Merge pull request #10406 from milas/fix-name-validation
ci: bump compose-go to v1.13.2
2023-03-26 16:09:47 +02:00
Milas Bowman b24af42bcc ci: bump compose-go to v1.13.2
https://github.com/compose-spec/compose-go/releases/tag/v1.13.2

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-26 09:55:53 -04:00
Milas Bowman cc70851bc8
Merge pull request #10403 from milas/fix-e2e-win
test: fix e2e commands on Windows
2023-03-24 12:13:42 -04:00
Milas Bowman 3b85cd2fa9 test: fix e2e commands on Windows
Instead of trying to make this work nicely cross-platform,
just push the Coverage logic into the GitHub Actions job,
as that's really where we care about it.

(It's surprisingly difficult to make this nicely portable;
to make PowerShell not error out if the path does not exist
you have to ignore ALL errors and the way that env vars are
passed to processes is not the same.)

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-24 11:50:05 -04:00
Milas Bowman d818bf6f34
Merge pull request #10401 from milas/deps-update
ci: upgrade to Go 1.20.2 & bump deps
2023-03-24 11:05:53 -04:00
Milas Bowman 45a852f438 test: generate valid Compose project names from Cucumber specs
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-24 10:54:33 -04:00
Milas Bowman f0bf4fca76
Merge pull request #10402 from milas/fix-e2e-race
test: fix race in e2e build test
2023-03-24 10:44:54 -04:00
Milas Bowman cd17c8a950 test: update error message
Validation got improved in `compose-go` so the error message is
slightly different.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-24 10:42:43 -04:00
Milas Bowman 36625ed229 test: fix race in e2e build test
This was running two tests in parallel that would build/delete the
same images. Run in serial instead since that's not safe.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-24 10:32:55 -04:00
Milas Bowman a6ffdf6110 ci: upgrade to Go 1.20.2 & bump deps
* Go 1.20.2
* golangci-lint v1.52.0
* compose-go v1.13.1: https://github.com/compose-spec/compose-go/releases/tag/v1.13.1

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-24 09:31:28 -04:00
Milas Bowman 72260d615d
Merge pull request #10400 from docker/dependabot/go_modules/github.com/moby/buildkit-0.11.5
build(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5
2023-03-24 09:12:51 -04:00
Milas Bowman fd28ab8d38
Merge pull request #10399 from ndeloof/watch_rebuild
watch involves up --build after change has been detected
2023-03-24 09:10:56 -04:00
dependabot[bot] 9ab5d8c44e
build(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.5
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-24 10:00:03 +00:00
Nicolas De Loof d637cc3ade watch involves up --build after change has been detected
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-24 10:49:27 +01:00
Milas Bowman 925bc6fbf3
Merge pull request #10393 from milas/fix-watch-segfault
watch: data race / segfault fixes
2023-03-23 17:07:49 -04:00
Milas Bowman 16d5354d70 watch: add note about goroutine-safety & test
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-23 11:33:03 -04:00
Milas Bowman 7aaea283ca watch: data race / segfault fixes
Was getting segfaults with multiple services using
`x-develop` and `watch` at the same time. Turns out
the Moby path matcher lazily initializes the regex
pattern internally the first time it's used, so it's
not goroutine-safe.

Change here is to not use a global instance for the
ephemeral path matcher, but a per-watcher instance.

Additionally, the data race detector caught a couple
other issues that were easy enough to fix:
 * Use the lock that's used elsewhere for convergence
   before manipulating
 * Eliminate concurrent map access when triggering
   rebuilds

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-22 18:05:56 -04:00
Guillaume Lours 6bedc196cc update -p project name flag documentation
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-22 10:53:54 +01:00
Nicolas De Loof a11515e038 introduce `ignore` attribute for watch triggers
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-21 18:29:49 +01:00
Nicolas De Loof 6c1f06e420 Run classic builder with BuildConfig, not buildx.Options
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-21 15:37:55 +01:00
Nicolas De Loof 88b0d17ff8 use `build` as common API for build scenarios
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-21 15:37:55 +01:00
Nicolas De Loof 9e19bc8441 use progress to show copy status
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-21 14:40:52 +01:00
Guillaume Lours bef9c48a1a
Merge pull request #10386 from milas/fw-renames
watch: add file delete/rename handling
2023-03-21 13:48:56 +01:00
Milas Bowman 105a7c5b70 watch: add file delete/rename handling
This approach mimics Tilt's behavior[^1]:
 1. At sync time, `stat` the path on host
 2. If the path does not exist -> `rm` from container
 3. If the path exists -> sync to container

By handling things this way, we're always syncing based on the true
state, regardless of what's happened in the interim. For example, a
common pattern in POSIX tools is to create a file and then rename it
over an existing file. Based on timing, this could be a sync, delete,
sync (every file gets seen & processed) OR a delete, sync (by the
the time we process the event, the "temp" file is already gone, so
we just delete it from the container, where it never existed, but
that's fine since we deletes are idempotent thanks to the `-f` flag
on `rm`).

Additionally, when syncing, if the `stat` call shows it's for a
directory, we ignore it. Otherwise, duplicate, nested copies of the
entire path could get synced in. (On some OSes, an event for the
directory gets dispatched when a file inside of it is modified. In
practice, I think we might want this pushed further down in the
watching code, but since we're already `stat`ing the paths here now,
it's a good place to handle it.)

Lastly, there's some very light changes to the text when it does a
full rebuild that will list out the (merged) set of paths that
triggered it. We can continue to improve the output, but this is
really helpful for understanding why it's rebuilding.

[^1]: db7f887b06/internal/controllers/core/liveupdate/reconciler.go (L911)

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2023-03-21 08:37:18 -04:00
Laura Brehm 03f0ed132d
Merge pull request #10352 from docker/dependabot/go_modules/github.com/docker/buildx-0.10.4
build(deps): bump github.com/docker/buildx from 0.10.3 to 0.10.4
2023-03-19 21:11:57 +00:00
Laura Brehm f7a13aee11
build(deps): bump github.com/docker/buildx from 0.10.3 to 0.10.4
Bumps [github.com/docker/buildx](https://github.com/docker/buildx) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/docker/buildx/releases)
- [Commits](https://github.com/docker/buildx/compare/v0.10.3...v0.10.4)

---
updated-dependencies:
- dependency-name: github.com/docker/buildx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-03-19 20:59:58 +00:00
Luis Rascao bfeb1dc277 Fix concurrent map read/write when recreating containers
Signed-off-by: Luis Rascao <luis.rascao@gmail.com>
2023-03-19 21:56:06 +01:00
Laura Brehm 9ec43973e2
Merge pull request #10353 from docker/dependabot/go_modules/github.com/moby/buildkit-0.11.4
build(deps): bump github.com/moby/buildkit from 0.11.3 to 0.11.4
2023-03-19 20:40:31 +00:00
dependabot[bot] 0b41df9821
build(deps): bump github.com/moby/buildkit from 0.11.3 to 0.11.4
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.3 to 0.11.4.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.11.3...v0.11.4)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-19 20:28:31 +00:00
Guillaume Lours 643557d534 build and push binaries images when a PR is merged or a tag pushed
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-16 11:23:49 +01:00
Laura Brehm 200f47e5be Add support for `additional_contexts` in `build` service config
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-03-15 14:00:51 +01:00
Nicolas De Loof e0aaccf430 introduce dockerfile_inline
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-15 10:19:04 +01:00
Nicolas De Loof 754c06886f one off container name use configured Separator for naming
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-15 09:47:43 +01:00
Nicolas De Loof e492330dd5 collect built image IDs
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-15 09:47:32 +01:00
Nicolas De Loof bbe1b77a67 progress writer uses dockercli.Err stream
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-15 09:47:13 +01:00
Tianon Gravi fc4d2dfdd8 Remove "-s" from LDFLAGS
While this stripping does decrease the binary size by some amount, it also removes the ability for `govulncheck` (https://go.dev/blog/vuln) to scan the binary for actual uses of vulnerable functions, requiring the user to clone the code locally and hope they're testing against the same version of the stdlib, etc that the binary was built with.  If we stop passing `-s`, then we can then run `govulncheck` on the binary directly (making it easier to flag both false positives in CVE scans _and_ actual issues worth looking into).

Here's an example of the output on a freshly built binary with this change:

```console
$ govulncheck ./bin/build/docker-compose
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 27 Feb 23 16:29 UTC).

Scanning your binary for known vulnerabilities...
No vulnerabilities found.
```

Compared to the 1.16.0 release binary:

```console
$ govulncheck ./docker-compose
go: downloading golang.org/x/vuln v0.0.0-20230224180816-edec1fb0a9c7
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 27 Feb 23 16:29 UTC).

Scanning your binary for known vulnerabilities...
govulncheck: vulncheck.Binary: reading go:func.*: no symbol "go:func.*"
```

It's not 100% apples-to-apples, but the size difference between these binaries is ~46MiB for the 1.16.0 release and ~52MiB for the binary I built from this commit.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2023-03-13 08:16:48 +00:00
Nicolas De Loof 85ddfde5d6 use go 1.20 -cover support
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-10 16:54:39 +00:00
Nicolas De Loof 6a0398d786 pad can be negative on small terminal
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-09 10:27:43 +00:00
Guillaume Lours 4434cea535 add dry-run support for push command
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-08 14:23:57 +00:00
Guillaume Lours 62fbf20887
Merge pull request #10341 from glours/dry-run-pull-support
add dry-run support for pull command
2023-03-06 11:13:42 +01:00
Guillaume Lours 3f7d3c2661 add dry-run support for pull command
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-05 22:04:32 +01:00
Nicolas De Loof 9cc1613b55 adopt http://no-color.org/
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-03 11:15:40 +01:00
Guillaume Lours c4b47fe911
Merge pull request #10339 from glours/dry-run-restart-support
Dry run restart support
2023-03-02 10:25:51 +01:00
Guillaume Lours 167c6a89b1 add dry-run support to restart command
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-02 10:14:59 +01:00
Guillaume Lours a84345be8f
Merge pull request #10338 from glours/fix-restart-depends_on
restart only needed services by checking depends_on relations
2023-03-02 10:14:28 +01:00
Guillaume Lours 3cfbac6624
restart only needed services by checking depends_on relations
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2023-03-01 18:22:40 +01:00
Nicolas De Loof a3bed265f2 update compose-go
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-01 17:14:53 +01:00
Nicolas De Loof ae26426cc8 Report error if project name is empty after normalization
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-01 16:37:43 +01:00
Nicolas De Loof 4ea44797f5 only consider containers with config_hash labels (i.e, created by compose)
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-03-01 15:46:50 +01:00
Guillaume Lours a99a0b50ef
Merge pull request #10320 from milas/e2e-win-pause
test: tweak pause test to try and prevent failures in Windows CI
2023-03-01 10:36:11 +01:00