Commit Graph

3914 Commits

Author SHA1 Message Date
Guillaume Lours 1e682a40ac
Merge pull request #10099 from laurazard/use-defaultplatform-create
Use `DOCKER_DEFAULT_PLATFORM` to determine platform when creating container
2022-12-19 14:17:49 +01:00
Laura Brehm 7bc27d441b
Use `DOCKER_DEFAULT_PLATFORM` to determine platform when creating container
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-12-19 11:58:03 +00:00
Nicolas De Loof c1ce53c972 fix regression running pull --ignore-pull-failures
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-19 11:56:03 +01:00
Nicolas De Loof e42673daed only list running containers when --all=false
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-16 21:46:55 +01:00
Milas Bowman c37182b2c5
Merge pull request #10090 from milas/fix-wcow-volume
volume: fix WCOW volume mounts
2022-12-16 13:43:04 -05:00
Milas Bowman ffb95449a2 volume: fix WCOW volume mounts
Do not use the older `Volumes` field in the API; instead rely on
the more robust `Mounts`. For Linux containers, it seems that it's
fine to set both of these. For Windows containers (WCOW), however,
there appears to be a Moby bug that causes it to normalize the
anonymous (`Volumes`) variant to lowercase, which can result in
duplicative volume definitions and an error when trying to start
the container.

Fixes #9577.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-16 09:52:34 -05:00
Guillaume Lours 0eaa249222
Merge pull request #10084 from ndeloof/secret_uid
apply uid/gid when creating secret from environment
2022-12-15 16:26:19 +01:00
Nicolas De Loof 5c1484ece6 apply uid/gid when creating secret from environment
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-15 15:54:04 +01:00
Guillaume Lours 0fedddb008
Merge pull request #10083 from ndeloof/nodeps
use recently introduced `withSelectedServicesOnly` to reduce code duplication
2022-12-15 15:51:29 +01:00
Guillaume Lours aa0720f7e5
Merge pull request #10062 from ndeloof/9554
load project from files when explicitly set by user
2022-12-15 15:50:36 +01:00
Nicolas De Loof 84984864c8 load project from explicit --files when set
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-15 15:38:41 +01:00
Nicolas De Loof 8566daa96e use recently introduced `withSelectedServicesOnly` to reduce code duplication
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-15 15:38:18 +01:00
Guillaume Lours 1b1f783e99
Merge pull request #10076 from ndeloof/timestamp
introduce --timestamp option on compose up
2022-12-15 15:36:56 +01:00
Nicolas De Loof 84ea395d5d introduce --timestamp option on compose up
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-15 12:14:22 +01:00
Gabriel Féron 1cb5536a2e Address review comments
Signed-off-by: Gabriel Féron <g@leirbag.net>
2022-12-15 11:42:14 +01:00
Gabriel Féron e4850d9c48 Add --include-deps to push command
Signed-off-by: Gabriel Féron <g@leirbag.net>
2022-12-15 11:42:14 +01:00
Nicolas De Loof 8c39b5b7fd align `--format` flag and UX with docker cli
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-14 22:53:43 +01:00
Nicolas De Loof bc568eeb9b align `compose ps` output with `docker ps`
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-14 22:53:43 +01:00
Sebastiaan van Stijn a501ab3a2f use StatusError from docker/cli, not "dockerd"
This package is a leftover from when the "docker" cli and the "dockerd"
cli both lived in the same repository. The package in docker/docker will
be (re)moved soon, so replace it with the implementation in docker/cli,
which is the right one :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-14 22:53:18 +01:00
Nicolas De Loof d4a4dcf4ee resolve --env-file as absolute path
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-14 09:43:32 +01:00
Nicolas De Loof 05e987dd0a fix parsing of repository:tag
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-14 09:23:07 +01:00
Nicolas De Loof 0368f19030 distinguish stdout and stderr in `up` logs
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-13 14:42:42 +01:00
Nicolas De Loof 3ee2ab87bb ContainerStart must run sequentially for engine to assing distinct ports within configured range
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-12 16:08:50 +01:00
Nicolas De Loof 8f991a20db Fix corner case when there's no container to attach to
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-09 10:02:56 +01:00
Nicolas De Loof 0234e13454 Don't stop pull for images that can be built
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-08 21:20:04 +01:00
Joyce Brum c342891f3e Squashed commit of the following:
commit 72293cbe879bcd1fff610eace6929922c4a4d668
Author: Joyce Brum <joycebrum@google.com>
Date:   Thu Nov 3 10:20:52 2022 -0300

    fix: upgrade scorecard action to 2.0.6

    Signed-off-by: Joyce Brum <joycebrum@google.com>

commit 39451ef36f4ce71053c59c3a238d95752be05136
Author: Joyce <joycebrumu.u@gmail.com>
Date:   Wed Sep 14 17:52:59 2022 -0300

    Change to the original repository

    Signed-off-by: Joyce <joycebrumu.u@gmail.com>
    Signed-off-by: Joyce Brum <joycebrum@google.com>

commit ddcccaa14b8ef928a4bc8ba38429d8a442806ae9
Author: Joyce <joycebrumu.u@gmail.com>
Date:   Wed Sep 14 17:51:26 2022 -0300

    Add scorecard badge

    Signed-off-by: Joyce <joycebrumu.u@gmail.com>
    Signed-off-by: Joyce Brum <joycebrum@google.com>

commit 8ac265f0ee197e30862c0510b01dce2bc350e129
Author: Joyce <joycebrumu.u@gmail.com>
Date:   Wed Sep 14 17:49:49 2022 -0300

    Configure Scorecard action 2.0.3

    Signed-off-by: Joyce <joycebrumu.u@gmail.com>

Signed-off-by: Joyce Brum <joycebrum@google.com>
2022-12-08 21:11:39 +01:00
Guillaume Lours 40fb42e0c9
Merge pull request #10055 from docker/dependabot/go_modules/github.com/containerd/containerd-1.6.12
build(deps): bump github.com/containerd/containerd from 1.6.10 to 1.6.12
2022-12-08 20:08:34 +01:00
dependabot[bot] 8ef3494711 build(deps): bump github.com/containerd/containerd from 1.6.10 to 1.6.12
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.6.10 to 1.6.12.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.6.10...v1.6.12)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-08 19:56:57 +01:00
Guillaume Lours be74c90f50
Merge pull request #10059 from glours/remve-e2e-go.mod
remove go.* from e2e tests directory
2022-12-08 19:56:34 +01:00
Guillaume Lours cc247fdb84 remove go.* from e2e tests directory
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-12-08 19:06:22 +01:00
nitin mewar a4ac6ab694 added table of contents inside readme
Signed-off-by: nitin mewar <nitinmewar28@gmail.com>
2022-12-08 17:02:38 +01:00
Milas Bowman a5823b12f9
Merge pull request #10048 from thaJeztah/update_go_1.19.4
update to go1.19.4
2022-12-07 17:13:35 -05:00
Milas Bowman b27ace6c55
Merge pull request #10051 from ndeloof/9897
fix race condition collecting pulled images IDs
2022-12-07 17:12:39 -05:00
Nicolas De Loof a73dce44b3 fix race condition collecting pulled images IDs
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-07 21:33:44 +01:00
Nicolas De Loof 804d7163a7 detect required service are gone to stop watching
explicit API to stop the log printer

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-07 21:07:27 +01:00
Sebastiaan van Stijn cc60026c7b
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

The golang.org/x/net fix is in 1e63c2f08a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-07 10:22:50 +01:00
Guillaume Lours 6b4ad0d1db
Merge pull request #10047 from thaJeztah/cleanup_output
Cleanup tips from output
2022-12-06 23:37:38 +01:00
Sebastiaan van Stijn 87a0a57f70 Cleanup tips from output
The scan tip has been shown for two years, and most users will know
about it by now. Presenting the message also involved checking if the
plugin was installed, and wether or not the message was shown before,
which also caused some overhead, so cleaning up the output a bit.

The corresponding DOCKER_SCAN_SUGGEST environment-variable is also
removed with this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:29:03 +01:00
Guillaume Lours c80d52aded
Merge pull request #10049 from glours/fix-flaky-tests
check only running containers in after down tests of profiles e2e tests
2022-12-06 23:28:51 +01:00
Guillaume Lours 95bc6c58b7
check only running containers in after down tests of profiles e2e tests
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-12-06 23:17:14 +01:00
Laura Brehm be30c67633
Merge pull request #10045 from docker/dependabot/go_modules/go.opentelemetry.io/otel-1.11.2
build(deps): bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2
2022-12-06 13:24:33 +00:00
Laura Brehm 57a1e1e0df
Update `e2e` mod deps
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-12-06 13:13:17 +00:00
dependabot[bot] 02305756b3
build(deps): bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-06 09:07:31 +00:00
Guillaume Lours 12dad4f8d0
Merge pull request #10030 from ndeloof/max_concurrency
introduce --parallel to limit concurrent engine calls
2022-12-06 09:45:57 +01:00
Nicolas De Loof a0acc20d88
introduce --parallel to limit concurrent engine calls
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-06 08:15:50 +01:00
Milas Bowman 053f20edab
port: improve error-handling if port not found (#10039)
This method looked slightly incomplete. If the port wasn't found,
it'd return `err`, but that was always `nil`, so we'd print out
`:0`.

Now, we construct a nice error message with the targeted port and
the ones we found.

The `--protocol` flag is also now case-insensitive to prevent any
weirdness/confusion there.

Co-authored-by: Nick Sieger <nicksieger@gmail.com>
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-05 22:11:45 +00:00
Guillaume Lours 6ed9a7928f
Merge pull request #10037 from milas/go-1.19.3
ci: upgrade to Go 1.19.3 & bump deps
2022-12-02 17:40:50 +01:00
Milas Bowman 9b8d520b7d ci: upgrade to Go 1.19.3 & bump deps
Upgrade to Go 1.19.3 (from 1.19.2) and bump a couple dependencies.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 11:24:46 -05:00
Milas Bowman 113fb6732d
schema: add support for tmpfs.mode in mount definition (#10031)
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes #9873.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 11:21:53 -05:00
Milas Bowman b9e5f9e917
test: speed up Cucumber stop test (#10032)
Evidently `ping` doesn't respond to `SIGTERM`, so use `init` to
get Tini supervising it. This changes the exit code to 143 since
it's not hitting the 10s timeout and getting a `SIGKILL` (137).

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 09:34:06 -05:00