vendor: update moby/buildkit

Update modules:

  go mod edit -require github.com/moby/buildkit@master
  go mod tidy -compat=1.17 && ./hack/update-vendor

Signed-off-by: Justin Chadwell <me@jedevc.com>

vendor/github.com/moby/buildkit/client/connhelper/dockercontainer/dockercontainer.go

@@ -0,0 +1,56 @@
+// Package dockercontainer provides connhelper for docker-container://<container>
+package dockercontainer
+
+import (
+	"context"
+	"net"
+	"net/url"
+
+	"github.com/docker/cli/cli/connhelper/commandconn"
+	"github.com/moby/buildkit/client/connhelper"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	connhelper.Register("docker-container", Helper)
+}
+
+// Helper returns helper for connecting to a Docker container.
+// Requires BuildKit v0.5.0 or later in the container.
+func Helper(u *url.URL) (*connhelper.ConnectionHelper, error) {
+	sp, err := SpecFromURL(u)
+	if err != nil {
+		return nil, err
+	}
+	return &connhelper.ConnectionHelper{
+		ContextDialer: func(ctx context.Context, addr string) (net.Conn, error) {
+			ctxFlags := []string{}
+			if sp.Context != "" {
+				ctxFlags = append(ctxFlags, "--context="+sp.Context)
+			}
+			// using background context because context remains active for the duration of the process, after dial has completed
+			return commandconn.New(context.Background(), "docker", append(ctxFlags, []string{"exec", "-i", sp.Container, "buildctl", "dial-stdio"}...)...)
+		},
+	}, nil
+}
+
+// Spec
+type Spec struct {
+	Context   string
+	Container string
+}
+
+// SpecFromURL creates Spec from URL.
+// URL is like docker-container://<container>?context=<context>
+// Only <container> part is mandatory.
+func SpecFromURL(u *url.URL) (*Spec, error) {
+	q := u.Query()
+	sp := Spec{
+		Context:   q.Get("context"),
+		Container: u.Hostname(),
+	}
+	if sp.Container == "" {
+		return nil, errors.New("url lacks container name")
+	}
+	return &sp, nil
+}

vendor/github.com/moby/buildkit/client/connhelper/kubepod/kubepod.go

@@ -0,0 +1,78 @@
+// Package kubepod provides connhelper for kube-pod://<pod>
+package kubepod
+
+import (
+	"context"
+	"net"
+	"net/url"
+	"regexp"
+
+	"github.com/docker/cli/cli/connhelper/commandconn"
+	"github.com/moby/buildkit/client/connhelper"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	connhelper.Register("kube-pod", Helper)
+}
+
+// Helper returns helper for connecting to a Kubernetes pod.
+// Requires BuildKit v0.5.0 or later in the pod.
+func Helper(u *url.URL) (*connhelper.ConnectionHelper, error) {
+	sp, err := SpecFromURL(u)
+	if err != nil {
+		return nil, err
+	}
+	return &connhelper.ConnectionHelper{
+		ContextDialer: func(ctx context.Context, addr string) (net.Conn, error) {
+			// using background context because context remains active for the duration of the process, after dial has completed
+			return commandconn.New(context.Background(), "kubectl", "--context="+sp.Context, "--namespace="+sp.Namespace,
+				"exec", "--container="+sp.Container, "-i", sp.Pod, "--", "buildctl", "dial-stdio")
+		},
+	}, nil
+}
+
+// Spec
+type Spec struct {
+	Context   string
+	Namespace string
+	Pod       string
+	Container string
+}
+
+// SpecFromURL creates Spec from URL.
+// URL is like kube-pod://<pod>?context=<context>&namespace=<namespace>&container=<container> .
+// Only <pod> part is mandatory.
+func SpecFromURL(u *url.URL) (*Spec, error) {
+	q := u.Query()
+	sp := Spec{
+		Context:   q.Get("context"),
+		Namespace: q.Get("namespace"),
+		Pod:       u.Hostname(),
+		Container: q.Get("container"),
+	}
+	if sp.Context != "" && !validKubeIdentifier(sp.Context) {
+		return nil, errors.Errorf("unsupported context name: %q", sp.Context)
+	}
+	if sp.Namespace != "" && !validKubeIdentifier(sp.Namespace) {
+		return nil, errors.Errorf("unsupported namespace name: %q", sp.Namespace)
+	}
+	if sp.Pod == "" {
+		return nil, errors.New("url lacks pod name")
+	}
+	if !validKubeIdentifier(sp.Pod) {
+		return nil, errors.Errorf("unsupported pod name: %q", sp.Pod)
+	}
+	if sp.Container != "" && !validKubeIdentifier(sp.Container) {
+		return nil, errors.Errorf("unsupported container name: %q", sp.Container)
+	}
+	return &sp, nil
+}
+
+var kubeIdentifierRegexp = regexp.MustCompile(`^[-a-z0-9.]+$`)
+
+// validKubeIdentifier: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+// The length is not checked because future version of Kube may support longer identifiers.
+func validKubeIdentifier(s string) bool {
+	return kubeIdentifierRegexp.MatchString(s)
+}

vendor/github.com/moby/buildkit/client/connhelper/ssh/ssh.go

@@ -0,0 +1,78 @@
+// Package ssh provides connhelper for ssh://<SSH URL>
+package ssh
+
+import (
+	"context"
+	"net"
+	"net/url"
+
+	"github.com/docker/cli/cli/connhelper/commandconn"
+	"github.com/moby/buildkit/client/connhelper"
+	"github.com/pkg/errors"
+)
+
+func init() {
+	connhelper.Register("ssh", Helper)
+}
+
+// Helper returns helper for connecting through an SSH URL.
+func Helper(u *url.URL) (*connhelper.ConnectionHelper, error) {
+	sp, err := SpecFromURL(u)
+	if err != nil {
+		return nil, err
+	}
+	return &connhelper.ConnectionHelper{
+		ContextDialer: func(ctx context.Context, addr string) (net.Conn, error) {
+			args := []string{}
+			if sp.User != "" {
+				args = append(args, "-l", sp.User)
+			}
+			if sp.Port != "" {
+				args = append(args, "-p", sp.Port)
+			}
+			args = append(args, "--", sp.Host)
+			args = append(args, "buildctl")
+			if socket := sp.Socket; socket != "" {
+				args = append(args, "--addr", "unix://"+socket)
+			}
+			args = append(args, "dial-stdio")
+			// using background context because context remains active for the duration of the process, after dial has completed
+			return commandconn.New(context.Background(), "ssh", args...)
+		},
+	}, nil
+}
+
+// Spec
+type Spec struct {
+	User   string
+	Host   string
+	Port   string
+	Socket string
+}
+
+// SpecFromURL creates Spec from URL.
+// URL is like ssh://<user>@host:<port>
+// Only <host> part is mandatory.
+func SpecFromURL(u *url.URL) (*Spec, error) {
+	sp := Spec{
+		Host:   u.Hostname(),
+		Port:   u.Port(),
+		Socket: u.Path,
+	}
+	if user := u.User; user != nil {
+		sp.User = user.Username()
+		if _, ok := user.Password(); ok {
+			return nil, errors.New("plain-text password is not supported")
+		}
+	}
+	if sp.Host == "" {
+		return nil, errors.Errorf("no host specified")
+	}
+	if u.RawQuery != "" {
+		return nil, errors.Errorf("extra query after the host: %q", u.RawQuery)
+	}
+	if u.Fragment != "" {
+		return nil, errors.Errorf("extra fragment after the host: %q", u.Fragment)
+	}
+	return &sp, nil
+}

vendor/github.com/moby/buildkit/client/llb/marshal.go

@@ -87,10 +87,7 @@ func MarshalConstraints(base, override *Constraints) (*pb.Op, *pb.OpMetadata) {
 		c.Platform = p
 	}
 
-	for _, wc := range override.WorkerConstraints {
-		c.WorkerConstraints = append(c.WorkerConstraints, wc)
-	}
-
+	c.WorkerConstraints = append(c.WorkerConstraints, override.WorkerConstraints...)
 	c.Metadata = mergeMetadata(c.Metadata, override.Metadata)
 
 	if c.Platform == nil {

vendor/github.com/moby/buildkit/client/llb/resolver.go

@@ -23,6 +23,12 @@ func ResolveDigest(v bool) ImageOption {
 	})
 }
 
+func WithLayerLimit(l int) ImageOption {
+	return imageOptionFunc(func(ii *ImageInfo) {
+		ii.layerLimit = &l
+	})
+}
+
 // ImageMetaResolver can resolve image config metadata from a reference
 type ImageMetaResolver interface {
 	ResolveImageConfig(ctx context.Context, ref string, opt ResolveImageConfigOpt) (digest.Digest, []byte, error)

vendor/github.com/moby/buildkit/client/llb/source.go

@@ -116,6 +116,11 @@ func Image(ref string, opts ...ImageOption) State {
 		attrs[pb.AttrImageRecordType] = info.RecordType
 	}
 
+	if ll := info.layerLimit; ll != nil {
+		attrs[pb.AttrImageLayerLimit] = strconv.FormatInt(int64(*ll), 10)
+		addCap(&info.Constraints, pb.CapSourceImageLayerLimit)
+	}
+
 	src := NewSource("docker-image://"+ref, attrs, info.Constraints) // controversial
 	if err != nil {
 		src.err = err
@@ -204,6 +209,7 @@ type ImageInfo struct {
 	metaResolver  ImageMetaResolver
 	resolveDigest bool
 	resolveMode   ResolveMode
+	layerLimit    *int
 	RecordType    string
 }
 

vendor/github.com/moby/buildkit/client/llb/state.go

@@ -619,9 +619,7 @@ var (
 
 func Require(filters ...string) ConstraintsOpt {
 	return constraintsOptFunc(func(c *Constraints) {
-		for _, f := range filters {
-			c.WorkerConstraints = append(c.WorkerConstraints, f)
-		}
+		c.WorkerConstraints = append(c.WorkerConstraints, filters...)
 	})
 }
 

vendor/github.com/moby/buildkit/client/solve.go

@@ -24,6 +24,7 @@ import (
 	"github.com/moby/buildkit/util/entitlements"
 	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil"
 	fstypes "github.com/tonistiigi/fsutil/types"
 	"go.opentelemetry.io/otel/trace"
 	"golang.org/x/sync/errgroup"
@@ -342,10 +343,10 @@ func prepareSyncedDirs(def *llb.Definition, localDirs map[string]string) ([]file
 			return nil, errors.Errorf("%s not a directory", d)
 		}
 	}
-	resetUIDAndGID := func(p string, st *fstypes.Stat) bool {
+	resetUIDAndGID := func(p string, st *fstypes.Stat) fsutil.MapResult {
 		st.Uid = 0
 		st.Gid = 0
-		return true
+		return fsutil.MapResultKeep
 	}
 
 	dirs := make([]filesync.SyncedDir, 0, len(localDirs))