vendor: update buildkit to v0.11.0-rc4

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> Signed-off-by: Justin Chadwell <me@jedevc.com>
2025-07-09 21:17:09 +08:00 · 2023-01-06 11:22:18 +00:00
parent ff6754eb04
commit 60c9cf74ce
30 changed files with 2648 additions and 542 deletions
--- a/vendor/github.com/moby/buildkit/client/llb/resolver.go
+++ b/vendor/github.com/moby/buildkit/client/llb/resolver.go
@ -42,9 +42,16 @@ const (
 )

 type ResolveImageConfigOpt struct {
-	Platform     *ocispecs.Platform
-	ResolveMode  string
-	LogName      string
-	ResolverType // default is ResolverTypeRegistry
-	SessionID    string
+	ResolverType
+
+	Platform    *ocispecs.Platform
+	ResolveMode string
+	LogName     string
+
+	Store ResolveImageConfigOptStore
+}
+
+type ResolveImageConfigOptStore struct {
+	SessionID string
+	StoreID   string
 }
--- a/vendor/github.com/moby/buildkit/client/llb/source.go
+++ b/vendor/github.com/moby/buildkit/client/llb/source.go
@ -4,7 +4,6 @@ import (
 	"context"
 	_ "crypto/sha256" // for opencontainers/go-digest
 	"encoding/json"
-	"fmt"
 	"os"
 	"strconv"
 	"strings"
@ -455,7 +454,7 @@ func Differ(t DiffType, required bool) LocalOption {
 	})
 }

-func OCILayout(store string, digest digest.Digest, opts ...OCILayoutOption) State {
+func OCILayout(ref string, opts ...OCILayoutOption) State {
 	gi := &OCILayoutInfo{}

 	for _, o := range opts {
@ -464,17 +463,17 @@ func OCILayout(store string, digest digest.Digest, opts ...OCILayoutOption) Stat
 	attrs := map[string]string{}
 	if gi.sessionID != "" {
 		attrs[pb.AttrOCILayoutSessionID] = gi.sessionID
-		addCap(&gi.Constraints, pb.CapSourceOCILayoutSessionID)
 	}
-
-	if ll := gi.layerLimit; ll != nil {
-		attrs[pb.AttrOCILayoutLayerLimit] = strconv.FormatInt(int64(*ll), 10)
-		addCap(&gi.Constraints, pb.CapSourceOCILayoutLayerLimit)
+	if gi.storeID != "" {
+		attrs[pb.AttrOCILayoutStoreID] = gi.storeID
+	}
+	if gi.layerLimit != nil {
+		attrs[pb.AttrOCILayoutLayerLimit] = strconv.FormatInt(int64(*gi.layerLimit), 10)
 	}

 	addCap(&gi.Constraints, pb.CapSourceOCILayout)

-	source := NewSource(fmt.Sprintf("oci-layout://%s@%s", store, digest), attrs, gi.Constraints)
+	source := NewSource("oci-layout://"+ref, attrs, gi.Constraints)
 	return NewState(source.Output())
 }

@ -488,9 +487,10 @@ func (fn ociLayoutOptionFunc) SetOCILayoutOption(li *OCILayoutInfo) {
 	fn(li)
 }

-func OCISessionID(id string) OCILayoutOption {
+func OCIStore(sessionID string, storeID string) OCILayoutOption {
 	return ociLayoutOptionFunc(func(oi *OCILayoutInfo) {
-		oi.sessionID = id
+		oi.sessionID = sessionID
+		oi.storeID = storeID
 	})
 }

@ -503,6 +503,7 @@ func OCILayerLimit(limit int) OCILayoutOption {
 type OCILayoutInfo struct {
 	constraintsWrapper
 	sessionID  string
+	storeID    string
 	layerLimit *int
 }

--- a/vendor/github.com/moby/buildkit/client/ociindex/ociindex.go
+++ b/vendor/github.com/moby/buildkit/client/ociindex/ociindex.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"io"
 	"os"
+	"path"

 	"github.com/gofrs/flock"
 	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
@ -11,16 +12,132 @@ import (
 )

 const (
-	// IndexJSONLockFileSuffix is the suffix of the lock file
-	IndexJSONLockFileSuffix = ".lock"
+	// indexFile is the name of the index file
+	indexFile = "index.json"
+
+	// lockFileSuffix is the suffix of the lock file
+	lockFileSuffix = ".lock"
 )

-// PutDescToIndex puts desc to index with tag.
-// Existing manifests with the same tag will be removed from the index.
-func PutDescToIndex(index *ocispecs.Index, desc ocispecs.Descriptor, tag string) error {
-	if index == nil {
-		index = &ocispecs.Index{}
+type StoreIndex struct {
+	indexPath string
+	lockPath  string
+}
+
+func NewStoreIndex(storePath string) StoreIndex {
+	indexPath := path.Join(storePath, indexFile)
+	return StoreIndex{
+		indexPath: indexPath,
+		lockPath:  indexPath + lockFileSuffix,
 	}
+}
+
+func (s StoreIndex) Read() (*ocispecs.Index, error) {
+	lock := flock.New(s.lockPath)
+	locked, err := lock.TryRLock()
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not lock %s", s.lockPath)
+	}
+	if !locked {
+		return nil, errors.Errorf("could not lock %s", s.lockPath)
+	}
+	defer func() {
+		lock.Unlock()
+		os.RemoveAll(s.lockPath)
+	}()
+
+	b, err := os.ReadFile(s.indexPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not read %s", s.indexPath)
+	}
+	var idx ocispecs.Index
+	if err := json.Unmarshal(b, &idx); err != nil {
+		return nil, errors.Wrapf(err, "could not unmarshal %s (%q)", s.indexPath, string(b))
+	}
+	return &idx, nil
+}
+
+func (s StoreIndex) Put(tag string, desc ocispecs.Descriptor) error {
+	lock := flock.New(s.lockPath)
+	locked, err := lock.TryLock()
+	if err != nil {
+		return errors.Wrapf(err, "could not lock %s", s.lockPath)
+	}
+	if !locked {
+		return errors.Errorf("could not lock %s", s.lockPath)
+	}
+	defer func() {
+		lock.Unlock()
+		os.RemoveAll(s.lockPath)
+	}()
+
+	f, err := os.OpenFile(s.indexPath, os.O_RDWR|os.O_CREATE, 0644)
+	if err != nil {
+		return errors.Wrapf(err, "could not open %s", s.indexPath)
+	}
+	defer f.Close()
+
+	var idx ocispecs.Index
+	b, err := io.ReadAll(f)
+	if err != nil {
+		return errors.Wrapf(err, "could not read %s", s.indexPath)
+	}
+	if len(b) > 0 {
+		if err := json.Unmarshal(b, &idx); err != nil {
+			return errors.Wrapf(err, "could not unmarshal %s (%q)", s.indexPath, string(b))
+		}
+	}
+
+	if err = insertDesc(&idx, desc, tag); err != nil {
+		return err
+	}
+
+	b, err = json.Marshal(idx)
+	if err != nil {
+		return err
+	}
+	if _, err = f.WriteAt(b, 0); err != nil {
+		return err
+	}
+	if err = f.Truncate(int64(len(b))); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s StoreIndex) Get(tag string) (*ocispecs.Descriptor, error) {
+	idx, err := s.Read()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, m := range idx.Manifests {
+		if t, ok := m.Annotations[ocispecs.AnnotationRefName]; ok && t == tag {
+			return &m, nil
+		}
+	}
+	return nil, nil
+}
+
+func (s StoreIndex) GetSingle() (*ocispecs.Descriptor, error) {
+	idx, err := s.Read()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(idx.Manifests) == 1 {
+		return &idx.Manifests[0], nil
+	}
+	return nil, nil
+}
+
+// insertDesc puts desc to index with tag.
+// Existing manifests with the same tag will be removed from the index.
+func insertDesc(index *ocispecs.Index, desc ocispecs.Descriptor, tag string) error {
+	if index == nil {
+		return nil
+	}
+
 	if index.SchemaVersion == 0 {
 		index.SchemaVersion = 2
 	}
@ -41,73 +158,3 @@ func PutDescToIndex(index *ocispecs.Index, desc ocispecs.Descriptor, tag string)
 	index.Manifests = append(index.Manifests, desc)
 	return nil
 }
-
-func PutDescToIndexJSONFileLocked(indexJSONPath string, desc ocispecs.Descriptor, tag string) error {
-	lockPath := indexJSONPath + IndexJSONLockFileSuffix
-	lock := flock.New(lockPath)
-	locked, err := lock.TryLock()
-	if err != nil {
-		return errors.Wrapf(err, "could not lock %s", lockPath)
-	}
-	if !locked {
-		return errors.Errorf("could not lock %s", lockPath)
-	}
-	defer func() {
-		lock.Unlock()
-		os.RemoveAll(lockPath)
-	}()
-	f, err := os.OpenFile(indexJSONPath, os.O_RDWR|os.O_CREATE, 0644)
-	if err != nil {
-		return errors.Wrapf(err, "could not open %s", indexJSONPath)
-	}
-	defer f.Close()
-	var idx ocispecs.Index
-	b, err := io.ReadAll(f)
-	if err != nil {
-		return errors.Wrapf(err, "could not read %s", indexJSONPath)
-	}
-	if len(b) > 0 {
-		if err := json.Unmarshal(b, &idx); err != nil {
-			return errors.Wrapf(err, "could not unmarshal %s (%q)", indexJSONPath, string(b))
-		}
-	}
-	if err = PutDescToIndex(&idx, desc, tag); err != nil {
-		return err
-	}
-	b, err = json.Marshal(idx)
-	if err != nil {
-		return err
-	}
-	if _, err = f.WriteAt(b, 0); err != nil {
-		return err
-	}
-	if err = f.Truncate(int64(len(b))); err != nil {
-		return err
-	}
-	return nil
-}
-
-func ReadIndexJSONFileLocked(indexJSONPath string) (*ocispecs.Index, error) {
-	lockPath := indexJSONPath + IndexJSONLockFileSuffix
-	lock := flock.New(lockPath)
-	locked, err := lock.TryRLock()
-	if err != nil {
-		return nil, errors.Wrapf(err, "could not lock %s", lockPath)
-	}
-	if !locked {
-		return nil, errors.Errorf("could not lock %s", lockPath)
-	}
-	defer func() {
-		lock.Unlock()
-		os.RemoveAll(lockPath)
-	}()
-	b, err := os.ReadFile(indexJSONPath)
-	if err != nil {
-		return nil, errors.Wrapf(err, "could not read %s", indexJSONPath)
-	}
-	var idx ocispecs.Index
-	if err := json.Unmarshal(b, &idx); err != nil {
-		return nil, errors.Wrapf(err, "could not unmarshal %s (%q)", indexJSONPath, string(b))
-	}
-	return &idx, nil
-}
--- a/vendor/github.com/moby/buildkit/client/solve.go
+++ b/vendor/github.com/moby/buildkit/client/solve.go
@ -22,6 +22,7 @@ import (
 	"github.com/moby/buildkit/session/filesync"
 	"github.com/moby/buildkit/session/grpchijack"
 	"github.com/moby/buildkit/solver/pb"
+	spb "github.com/moby/buildkit/sourcepolicy/pb"
 	"github.com/moby/buildkit/util/bklog"
 	"github.com/moby/buildkit/util/entitlements"
 	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
@ -47,6 +48,7 @@ type SolveOpt struct {
 	SharedSession         *session.Session // TODO: refactor to better session syncing
 	SessionPreInitialized bool             // TODO: refactor to better session syncing
 	Internal              bool
+	SourcePolicy          *spb.Policy
 }

 type ExportEntry struct {
@ -127,7 +129,7 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 		ex = opt.Exports[0]
 	}

-	indicesToUpdate := []string{}
+	storesToUpdate := []string{}

 	if !opt.SessionPreInitialized {
 		if len(syncedDirs) > 0 {
@ -192,7 +194,7 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 					return nil, err
 				}
 				contentStores["export"] = cs
-				indicesToUpdate = append(indicesToUpdate, filepath.Join(ex.OutputDir, "index.json"))
+				storesToUpdate = append(storesToUpdate, ex.OutputDir)
 			default:
 				s.Allow(filesync.NewFSSyncTargetDir(ex.OutputDir))
 			}
@ -261,6 +263,7 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 			Cache:          cacheOpt.options,
 			Entitlements:   opt.AllowedEntitlements,
 			Internal:       opt.Internal,
+			SourcePolicy:   opt.SourcePolicy,
 		})
 		if err != nil {
 			return errors.Wrap(err, "failed to solve")
@ -324,8 +327,9 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 		if err = json.Unmarshal([]byte(manifestDescJSON), &manifestDesc); err != nil {
 			return nil, err
 		}
-		for indexJSONPath, tag := range cacheOpt.indicesToUpdate {
-			if err = ociindex.PutDescToIndexJSONFileLocked(indexJSONPath, manifestDesc, tag); err != nil {
+		for storePath, tag := range cacheOpt.storesToUpdate {
+			idx := ociindex.NewStoreIndex(storePath)
+			if err := idx.Put(tag, manifestDesc); err != nil {
 				return nil, err
 			}
 		}
@ -339,12 +343,13 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG
 		if err = json.Unmarshal([]byte(manifestDescDt), &manifestDesc); err != nil {
 			return nil, err
 		}
-		for _, indexJSONPath := range indicesToUpdate {
+		for _, storePath := range storesToUpdate {
 			tag := "latest"
 			if t, ok := res.ExporterResponse["image.name"]; ok {
 				tag = t
 			}
-			if err = ociindex.PutDescToIndexJSONFileLocked(indexJSONPath, manifestDesc, tag); err != nil {
+			idx := ociindex.NewStoreIndex(storePath)
+			if err := idx.Put(tag, manifestDesc); err != nil {
 				return nil, err
 			}
 		}
@ -403,10 +408,10 @@ func defaultSessionName() string {
 }

 type cacheOptions struct {
-	options         controlapi.CacheOptions
-	contentStores   map[string]content.Store // key: ID of content store ("local:" + csDir)
-	indicesToUpdate map[string]string        // key: index.JSON file name, value: tag
-	frontendAttrs   map[string]string
+	options        controlapi.CacheOptions
+	contentStores  map[string]content.Store // key: ID of content store ("local:" + csDir)
+	storesToUpdate map[string]string        // key: path to content store, value: tag
+	frontendAttrs  map[string]string
 }

 func parseCacheOptions(ctx context.Context, isGateway bool, opt SolveOpt) (*cacheOptions, error) {
@ -415,7 +420,7 @@ func parseCacheOptions(ctx context.Context, isGateway bool, opt SolveOpt) (*cach
 		cacheImports []*controlapi.CacheOptionsEntry
 	)
 	contentStores := make(map[string]content.Store)
-	indicesToUpdate := make(map[string]string) // key: index.JSON file name, value: tag
+	storesToUpdate := make(map[string]string)
 	frontendAttrs := make(map[string]string)
 	for _, ex := range opt.CacheExports {
 		if ex.Type == "local" {
@ -437,8 +442,7 @@ func parseCacheOptions(ctx context.Context, isGateway bool, opt SolveOpt) (*cach
 				tag = t
 			}
 			// TODO(AkihiroSuda): support custom index JSON path and tag
-			indexJSONPath := filepath.Join(csDir, "index.json")
-			indicesToUpdate[indexJSONPath] = tag
+			storesToUpdate[csDir] = tag
 		}
 		if ex.Type == "registry" {
 			regRef := ex.Attrs["ref"]
@ -462,27 +466,26 @@ func parseCacheOptions(ctx context.Context, isGateway bool, opt SolveOpt) (*cach
 				bklog.G(ctx).Warning("local cache import at " + csDir + " not found due to err: " + err.Error())
 				continue
 			}
-			// if digest is not specified, load from "latest" tag
+			// if digest is not specified, attempt to load from tag
 			if im.Attrs["digest"] == "" {
-				idx, err := ociindex.ReadIndexJSONFileLocked(filepath.Join(csDir, "index.json"))
+				tag := "latest"
+				if t, ok := im.Attrs["tag"]; ok {
+					tag = t
+				}
+
+				idx := ociindex.NewStoreIndex(csDir)
+				desc, err := idx.Get(tag)
 				if err != nil {
 					bklog.G(ctx).Warning("local cache import at " + csDir + " not found due to err: " + err.Error())
 					continue
 				}
-				for _, m := range idx.Manifests {
-					tag := "latest"
-					if t, ok := im.Attrs["tag"]; ok {
-						tag = t
-					}
-					if m.Annotations[ocispecs.AnnotationRefName] == tag {
-						im.Attrs["digest"] = string(m.Digest)
-						break
-					}
-				}
-				if im.Attrs["digest"] == "" {
-					return nil, errors.New("local cache importer requires either explicit digest, \"latest\" tag or custom tag on index.json")
+				if desc != nil {
+					im.Attrs["digest"] = desc.Digest.String()
 				}
 			}
+			if im.Attrs["digest"] == "" {
+				return nil, errors.New("local cache importer requires either explicit digest, \"latest\" tag or custom tag on index.json")
+			}
 			contentStores["local:"+csDir] = cs
 		}
 		if im.Type == "registry" {
@ -510,9 +513,9 @@ func parseCacheOptions(ctx context.Context, isGateway bool, opt SolveOpt) (*cach
 			Exports: cacheExports,
 			Imports: cacheImports,
 		},
-		contentStores:   contentStores,
-		indicesToUpdate: indicesToUpdate,
-		frontendAttrs:   frontendAttrs,
+		contentStores:  contentStores,
+		storesToUpdate: storesToUpdate,
+		frontendAttrs:  frontendAttrs,
 	}
 	return &res, nil
 }