diff --git a/tests/build.go b/tests/build.go index ee3cc7a7..bff441ad 100644 --- a/tests/build.go +++ b/tests/build.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io" + "net" "os" "path" "path/filepath" @@ -15,6 +16,7 @@ import ( "github.com/containerd/containerd/platforms" "github.com/containerd/continuity/fs/fstest" "github.com/creack/pty" + "github.com/moby/buildkit/util/appdefaults" "github.com/moby/buildkit/util/contentutil" "github.com/moby/buildkit/util/testutil" "github.com/moby/buildkit/util/testutil/integration" @@ -48,6 +50,7 @@ var buildTests = []func(t *testing.T, sb integration.Sandbox){ testBuildOCIExportNotSupported, testBuildMultiPlatformNotSupported, testDockerHostGateway, + testBuildNetworkModeBridge, } func testBuild(t *testing.T, sb integration.Sandbox) { @@ -432,3 +435,54 @@ RUN ping -c 1 buildx.host-gateway-ip.local require.NoError(t, err, string(out)) } } + +func testBuildNetworkModeBridge(t *testing.T, sb integration.Sandbox) { + if sb.Name() != "docker" { + t.Skip("skipping test for non-docker workers") + } + + var builderName string + t.Cleanup(func() { + if builderName == "" { + return + } + out, err := rmCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + }) + + // TODO: use stable buildkit image when v0.13.0 released + out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge --allow-insecure-entitlement=network.host", "--driver-opt", "image=moby/buildkit:master")) + require.NoError(t, err, out) + builderName = strings.TrimSpace(out) + + dockerfile := []byte(` +FROM busybox AS build +RUN ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-bridge.txt +RUN --network=host ip a show eth0 | awk '/inet / {split($2, a, "/"); print a[1]}' > /ip-host.txt +FROM scratch +COPY --from=build /ip*.txt /`) + dir := tmpdir(t, fstest.CreateFile("Dockerfile", dockerfile, 0600)) + + cmd := buildxCmd(sb, withArgs("build", "--allow=network.host", fmt.Sprintf("--output=type=local,dest=%s", dir), dir)) + cmd.Env = append(cmd.Env, "BUILDX_BUILDER="+builderName) + outb, err := cmd.CombinedOutput() + require.NoError(t, err, string(outb)) + + dt, err := os.ReadFile(filepath.Join(dir, "ip-bridge.txt")) + require.NoError(t, err) + + ipBridge := net.ParseIP(strings.TrimSpace(string(dt))) + require.NotNil(t, ipBridge) + + _, subnet, err := net.ParseCIDR(appdefaults.BridgeSubnet) + require.NoError(t, err) + require.True(t, subnet.Contains(ipBridge)) + + dt, err = os.ReadFile(filepath.Join(dir, "ip-host.txt")) + require.NoError(t, err) + + ip := net.ParseIP(strings.TrimSpace(string(dt))) + require.NotNil(t, ip) + + require.NotEqual(t, ip, ipBridge) +} diff --git a/tests/inspect.go b/tests/inspect.go index c7c4df09..9e9995a3 100644 --- a/tests/inspect.go +++ b/tests/inspect.go @@ -17,6 +17,7 @@ func inspectCmd(sb integration.Sandbox, opts ...cmdOpt) (string, error) { var inspectTests = []func(t *testing.T, sb integration.Sandbox){ testInspect, + testInspectBuildkitdFlags, } func testInspect(t *testing.T, sb integration.Sandbox) { @@ -47,3 +48,33 @@ func testInspect(t *testing.T, sb integration.Sandbox) { require.Empty(t, hostGatewayIP, "host-gateway-ip worker label should not be set with non-docker driver") } } + +func testInspectBuildkitdFlags(t *testing.T, sb integration.Sandbox) { + if sb.Name() != "docker-container" { + t.Skip("only testing for docker-container driver") + } + + var builderName string + t.Cleanup(func() { + if builderName == "" { + return + } + out, err := rmCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + }) + + out, err := createCmd(sb, withArgs("--driver", "docker-container", "--buildkitd-flags=--oci-worker-net=bridge")) + require.NoError(t, err, out) + builderName = strings.TrimSpace(out) + + out, err = inspectCmd(sb, withArgs(builderName)) + require.NoError(t, err, out) + + for _, line := range strings.Split(out, "\n") { + if v, ok := strings.CutPrefix(line, "BuildKit daemon flags:"); ok { + require.Contains(t, v, "--oci-worker-net=bridge") + return + } + } + require.Fail(t, "--oci-worker-net=bridge not found in inspect output") +} diff --git a/tests/integration.go b/tests/integration.go index 239e9b4f..335b757c 100644 --- a/tests/integration.go +++ b/tests/integration.go @@ -47,8 +47,10 @@ func buildxCmd(sb integration.Sandbox, opts ...cmdOpt) *exec.Cmd { } if builder := sb.Address(); builder != "" { - cmd.Args = append(cmd.Args, "--builder="+builder) - cmd.Env = append(cmd.Env, "BUILDX_CONFIG=/tmp/buildx-"+builder) + cmd.Env = append(cmd.Env, + "BUILDX_CONFIG=/tmp/buildx-"+builder, + "BUILDX_BUILDER="+builder, + ) } if context := sb.DockerAddress(); context != "" { cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+context)