docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-11-04 10:03:42 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

bake: allow entitlements from overrides automatically

Browse Source 
If override specifies a path, mark it automatically allowed
so there is no need to use duplicate flags for defining the
same feature.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi
2024-12-02 16:45:12 -08:00
parent c6e403ad7f
commit dd596d6542
3 changed files with 130 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
bake/bake.go
View File

@@ -194,7 +194,7 @@ func ListTargets(files []File) ([]string, error) {
return dedupSlice(targets), nil
}
func ReadTargets(ctx context.Context, files []File, targets, overrides []string, defaults map[string]string) (map[string]*Target, map[string]*Group, error) {
func ReadTargets(ctx context.Context, files []File, targets, overrides []string, defaults map[string]string, ent *EntitlementConf) (map[string]*Target, map[string]*Group, error) {
c, _, err := ParseFiles(files, defaults)
if err != nil {
return nil, nil, err
@@ -213,7 +213,7 @@ func ReadTargets(ctx context.Context, files []File, targets, overrides []string,
for _, target := range targets {
ts, gs := c.ResolveGroup(target)
for _, tname := range ts {
t, err := c.ResolveTarget(tname, o)
t, err := c.ResolveTarget(tname, o, ent)
if err != nil {
return nil, nil, err
}
@@ -245,7 +245,7 @@ func ReadTargets(ctx context.Context, files []File, targets, overrides []string,
}
for name, t := range m {
if err := c.loadLinks(name, t, m, o, nil); err != nil {
if err := c.loadLinks(name, t, m, o, nil, ent); err != nil {
return nil, nil, err
}
}
@@ -477,7 +477,7 @@ func (c Config) expandTargets(pattern string) ([]string, error) {
return names, nil
}
func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[string]map[string]Override, visited []string) error {
func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[string]map[string]Override, visited []string, ent *EntitlementConf) error {
visited = append(visited, name)
for _, v := range t.Contexts {
if strings.HasPrefix(v, "target:") {
@@ -493,7 +493,7 @@ func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[st
t2, ok := m[target]
if !ok {
var err error
t2, err = c.ResolveTarget(target, o)
t2, err = c.ResolveTarget(target, o, ent)
if err != nil {
return err
}
@@ -503,7 +503,7 @@ func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[st
t2.linked = true
m[target] = t2
}
if err := c.loadLinks(target, t2, m, o, visited); err != nil {
if err := c.loadLinks(target, t2, m, o, visited, ent); err != nil {
return err
}
@@ -630,8 +630,8 @@ func (c Config) group(name string, visited map[string]visit) ([]string, []string
return targets, groups
}
func (c Config) ResolveTarget(name string, overrides map[string]map[string]Override) (*Target, error) {
t, err := c.target(name, map[string]*Target{}, overrides)
func (c Config) ResolveTarget(name string, overrides map[string]map[string]Override, ent *EntitlementConf) (*Target, error) {
t, err := c.target(name, map[string]*Target{}, overrides, ent)
if err != nil {
return nil, err
}
@@ -647,7 +647,7 @@ func (c Config) ResolveTarget(name string, overrides map[string]map[string]Overr
return t, nil
}
func (c Config) target(name string, visited map[string]*Target, overrides map[string]map[string]Override) (*Target, error) {
func (c Config) target(name string, visited map[string]*Target, overrides map[string]map[string]Override, ent *EntitlementConf) (*Target, error) {
if t, ok := visited[name]; ok {
return t, nil
}
@@ -664,7 +664,7 @@ func (c Config) target(name string, visited map[string]*Target, overrides map[st
}
tt := &Target{}
for _, name := range t.Inherits {
t, err := c.target(name, visited, overrides)
t, err := c.target(name, visited, overrides, ent)
if err != nil {
return nil, err
}
@@ -676,7 +676,7 @@ func (c Config) target(name string, visited map[string]*Target, overrides map[st
m.Merge(tt)
m.Merge(t)
tt = m
if err := tt.AddOverrides(overrides[name]); err != nil {
if err := tt.AddOverrides(overrides[name], ent); err != nil {
return nil, err
}
tt.normalize()
@@ -859,7 +859,7 @@ func (t *Target) Merge(t2 *Target) {
t.Inherits = append(t.Inherits, t2.Inherits...)
}
func (t *Target) AddOverrides(overrides map[string]Override) error {
func (t *Target) AddOverrides(overrides map[string]Override, ent *EntitlementConf) error {
for key, o := range overrides {
value := o.Value
keys := strings.SplitN(key, ".", 2)
@@ -900,12 +900,26 @@ func (t *Target) AddOverrides(overrides map[string]Override) error {
return err
}
t.CacheFrom = cacheFrom
for _, c := range t.CacheFrom {
if c.Type == "local" {
if v, ok := c.Attrs["src"]; ok {
ent.FSRead = append(ent.FSRead, v)
}
}
}
case "cache-to":
cacheTo, err := parseCacheArrValues(o.ArrValue)
if err != nil {
return err
}
t.CacheTo = cacheTo
for _, c := range t.CacheTo {
if c.Type == "local" {
if v, ok := c.Attrs["dest"]; ok {
ent.FSWrite = append(ent.FSWrite, v)
}
}
}
case "target":
t.Target = &value
case "call":
@@ -916,12 +930,20 @@ func (t *Target) AddOverrides(overrides map[string]Override) error {
return errors.Wrap(err, "invalid value for outputs")
}
t.Secrets = secrets
for _, s := range t.Secrets {
if s.FilePath != "" {
ent.FSRead = append(ent.FSRead, s.FilePath)
}
}
case "ssh":
ssh, err := parseArrValue[buildflags.SSH](o.ArrValue)
if err != nil {
return errors.Wrap(err, "invalid value for outputs")
}
t.SSH = ssh
for _, s := range t.SSH {
ent.FSRead = append(ent.FSRead, s.Paths...)
}
case "platform":
t.Platforms = o.ArrValue
case "output":
@@ -930,8 +952,20 @@ func (t *Target) AddOverrides(overrides map[string]Override) error {
return errors.Wrap(err, "invalid value for outputs")
}
t.Outputs = outputs
for _, o := range t.Outputs {
if o.Destination != "" {
ent.FSWrite = append(ent.FSWrite, o.Destination)
}
}
case "entitlements":
t.Entitlements = append(t.Entitlements, o.ArrValue...)
for _, v := range o.ArrValue {
if v == string(EntitlementKeyNetworkHost) {
ent.NetworkHost = true
} else if v == string(EntitlementKeySecurityInsecure) {
ent.SecurityInsecure = true
}
}
case "annotations":
t.Annotations = append(t.Annotations, o.ArrValue...)
case "attest":