Merge pull request #3037 from crazy-max/0.21_picks_0.21.2

[v0.21] cherry-picks for v0.21.2
buildflags: skip empty cache entries when parsing
2025-08-18 09:45:53 +08:00 · 2025-03-03 17:10:32 +01:00 · 2025-03-03 16:30:03 +01:00 · 2025-03-03 16:29:20 +01:00 · 2025-03-03 16:29:20 +01:00 · 2025-02-21 13:22:55 +01:00
10 changed files with 107 additions and 17 deletions
--- a/bake/hcl_test.go
+++ b/bake/hcl_test.go
@@ -608,7 +608,7 @@ func TestHCLAttrsCapsuleType(t *testing.T) {
 	target "app" {
 		attest = [
 			{ type = "provenance", mode = "max" },
-			"type=sbom,disabled=true",
+			"type=sbom,disabled=true,generator=foo,\"ENV1=bar,baz\",ENV2=hello",
 		]

 		cache-from = [
@@ -641,7 +641,7 @@ func TestHCLAttrsCapsuleType(t *testing.T) {
 	require.NoError(t, err)

 	require.Equal(t, 1, len(c.Targets))
-	require.Equal(t, []string{"type=provenance,mode=max", "type=sbom,disabled=true"}, stringify(c.Targets[0].Attest))
+	require.Equal(t, []string{"type=provenance,mode=max", "type=sbom,disabled=true,\"ENV1=bar,baz\",ENV2=hello,generator=foo"}, stringify(c.Targets[0].Attest))
 	require.Equal(t, []string{"type=local,dest=../out", "type=oci,dest=../out.tar"}, stringify(c.Targets[0].Outputs))
 	require.Equal(t, []string{"type=local,src=path/to/cache", "user/app:cache"}, stringify(c.Targets[0].CacheFrom))
 	require.Equal(t, []string{"type=local,dest=path/to/cache"}, stringify(c.Targets[0].CacheTo))
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.23.0
 	github.com/in-toto/in-toto-golang v0.5.0
 	github.com/mitchellh/hashstructure/v2 v2.0.2
-	github.com/moby/buildkit v0.20.0-rc3
+	github.com/moby/buildkit v0.20.0
 	github.com/moby/sys/mountinfo v0.7.2
 	github.com/moby/sys/signal v0.7.1
 	github.com/morikuni/aec v1.0.0
--- a/go.sum
+++ b/go.sum
@@ -297,8 +297,8 @@ github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/z
 github.com/mitchellh/mapstructure v0.0.0-20150613213606-2caf8efc9366/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/moby/buildkit v0.20.0-rc3 h1:iExrfuZZuFgFudeNJhXfp/5vzJWTNrlqZ/LYJk4dG2Q=
-github.com/moby/buildkit v0.20.0-rc3/go.mod h1:kMXf90l/f3zygRK8bYbyetfyzoJYntb6Bpi2VsLfXgQ=
+github.com/moby/buildkit v0.20.0 h1:aF5RujjQ310Pn6SLL/wQYIrSsPXy0sQ5KvWifwq1h8Y=
+github.com/moby/buildkit v0.20.0/go.mod h1:HYFUIK+iGDRxRgdphZ9Nv0y1Fz7mv0HrU7xZoXx217E=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
--- a/tests/bake.go
+++ b/tests/bake.go
@@ -38,6 +38,7 @@ func bakeCmd(sb integration.Sandbox, opts ...cmdOpt) (string, error) {
 var bakeTests = []func(t *testing.T, sb integration.Sandbox){
 	testBakePrint,
 	testBakePrintSensitive,
+	testBakePrintOverrideEmpty,
 	testBakeLocal,
 	testBakeLocalMulti,
 	testBakeRemote,
@@ -286,6 +287,47 @@ RUN echo "Hello ${HELLO}"
 	}
 }

+func testBakePrintOverrideEmpty(t *testing.T, sb integration.Sandbox) {
+	dockerfile := []byte(`
+FROM scratch
+COPY foo /foo
+	`)
+	bakefile := []byte(`
+target "default" {
+	cache-to = ["type=gha,mode=min,scope=integration-tests"]
+}
+`)
+	dir := tmpdir(
+		t,
+		fstest.CreateFile("docker-bake.hcl", bakefile, 0600),
+		fstest.CreateFile("Dockerfile", dockerfile, 0600),
+		fstest.CreateFile("foo", []byte("foo"), 0600),
+	)
+
+	cmd := buildxCmd(sb, withDir(dir), withArgs("bake", "--print", "--set", "*.cache-to="))
+	stdout := bytes.Buffer{}
+	stderr := bytes.Buffer{}
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	require.NoError(t, cmd.Run(), stdout.String(), stderr.String())
+
+	require.JSONEq(t, `{
+	"group": {
+		"default": {
+			"targets": [
+				"default"
+			]
+		}
+	},
+	"target": {
+		"default": {
+			"context": ".",
+			"dockerfile": "Dockerfile"
+		}
+	}
+}`, stdout.String())
+}
+
 func testBakeLocal(t *testing.T, sb integration.Sandbox) {
 	dockerfile := []byte(`
 FROM scratch
@@ -871,6 +913,7 @@ target "default" {
 		})
 	}
 }
+
 func testBakeSetNonExistingOutsideNoParallel(t *testing.T, sb integration.Sandbox) {
 	for _, ent := range []bool{true, false} {
 		t.Run(fmt.Sprintf("ent=%v", ent), func(t *testing.T) {
--- a/util/buildflags/attests.go
+++ b/util/buildflags/attests.go
@@ -148,9 +148,8 @@ func (a *Attest) UnmarshalText(text []byte) error {
 		if !ok {
 			return errors.Errorf("invalid value %s", field)
 		}
-		key = strings.TrimSpace(strings.ToLower(key))

-		switch key {
+		switch strings.TrimSpace(strings.ToLower(key)) {
 		case "type":
 			a.Type = value
 		case "disabled":
--- a/util/buildflags/attests_test.go
+++ b/util/buildflags/attests_test.go
@@ -13,16 +13,21 @@ func TestAttests(t *testing.T) {
 		attests := Attests{
 			{Type: "provenance", Attrs: map[string]string{"mode": "max"}},
 			{Type: "sbom", Disabled: true},
+			{Type: "sbom", Attrs: map[string]string{
+				"generator": "scanner",
+				"ENV1":      `"foo,bar"`,
+				"Env2":      "hello",
+			}},
 		}

-		expected := `[{"type":"provenance","mode":"max"},{"type":"sbom","disabled":true}]`
+		expected := `[{"type":"provenance","mode":"max"},{"type":"sbom","disabled":true},{"ENV1":"\"foo,bar\"","Env2":"hello","generator":"scanner","type":"sbom"}]`
 		actual, err := json.Marshal(attests)
 		require.NoError(t, err)
 		require.JSONEq(t, expected, string(actual))
 	})

 	t.Run("UnmarshalJSON", func(t *testing.T) {
-		in := `[{"type":"provenance","mode":"max"},{"type":"sbom","disabled":true}]`
+		in := `[{"type":"provenance","mode":"max"},{"type":"sbom","disabled":true},{"ENV1":"\"foo,bar\"","Env2":"hello","generator":"scanner","type":"sbom"}]`

 		var actual Attests
 		err := json.Unmarshal([]byte(in), &actual)
@@ -31,6 +36,11 @@ func TestAttests(t *testing.T) {
 		expected := Attests{
 			{Type: "provenance", Attrs: map[string]string{"mode": "max"}},
 			{Type: "sbom", Disabled: true, Attrs: map[string]string{}},
+			{Type: "sbom", Disabled: false, Attrs: map[string]string{
+				"generator": "scanner",
+				"ENV1":      `"foo,bar"`,
+				"Env2":      "hello",
+			}},
 		}
 		require.Equal(t, expected, actual)
 	})
@@ -41,7 +51,14 @@ func TestAttests(t *testing.T) {
 				"type": cty.StringVal("provenance"),
 				"mode": cty.StringVal("max"),
 			}),
+			cty.ObjectVal(map[string]cty.Value{
+				"type":      cty.StringVal("sbom"),
+				"generator": cty.StringVal("scan"),
+				"ENV1":      cty.StringVal(`foo,bar`),
+				"Env2":      cty.StringVal(`hello`),
+			}),
 			cty.StringVal("type=sbom,disabled=true"),
+			cty.StringVal(`type=sbom,generator=scan,"FOO=bar,baz",Hello=World`),
 		})

 		var actual Attests
@@ -50,7 +67,17 @@ func TestAttests(t *testing.T) {

 		expected := Attests{
 			{Type: "provenance", Attrs: map[string]string{"mode": "max"}},
+			{Type: "sbom", Attrs: map[string]string{
+				"generator": "scan",
+				"ENV1":      "foo,bar",
+				"Env2":      "hello",
+			}},
 			{Type: "sbom", Disabled: true, Attrs: map[string]string{}},
+			{Type: "sbom", Attrs: map[string]string{
+				"generator": "scan",
+				"FOO":       "bar,baz",
+				"Hello":     "World",
+			}},
 		}
 		require.Equal(t, expected, actual)
 	})
@@ -59,6 +86,11 @@ func TestAttests(t *testing.T) {
 		attests := Attests{
 			{Type: "provenance", Attrs: map[string]string{"mode": "max"}},
 			{Type: "sbom", Disabled: true},
+			{Type: "sbom", Attrs: map[string]string{
+				"generator": "scan",
+				"ENV1":      `"foo,bar"`,
+				"Env2":      "hello",
+			}},
 		}

 		actual := attests.ToCtyValue()
@@ -71,6 +103,12 @@ func TestAttests(t *testing.T) {
 				"type":     cty.StringVal("sbom"),
 				"disabled": cty.StringVal("true"),
 			}),
+			cty.MapVal(map[string]cty.Value{
+				"type":      cty.StringVal("sbom"),
+				"generator": cty.StringVal("scan"),
+				"ENV1":      cty.StringVal(`"foo,bar"`),
+				"Env2":      cty.StringVal("hello"),
+			}),
 		})

 		result := actual.Equals(expected)
--- a/util/buildflags/cache.go
+++ b/util/buildflags/cache.go
@@ -175,6 +175,10 @@ func ParseCacheEntry(in []string) (CacheOptions, error) {

 	opts := make(CacheOptions, 0, len(in))
 	for _, in := range in {
+		if in == "" {
+			continue
+		}
+
 		if !strings.Contains(in, "=") {
 			// This is ref only format. Each field in the CSV is its own entry.
 			fields, err := csvvalue.Fields(in, nil)
--- a/util/buildflags/entitlements.go
+++ b/util/buildflags/entitlements.go
@@ -1,14 +1,11 @@
 package buildflags

 import (
-	"log"
-
 	"github.com/moby/buildkit/util/entitlements"
 )

 func ParseEntitlements(in []string) ([]string, error) {
 	out := make([]string, 0, len(in))
-	log.Printf("in: %#v", in)
 	for _, v := range in {
 		if v == "" {
 			continue
@@ -19,6 +16,5 @@ func ParseEntitlements(in []string) ([]string, error) {
 		}
 		out = append(out, v)
 	}
-	log.Printf("Parsed entitlements: %v", out)
 	return out, nil
 }
--- a/util/buildflags/export.go
+++ b/util/buildflags/export.go
@@ -1,6 +1,7 @@
 package buildflags

 import (
+	"encoding/csv"
 	"encoding/json"
 	"maps"
 	"regexp"
@@ -259,9 +260,18 @@ func (w *csvBuilder) Write(key, value string) {
 	if w.sb.Len() > 0 {
 		w.sb.WriteByte(',')
 	}
-	w.sb.WriteString(key)
-	w.sb.WriteByte('=')
-	w.sb.WriteString(value)
+
+	pair := key + "=" + value
+	if strings.ContainsRune(pair, ',') || strings.ContainsRune(pair, '"') {
+		var attr strings.Builder
+		writer := csv.NewWriter(&attr)
+		writer.Write([]string{pair})
+		writer.Flush()
+		// Strips the extra newline added by the csv writer
+		pair = strings.TrimSpace(attr.String())
+	}
+
+	w.sb.WriteString(pair)
 }

 func (w *csvBuilder) WriteAttributes(attrs map[string]string) {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -495,7 +495,7 @@ github.com/mitchellh/go-wordwrap
 github.com/mitchellh/hashstructure/v2
 # github.com/mitchellh/mapstructure v1.5.0
 ## explicit; go 1.14
-# github.com/moby/buildkit v0.20.0-rc3
+# github.com/moby/buildkit v0.20.0
 ## explicit; go 1.22.0
 github.com/moby/buildkit/api/services/control
 github.com/moby/buildkit/api/types
Author	SHA1	Message	Date
CrazyMax	1360a9e8d2	Merge pull request #3037 from crazy-max/0.21_picks_0.21.2 [v0.21] cherry-picks for v0.21.2	2025-03-03 17:10:32 +01:00
Jonathan A. Sternberg	6019a2b32f	buildflags: skip empty cache entries when parsing Broken in `11c84973ef`. The section to skip an empty input was accidentally removed when some code was refactored to fix a separate issue. This skips empty cache entries which allows disabling the `cache-from` and `cache-to` entries from the command line overrides. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>	2025-03-03 16:30:03 +01:00
Laurent Goderre	6da88e1555	Fix handling of attest extra arguments Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2025-03-03 16:29:20 +01:00
Laurent Goderre	41f8e5c85c	Add attest extra args tests Signed-off-by: Laurent Goderre <laurent.goderre@docker.com>	2025-03-03 16:29:20 +01:00
CrazyMax	7c2359c6bf	Merge pull request #3018 from crazy-max/0.21_picks_0.21.1 [v0.21] cherry-picks for v0.21.1	2025-02-21 13:22:55 +01:00
Tonis Tiigi	65a52b5272	remove accidental debug Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>	2025-02-21 09:43:43 +01:00
Jonathan A. Sternberg	34ed52e4ae	Merge pull request #3011 from jsternberg/v0.21.0-picks [v0.21] cherry-picks for v0.21.0	2025-02-19 13:54:05 -06:00
Jonathan A. Sternberg	a05bbb9e3d	vendor: github.com/moby/buildkit v0.20.0 Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> (cherry picked from commit `80c3832c94`)	2025-02-19 13:53:30 -06:00