Skip to content

Commit 14d1ccb

Browse files
jsternbergjsternberg
authored
Merge pull request #6255 from jsternberg/v0.25-picks-0.25.0
2 parents c8fad61 + 9558f8a commit 14d1ccb

File tree

5 files changed

+106
-9
lines changed

5 files changed

+106
-9
lines changed

Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ FROM scratch AS release
203203
COPY --link --from=releaser /out/ /
204204

205205
FROM alpine:${ALPINE_VERSION} AS buildkit-export-alpine
206-
RUN apk add --no-cache fuse3 git openssh pigz xz iptables ip6tables \
206+
RUN apk add --no-cache fuse3 git openssh openssl pigz xz iptables ip6tables \
207207
&& ln -s fusermount3 /usr/bin/fusermount
208208
COPY --link examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/
209209
VOLUME /var/lib/buildkit
@@ -214,6 +214,7 @@ RUN apt-get update \
214214
fuse3 \
215215
git \
216216
openssh-client \
217+
openssl \
217218
pigz \
218219
xz-utils \
219220
iptables \
@@ -411,7 +412,7 @@ COPY --link --from=binaries / /
411412

412413
FROM buildkit-base AS integration-tests-base
413414
ENV BUILDKIT_INTEGRATION_ROOTLESS_IDPAIR="1000:1000"
414-
RUN apk add --no-cache shadow shadow-uidmap sudo vim iptables ip6tables dnsmasq fuse curl git-daemon openssh-client slirp4netns iproute2 \
415+
RUN apk add --no-cache shadow shadow-uidmap sudo vim iptables ip6tables dnsmasq fuse curl git-daemon openssh-client openssl slirp4netns iproute2 \
415416
&& useradd --create-home --home-dir /home/user --uid 1000 -s /bin/sh user \
416417
&& echo "XDG_RUNTIME_DIR=/run/user/1000; export XDG_RUNTIME_DIR" >> /home/user/.profile \
417418
&& mkdir -m 0700 -p /run/user/1000 \
@@ -460,7 +461,7 @@ VOLUME /var/lib/buildkit
460461

461462
# rootless builds a rootless variant of buildkitd image
462463
FROM alpine:${ALPINE_VERSION} AS rootless
463-
RUN apk add --no-cache fuse3 fuse-overlayfs git openssh pigz shadow-uidmap xz
464+
RUN apk add --no-cache fuse3 fuse-overlayfs git openssh openssl pigz shadow-uidmap xz
464465
RUN adduser -D -u 1000 user \
465466
&& mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buildkit \
466467
&& chown -R user /run/user/1000 /home/user \

frontend/dockerfile/dockerfile_provenance_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,8 @@ func testProvenanceAttestation(t *testing.T, sb integration.Sandbox) {
7171
workers.CheckFeatureCompat(t, sb, workers.FeatureDirectPush, workers.FeatureProvenance)
7272
ctx := sb.Context()
7373

74+
isDockerd := strings.HasPrefix(sb.Name(), "dockerd")
75+
7476
c, err := client.New(ctx, sb.Address())
7577
require.NoError(t, err)
7678
defer c.Close()
@@ -183,6 +185,9 @@ RUN echo ok> /foo
183185
"foo": "bar",
184186
"numbers": []any{1.0, 2.0, 3.0},
185187
}
188+
if isDockerd {
189+
expCustom = nil
190+
}
186191

187192
if slsaVersion == "v1" {
188193
type stmtT struct {

source/git/source.go

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -531,7 +531,11 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
531531
// local refs are needed so they would be advertised on next fetches. Force is used
532532
// in case the ref is a branch and it now points to a different commit sha
533533
// TODO: is there a better way to do this?
534-
args = append(args, "--force", ref+":tags/"+ref)
534+
targetRef := ref
535+
if !strings.HasPrefix(ref, "refs/tags/") {
536+
targetRef = "tags/" + ref
537+
}
538+
args = append(args, "--force", ref+":"+targetRef)
535539
}
536540
if _, err := git.Run(ctx, args...); err != nil {
537541
return nil, errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(gs.src.Remote))
@@ -615,7 +619,11 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
615619

616620
pullref := ref
617621
if isAnnotatedTag {
618-
pullref += ":refs/tags/" + pullref
622+
targetRef := pullref
623+
if !strings.HasPrefix(pullref, "refs/tags/") {
624+
targetRef = "refs/tags/" + pullref
625+
}
626+
pullref += ":" + targetRef
619627
} else if gitutil.IsCommitSHA(ref) {
620628
pullref = "refs/buildkit/" + identity.NewID()
621629
_, err = git.Run(ctx, "update-ref", pullref, ref)

source/git/source_test.go

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -639,6 +639,70 @@ func testFetchByTag(t *testing.T, tag, expectedCommitSubject string, isAnnotated
639639
require.Contains(t, strings.TrimSpace(string(gitLogOutput)), expectedCommitSubject)
640640
}
641641
}
642+
func TestFetchAnnotatedTagAfterCloneSHA1(t *testing.T) {
643+
testFetchAnnotatedTagAfterClone(t, "sha1")
644+
}
645+
646+
func TestFetchAnnotatedTagAfterCloneSHA256(t *testing.T) {
647+
testFetchAnnotatedTagAfterClone(t, "sha256")
648+
}
649+
650+
func testFetchAnnotatedTagAfterClone(t *testing.T, format string) {
651+
if runtime.GOOS == "windows" {
652+
t.Skip("Depends on unimplemented containerd bind-mount support on Windows")
653+
}
654+
655+
t.Parallel()
656+
ctx := namespaces.WithNamespace(context.Background(), "buildkit-test")
657+
ctx = logProgressStreams(ctx, t)
658+
659+
repo := setupGitRepo(t, format)
660+
cmd := exec.Command("git", "rev-parse", "HEAD")
661+
cmd.Dir = repo.mainPath
662+
663+
out, err := cmd.Output()
664+
require.NoError(t, err)
665+
666+
expLen := 40
667+
if format == "sha256" {
668+
expLen = 64
669+
}
670+
sha := strings.TrimSpace(string(out))
671+
require.Equal(t, expLen, len(sha))
672+
673+
gs := setupGitSource(t, t.TempDir())
674+
675+
id := &GitIdentifier{Remote: repo.mainURL, Ref: sha, KeepGitDir: true}
676+
677+
g, err := gs.Resolve(ctx, id, nil, nil)
678+
require.NoError(t, err)
679+
680+
key1, pin1, _, done, err := g.CacheKey(ctx, nil, 0)
681+
require.NoError(t, err)
682+
require.True(t, done)
683+
684+
require.GreaterOrEqual(t, len(key1), expLen+4)
685+
require.Equal(t, expLen, len(pin1))
686+
687+
ref, err := g.Snapshot(ctx, nil)
688+
require.NoError(t, err)
689+
ref.Release(context.TODO())
690+
691+
id = &GitIdentifier{Remote: repo.mainURL, Ref: "refs/tags/v1.2.3", KeepGitDir: true}
692+
g, err = gs.Resolve(ctx, id, nil, nil)
693+
require.NoError(t, err)
694+
695+
key1, pin1, _, done, err = g.CacheKey(ctx, nil, 0)
696+
require.NoError(t, err)
697+
require.True(t, done)
698+
699+
require.GreaterOrEqual(t, len(key1), expLen+4)
700+
require.Equal(t, expLen, len(pin1))
701+
702+
ref, err = g.Snapshot(ctx, nil)
703+
require.NoError(t, err)
704+
ref.Release(context.TODO())
705+
}
642706

643707
func TestMultipleTagAccessKeepGitDirSHA1(t *testing.T) {
644708
testMultipleTagAccess(t, true, "sha1")

util/grpcerrors/grpcerrors.go

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -142,10 +142,20 @@ func Code(err error) codes.Code {
142142
}
143143

144144
if wrapped, ok := err.(multiUnwrapper); ok {
145+
var hasUnknown bool
146+
145147
for _, err := range wrapped.Unwrap() {
146-
if c := Code(err); c != codes.OK && c != codes.Unknown {
148+
c := Code(err)
149+
if c != codes.OK && c != codes.Unknown {
147150
return c
148151
}
152+
if c == codes.Unknown {
153+
hasUnknown = true
154+
}
155+
}
156+
157+
if hasUnknown {
158+
return codes.Unknown
149159
}
150160
}
151161

@@ -159,7 +169,7 @@ func WrapCode(err error, code codes.Code) error {
159169
// AsGRPCStatus tries to extract a gRPC status from the error.
160170
// Supports `Unwrap() error` and `Unwrap() []error` for wrapped errors.
161171
// When the `Unwrap() []error` returns multiple errors, the first one that
162-
// contains a gRPC status is returned.
172+
// contains a gRPC status that is not OK is returned with the full error message.
163173
func AsGRPCStatus(err error) (*status.Status, bool) {
164174
if err == nil {
165175
return nil, true
@@ -178,8 +188,17 @@ func AsGRPCStatus(err error) (*status.Status, bool) {
178188

179189
if wrapped, ok := err.(multiUnwrapper); ok {
180190
for _, err := range wrapped.Unwrap() {
181-
if st, ok := AsGRPCStatus(err); ok && st != nil {
182-
return st, true
191+
st, ok := AsGRPCStatus(err)
192+
if !ok {
193+
continue
194+
}
195+
196+
if st != nil && st.Code() != codes.OK {
197+
// Copy the full status so we can set the full error message
198+
// Does the proto conversion so can keep any extra details.
199+
proto := st.Proto()
200+
proto.Message = err.Error()
201+
return status.FromProto(proto), true
183202
}
184203
}
185204
}

0 commit comments

Comments
 (0)