Make sure the warning message is safely guarded with a length check before attempting to access the first element of the slice.
Make sure the `ValidateOutputImageProvided` function is called first in the input resolve process to ensure the output image is provided before attempting to resolve the input image in other validation functions.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Restore succeeds (skipping over the layer) if layer contents are corrupted
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Exporter does not re-use layer from volume cache if layer contents are corrupted
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* add failing test to restorer
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* restorer and exporter working as expected
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* lint
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update phase/restorer.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update phase/cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/image_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* update based on feedback
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* fix log
* temp fix
* this does not work as is. I think we need to modify img utils.
Image utils should fail with a Layer Not found in both ReuseLayer & GetLayer.
For GetLayer, when there is a missing blob, it's return an unexpected EOF error.
For ReuseLayer, when there is a missing blob, it's not returning an error but it should.
* add eof check
* add not exist check
* reuse layer test
* fix test regression
---------
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
Co-authored-by: Joey Brown <brown.joseph@salesforce.com>
* Restore cached launch layers not found in appLayers
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* add platform api guard
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
* Ensure read access to the run image selected by extensions
Co-authored-by: Nicolas Bender <nicolas.bender@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* move read access check to the restorer cmd
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* guard behind platform version check
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Nicolas Bender <nicolas.bender@sap.com>
* Fix: log level and color level should be configurable via the env
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update order and comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix rebase run-image resolution
Currently, if `-run-image` is not set, `io.buildpacks.lifecycle.metdata[runImage.reference]` is used. This does not follow the [Run Image Resolution spec](https://github.com/buildpacks/spec/blob/main/platform.md#run-image-resolution), which specifies using `io.buildpacks.lifecycle.metdata[runImage.image]` and optionally `io.buildpacks.lifecycle.metdata[runImage.mirrors]`. Because of this, it ends up making `lifecycle rebase` without the `-run-image` flag a no-op because the run image is pinned to the same version instead of getting the latest.
This change simplfies and unifies the behavior for before and after Platform Version 0.12 so that they both read the same run-image data type (just from different locations), and then validate and resolve mirrors the same.
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Rewrite if-else-if-else as switch for go-critic
This is to make go-critic happy. See https://github.com/go-critic/go-critic/issues/453.
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Extract and test platform.GetRunImageFromMetadata
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
---------
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Consolidate methods that read and write platform spec'd TOML
in platform/files package.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Calculate lifecycle digest and output version as part of acceptance testing
This can help us diagnose weird failures in CI
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix Platform 0.10 by writing the new run image reference to analyzed.toml after generate
Platform 0.10 expects to find the reference in analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix restorer
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add the support to the new --insecure-registry parameter
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add the support to the new --insecure-registry parameter in the creator command
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add keychain mock and handler test
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support for a single insecure registry
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support to multiple insecure registries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Adjusted flag name
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Fix problem with the mock
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* InsecureRegistry to InsecureRegistries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Address comment on FlagTags parity
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Parse the InsecureRegistry env variable with comma separated values
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Changed InsecureRegistry to InsecureRegistries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Changing name at the env variable
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Exporter now accept insecure registries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bump up toward the latest version of imgutil
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove legacy guard
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add WithRegistrySetting with insecure registries into restorer
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support for insecure registries to the rebaser
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add rebaser testdata directory to .gitignore
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Cleaned testdata directory
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove testdata rebaser entries from .gitignore
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support to insecure registies for the read-write registry check
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Move registryHandler into its own file into the image package
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add dockerfile.windows
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Introducing GetInsecureRegistryOptions
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Fix linter problems
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove legacy guards and add test support to arm64
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove duplication and utilize new GetInsecureRegistryOptions function
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Extract common code for getting insecure registry options from imageRef
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Added cli flags behind proper guards
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bumped up to the imgutil latest version with the insecure adjustment and renamed the getInsecureRegistryOptions function
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Make the getInsecureOptions a static method as a temporary solution to remove duplications
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Added insecure registry to the runImage in the rebaser
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bump up to the latest version of imgutil with the multiple registries fix
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Go mod tidy
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove insecure-registry filter based on the imageRef
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove reduntant for loop and added a test for multiple GetInsecureOptions
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Don't remove whitespaces between buildpacks names
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add FlagInsecureRegistries behind 0.13 guards
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
---------
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove buildpack APIs 0.2-0.6 according to https://github.com/buildpacks/rfcs/blob/main/text/0110-deprecate-apis.md
- Fix acceptance by updating fixtures to use newer Buildpack API version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove backwards compatible glue for buildpacks missing API version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* restorer gets layers flag again
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* add explanatory debug logs so a reader knows why the buildpacks are read twice.
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* warn when a positional argument might have been a flag (#1147)
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Add test for empty digest not returned
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance by providing a base image when we instantiate the remote run image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* timestamp logs and phase error message cherry-picks (#1164)
* timestamp logs for entry/exit for all the top-level Lifecycle package functions
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
fixing names
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
using defer to make one-liners for fun and profit
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
and today we thank our brave linters for preventing critical defects such as unnecessary trailing newlines from being merged. Its about time somebody thought of the children.
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* be more helpful when you dont recognize the phase
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Simplifies target matching logic per spec PR review (#1166)
* Update units without updating code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Unpend test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add units for rebase without updating code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update rebase code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix lint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When we read the descriptor file, don't fill in "*" as a magic value as missing values are wildcard matches
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Stricter validation for rebase
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add -daemon to restorer (#1168)
This is needed when extensions were used to switch (but not extend) the run image
and we need to re-read the target data from the image config.
In such cases, we don't need the run image to exist in a registry,
because we don't need a manifest for kaniko.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove CNB_TARGET_ID according to https://github.com/buildpacks/spec/pull/374 and https://github.com/buildpacks/spec/pull/375 (#1175)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Field renames per spec review (#1170)
* Rename distributions -> distros in the buildpack spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Rename distributions -> distros in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* force pack acceptance tests to build with a version of go that can still make HTTP requests to docker daemon (#1158)
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Joe Kimmel <jkimmel@vmware.com>
Co-authored-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Remove deleteOrigImage function from the cache and relative test
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Revert "Remove deleteOrigImage function from the cache and relative test"
This reverts commit 17e646fc39602777a37977dd9416e59aa62f6d04.
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Implemented a new component called cache deleter which takes care of the deletion of the cache images
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Adjusted the name of the struct field
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Move the imade deleter instatiation up to the main
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add parameter to enable/diable the deletion functionality, for now always set has enabled
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add feature guard based on the platformAPI version
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Fixing some test titles
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Introduce ImageComparer component
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add async go-subroutine to the delete call to speed up the process
```go
func Benchmark(b *testing.B) {
mockController := gomock.NewController(b)
fakeImageComparer := cacheMock.NewMockImageComparer(mockController)
testLogger := cmd.DefaultLogger
imageDeleter := NewImageDeleter(fakeImageComparer, testLogger, true)
for i := 0; i < b.N; i++ {
fakeOrigImage := fakes.NewImage("fake-image", "", local.IDIdentifier{ImageID: "fakeImage"})
fakeNewImage := fakes.NewImage("fake-image", "", local.IDIdentifier{ImageID: "fakeNewImage"})
fakeImageComparer.EXPECT().ImagesEq(fakeOrigImage, fakeNewImage).AnyTimes().Return(false, nil)
imageDeleter.DeleteOrigImageIfDifferentFromNewImage(fakeOrigImage, fakeNewImage)
}
}
```
The code above produced this result:
* without the go-subroutine
```
goos: darwin
goarch: amd64
pkg: github.com/buildpacks/lifecycle/cache
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Benchmark
Benchmark-12 3501 8995839 ns/op
PASS
```
* with the go-subroutine
```
goos: darwin
goarch: amd64
pkg: github.com/buildpacks/lifecycle/cache
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Benchmark
Benchmark-12 3560 9133704 ns/op
PASS
```
Speed increased by 1.53% ns/op
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
---------
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Require the CNB_PLATFORM_API env var to be set, instead of defaulting to (deprecated) version 0.3
Instead of defaulting to a newer Platform API version, which would silently change behavior
for platforms that do not currently set this env var.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When pulling remote image data, fail if the remote image is not found
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When validating dockerfiles, set extend to true if there are any instructions (vs more than one instruction)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update matching logic when considering if two image names are equivalent to ignore the digest portion of the reference if present (for the purpose of selecting data from run.toml to add to the lifecycle metadata label i.e., “run image for rebase”)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Comments and cleanup
Don't print `%!s(<nil>)` if nil is provided to the "parse maybe" function
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When exporting, continue to use run image identifier (which could be a digest reference or daemon image ID)
instead of falling back to image name when exporting to a daemon.
Previously, the digest reference was incorrect which caused the daemon not to find the image.
But when provided a correct digest reference the daemon can still find it.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add Contains method to structs that hold run image information for export
When determining if a provided reference is found in existing metadata, remove its digest -
except when setting the new run image "image" in analyzed.toml,
because we should always respect what the extension author wrote.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When finding the run image info for export, use the run image "image" (name)
in analyzed.toml as the search key, because the run image "reference" could be a daemon image ID
or include the digest, which isn't helpful when retrieving image names that are supposed to float.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix detector acceptance and add more logging
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix: use "image" instead of "reference" and also guard against image not found
when we are only updating the reference and target data in analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When checking read/write access, if there is no access, surface the error that occurred
This can be helpful in debugging failed builds where access is expected
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance by continuing when iterating through run image mirrors
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Point imgutil back to main
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
- Fix daemon invocation by trying to read app image after we have a docker client
- Don't do stack validation for images built on newer platforms
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Clarify log messages and omitempty
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix accpetance by updating fixtures & update user check
- We shouldn't fail if extensions leave the user ID as root when extending the build image,
as the lifecycle will drop privileges to the provided -uid and -gid when running the build phase.
- If the user ID is still root, the `builder` will fail.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Small fixes from user testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixes from user acceptance
- Removes -stack flag from analyzer
- Fixes debug log message
- Removes deprecated rand.Seed
Signed-off-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
* Bump linter to a version that will work with go 1.20
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Restorer should ensure ownership of kaniko directory
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* pull the less-than case for flags out of the switch
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* appease the windows linter
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Fix weird log output
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Co-authored-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
Co-authored-by: Joe Kimmel <jkimmel@vmware.com>
* metadata label is more clearly named and always has stacks
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update exporter.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Update exporter.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* (with @natalieparellano) simplify exporter interface by removing legacy stack arg and only constructing it when needed for metadata label
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Jesse Brown