kaniko is now maintained by chainguard-dev and is the recommended
kaniko to use. This will allow us to keep our dependencies up to date
and avoid issues with the unmaintained GoogleContainerTools/kaniko project.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Only log once (per phase) when we have to get target distro information from /etc/os-release
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save the distro information the first time we read /etc/os-release, so that we end up only reading that file once
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* add failing test to restorer
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* restorer and exporter working as expected
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* lint
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update phase/restorer.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update phase/cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/image_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* Update cache/volume_cache.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* update based on feedback
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
* fix log
* temp fix
* this does not work as is. I think we need to modify img utils.
Image utils should fail with a Layer Not found in both ReuseLayer & GetLayer.
For GetLayer, when there is a missing blob, it's return an unexpected EOF error.
For ReuseLayer, when there is a missing blob, it's not returning an error but it should.
* add eof check
* add not exist check
* reuse layer test
* fix test regression
---------
Signed-off-by: Joey Brown <brown.joseph@salesforce.com>
Co-authored-by: Joey Brown <brown.joseph@salesforce.com>
* Restore cached launch layers not found in appLayers
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* add platform api guard
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
* Provide context folder for extensions
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* Address PR feedback
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* Split tests by platform API
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Signed-off-by: Johannes Dillmann <j.dillmann@sap.com>
* Add unit test for FindContexts
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* acceptnance tests
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* Address PR feedback
Signed-off-by: Philipp Stehle <philipp.stehle@sap.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Signed-off-by: Johannes Dillmann <j.dillmann@sap.com>
Signed-off-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Remove buildpack APIs 0.2-0.6 according to https://github.com/buildpacks/rfcs/blob/main/text/0110-deprecate-apis.md
- Fix acceptance by updating fixtures to use newer Buildpack API version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove backwards compatible glue for buildpacks missing API version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When pulling remote image data, fail if the remote image is not found
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When validating dockerfiles, set extend to true if there are any instructions (vs more than one instruction)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update matching logic when considering if two image names are equivalent to ignore the digest portion of the reference if present (for the purpose of selecting data from run.toml to add to the lifecycle metadata label i.e., “run image for rebase”)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Comments and cleanup
Don't print `%!s(<nil>)` if nil is provided to the "parse maybe" function
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When exporting, continue to use run image identifier (which could be a digest reference or daemon image ID)
instead of falling back to image name when exporting to a daemon.
Previously, the digest reference was incorrect which caused the daemon not to find the image.
But when provided a correct digest reference the daemon can still find it.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add Contains method to structs that hold run image information for export
When determining if a provided reference is found in existing metadata, remove its digest -
except when setting the new run image "image" in analyzed.toml,
because we should always respect what the extension author wrote.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When finding the run image info for export, use the run image "image" (name)
in analyzed.toml as the search key, because the run image "reference" could be a daemon image ID
or include the digest, which isn't helpful when retrieving image names that are supposed to float.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix detector acceptance and add more logging
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix: use "image" instead of "reference" and also guard against image not found
when we are only updating the reference and target data in analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Warn whenever --force is used
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Trying to make the diff better
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update name.ParseMaybe to return the tag & add tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make the code simpler by re-using RunImageForExport within RunImageForRebase
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove unneeded check
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add hint about -force in the case that failure can be overridden
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
- Fix daemon invocation by trying to read app image after we have a docker client
- Don't do stack validation for images built on newer platforms
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor: create new package for files in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move CNB business logic from file -> platform package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment and var names for clarity
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove AccessChecker interface in favor of function signature type
- Remove unused testhelpers
- Make AccessChecker an emergent property of LifecycleInputs (vs something that needs to be set)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comments with more info
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add history when adding buildpack or extension layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* REVERTME: point imgutil to feature branch
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Parse extension ID from history so that we can output a useful log message
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Avoid extra wrapping
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bump imgutil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance by overriding imgutil methods for "caching image"
We need to add to the launch cache when adding layers so that the next build will be faster
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add tests for layer factory
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test for extender should update history
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move history methods to imgutil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix exporter acceptance by fixing imgutil
The digest for a remote image from imgutil
should match the digest for a remote image from ggcr
unless the user specifically requested modifications like overriding history
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test; fix layer name when there is only one slice
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bump imgutil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
imgutil mutates the image (history) for newer platforms, so the SHA is different
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Point imgutil back to commit on main, also bump containerd
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make a single constructor for lifecycle inputs
- The logic to update the default path for TOML files was repeated across phases
- In general it is safe to provide default values for inputs that might not be relevant to the current phase,
as these will be ignored when constructing a new service for the phase;
e.g., platform.LifecycleInputs.OrderPath will be ignored when constructing a lifecycle.Exporter
- As more inputs are shared across phases (e.g., analyzed.toml is now an input to the detect phase),
duplicating the logic for providing default values is becoming more cumbersome
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read values from environment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Buildpack API: run.Dockerfiles are allowed instructions on versions >= 0.10
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the detector accepts a new -run flag
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move responsibility for validating Dockerfiles into the buildpack package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When verifying Dockerfiles, return the new base image name if necessary
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When determining the new runtime base image, use criteria outlined in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the schema of analyzed.toml is updated to include run-image.extend = <true or false, default false>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* TESTME: Update analyzed.toml with new run image if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* If extensions are used to switch the runtime base image, the detector should fail if the selected base image is not found in run.toml.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add fixture to test re-writing of analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move updating analyzed.toml into lifecycle package for easier testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the restorer will update analyzed.toml with:
- digest ref for run image
- target data for run image
Additionally the restorer will download the run image manifest & config when extend is true
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update acceptance/extender_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* The extender accepts new -extended and -kind flags
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back selective package
Because we change the media types to be oci types (vs docker types) this changes the digest of the image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test for run image extension
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: break me up into separate commits
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Validate extend config during buildpack/generate
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address some TODOs and refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Set io.buildpacks.rebasable
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix merge and restore selective package
imgutil/layout/sparse modifies the image media types which we don't want
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update analyzed.toml with digest reference or target data if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't redefine -layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: add acceptance test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: first assertion passes
FIXME: extended layers should be small
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: Second assertion passes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add new assertions and rename variables for clarity; fix exporter units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save extended run image under <extended>/run
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check for nil config and make the loop simpler
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix ineffectual assignment to err
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix typo
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add positive assertion
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make constants for asserted log lines
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Acceptance test passes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix some TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update imgutil to point to branch commit
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add support to extending daemon images
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix image ref when exporting to daemon
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* More fixes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Improve script to test on fork
Clarify names of cosign secrets and remove Codecov
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comments
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Small fixes, units pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add generator units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixes
- We shouldn't try to use extension layers if they exist in <layers>/extended unless experimental features are enabled
- We only know the size of the compressed layer, so we can't use io.CopyN (but we don't need to guard against decompression bomb anyway since we control the layers)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Rename fixture dirs so that we can check out source code on Windows
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back Cleanup()
We need access to the final image after all Dockerfiles have been applied,
so we need to create the working directory outside the applier loop.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update imgutil branch
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix restorer acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance test by making it less brittle
Instead of hard-coding the run image and run image top layer SHAs,
we can derive their values
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixups from PR review
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Point imgutil back to main
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update generator.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update exporter.go
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check err type when we fail to get a layer from a sparse image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
* detect linux flavors by reading etc/os-release
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* little more cleanup and better tests
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* fix bad assertion in linux test
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* sure is a good thing those newlines will never make it into production
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* make format
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update internal/fsutil/os_detection.go
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* cleanups
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update internal/fsutil/os_detection.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* finish systemic rename
avoid conflating linux with partial sysd implementatations
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Make a single constructor for lifecycle inputs
- The logic to update the default path for TOML files was repeated across phases
- In general it is safe to provide default values for inputs that might not be relevant to the current phase,
as these will be ignored when constructing a new service for the phase;
e.g., platform.LifecycleInputs.OrderPath will be ignored when constructing a lifecycle.Exporter
- As more inputs are shared across phases (e.g., analyzed.toml is now an input to the detect phase),
duplicating the logic for providing default values is becoming more cumbersome
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read values from environment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Buildpack API: run.Dockerfiles are allowed instructions on versions >= 0.10
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the detector accepts a new -run flag
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move responsibility for validating Dockerfiles into the buildpack package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When verifying Dockerfiles, return the new base image name if necessary
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When determining the new runtime base image, use criteria outlined in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the schema of analyzed.toml is updated to include run-image.extend = <true or false, default false>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* TESTME: Update analyzed.toml with new run image if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* If extensions are used to switch the runtime base image, the detector should fail if the selected base image is not found in run.toml.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add fixture to test re-writing of analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move updating analyzed.toml into lifecycle package for easier testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the restorer will update analyzed.toml with:
- digest ref for run image
- target data for run image
Additionally the restorer will download the run image manifest & config when extend is true
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update acceptance/extender_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* The extender accepts new -extended and -kind flags
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back selective package
Because we change the media types to be oci types (vs docker types) this changes the digest of the image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test for run image extension
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: break me up into separate commits
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Validate extend config during buildpack/generate
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address some TODOs and refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Set io.buildpacks.rebasable
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix merge and restore selective package
imgutil/layout/sparse modifies the image media types which we don't want
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update analyzed.toml with digest reference or target data if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't redefine -layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save extended run image under <extended>/run
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check for nil config and make the loop simpler
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix ineffectual assignment to err
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix typo
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add positive assertion
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make constants for asserted log lines
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Introduce -launcher-sbom as new flag to the exporter and creator
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add unit test and update acceptance test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* acceptance: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* archive: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* auth: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* buildpack: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* cache: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* cmd/lifecycle: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* env: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* internal: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* launch: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* layers: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* priv: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* testhelpers: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* tools: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* lifecycle: move from io/ioutil to io and os packages
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* ci(lint): auto lint fixes
Signed-off-by: Michael de Senna <desenna@gmail.com>
* fix: replace deprecated funcs
Signed-off-by: Michael de Senna <desenna@gmail.com>
* ci(lint): fix many io/ioutil staticcheck
Signed-off-by: Michael de Senna <desenna@gmail.com>
* fix: import os
Signed-off-by: Michael de Senna <desenna@gmail.com>
Signed-off-by: Michael de Senna <desenna@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* When platform API is at least 0.10, run the restore phase always but pass
-skip-restore as skip layers to skip layer metadata and SBOM restoration
This ensures:
- In the 5 phase invocation, the restorer can always run (for extension purposes)
- The 5 phase invocation will match the creator invocation
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix selective write test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Consolidate logic in the platform package
- Remove the platform/launch package as it is not needed to avoid having the launcher depend on the lifecycle
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Reinstate platform/launch package to keep the launcher binary smaller
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix constant
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't mount layers fixture in container
This way changes from the first build (/layers/config/metadata.toml, /layers/sbom, etc.)
are not propagated to the second build.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Set environment variables from the extended build image in the build context
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix format string
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Restorer pulls builder manifest and config
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Copy extend-config.toml from extension output to /layers/generated
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Only import kaniko on linux
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: units pass
Refactor buildpack build, detect, and generate to separate data model from service
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: fixed some TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: addressed some more TODOs, units pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: units pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: acceptance tests pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address some minor TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When running extender acceptance, don't mount in /workspace directory
This leads to incorrect permissions issues when running on linux
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't try to check for specific curl version
This appears flaky
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* fixes from testing. (#902)
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
* Lint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add tests and TODO
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Change CNB_BUILDPACK_DIR -> CNB_EXTENSION_DIR
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fill in default generated dir
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Ensure kaniko doesn't try to pull 'oci:/kaniko/cache/base/sha256:XXX' from a remote registry
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix panic
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix assertion
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Pass build_id as UUID to Dockerfile
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add tests for selective package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove kaniko fork
- Fix acceptance by adding CacheRunLayers option and moving 'ARG build_id=0' statements
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix windows
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Dockerfile validation (#918)
* Add Dockerfile Validation
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
* use mobi buildkit dockerfile parsing
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
* Add units for Dockerfile validation
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix launcher
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Minor improvements
- Test ReadGroup for extensions
- Ensure stderr is captured for acceptance test that might expect it
- Read group.toml into an accurate struct (that has extension and optional set for extensions)
and set these fields to false before writing out to TOML or JSON
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Skip image extensions tests on Windows
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Ozzy Osborne <bardweller@gmail.com>
Co-authored-by: Javier Romero <rjavier@vmware.com>
Co-authored-by: Ozzy Osborne <bardweller@gmail.com>
* Allow storing multiple commands instead of a single string (#900)
* Allow storing multiple commands instead of a single string
This is a first step to implementing #322. This PR is updating our internal structs to allow for a slice of commands while keeping the external API and behavior the same. A future PR will implement handling multiple commands depending on the API version and changing the behavior of the launcher and metadat file output changes.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Comment on usage of cmp.Option
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Add comment on Matches interface usage for testing
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Added test for launch.toml decoding branching logic
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Apply suggestions from code review
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Apply suggestions from code review
* fixup! Apply suggestions from code review
* Fix editing daemon settings
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixing up existing tests
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Remove now unused process specific decode paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Clean up more serialization paths
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Remove toml wrapping code
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Added comment on UnmarshalTOML
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Put back code I didn't mean to remove
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Update launch/launch.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* removed line
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Upgrade go to 1.18 (#907)
* Use go 1.18 in CI
* Bump deps (except toml)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix process type parsing (#912)
* Use the last part of the path when trying to find matching process. (#903)
* Use the last part of the path when trying to find matching process.
The process was comparing the base path minus the extension, which was blocking types with a `.` in them from ever matching.
Fixes#895
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Use the last part of the path when trying to find matching process.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Upgrade go to 1.18 (#907)
* Use go 1.18 in CI
* Bump deps (except toml)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Test path lookup (#909)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Revert "Merge branch 'release/0.14.2' into jab/fix-process-type-parsing"
This reverts commit 6f56a31733, reversing
changes made to e544937760.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Bump imgutil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
* If rename fails, fall back to copy and delete on Windows
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Rename internal/io to internal/fsutil
This avoids import collisions with go's io package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* fsutil.Copy explicitly ignores weird edge cases
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Acceptance tests pass with creator commented out
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix creator
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add unit tests for analyze inputs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add scaffold for analyzer builder unit tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add many unit tests, still have some TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address most TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Acceptance tests pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* A few more TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back go 1.16
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add unit test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove nolint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove unneeded things
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Use operations pattern
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor tests to take advantage of operations pattern
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add missing tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix lint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Analyzer factory assigns "nop" services by default
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Try to fix registry handler test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move new package from cmd/lifecycle/platform to platform/inputs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Updates per PR review
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Test the platform instead of the exiter
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Combine cmd/lifecycle/platform and platform
With some small changes to avoid an import cycle, we can make a meaningful platform package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Clean up constructors
Eventually only the platform package should switch on platform api
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove ForAnalyzer struct
Having the analyzer factory take a list of args will ensure we don't forget
to update the creator when things change.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Combine cmd/launcher/platform and platform
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove spec alias
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move cache metadata back to platform
The lifecycle shouldn't have to depend on the cache package, just the interface
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment and remove unused vars
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add test for buildpack incompatibility error
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix typo
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Specify windows-2019 since windows-2022 is the default runner now (#816)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bump containerd to v1.5.10 (#822)
- Removes CVEs (CVE-2022-23648 & CVE-2021-43816) reported in containerd 1.5.8 & 1.5.9
Signed-off-by: matthewmcnew <mmcnew@pivotal.io>
* When restoring sbom files, silently ignore if the bp layers directory does not exist (#832)
This can happen when there are sbom files for launch but the cache is empty
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Matthew McNew <mmcnew@pivotal.io>
* Write sbom.legacy.json files for newer platform api
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't print empty bom for platform 0.9
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix function name
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Return empty bom for newer platform
Due to limitations of our TOML library, we can't add MarshalTOML to the top-level struct.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Use standard capitalization for sbom
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add new flags to analyzer
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Use nop restorer when not supported by the platform.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Pass through skip layers from the creator
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move empty check inside service
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix failing tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix bug where sbom is not restored for launch=true cache=false layers
Because the layer directory does not exist in the build container, the lifecycle
did not bother to look for any sbom files.
This changes `eachDir` to `eachLayer`. Usages of the return value of `eachLayer`
will not fail if the layer directory does not exist.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Unit tests passing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Acceptance tests passing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove focus
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix format
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make test setup simpler
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix format
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix volume permissions issue
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Updates from code review && fix
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't fail if failed to remove directory
This is the approach taken by analyzer acceptance and pack.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix bug when layers/sbom is not cleared if -skip-restore is used
Signed-off-by: Natalie Arellano <narellano@vmware.com>
- Use heroku/color for colors
- Use apex/logger for base logger
- Fix compiling for Windows
Signed-off-by: Micah Young <myoung@pivotal.io>
Signed-off-by: Javier Romero <jromero@pivotal.io>
Angel Montero