Make sure the warning message is safely guarded with a length check before attempting to access the first element of the slice.
Make sure the `ValidateOutputImageProvided` function is called first in the input resolve process to ensure the output image is provided before attempting to resolve the input image in other validation functions.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Only log once (per phase) when we have to get target distro information from /etc/os-release
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save the distro information the first time we read /etc/os-release, so that we end up only reading that file once
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Target data: populate os/arch as well as distro information
Fixes https://github.com/buildpacks/lifecycle/issues/1371
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Only os and arch are truly required
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix one more unit
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix even more units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Ensure read access to the run image selected by extensions
Co-authored-by: Nicolas Bender <nicolas.bender@sap.com>
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* move read access check to the restorer cmd
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* guard behind platform version check
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Nicolas Bender <nicolas.bender@sap.com>
* More fixes for target compat checking during detect
- If a buildpack fails to specify os/arch (but specifies distro) still check targets
- If the run image fails to specify os/arch (this should not happen actually as we will fail during analyze) still check targets
- Fix typo in buildpack descriptor struct so that we actually get stack information
- If we get distro information from /etc/os-release, persist this information to later invocations to that the log message
printed when errors are encountered will be accurate
- Don't override inner `i` in loop (this should not actually affect the outer loop but is confusing)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When stack is "any", don't infer empty target as it is not needed
Missing targets is sufficient for wildcard match
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove backwards compatible glue that actually causes fewer builds to succeed
Fixes https://github.com/buildpacks/lifecycle/issues/1355
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove exit (this was added for debugging purposes)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Reorder functions in file
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Also read distro information from /etc/os-release when checking target compat
https://github.com/buildpacks/lifecycle/pull/1347 reads the file when providing target env vars
to buildpacks during detect, but we also need to consider this info when deciding whether or not to run
detect for the buildpack
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Error if we don't find run image OS during analyze
And remove checks for missing OS later in the build, as it should always be there
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read `/etc/os-release` file when distro information is not present in labels
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* fix unit tests
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
* Update phase/generator_test.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Pavel Busko <busko.pavel@gmail.com>
* Update phase/generator_test.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Pavel Busko <busko.pavel@gmail.com>
---------
Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Signed-off-by: Pavel Busko <busko.pavel@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
The spec and docs say that the run image distro and version should be
specified via the Docker image labels `io.buildpacks.base.distro.name`
and `io.buildpacks.base.distro.version`.
See:
https://github.com/buildpacks/spec/blob/buildpack/v0.10/platform.md#target-data
However, until now the lifecycle implementation was checking for
label names that were missing the `.base` substring from the name.
This causes distro name/version `buildpack.toml` target detection
to fail, as well as the env vars `CNB_TARGET_DISTRO_NAME` and
`CNB_TARGET_DISTRO_VERSION` not to be set correctly in the
buildpack environment.
Fixes#1324.
Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com>
* Fix: log level and color level should be configurable via the env
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix version
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update order and comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Always set CNB_TARGET_* variables during detect, build, and generate
when the Buildpack API version is at least 0.10.
Previously, we only set these variables when the Platform API version was at least 0.12.
But, newer Buildpack APIs expect these variables regardless of the Platform API version.
If we are on an older platform, derive the target variables from the base image OS.
Fixes https://github.com/buildpacks/lifecycle/issues/1308
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix unit
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix unit again
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix rebase run-image resolution
Currently, if `-run-image` is not set, `io.buildpacks.lifecycle.metdata[runImage.reference]` is used. This does not follow the [Run Image Resolution spec](https://github.com/buildpacks/spec/blob/main/platform.md#run-image-resolution), which specifies using `io.buildpacks.lifecycle.metdata[runImage.image]` and optionally `io.buildpacks.lifecycle.metdata[runImage.mirrors]`. Because of this, it ends up making `lifecycle rebase` without the `-run-image` flag a no-op because the run image is pinned to the same version instead of getting the latest.
This change simplfies and unifies the behavior for before and after Platform Version 0.12 so that they both read the same run-image data type (just from different locations), and then validate and resolve mirrors the same.
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Rewrite if-else-if-else as switch for go-critic
This is to make go-critic happy. See https://github.com/go-critic/go-critic/issues/453.
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Extract and test platform.GetRunImageFromMetadata
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
---------
Signed-off-by: Ryan Brainard <966764+ryanbrainard@users.noreply.github.com>
* Consolidate methods that read and write platform spec'd TOML
in platform/files package.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Calculate lifecycle digest and output version as part of acceptance testing
This can help us diagnose weird failures in CI
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add the support to the new --insecure-registry parameter
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add the support to the new --insecure-registry parameter in the creator command
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add keychain mock and handler test
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support for a single insecure registry
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support to multiple insecure registries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Adjusted flag name
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Fix problem with the mock
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* InsecureRegistry to InsecureRegistries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Address comment on FlagTags parity
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Parse the InsecureRegistry env variable with comma separated values
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Changed InsecureRegistry to InsecureRegistries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Changing name at the env variable
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Exporter now accept insecure registries
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bump up toward the latest version of imgutil
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove legacy guard
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add WithRegistrySetting with insecure registries into restorer
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support for insecure registries to the rebaser
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add rebaser testdata directory to .gitignore
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Cleaned testdata directory
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove testdata rebaser entries from .gitignore
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add support to insecure registies for the read-write registry check
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Move registryHandler into its own file into the image package
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add dockerfile.windows
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Introducing GetInsecureRegistryOptions
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Fix linter problems
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove legacy guards and add test support to arm64
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove duplication and utilize new GetInsecureRegistryOptions function
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Extract common code for getting insecure registry options from imageRef
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Added cli flags behind proper guards
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bumped up to the imgutil latest version with the insecure adjustment and renamed the getInsecureRegistryOptions function
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Make the getInsecureOptions a static method as a temporary solution to remove duplications
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Added insecure registry to the runImage in the rebaser
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Bump up to the latest version of imgutil with the multiple registries fix
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Go mod tidy
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove insecure-registry filter based on the imageRef
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Remove reduntant for loop and added a test for multiple GetInsecureOptions
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Don't remove whitespaces between buildpacks names
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* Add FlagInsecureRegistries behind 0.13 guards
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
---------
Signed-off-by: Domenico Luciani <dluciani@vmware.com>
* restorer gets layers flag again
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* add explanatory debug logs so a reader knows why the buildpacks are read twice.
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* warn when a positional argument might have been a flag (#1147)
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Add test for empty digest not returned
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance by providing a base image when we instantiate the remote run image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* timestamp logs and phase error message cherry-picks (#1164)
* timestamp logs for entry/exit for all the top-level Lifecycle package functions
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
fixing names
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
using defer to make one-liners for fun and profit
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
and today we thank our brave linters for preventing critical defects such as unnecessary trailing newlines from being merged. Its about time somebody thought of the children.
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* be more helpful when you dont recognize the phase
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Simplifies target matching logic per spec PR review (#1166)
* Update units without updating code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Unpend test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add units for rebase without updating code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update rebase code
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix lint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When we read the descriptor file, don't fill in "*" as a magic value as missing values are wildcard matches
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Stricter validation for rebase
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add -daemon to restorer (#1168)
This is needed when extensions were used to switch (but not extend) the run image
and we need to re-read the target data from the image config.
In such cases, we don't need the run image to exist in a registry,
because we don't need a manifest for kaniko.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove CNB_TARGET_ID according to https://github.com/buildpacks/spec/pull/374 and https://github.com/buildpacks/spec/pull/375 (#1175)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Field renames per spec review (#1170)
* Rename distributions -> distros in the buildpack spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Rename distributions -> distros in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* force pack acceptance tests to build with a version of go that can still make HTTP requests to docker daemon (#1158)
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Joe Kimmel <jkimmel@vmware.com>
Co-authored-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Require the CNB_PLATFORM_API env var to be set, instead of defaulting to (deprecated) version 0.3
Instead of defaulting to a newer Platform API version, which would silently change behavior
for platforms that do not currently set this env var.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When pulling remote image data, fail if the remote image is not found
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When validating dockerfiles, set extend to true if there are any instructions (vs more than one instruction)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update matching logic when considering if two image names are equivalent to ignore the digest portion of the reference if present (for the purpose of selecting data from run.toml to add to the lifecycle metadata label i.e., “run image for rebase”)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Comments and cleanup
Don't print `%!s(<nil>)` if nil is provided to the "parse maybe" function
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When exporting, continue to use run image identifier (which could be a digest reference or daemon image ID)
instead of falling back to image name when exporting to a daemon.
Previously, the digest reference was incorrect which caused the daemon not to find the image.
But when provided a correct digest reference the daemon can still find it.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add Contains method to structs that hold run image information for export
When determining if a provided reference is found in existing metadata, remove its digest -
except when setting the new run image "image" in analyzed.toml,
because we should always respect what the extension author wrote.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When finding the run image info for export, use the run image "image" (name)
in analyzed.toml as the search key, because the run image "reference" could be a daemon image ID
or include the digest, which isn't helpful when retrieving image names that are supposed to float.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix detector acceptance and add more logging
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix: use "image" instead of "reference" and also guard against image not found
when we are only updating the reference and target data in analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When checking read/write access, if there is no access, surface the error that occurred
This can be helpful in debugging failed builds where access is expected
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance by continuing when iterating through run image mirrors
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Point imgutil back to main
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Warn whenever --force is used
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Trying to make the diff better
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update name.ParseMaybe to return the tag & add tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make the code simpler by re-using RunImageForExport within RunImageForRebase
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove unneeded check
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add hint about -force in the case that failure can be overridden
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
- Fix daemon invocation by trying to read app image after we have a docker client
- Don't do stack validation for images built on newer platforms
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Clarify log messages and omitempty
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix accpetance by updating fixtures & update user check
- We shouldn't fail if extensions leave the user ID as root when extending the build image,
as the lifecycle will drop privileges to the provided -uid and -gid when running the build phase.
- If the user ID is still root, the `builder` will fail.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Small fixes from user testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixes from user acceptance
- Removes -stack flag from analyzer
- Fixes debug log message
- Removes deprecated rand.Seed
Signed-off-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
* Bump linter to a version that will work with go 1.20
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Restorer should ensure ownership of kaniko directory
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* pull the less-than case for flags out of the switch
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* appease the windows linter
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Fix weird log output
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Co-authored-by: Joe Kimmel <joe-kimmel-vmw@vmware.com>
Co-authored-by: Joe Kimmel <jkimmel@vmware.com>
* metadata label is more clearly named and always has stacks
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update exporter.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Update exporter.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* (with @natalieparellano) simplify exporter interface by removing legacy stack arg and only constructing it when needed for metadata label
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Refactor: create new package for files in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move CNB business logic from file -> platform package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment and var names for clarity
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove AccessChecker interface in favor of function signature type
- Remove unused testhelpers
- Make AccessChecker an emergent property of LifecycleInputs (vs something that needs to be set)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comments with more info
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When rebasing, update stack/runImage key in lifecycle metadata label
if the provided run image does not match existing metadata.
See https://github.com/buildpacks/spec/pull/360
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update rebaser_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* CNB_TARGET_ env vars
- allowed to be passed through in the env vars allow-list
- threaded through builder
- threaded through detector
- threaded through generator
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update buildpack/generate.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Update buildpack/generate.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* Update cmd/lifecycle/builder.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Fix updating run image reference
We should use the reference that the extension wrote, as that is expected to be in the daemon (when building locally)
`ref.Context().RepositoryStr()` strips the reference of the registry which may not be desired;
we should trust the extension to write the correct reference instead.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance test by updating fixture
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update README
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Use run image function instead of accessing the field directly
Safer in the case the run image is nil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Change fixture to point to pullable image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When running pack acceptance, don't consider release candidates or pre-releases
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Pin pack version for acceptance to v0.28.0
pack v0.29.0 accidentally declares support for platform API 0.12
and the acceptance tests aren't passing because `pack build` hasn't actually been updated
with support for platform API 0.12
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make a single constructor for lifecycle inputs
- The logic to update the default path for TOML files was repeated across phases
- In general it is safe to provide default values for inputs that might not be relevant to the current phase,
as these will be ignored when constructing a new service for the phase;
e.g., platform.LifecycleInputs.OrderPath will be ignored when constructing a lifecycle.Exporter
- As more inputs are shared across phases (e.g., analyzed.toml is now an input to the detect phase),
duplicating the logic for providing default values is becoming more cumbersome
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read values from environment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Buildpack API: run.Dockerfiles are allowed instructions on versions >= 0.10
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the detector accepts a new -run flag
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move responsibility for validating Dockerfiles into the buildpack package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When verifying Dockerfiles, return the new base image name if necessary
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When determining the new runtime base image, use criteria outlined in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the schema of analyzed.toml is updated to include run-image.extend = <true or false, default false>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* TESTME: Update analyzed.toml with new run image if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* If extensions are used to switch the runtime base image, the detector should fail if the selected base image is not found in run.toml.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add fixture to test re-writing of analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move updating analyzed.toml into lifecycle package for easier testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the restorer will update analyzed.toml with:
- digest ref for run image
- target data for run image
Additionally the restorer will download the run image manifest & config when extend is true
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update acceptance/extender_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* The extender accepts new -extended and -kind flags
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back selective package
Because we change the media types to be oci types (vs docker types) this changes the digest of the image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test for run image extension
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: break me up into separate commits
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Validate extend config during buildpack/generate
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address some TODOs and refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Set io.buildpacks.rebasable
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix merge and restore selective package
imgutil/layout/sparse modifies the image media types which we don't want
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update analyzed.toml with digest reference or target data if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't redefine -layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: add acceptance test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: first assertion passes
FIXME: extended layers should be small
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: Second assertion passes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add new assertions and rename variables for clarity; fix exporter units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save extended run image under <extended>/run
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check for nil config and make the loop simpler
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix ineffectual assignment to err
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix typo
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add positive assertion
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make constants for asserted log lines
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Acceptance test passes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix some TODOs
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update imgutil to point to branch commit
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add support to extending daemon images
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix image ref when exporting to daemon
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* More fixes
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Improve script to test on fork
Clarify names of cosign secrets and remove Codecov
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comments
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Small fixes, units pass
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add generator units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixes
- We shouldn't try to use extension layers if they exist in <layers>/extended unless experimental features are enabled
- We only know the size of the compressed layer, so we can't use io.CopyN (but we don't need to guard against decompression bomb anyway since we control the layers)
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix test
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Rename fixture dirs so that we can check out source code on Windows
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back Cleanup()
We need access to the final image after all Dockerfiles have been applied,
so we need to create the working directory outside the applier loop.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update imgutil branch
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix restorer acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance test by making it less brittle
Instead of hard-coding the run image and run image top layer SHAs,
we can derive their values
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fixups from PR review
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix units
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Point imgutil back to main
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update generator.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update exporter.go
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check err type when we fail to get a layer from a sparse image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
* Validate OS, Arch, Variant and optional labels on rebase
For 0.12 and beyond, rebase is now validating the OS, Arch, Variant and io.buildpack labels specific to OS. This can be skipped with the --force flag.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Copy io.buildpacks.base.* labels on rebase
For platforms running 0.12 and beyond, copy the io.buildpacks.base.* labels to the new image on rebase.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Copy io.buildpacks.base.* labels on rebase
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Skip validation if the image was built < 0.12
If the target image was built prior to 0.12, do not run the additional validation. This is because the validation is not backwards compatible with older images. Older images may not have the required fields and we don't want to force platforms to use the `--force` flag.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
---------
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* detect linux flavors by reading etc/os-release
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* little more cleanup and better tests
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* fix bad assertion in linux test
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* sure is a good thing those newlines will never make it into production
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* make format
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update internal/fsutil/os_detection.go
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* cleanups
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
* Update internal/fsutil/os_detection.go
Co-authored-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
* finish systemic rename
avoid conflating linux with partial sysd implementatations
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
---------
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Signed-off-by: Joe Kimmel <86852107+joe-kimmel-vmw@users.noreply.github.com>
Co-authored-by: Jesse Brown <jabrown85@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com>
* Make a single constructor for lifecycle inputs
- The logic to update the default path for TOML files was repeated across phases
- In general it is safe to provide default values for inputs that might not be relevant to the current phase,
as these will be ignored when constructing a new service for the phase;
e.g., platform.LifecycleInputs.OrderPath will be ignored when constructing a lifecycle.Exporter
- As more inputs are shared across phases (e.g., analyzed.toml is now an input to the detect phase),
duplicating the logic for providing default values is becoming more cumbersome
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read values from environment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Buildpack API: run.Dockerfiles are allowed instructions on versions >= 0.10
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the detector accepts a new -run flag
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move responsibility for validating Dockerfiles into the buildpack package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When verifying Dockerfiles, return the new base image name if necessary
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When determining the new runtime base image, use criteria outlined in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the schema of analyzed.toml is updated to include run-image.extend = <true or false, default false>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* TESTME: Update analyzed.toml with new run image if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* If extensions are used to switch the runtime base image, the detector should fail if the selected base image is not found in run.toml.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add fixture to test re-writing of analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move updating analyzed.toml into lifecycle package for easier testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the restorer will update analyzed.toml with:
- digest ref for run image
- target data for run image
Additionally the restorer will download the run image manifest & config when extend is true
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update acceptance/extender_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* The extender accepts new -extended and -kind flags
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bring back selective package
Because we change the media types to be oci types (vs docker types) this changes the digest of the image
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add acceptance test for run image extension
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* WIP: break me up into separate commits
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Validate extend config during buildpack/generate
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Address some TODOs and refactor
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Set io.buildpacks.rebasable
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix merge and restore selective package
imgutil/layout/sparse modifies the image media types which we don't want
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update analyzed.toml with digest reference or target data if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't redefine -layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Save extended run image under <extended>/run
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Check for nil config and make the loop simpler
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix ineffectual assignment to err
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Cleanup extender tests
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix typo
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add positive assertion
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Make constants for asserted log lines
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add --force flag to rebase command
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Validate io.buildpacks.rebasable label on rebase
For platforms >= 0.12 - the rebaser will now fail if the io.buildpacks.rebasable label is set to false when the force flag is not set.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Read rebase from io.buildpacks.lifecycle.metdata runImage
For Platforms >= 0.12, the default rebase target has moved to the `runImage` key in the `io.buildpacks.lifecycle.metadata` label. This change allows the lifecycle to read the `runImage` key and use it as the default rebase target.
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Validate io.buildpacks.rebasable label on rebase
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Add --force flag to rebase command
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* fixup! Read rebase from io.buildpacks.lifecycle.metdata runImage
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
---------
Signed-off-by: Jesse Brown <jabrown85@gmail.com>
* Make a single constructor for lifecycle inputs
- The logic to update the default path for TOML files was repeated across phases
- In general it is safe to provide default values for inputs that might not be relevant to the current phase,
as these will be ignored when constructing a new service for the phase;
e.g., platform.LifecycleInputs.OrderPath will be ignored when constructing a lifecycle.Exporter
- As more inputs are shared across phases (e.g., analyzed.toml is now an input to the detect phase),
duplicating the logic for providing default values is becoming more cumbersome
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Read values from environment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Buildpack API: run.Dockerfiles are allowed instructions on versions >= 0.10
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the detector accepts a new -run flag
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move responsibility for validating Dockerfiles into the buildpack package
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When verifying Dockerfiles, return the new base image name if necessary
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* When determining the new runtime base image, use criteria outlined in the platform spec
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the schema of analyzed.toml is updated to include run-image.extend = <true or false, default false>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* TESTME: Update analyzed.toml with new run image if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* If extensions are used to switch the runtime base image, the detector should fail if the selected base image is not found in run.toml.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add fixture to test re-writing of analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Move updating analyzed.toml into lifecycle package for easier testing
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Platform API: the restorer will update analyzed.toml with:
- digest ref for run image
- target data for run image
Additionally the restorer will download the run image manifest & config when extend is true
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update acceptance/extender_test.go
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix merge and restore selective package
imgutil/layout/sparse modifies the image media types which we don't want
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Update analyzed.toml with digest reference or target data if needed
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't redefine -layers
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Test organization and remove the requirement that we're exporting to a registry to use run image extensions
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Test that we don't update target data for older platforms
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Remove target partial and use helper function
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Bump imgutil
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix acceptance
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Use imgutil/sparse package instead of internal/selective package
We'll be able to fully remove internal/selective
when we update tests for the extender as part of https://github.com/buildpacks/lifecycle/issues/998
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Don't try to pull a builder image if it wasn't specified
Ensure we write a digest reference to analyzed.toml
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Fix lint
Signed-off-by: Natalie Arellano <narellano@vmware.com>
* Add and update comment
Signed-off-by: Natalie Arellano <narellano@vmware.com>
---------
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Jesse Brown