mirror of https://github.com/docker/docs.git
vendor: github.com/moby/buildkit master
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
parent
9074503b2a
commit
e17fdb53a0
|
@ -608,19 +608,19 @@ RUN echo $VERSION > image_version
|
|||
|
||||
The `RUN` instruction will execute any commands to create a new layer on top of
|
||||
the current image. The added layer is used in the next step in the Dockerfile.
|
||||
`RUN` has two forms:
|
||||
|
||||
```dockerfile
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y curl
|
||||
# Shell form:
|
||||
RUN [OPTIONS] <command> ...
|
||||
# Exec form:
|
||||
RUN [OPTIONS] [ "<command>", ... ]
|
||||
```
|
||||
|
||||
You can specify `RUN` instructions using
|
||||
[shell or exec forms](#shell-and-exec-form):
|
||||
For more information about the differences between these two forms, see
|
||||
[shell or exec forms](#shell-and-exec-form).
|
||||
|
||||
- `RUN ["executable","param1","param2"]` (exec form)
|
||||
- `RUN command param1 param2` (shell form)
|
||||
|
||||
The shell form is most commonly used, and lets you more easily break up longer
|
||||
The shell form is most commonly used, and lets you break up longer
|
||||
instructions into multiple lines, either using newline [escapes](#escape), or
|
||||
with [heredocs](#here-documents):
|
||||
|
||||
|
@ -631,6 +631,12 @@ apt-get install -y curl
|
|||
EOF
|
||||
```
|
||||
|
||||
The available `[OPTIONS]` for the `RUN` instruction are:
|
||||
|
||||
- [`--mount`](#run---mount)
|
||||
- [`--network`](#run---network)
|
||||
- [`--security`](#run---security)
|
||||
|
||||
### Cache invalidation for RUN instructions
|
||||
|
||||
The cache for `RUN` instructions isn't invalidated automatically during
|
||||
|
@ -644,11 +650,11 @@ guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practi
|
|||
|
||||
The cache for `RUN` instructions can be invalidated by [`ADD`](#add) and [`COPY`](#copy) instructions.
|
||||
|
||||
## RUN --mount
|
||||
### RUN --mount
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Added in [`docker/dockerfile:1.2`](#syntax)
|
||||
```dockerfile
|
||||
RUN --mount=[type=<TYPE>][,option=<value>[,option=<value>]...]
|
||||
```
|
||||
|
||||
`RUN --mount` allows you to create filesystem mounts that the build can access.
|
||||
This can be used to:
|
||||
|
@ -657,9 +663,7 @@ This can be used to:
|
|||
- Access build secrets or ssh-agent sockets
|
||||
- Use a persistent package management cache to speed up your build
|
||||
|
||||
Syntax: `--mount=[type=<TYPE>][,option=<value>[,option=<value>]...]`
|
||||
|
||||
### Mount types
|
||||
The supported mount types are:
|
||||
|
||||
| Type | Description |
|
||||
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------- |
|
||||
|
@ -804,18 +808,16 @@ $ docker buildx build --ssh default=$SSH_AUTH_SOCK .
|
|||
You can also specify a path to `*.pem` file on the host directly instead of `$SSH_AUTH_SOCK`.
|
||||
However, pem files with passphrases are not supported.
|
||||
|
||||
## RUN --network
|
||||
### RUN --network
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Added in [`docker/dockerfile:1.1`](#syntax)
|
||||
```dockerfile
|
||||
RUN --network=<TYPE>
|
||||
```
|
||||
|
||||
`RUN --network` allows control over which networking environment the command
|
||||
is run in.
|
||||
|
||||
Syntax: `--network=<TYPE>`
|
||||
|
||||
### Network types
|
||||
The supported network types are:
|
||||
|
||||
| Type | Description |
|
||||
| -------------------------------------------- | -------------------------------------- |
|
||||
|
@ -858,15 +860,18 @@ The command is run in the host's network environment (similar to
|
|||
> and for a build request with [`--allow network.host` flag](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow).
|
||||
{ .warning }
|
||||
|
||||
## RUN --security
|
||||
### RUN --security
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Not yet available in stable syntax, use [`docker/dockerfile:1-labs`](#syntax) version.
|
||||
|
||||
### RUN --security=insecure
|
||||
```dockerfile
|
||||
RUN --security=<sandbox|insecure>
|
||||
```
|
||||
|
||||
With `--security=insecure`, builder runs the command without sandbox in insecure
|
||||
The default security mode is `sandbox`.
|
||||
With `--security=insecure`, the builder runs the command without sandbox in insecure
|
||||
mode, which allows to run flows requiring elevated privileges (e.g. containerd).
|
||||
This is equivalent to running `docker run --privileged`.
|
||||
|
||||
|
@ -878,6 +883,8 @@ This is equivalent to running `docker run --privileged`.
|
|||
> and for a build request with [`--allow security.insecure` flag](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow).
|
||||
{ .warning }
|
||||
|
||||
Default sandbox mode can be activated via `--security=sandbox`, but that is no-op.
|
||||
|
||||
#### Example: check entitlements
|
||||
|
||||
```dockerfile
|
||||
|
@ -890,10 +897,6 @@ RUN --security=insecure cat /proc/self/status | grep CapEff
|
|||
#84 0.093 CapEff: 0000003fffffffff
|
||||
```
|
||||
|
||||
### RUN --security=sandbox
|
||||
|
||||
Default sandbox mode can be activated via `--security=sandbox`, but that is no-op.
|
||||
|
||||
## CMD
|
||||
|
||||
The `CMD` instruction sets the command to be executed when running a container
|
||||
|
@ -1135,28 +1138,22 @@ RUN apt-get update && apt-get install -y ...
|
|||
|
||||
## ADD
|
||||
|
||||
ADD has two forms:
|
||||
|
||||
```dockerfile
|
||||
ADD [--chown=<user>:<group>] [--chmod=<perms>] [--checksum=<checksum>] <src>... <dest>
|
||||
ADD [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]
|
||||
```
|
||||
|
||||
ADD has two forms.
|
||||
The latter form is required for paths containing whitespace.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
|
||||
> and doesn't work on Windows containers. Since user and group ownership concepts do
|
||||
> not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
|
||||
> translating user and group names to IDs restricts this feature to only be viable
|
||||
> for Linux OS-based containers.
|
||||
```dockerfile
|
||||
ADD [OPTIONS] <src> ... <dest>
|
||||
ADD [OPTIONS] ["<src>", ... "<dest>"]
|
||||
```
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> `--chmod` is supported since [Dockerfile 1.3](https://docs.docker.com/build/buildkit/dockerfile-frontend/).
|
||||
> Only octal notation is currently supported. Non-octal support is tracked in
|
||||
> [moby/buildkit#1951](https://github.com/moby/buildkit/issues/1951).
|
||||
The available `[OPTIONS]` are:
|
||||
|
||||
- [`--keep-git-dir`](#add---keep-git-dir)
|
||||
- [`--checksum`](#add---checksum)
|
||||
- [`--chown`](#add---chown---chmod)
|
||||
- [`--chmod`](#add---chown---chmod)
|
||||
- [`--link`](#add---link)
|
||||
- [`--exclude`](#add---exclude)
|
||||
|
||||
The `ADD` instruction copies new files, directories or remote file URLs from `<src>`
|
||||
and adds them to the filesystem of the image at the path `<dest>`.
|
||||
|
@ -1168,13 +1165,13 @@ the context of the build.
|
|||
Each `<src>` may contain wildcards and matching will be done using Go's
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
|
||||
To add all files starting with "hom":
|
||||
To add all files in the root of the build context starting with "hom":
|
||||
|
||||
```dockerfile
|
||||
ADD hom* /mydir/
|
||||
```
|
||||
|
||||
In the example below, `?` is replaced with any single character, e.g., "home.txt".
|
||||
In the following example, `?` is a single-character wildcard, matching e.g. "home.txt".
|
||||
|
||||
```dockerfile
|
||||
ADD hom?.txt /mydir/
|
||||
|
@ -1204,30 +1201,6 @@ named `arr[0].txt`, use the following;
|
|||
ADD arr[[]0].txt /mydir/
|
||||
```
|
||||
|
||||
All new files and directories are created with a UID and GID of 0, unless the
|
||||
optional `--chown` flag specifies a given username, groupname, or UID/GID
|
||||
combination to request specific ownership of the content added. The
|
||||
format of the `--chown` flag allows for either username and groupname strings
|
||||
or direct integer UID and GID in any combination. Providing a username without
|
||||
groupname or a UID without GID will use the same numeric UID as the GID. If a
|
||||
username or groupname is provided, the container's root filesystem
|
||||
`/etc/passwd` and `/etc/group` files will be used to perform the translation
|
||||
from name to integer UID or GID respectively. The following examples show
|
||||
valid definitions for the `--chown` flag:
|
||||
|
||||
```dockerfile
|
||||
ADD --chown=55:mygroup files* /somedir/
|
||||
ADD --chown=bin files* /somedir/
|
||||
ADD --chown=1 files* /somedir/
|
||||
ADD --chown=10:11 files* /somedir/
|
||||
ADD --chown=myuser:mygroup --chmod=655 files* /somedir/
|
||||
```
|
||||
|
||||
If the container root filesystem doesn't contain either `/etc/passwd` or
|
||||
`/etc/group` files and either user or group names are used in the `--chown`
|
||||
flag, the build will fail on the `ADD` operation. Using numeric IDs requires
|
||||
no lookup and doesn't depend on container root filesystem content.
|
||||
|
||||
In the case where `<src>` is a remote file URL, the destination will
|
||||
have permissions of 600. If the remote file being retrieved has an HTTP
|
||||
`Last-Modified` header, the timestamp from that header will be used
|
||||
|
@ -1311,35 +1284,9 @@ doesn't support authentication.
|
|||
- If `<dest>` doesn't exist, it's created, along with all missing directories
|
||||
in its path.
|
||||
|
||||
### Verifying a remote file checksum `ADD --checksum=<checksum> <http src> <dest>`
|
||||
### Adding private Git repositories
|
||||
|
||||
The checksum of a remote file can be verified with the `--checksum` flag:
|
||||
|
||||
```dockerfile
|
||||
ADD --checksum=sha256:24454f830cdb571e2c4ad15481119c43b3cafd48dd869a9b2945d1036d1dc68d https://mirrors.edge.kernel.org/pub/linux/kernel/Historic/linux-0.01.tar.gz /
|
||||
```
|
||||
|
||||
The `--checksum` flag only supports HTTP sources currently.
|
||||
|
||||
### Adding a Git repository `ADD <git ref> <dir>`
|
||||
|
||||
This form allows adding a Git repository to an image directly, without using the `git` command inside the image:
|
||||
|
||||
```dockerfile
|
||||
ADD [--keep-git-dir=<boolean>] <git ref> <dir>
|
||||
```
|
||||
|
||||
```dockerfile
|
||||
# syntax=docker/dockerfile:1
|
||||
FROM alpine
|
||||
ADD --keep-git-dir=true https://github.com/moby/buildkit.git#v0.10.1 /buildkit
|
||||
```
|
||||
|
||||
The `--keep-git-dir=true` flag adds the `.git` directory. This flag defaults to false.
|
||||
|
||||
### Adding a private git repository
|
||||
|
||||
To add a private repo via SSH, create a Dockerfile with the following form:
|
||||
To add a private repository via SSH, create a Dockerfile with the following form:
|
||||
|
||||
```dockerfile
|
||||
# syntax=docker/dockerfile:1
|
||||
|
@ -1357,28 +1304,67 @@ $ docker build --ssh default
|
|||
$ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --ssh default
|
||||
```
|
||||
|
||||
## ADD --link
|
||||
### ADD --keep-git-dir
|
||||
|
||||
```dockerfile
|
||||
ADD [--keep-git-dir=<boolean>] <src> ... <dir>
|
||||
```
|
||||
|
||||
When `<src>` is the HTTP or SSH address of a remote Git repository,
|
||||
BuildKit adds the contents of the Git repository to the image
|
||||
excluding the `.git` directory by default.
|
||||
|
||||
The `--keep-git-dir=true` flag lets you preserve the `.git` directory.
|
||||
|
||||
```dockerfile
|
||||
# syntax=docker/dockerfile:1
|
||||
FROM alpine
|
||||
ADD --keep-git-dir=true https://github.com/moby/buildkit.git#v0.10.1 /buildkit
|
||||
```
|
||||
|
||||
### ADD --checksum
|
||||
|
||||
```dockerfile
|
||||
ADD [--checksum=<hash>] <src> ... <dir>
|
||||
```
|
||||
|
||||
The `--checksum` flag lets you verify the checksum of a remote resource:
|
||||
|
||||
```dockerfile
|
||||
ADD --checksum=sha256:24454f830cdb571e2c4ad15481119c43b3cafd48dd869a9b2945d1036d1dc68d https://mirrors.edge.kernel.org/pub/linux/kernel/Historic/linux-0.01.tar.gz /
|
||||
```
|
||||
|
||||
The `--checksum` flag only supports HTTP sources currently.
|
||||
|
||||
### ADD --chown --chmod
|
||||
|
||||
See [`COPY --chown --chmod`](#copy---chown---chmod).
|
||||
|
||||
### ADD --link
|
||||
|
||||
See [`COPY --link`](#copy---link).
|
||||
|
||||
### ADD --exclude
|
||||
|
||||
See [`COPY --exclude`](#copy---exclude).
|
||||
|
||||
## COPY
|
||||
|
||||
COPY has two forms:
|
||||
COPY has two forms.
|
||||
The latter form is required for paths containing whitespace.
|
||||
|
||||
```dockerfile
|
||||
COPY [--chown=<user>:<group>] [--chmod=<perms>] <src>... <dest>
|
||||
COPY [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]
|
||||
COPY [OPTIONS] <src> ... <dest>
|
||||
COPY [OPTIONS] ["<src>", ... "<dest>"]
|
||||
```
|
||||
|
||||
This latter form is required for paths containing whitespace
|
||||
The available `[OPTIONS]` are:
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
|
||||
> and doesn't work on Windows containers. Since user and group ownership concepts do
|
||||
> not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
|
||||
> translating user and group names to IDs restricts this feature to only be viable for
|
||||
> Linux OS-based containers.
|
||||
- [`--chown`](#copy---chown---chmod)
|
||||
- [`--chmod`](#copy---chown---chmod)
|
||||
- [`--link`](#copy---link)
|
||||
- [`--parents`](#copy---parents)
|
||||
- [`--exclude`](#copy---exclude)
|
||||
|
||||
The `COPY` instruction copies new files or directories from `<src>`
|
||||
and adds them to the filesystem of the container at the path `<dest>`.
|
||||
|
@ -1390,13 +1376,13 @@ of the build.
|
|||
Each `<src>` may contain wildcards and matching will be done using Go's
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
|
||||
|
||||
To add all files starting with "hom":
|
||||
To add all files in the root of the build context starting with "hom":
|
||||
|
||||
```dockerfile
|
||||
COPY hom* /mydir/
|
||||
```
|
||||
|
||||
In the example below, `?` is replaced with any single character, e.g., "home.txt".
|
||||
In the following example, `?` is a single-character wildcard, matching e.g. "home.txt".
|
||||
|
||||
```dockerfile
|
||||
COPY hom?.txt /mydir/
|
||||
|
@ -1426,30 +1412,6 @@ named `arr[0].txt`, use the following;
|
|||
COPY arr[[]0].txt /mydir/
|
||||
```
|
||||
|
||||
All new files and directories are created with a UID and GID of 0, unless the
|
||||
optional `--chown` flag specifies a given username, groupname, or UID/GID
|
||||
combination to request specific ownership of the copied content. The
|
||||
format of the `--chown` flag allows for either username and groupname strings
|
||||
or direct integer UID and GID in any combination. Providing a username without
|
||||
groupname or a UID without GID will use the same numeric UID as the GID. If a
|
||||
username or groupname is provided, the container's root filesystem
|
||||
`/etc/passwd` and `/etc/group` files will be used to perform the translation
|
||||
from name to integer UID or GID respectively. The following examples show
|
||||
valid definitions for the `--chown` flag:
|
||||
|
||||
```dockerfile
|
||||
COPY --chown=55:mygroup files* /somedir/
|
||||
COPY --chown=bin files* /somedir/
|
||||
COPY --chown=1 files* /somedir/
|
||||
COPY --chown=10:11 files* /somedir/
|
||||
COPY --chown=myuser:mygroup --chmod=644 files* /somedir/
|
||||
```
|
||||
|
||||
If the container root filesystem doesn't contain either `/etc/passwd` or
|
||||
`/etc/group` files and either user or group names are used in the `--chown`
|
||||
flag, the build will fail on the `COPY` operation. Using numeric IDs requires
|
||||
no lookup and does not depend on container root filesystem content.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> If you build using STDIN (`docker build - < somefile`), there is no
|
||||
|
@ -1499,11 +1461,52 @@ attempted to be used instead.
|
|||
> guide – Leverage build cache](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache)
|
||||
> for more information.
|
||||
|
||||
## COPY --link
|
||||
### COPY --chown --chmod
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Added in [`docker/dockerfile:1.4`](#syntax)
|
||||
> Only octal notation is currently supported. Non-octal support is tracked in
|
||||
> [moby/buildkit#1951](https://github.com/moby/buildkit/issues/1951).
|
||||
|
||||
```dockerfile
|
||||
COPY [--chown=<user>:<group>] [--chmod=<perms> ...] <src> ... <dest>
|
||||
```
|
||||
|
||||
The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
|
||||
and doesn't work on Windows containers. Since user and group ownership concepts do
|
||||
not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
|
||||
translating user and group names to IDs restricts this feature to only be viable for
|
||||
Linux OS-based containers.
|
||||
|
||||
All files and directories copied from the build context are created with a UID and GID of 0.unless the
|
||||
optional `--chown` flag specifies a given username, groupname, or UID/GID
|
||||
combination to request specific ownership of the copied content. The
|
||||
format of the `--chown` flag allows for either username and groupname strings
|
||||
or direct integer UID and GID in any combination. Providing a username without
|
||||
groupname or a UID without GID will use the same numeric UID as the GID. If a
|
||||
username or groupname is provided, the container's root filesystem
|
||||
`/etc/passwd` and `/etc/group` files will be used to perform the translation
|
||||
from name to integer UID or GID respectively. The following examples show
|
||||
valid definitions for the `--chown` flag:
|
||||
|
||||
```dockerfile
|
||||
COPY --chown=55:mygroup files* /somedir/
|
||||
COPY --chown=bin files* /somedir/
|
||||
COPY --chown=1 files* /somedir/
|
||||
COPY --chown=10:11 files* /somedir/
|
||||
COPY --chown=myuser:mygroup --chmod=644 files* /somedir/
|
||||
```
|
||||
|
||||
If the container root filesystem doesn't contain either `/etc/passwd` or
|
||||
`/etc/group` files and either user or group names are used in the `--chown`
|
||||
flag, the build will fail on the `COPY` operation. Using numeric IDs requires
|
||||
no lookup and does not depend on container root filesystem content.
|
||||
|
||||
### COPY --link
|
||||
|
||||
```dockerfile
|
||||
COPY [--link[=<boolean>]] <src> ... <dest>
|
||||
```
|
||||
|
||||
Enabling this flag in `COPY` or `ADD` commands allows you to copy files with
|
||||
enhanced semantics where your files remain independent on their own layer and
|
||||
|
@ -1534,7 +1537,7 @@ COPY /foo /bar
|
|||
|
||||
and merging all the layers of both images together.
|
||||
|
||||
### Benefits of using `--link`
|
||||
#### Benefits of using `--link`
|
||||
|
||||
Use `--link` to reuse already built layers in subsequent builds with
|
||||
`--cache-from` even if the previous layers have changed. This is especially
|
||||
|
@ -1555,7 +1558,7 @@ the files in the base image. In that case BuildKit will only build the layers
|
|||
for the `COPY` commands and push them to the registry directly on top of the
|
||||
layers of the base image.
|
||||
|
||||
### Incompatibilities with `--link=false`
|
||||
#### Incompatibilities with `--link=false`
|
||||
|
||||
When using `--link` the `COPY/ADD` commands are not allowed to read any files
|
||||
from the previous state. This means that if in previous state the destination
|
||||
|
@ -1568,21 +1571,20 @@ path, using `--link` is always recommended. The performance of `--link` is
|
|||
equivalent or better than the default behavior and, it creates much better
|
||||
conditions for cache reuse.
|
||||
|
||||
## COPY --parents
|
||||
### COPY --parents
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Available in [`docker/dockerfile-upstream:master-labs`](#syntax).
|
||||
> Will be included in `docker/dockerfile:1.6-labs`.
|
||||
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
|
||||
|
||||
```dockerfile
|
||||
COPY [--parents[=<boolean>]] <src>... <dest>
|
||||
COPY [--parents[=<boolean>]] <src> ... <dest>
|
||||
```
|
||||
|
||||
The `--parents` flag preserves parent directories for `src` entries. This flag defaults to `false`.
|
||||
|
||||
```dockerfile
|
||||
# syntax=docker/dockerfile-upstream:master-labs
|
||||
# syntax=docker/dockerfile:1.7-labs
|
||||
FROM scratch
|
||||
|
||||
COPY ./x/a.txt ./y/a.txt /no_parents/
|
||||
|
@ -1593,8 +1595,28 @@ COPY --parents ./x/a.txt ./y/a.txt /parents/
|
|||
# /parents/y/a.txt
|
||||
```
|
||||
|
||||
This behavior is analogous to the [Linux `cp` utility's](https://www.man7.org/linux/man-pages/man1/cp.1.html)
|
||||
`--parents` flag.
|
||||
This behavior is similar to the [Linux `cp` utility's](https://www.man7.org/linux/man-pages/man1/cp.1.html)
|
||||
`--parents` or [`rsync`](https://man7.org/linux/man-pages/man1/rsync.1.html) `--relative` flag.
|
||||
|
||||
As with Rsync, it is possible to limit which parent directories are preserved by
|
||||
inserting a dot and a slash (`./`) into the source path. If such point exists, only parent
|
||||
directories after it will be preserved. This may be especially useful copies between stages
|
||||
with `--from` where the source paths need to be absolute.
|
||||
|
||||
```dockerfile
|
||||
# syntax=docker/dockerfile:1.7-labs
|
||||
FROM scratch
|
||||
|
||||
COPY --parents ./x/./y/*.txt /parents/
|
||||
|
||||
# Build context:
|
||||
# ./x/y/a.txt
|
||||
# ./x/y/b.txt
|
||||
#
|
||||
# Output:
|
||||
# /parents/y/a.txt
|
||||
# /parents/y/b.txt
|
||||
```
|
||||
|
||||
Note that, without the `--parents` flag specified, any filename collision will
|
||||
fail the Linux `cp` operation with an explicit error message
|
||||
|
@ -1607,6 +1629,36 @@ to keep the layer count in the resulting image as low as possible. Therefore,
|
|||
with the `--parents` flag, the Buildkit is capable of packing multiple
|
||||
`COPY` instructions together, keeping the directory structure intact.
|
||||
|
||||
### COPY --exclude
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
|
||||
|
||||
```dockerfile
|
||||
COPY [--exclude=<path> ...] <src> ... <dest>
|
||||
```
|
||||
|
||||
The `--exclude` flag lets you specify a path expression for files to be excluded.
|
||||
|
||||
The path expression follows the same format as `<src>`,
|
||||
supporting wildcards and matching using Go's
|
||||
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules.
|
||||
For example, to add all files starting with "hom", excluding files with a `.txt` extension:
|
||||
|
||||
```dockerfile
|
||||
COPY --exclude=*.txt hom* /mydir/
|
||||
```
|
||||
|
||||
You can specify the `--exclude` option multiple times for a `COPY` instruction.
|
||||
Multiple `--excludes` are files matching its patterns not to be copied,
|
||||
even if the files paths match the pattern specified in `<src>`.
|
||||
To add all files starting with "hom", excluding files with either `.txt` or `.md` extensions:
|
||||
|
||||
```dockerfile
|
||||
COPY --exclude=*.txt --exclude=*.md hom* /mydir/
|
||||
```
|
||||
|
||||
## ENTRYPOINT
|
||||
|
||||
An `ENTRYPOINT` allows you to configure a container that will run as an executable.
|
||||
|
@ -2619,10 +2671,6 @@ required such as `zsh`, `csh`, `tcsh` and others.
|
|||
|
||||
## Here-Documents
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Added in [`docker/dockerfile:1.4`](#syntax)
|
||||
|
||||
Here-documents allow redirection of subsequent Dockerfile lines to the input of
|
||||
`RUN` or `COPY` commands. If such command contains a [here-document](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04)
|
||||
the Dockerfile considers the next lines until the line only containing a
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible
|
||||
# github.com/moby/buildkit v0.13.0
|
||||
# github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2
|
||||
# github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e
|
||||
# github.com/docker/buildx v0.0.0-00010101000000-000000000000
|
||||
# github.com/docker/scout-cli v1.4.1
|
||||
# github.com/docker/cli v26.0.0-rc1+incompatible
|
||||
# github.com/docker/compose/v2 v2.24.6
|
||||
# github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000
|
||||
|
|
7
go.mod
7
go.mod
|
@ -5,9 +5,9 @@ go 1.21
|
|||
toolchain go1.21.1
|
||||
|
||||
require (
|
||||
github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2 // indirect
|
||||
github.com/docker/buildx v0.12.0-rc2.0.20231219140829-617f538cb315 // indirect
|
||||
github.com/docker/cli v26.0.0-rc1+incompatible // indirect
|
||||
github.com/docker/compose/v2 v2.24.6 // indirect
|
||||
github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 // indirect
|
||||
github.com/docker/scout-cli v1.4.1 // indirect
|
||||
github.com/moby/buildkit v0.13.0 // indirect
|
||||
github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible // indirect
|
||||
|
@ -18,6 +18,7 @@ replace (
|
|||
github.com/docker/cli => github.com/docker/cli v25.0.4-0.20240221083216-f67e569a8fb9+incompatible
|
||||
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.24.6
|
||||
github.com/docker/scout-cli => github.com/docker/scout-cli v1.4.1
|
||||
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34
|
||||
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e
|
||||
github.com/moby/moby => github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible
|
||||
)
|
||||
|
||||
|
|
8
go.sum
8
go.sum
|
@ -114,6 +114,7 @@ github.com/docker/compose/v2 v2.24.6 h1:V5fOXgga0hYy4wHsygCquO6/k++8q3WuckU7Qo1c
|
|||
github.com/docker/compose/v2 v2.24.6/go.mod h1:ugV3/2KoKEeM98ZYF9vsYwnSExC4xLGxblAqXB6HUXQ=
|
||||
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
|
||||
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
|
||||
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q=
|
||||
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
|
||||
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
|
||||
|
@ -199,6 +200,12 @@ github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f h1:weCt2sfZ
|
|||
github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f/go.mod h1:vEcIVw63dZyhTgbcyQWXlZrtrKnvFoSI8LhfV+Vj0Jg=
|
||||
github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 h1:9oIm9T7YyDxRAXvP7y605G3TZmPGZjFvRHbbMJcIDy8=
|
||||
github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34/go.mod h1:tSWWhq1EDM0eB3ngMNDiH2hOOW9fXTyn2uXuOraCLlE=
|
||||
github.com/moby/buildkit v0.13.0-rc3.0.20240307012628-5a4c2975457b h1:lMLGJ3ErbAa5eGsVj7CkmN/2ByyyUFs3abfX99+C4pA=
|
||||
github.com/moby/buildkit v0.13.0-rc3.0.20240307012628-5a4c2975457b/go.mod h1:P5zIr3pyh1VQoK751o5JFtogepVcLi9+77PTfmvJwls=
|
||||
github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e h1:lEQehVlOgEMJ6bZvx3TWFjFE9Cic4fWJplNNQtYUX/A=
|
||||
github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e/go.mod h1:P5zIr3pyh1VQoK751o5JFtogepVcLi9+77PTfmvJwls=
|
||||
github.com/moby/buildkit v0.13.0 h1:reVR1Y+rbNIUQ9jf0Q1YZVH5a/nhOixZsl+HJ9qQEGI=
|
||||
github.com/moby/buildkit v0.13.0/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k=
|
||||
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
|
||||
github.com/moby/moby v24.0.2+incompatible h1:yH+5dRHH1x3XRKzl1THA2aGTy6CHYnkt5N924ADMax8=
|
||||
github.com/moby/moby v24.0.2+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
|
||||
|
@ -224,6 +231,7 @@ github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYB
|
|||
github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
|
||||
github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
|
||||
github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
|
||||
github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU=
|
||||
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
|
|
Loading…
Reference in New Issue