diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6dc12b3d..b40f1cf3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -39,6 +39,12 @@ jobs:
with:
go-version: "~1.22"
+ - name: Download Go modules
+ run: go mod download
+
+ - name: Lint
+ run: make -j lint
+
- name: Test
run: make test
docs:
@@ -51,8 +57,8 @@ jobs:
with:
go-version: "~1.22"
- - name: Generate docs
- run: make docs
+ - name: Generate env vars docs
+ run: make docs/env-variables.md
- name: Check for unstaged files
run: git diff --exit-code
@@ -93,18 +99,18 @@ jobs:
- name: Build
if: github.event_name == 'pull_request'
run: |
- VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
- BASE=ghcr.io/coder/envbuilder-preview
+ ./scripts/build.sh \
+ --arch=amd64
./scripts/build.sh \
- --arch=amd64 \
- --base=$BASE \
- --tag=$VERSION
+ --arch=arm64
+
+ ./scripts/build.sh \
+ --arch=arm
- name: Build and Push
if: github.ref == 'refs/heads/main'
run: |
- VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
BASE=ghcr.io/coder/envbuilder-preview
./scripts/build.sh \
@@ -112,5 +118,4 @@ jobs:
--arch=arm64 \
--arch=arm \
--base=$BASE \
- --tag=$VERSION \
--push
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3f03b2fd..6c83f1e0 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -19,7 +19,12 @@ jobs:
name: Build and publish
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
+
+ # Workaround for actions/checkout#1467
+ - name: Fetch tags
+ run: |
+ git fetch --tags --depth 1 --force
- name: Echo Go Cache Paths
id: go-cache-paths
@@ -44,11 +49,18 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- - name: Build and Push
+ - name: Get version
+ id: get-version
+ env:
+ ENVBUILDER_RELEASE: "t"
run: |
- VERSION=$(./scripts/version.sh)
- BASE=ghcr.io/coder/envbuilder
+ echo "ENVBUILDER_VERSION=$(./scripts/version.sh)" >> $GITHUB_OUTPUT
+ - name: Build and Push
+ env:
+ VERSION: "${{ steps.get-version.outputs.ENVBUILDER_VERSION }}"
+ BASE: "ghcr.io/coder/envbuilder"
+ run: |
./scripts/build.sh \
--arch=amd64 \
--arch=arm64 \
diff --git a/Makefile b/Makefile
index 42fd1db4..ca4c0e6d 100644
--- a/Makefile
+++ b/Makefile
@@ -4,10 +4,25 @@ PWD=$(shell pwd)
GO_SRC_FILES := $(shell find . -type f -name '*.go' -not -name '*_test.go')
GO_TEST_FILES := $(shell find . -type f -not -name '*.go' -name '*_test.go')
GOLDEN_FILES := $(shell find . -type f -name '*.golden')
+SHELL_SRC_FILES := $(shell find . -type f -name '*.sh')
+GOLANGCI_LINT_VERSION := v1.59.1
fmt: $(shell find . -type f -name '*.go')
go run mvdan.cc/gofumpt@v0.6.0 -l -w .
+.PHONY: lint
+lint: lint/go lint/shellcheck
+
+.PHONY: lint/go
+lint/go: $(GO_SRC_FILES)
+ go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+ golangci-lint run --timeout=10m
+
+.PHONY: lint/shellcheck
+lint/shellcheck: $(SHELL_SRC_FILES)
+ echo "--- shellcheck"
+ shellcheck --external-sources $(SHELL_SRC_FILES)
+
develop:
./scripts/develop.sh
@@ -18,10 +33,10 @@ build: scripts/envbuilder-$(GOARCH)
update-golden-files: .gen-golden
.gen-golden: $(GOLDEN_FILES) $(GO_SRC_FILES) $(GO_TEST_FILES)
- go test . -update
+ go test ./options -update
@touch "$@"
-docs: options.go
+docs/env-variables.md: options/options.go options/options_test.go
go run ./scripts/docsgen/main.go
.PHONY: test
diff --git a/README.md b/README.md
index aa5c5e64..af5323de 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
-# envbuilder
+
+
-[](https://discord.gg/coder)
-[](https://github.com/coder/envbuilder/pkgs/container/envbuilder)
-[](https://pkg.go.dev/github.com/coder/envbuilder)
-[](./LICENSE)
+# Envbuilder
Build development environments from a Dockerfile on Docker, Kubernetes, and OpenShift. Allow developers to modify their environment in a tight feedback loop.
@@ -11,33 +13,24 @@ Build development environments from a Dockerfile on Docker, Kubernetes, and Open
- Cache image layers with registries for speedy builds
- Runs on Kubernetes, Docker, and OpenShift
-
+## Getting Started
-## Quickstart
+The easiest way to get started is by running the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container.
-The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container.
-
-> `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory.
+> **Note**: The `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory if needed.
```bash
-docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \
- -e ENVBUILDER_INIT_SCRIPT=bash \
+docker run -it --rm
+ -v /tmp/envbuilder:/workspaces
+ -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer
+ -e ENVBUILDER_INIT_SCRIPT=bash
ghcr.io/coder/envbuilder
```
Edit `.devcontainer/Dockerfile` to add `htop`:
```bash
-$ vim .devcontainer/Dockerfile
+vim .devcontainer/Dockerfile
```
```diff
@@ -45,249 +38,31 @@ $ vim .devcontainer/Dockerfile
+ RUN apt-get install vim sudo htop -y
```
-Exit the container, and re-run the `docker run` command... after the build completes, `htop` should exist in the container! 🥳
-
-> [!NOTE]
-> Envbuilder performs destructive filesystem operations! To guard against accidental data
-> loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value.
-> If you need to bypass this behavior for any reason, you can bypass this safety check by setting
-> `ENVBUILDER_FORCE_SAFE=true`.
-
-### Git Branch Selection
-
-Choose a branch using `ENVBUILDER_GIT_URL` with a _ref/heads_ reference. For instance:
-
-```
-ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch
-```
-
-## Container Registry Authentication
-
-envbuilder uses Kaniko to build containers. You should [follow their instructions](https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries) to create an authentication configuration.
-
-After you have a configuration that resembles the following:
-
-```json
-{
- "auths": {
- "https://index.docker.io/v1/": {
- "auth": "base64-encoded-username-and-password"
- }
- }
-}
-```
-
-`base64` encode the JSON and provide it to envbuilder as the `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable.
-
-Alternatively, if running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and
-pass it into the pod as a volume mount. This example will work for all registries.
-
-```shell
-# Artifactory example
-kubectl create secret docker-registry regcred \
- --docker-server=my-artifactory.jfrog.io \
- --docker-username=read-only \
- --docker-password=secret-pass \
- --docker-email=me@example.com \
- -n coder
-```
-
-```hcl
-resource "kubernetes_deployment" "example" {
- metadata {
- namespace = coder
- }
- spec {
- spec {
- container {
- # Define the volumeMount with the pull credentials
- volume_mount {
- name = "docker-config-volume"
- mount_path = "/envbuilder/config.json"
- sub_path = ".dockerconfigjson"
- }
- }
- # Define the volume which maps to the pull credentials
- volume {
- name = "docker-config-volume"
- secret {
- secret_name = "regcred"
- }
- }
- }
- }
-}
-```
-
-### Docker Hub
+Exit the container and re-run the `docker run` command. After the build completes, `htop` should be available in the container! 🥳
-Authenticate with `docker login` to generate `~/.docker/config.json`. Encode this file using the `base64` command:
-
-```bash
-$ base64 -w0 ~/.docker/config.json
-ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
-```
-
-Provide the encoded JSON config to envbuilder:
-
-```env
-ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
-```
-
-### Docker-in-Docker
-
-See [here](./docs/docker.md) for instructions on running Docker containers inside
-environments built by Envbuilder.
-
-## Git Authentication
-
-Two methods of authentication are supported:
-
-### HTTP Authentication
-
-If `ENVBUILDER_GIT_URL` starts with `http://` or `https://`, envbuilder will
-authenticate with `ENVBUILDER_GIT_USERNAME` and `ENVBUILDER_GIT_PASSWORD`, if set.
-
-For access token-based authentication, follow the following schema (if empty, there's no need to provide the field):
-
-| Provider | `ENVBUILDER_GIT_USERNAME` | `ENVBUILDER_GIT_PASSWORD` |
-| ------------ | ------------------------- | ------------------------- |
-| GitHub | [access-token] | |
-| GitLab | oauth2 | [access-token] |
-| BitBucket | x-token-auth | [access-token] |
-| Azure DevOps | [access-token] | |
-
-If using envbuilder inside of [Coder](https://github.com/coder/coder), you can use the `coder_external_auth` Terraform resource to automatically provide this token on workspace creation:
-
-```hcl
-data "coder_external_auth" "github" {
- id = "github"
-}
-
-resource "docker_container" "dev" {
- env = [
- ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token,
- ]
-}
-```
+To explore more examples, tips, and advanced usage, check out the following guides:
-### SSH Authentication
-
-If `ENVBUILDER_GIT_URL` does not start with `http://` or `https://`,
-envbuilder will assume SSH authentication. You have the following options:
-
-1. Public/Private key authentication: set `ENVBUILDER_GIT_SSH_KEY_PATH` to the path of an
- SSH private key mounted inside the container. Envbuilder will use this SSH
- key to authenticate. Example:
-
- ```bash
- docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
- -e ENVBUILDER_INIT_SCRIPT=bash \
- -e ENVBUILDER_GIT_SSH_KEY_PATH=/.ssh/id_rsa \
- -v /home/user/id_rsa:/.ssh/id_rsa \
- ghcr.io/coder/envbuilder
- ```
-
-1. Agent-based authentication: set `SSH_AUTH_SOCK` and mount in your agent socket, for example:
-
- ```bash
- docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
- -e ENVBUILDER_INIT_SCRIPT=bash \
- -e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \
- -v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \
- ghcr.io/coder/envbuilder
- ```
-
-> Note: by default, envbuilder will accept and log all host keys. If you need
-> strict host key checking, set `SSH_KNOWN_HOSTS` and mount in a `known_hosts`
-> file.
-
-
-## Layer Caching
-
-Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable.
-
-```bash
-CACHE_REPO=ghcr.io/coder/repo-cache
-```
-
-To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`:
-
-```bash
-docker run -it --rm \
- -v /tmp/envbuilder-cache:/cache \
- -e ENVBUILDER_LAYER_CACHE_DIR=/cache
- ...
-```
-
-Each layer is stored in the registry as a separate image. The image tag is the hash of the layer's contents. The image digest is the hash of the image tag. The image digest is used to pull the layer from the registry.
-
-The performance improvement of builds depends on the complexity of your
-Dockerfile. For
-[`coder/coder`](https://github.com/coder/coder/blob/main/.devcontainer/Dockerfile),
-uncached builds take 36m while cached builds take 40s (~98% improvement).
-
-## Pushing the built image
-
-Set `ENVBUILDER_PUSH_IMAGE=1` to push the entire image to the cache repo
-in addition to individual layers. `ENVBUILDER_CACHE_REPO` **must** be set in
-order for this to work.
-
-> **Note:** this option forces Envbuilder to perform a "reproducible" build.
-> This will force timestamps for all newly added files to be set to the start of the UNIX epoch.
-
-## Probe Layer Cache
-
-To check for the presence of a pre-built image, set
-`ENVBUILDER_GET_CACHED_IMAGE=1`. Instead of building the image, this will
-perform a "dry-run" build of the image, consulting `ENVBUILDER_CACHE_REPO` for
-each layer.
-
-If any layer is found not to be present in the cache repo, envbuilder
-will exit with an error. Otherwise, the image will be emitted in the log output prefixed with the string
-`ENVBUILDER_CACHED_IMAGE=...`.
-
-## Image Caching
-
-When the base container is large, it can take a long time to pull the image from the registry. You can pre-pull the image into a read-only volume and mount it into the container to speed up builds.
-
-```bash
-# Pull your base image from the registry to a local directory.
-docker run --rm \
- -v /tmp/kaniko-cache:/cache \
- gcr.io/kaniko-project/warmer:latest \
- --cache-dir=/cache \
- --image=
-
-# Run envbuilder with the local image cache.
-docker run -it --rm \
- -v /tmp/kaniko-cache:/image-cache:ro \
- -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache
-```
-
-In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
-
-A sample script to pre-fetch a number of images can be viewed [here](./examples/kaniko-cache-warmer.sh). This can be run, for example, as a cron job to periodically fetch the latest versions of a number of base images.
+- [Using Local Files](./docs/using-local-files.md)
+- [Usage with Coder](./docs/usage-with-coder.md)
+- [Container Registry Authentication](./docs/container-registry-auth.md)
+- [Git Authentication](./docs/git-auth.md)
+- [Caching](./docs/caching.md)
+- [Custom Certificates](./docs/custom-certificates.md)
## Setup Script
The `ENVBUILDER_SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process.
-> [!NOTE]
-> `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`).
+> **Note**: `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`).
Write the following to `$ENVBUILDER_ENV` to shape the container's init process:
-- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g.`root`).
+- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g., `root`).
- `ENVBUILDER_INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`).
-- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g. `-c 'sleep infinity'`).
+- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g., `-c 'sleep infinity'`).
```bash
-# init.sh - change the init if systemd exists
+# init.sh - Change the init if systemd exists
if command -v systemd >/dev/null; then
echo "Hey 👋 $TARGET_USER"
echo ENVBUILDER_INIT_COMMAND=systemd >> $ENVBUILDER_ENV
@@ -295,44 +70,42 @@ else
echo ENVBUILDER_INIT_COMMAND=bash >> $ENVBUILDER_ENV
fi
-# run envbuilder with the setup script
-docker run -it --rm \
- -v ./:/some-dir \
- -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh \
+# Run envbuilder with the setup script
+docker run -it --rm
+ -v ./:/some-dir
+ -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh
...
```
-## Custom Certificates
+## Environment Variables
-- [`ENVBUILDER_SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate.
-- [`ENVBUILDER_SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files.
-- `ENVBUILDER_SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start.
+You can see all the supported environment variables in [this document](./docs/env-variables.md).
-## Unsupported features
+## Unsupported Features
### Development Containers
-The table keeps track of features we would love to implement. Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you want Envbuilder to support it.
+The table below keeps track of features we plan to implement. Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you'd like Envbuilder to support a particular feature.
-| Name | Description | Known issues |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
-| Volume mounts | Volumes are used to persist data and share directories between the host and container. | [#220](https://github.com/coder/envbuilder/issues/220) |
-| Port forwarding | Port forwarding allows exposing container ports to the host, making services accessible. | [#48](https://github.com/coder/envbuilder/issues/48) |
-| Script init & Entrypoint | `init` adds a tiny init process to the container and `entrypoint` sets a script to run at container startup. | [#221](https://github.com/coder/envbuilder/issues/221) |
-| Customizations | Product specific properties, for instance: _VS Code_ `settings` and `extensions`. | [#43](https://github.com/coder/envbuilder/issues/43) |
-| Composefile | Define multiple containers and services for more complex development environments. | [#236](https://github.com/coder/envbuilder/issues/236) |
+| Name | Description | Known Issues |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| Volume mounts | Volumes are used to persist data and share directories between the host and container. | [#220](https://github.com/coder/envbuilder/issues/220) |
+| Port forwarding | Port forwarding allows exposing container ports to the host, making services accessible. | [#48](https://github.com/coder/envbuilder/issues/48) |
+| Script init & Entrypoint | `init` adds a tiny init process to the container, and `entrypoint` sets a script to run at container startup. | [#221](https://github.com/coder/envbuilder/issues/221) |
+| Customizations | Product-specific properties, e.g., _VS Code_ settings and extensions. | [#43](https://github.com/coder/envbuilder/issues/43) |
+| Composefile | Define multiple containers and services for more complex development environments. | [#236](https://github.com/coder/envbuilder/issues/236) |
### Devfile
-> [Devfiles](https://devfile.io/) automate and simplify development process by adopting the existing devfiles that are available in the [public community registry](https://registry.devfile.io/viewer).
+> [Devfiles](https://devfile.io/) automate and simplify development by adopting existing devfiles available in the [public community registry](https://registry.devfile.io/viewer).
Issue: [#113](https://github.com/coder/envbuilder/issues/113)
-# Local Development
+## Contributing
Building `envbuilder` currently **requires** a Linux system.
-On MacOS or Windows systems, we recommend either using a VM or the provided `.devcontainer` for development.
+On macOS or Windows systems, we recommend using a VM or the provided `.devcontainer` for development.
**Additional Requirements:**
@@ -342,50 +115,8 @@ On MacOS or Windows systems, we recommend either using a VM or the provided `.de
**Makefile targets:**
-- `build`: builds and tags `envbuilder:latest` for your current architecture.
-- `develop`: runs `envbuilder:latest` against a sample Git repository.
-- `test`: run tests.
-- `test-registry`: stands up a local registry for caching images used in tests.
-
-
-
-## Environment Variables
-
-| Flag | Environment variable | Default | Description |
-| - | - | - | - |
-| `--setup-script` | `ENVBUILDER_SETUP_SCRIPT` | | The script to run before the init script. It runs as the root user regardless of the user specified in the devcontainer.json file. SetupScript is ran as the root user prior to the init script. It is used to configure envbuilder dynamically during the runtime. e.g. specifying whether to start systemd or tiny init for PID 1. |
-| `--init-script` | `ENVBUILDER_INIT_SCRIPT` | | The script to run to initialize the workspace. Default: `sleep infinity`. |
-| `--init-command` | `ENVBUILDER_INIT_COMMAND` | | The command to run to initialize the workspace. Default: `/bin/sh`. |
-| `--init-args` | `ENVBUILDER_INIT_ARGS` | | The arguments to pass to the init command. They are split according to /bin/sh rules with https://github.com/kballard/go-shellquote. |
-| `--cache-repo` | `ENVBUILDER_CACHE_REPO` | | The name of the container registry to push the cache image to. If this is empty, the cache will not be pushed. |
-| `--base-image-cache-dir` | `ENVBUILDER_BASE_IMAGE_CACHE_DIR` | | The path to a directory where the base image can be found. This should be a read-only directory solely mounted for the purpose of caching the base image. |
-| `--layer-cache-dir` | `ENVBUILDER_LAYER_CACHE_DIR` | | The path to a directory where built layers will be stored. This spawns an in-memory registry to serve the layers from. |
-| `--devcontainer-dir` | `ENVBUILDER_DEVCONTAINER_DIR` | | The path to the folder containing the devcontainer.json file that will be used to build the workspace and can either be an absolute path or a path relative to the workspace folder. If not provided, defaults to `.devcontainer`. |
-| `--devcontainer-json-path` | `ENVBUILDER_DEVCONTAINER_JSON_PATH` | | The path to a devcontainer.json file that is either an absolute path or a path relative to DevcontainerDir. This can be used in cases where one wants to substitute an edited devcontainer.json file for the one that exists in the repo. |
-| `--dockerfile-path` | `ENVBUILDER_DOCKERFILE_PATH` | | The relative path to the Dockerfile that will be used to build the workspace. This is an alternative to using a devcontainer that some might find simpler. |
-| `--build-context-path` | `ENVBUILDER_BUILD_CONTEXT_PATH` | | Can be specified when a DockerfilePath is specified outside the base WorkspaceFolder. This path MUST be relative to the WorkspaceFolder path into which the repo is cloned. |
-| `--cache-ttl-days` | `ENVBUILDER_CACHE_TTL_DAYS` | | The number of days to use cached layers before expiring them. Defaults to 7 days. |
-| `--docker-config-base64` | `ENVBUILDER_DOCKER_CONFIG_BASE64` | | The base64 encoded Docker config file that will be used to pull images from private container registries. |
-| `--fallback-image` | `ENVBUILDER_FALLBACK_IMAGE` | | Specifies an alternative image to use when neither an image is declared in the devcontainer.json file nor a Dockerfile is present. If there's a build failure (from a faulty Dockerfile) or a misconfiguration, this image will be the substitute. Set ExitOnBuildFailure to true to halt the container if the build faces an issue. |
-| `--exit-on-build-failure` | `ENVBUILDER_EXIT_ON_BUILD_FAILURE` | | Terminates the container upon a build failure. This is handy when preferring the FALLBACK_IMAGE in cases where no devcontainer.json or image is provided. However, it ensures that the container stops if the build process encounters an error. |
-| `--force-safe` | `ENVBUILDER_FORCE_SAFE` | | Ignores any filesystem safety checks. This could cause serious harm to your system! This is used in cases where bypass is needed to unblock customers. |
-| `--insecure` | `ENVBUILDER_INSECURE` | | Bypass TLS verification when cloning and pulling from container registries. |
-| `--ignore-paths` | `ENVBUILDER_IGNORE_PATHS` | | The comma separated list of paths to ignore when building the workspace. |
-| `--skip-rebuild` | `ENVBUILDER_SKIP_REBUILD` | | Skip building if the MagicFile exists. This is used to skip building when a container is restarting. e.g. docker stop -> docker start This value can always be set to true - even if the container is being started for the first time. |
-| `--git-url` | `ENVBUILDER_GIT_URL` | | The URL of a Git repository containing a Devcontainer or Docker image to clone. This is optional. |
-| `--git-clone-depth` | `ENVBUILDER_GIT_CLONE_DEPTH` | | The depth to use when cloning the Git repository. |
-| `--git-clone-single-branch` | `ENVBUILDER_GIT_CLONE_SINGLE_BRANCH` | | Clone only a single branch of the Git repository. |
-| `--git-username` | `ENVBUILDER_GIT_USERNAME` | | The username to use for Git authentication. This is optional. |
-| `--git-password` | `ENVBUILDER_GIT_PASSWORD` | | The password to use for Git authentication. This is optional. |
-| `--git-ssh-private-key-path` | `ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH` | | Path to an SSH private key to be used for Git authentication. |
-| `--git-http-proxy-url` | `ENVBUILDER_GIT_HTTP_PROXY_URL` | | The URL for the HTTP proxy. This is optional. |
-| `--workspace-folder` | `ENVBUILDER_WORKSPACE_FOLDER` | | The path to the workspace folder that will be built. This is optional. |
-| `--ssl-cert-base64` | `ENVBUILDER_SSL_CERT_BASE64` | | The content of an SSL cert file. This is useful for self-signed certificates. |
-| `--export-env-file` | `ENVBUILDER_EXPORT_ENV_FILE` | | Optional file path to a .env file where envbuilder will dump environment variables from devcontainer.json and the built container image. |
-| `--post-start-script-path` | `ENVBUILDER_POST_START_SCRIPT_PATH` | | The path to a script that will be created by envbuilder based on the postStartCommand in devcontainer.json, if any is specified (otherwise the script is not created). If this is set, the specified InitCommand should check for the presence of this script and execute it after successful startup. |
-| `--coder-agent-url` | `CODER_AGENT_URL` | | URL of the Coder deployment. If CODER_AGENT_TOKEN is also set, logs from envbuilder will be forwarded here and will be visible in the workspace build logs. |
-| `--coder-agent-token` | `CODER_AGENT_TOKEN` | | Authentication token for a Coder agent. If this is set, then CODER_AGENT_URL must also be set. |
-| `--coder-agent-subsystem` | `CODER_AGENT_SUBSYSTEM` | | Coder agent subsystems to report when forwarding logs. The envbuilder subsystem is always included. |
-| `--push-image` | `ENVBUILDER_PUSH_IMAGE` | | Push the built image to a remote registry. This option forces a reproducible build. |
-| `--get-cached-image` | `ENVBUILDER_GET_CACHED_IMAGE` | | Print the digest of the cached image, if available. Exits with an error if not found. |
-
+- `build`: Builds and tags `envbuilder:latest` for your current architecture.
+- `develop`: Runs `envbuilder:latest` against a sample Git repository.
+- `test`: Runs tests.
+- `test-registry`: Stands up a local registry for caching images used in tests.
+- `docs/env-variables.md`: Updated the [environment variables documentation](./docs/env-variables.md).
diff --git a/buildinfo/version.go b/buildinfo/version.go
new file mode 100644
index 00000000..86f35348
--- /dev/null
+++ b/buildinfo/version.go
@@ -0,0 +1,71 @@
+package buildinfo
+
+import (
+ "fmt"
+ "runtime/debug"
+ "sync"
+
+ "golang.org/x/mod/semver"
+)
+
+const (
+ noVersion = "v0.0.0"
+ develPreRelease = "devel"
+)
+
+var (
+ buildInfo *debug.BuildInfo
+ buildInfoValid bool
+ readBuildInfo sync.Once
+
+ version string
+ readVersion sync.Once
+
+ // Injected with ldflags at build time
+ tag string
+)
+
+func revision() (string, bool) {
+ return find("vcs.revision")
+}
+
+func find(key string) (string, bool) {
+ readBuildInfo.Do(func() {
+ buildInfo, buildInfoValid = debug.ReadBuildInfo()
+ })
+ if !buildInfoValid {
+ panic("could not read build info")
+ }
+ for _, setting := range buildInfo.Settings {
+ if setting.Key != key {
+ continue
+ }
+ return setting.Value, true
+ }
+ return "", false
+}
+
+// Version returns the semantic version of the build.
+// Use golang.org/x/mod/semver to compare versions.
+func Version() string {
+ readVersion.Do(func() {
+ revision, valid := revision()
+ if valid {
+ revision = "+" + revision[:7]
+ }
+ if tag == "" {
+ // This occurs when the tag hasn't been injected,
+ // like when using "go run".
+ // -+
+ version = fmt.Sprintf("%s-%s%s", noVersion, develPreRelease, revision)
+ return
+ }
+ version = "v" + tag
+ // The tag must be prefixed with "v" otherwise the
+ // semver library will return an empty string.
+ if semver.Build(version) == "" {
+ version += revision
+ }
+ })
+ return version
+}
diff --git a/cmd/envbuilder/main.go b/cmd/envbuilder/main.go
index aa3b3ec4..e8dc2201 100644
--- a/cmd/envbuilder/main.go
+++ b/cmd/envbuilder/main.go
@@ -1,20 +1,18 @@
package main
import (
- "context"
- "crypto/tls"
"errors"
"fmt"
- "net/http"
"net/url"
"os"
"slices"
"strings"
- "time"
- "cdr.dev/slog"
+ "github.com/coder/envbuilder/options"
+
+ "github.com/coder/coder/v2/codersdk"
"github.com/coder/envbuilder"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/coder/serpent"
// *Never* remove this. Certificates are not bundled as part
@@ -27,64 +25,73 @@ func main() {
cmd := envbuilderCmd()
err := cmd.Invoke().WithOS().Run()
if err != nil {
- fmt.Fprintf(os.Stderr, "error: %v", err)
+ _, _ = fmt.Fprintf(os.Stderr, "error: %v", err)
os.Exit(1)
}
}
func envbuilderCmd() serpent.Command {
- var options envbuilder.Options
+ var o options.Options
cmd := serpent.Command{
Use: "envbuilder",
- Options: options.CLI(),
+ Options: o.CLI(),
Handler: func(inv *serpent.Invocation) error {
- var sendLogs func(ctx context.Context, log ...notcodersdk.Log) error
- if options.CoderAgentToken != "" {
- if options.CoderAgentURL == "" {
+ o.SetDefaults()
+ var preExecs []func()
+ preExec := func() {
+ for _, fn := range preExecs {
+ fn()
+ }
+ preExecs = nil
+ }
+ defer preExec() // Ensure cleanup in case of error.
+
+ o.Logger = log.New(os.Stderr, o.Verbose)
+ if o.CoderAgentURL != "" {
+ if o.CoderAgentToken == "" {
return errors.New("CODER_AGENT_URL must be set if CODER_AGENT_TOKEN is set")
}
- u, err := url.Parse(options.CoderAgentURL)
+ u, err := url.Parse(o.CoderAgentURL)
if err != nil {
return fmt.Errorf("unable to parse CODER_AGENT_URL as URL: %w", err)
}
- client := notcodersdk.New(u)
- client.SetSessionToken(options.CoderAgentToken)
- client.HTTPClient = &http.Client{
- Transport: &http.Transport{
- TLSClientConfig: &tls.Config{
- InsecureSkipVerify: options.Insecure,
- },
- },
- }
- var flushAndClose func(ctx context.Context) error
- sendLogs, flushAndClose = notcodersdk.LogsSender(notcodersdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{})
- defer flushAndClose(inv.Context())
-
- // This adds the envbuilder subsystem.
- // If telemetry is enabled in a Coder deployment,
- // this will be reported and help us understand
- // envbuilder usage.
- if !slices.Contains(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder)) {
- options.CoderAgentSubsystem = append(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder))
- os.Setenv("CODER_AGENT_SUBSYSTEM", strings.Join(options.CoderAgentSubsystem, ","))
+ coderLog, closeLogs, err := log.Coder(inv.Context(), u, o.CoderAgentToken)
+ if err == nil {
+ o.Logger = log.Wrap(o.Logger, coderLog)
+ preExecs = append(preExecs, func() {
+ closeLogs()
+ })
+ // This adds the envbuilder subsystem.
+ // If telemetry is enabled in a Coder deployment,
+ // this will be reported and help us understand
+ // envbuilder usage.
+ if !slices.Contains(o.CoderAgentSubsystem, string(codersdk.AgentSubsystemEnvbuilder)) {
+ o.CoderAgentSubsystem = append(o.CoderAgentSubsystem, string(codersdk.AgentSubsystemEnvbuilder))
+ _ = os.Setenv("CODER_AGENT_SUBSYSTEM", strings.Join(o.CoderAgentSubsystem, ","))
+ }
+ } else {
+ // Failure to log to Coder should cause a fatal error.
+ o.Logger(log.LevelError, "unable to send logs to Coder: %s", err.Error())
}
}
- options.Logger = func(level notcodersdk.LogLevel, format string, args ...interface{}) {
- output := fmt.Sprintf(format, args...)
- fmt.Fprintln(inv.Stderr, output)
- if sendLogs != nil {
- sendLogs(inv.Context(), notcodersdk.Log{
- CreatedAt: time.Now(),
- Output: output,
- Level: level,
- })
+ if o.GetCachedImage {
+ img, err := envbuilder.RunCacheProbe(inv.Context(), o)
+ if err != nil {
+ o.Logger(log.LevelError, "error: %s", err)
+ return err
+ }
+ digest, err := img.Digest()
+ if err != nil {
+ return fmt.Errorf("get cached image digest: %w", err)
}
+ _, _ = fmt.Fprintf(inv.Stdout, "ENVBUILDER_CACHED_IMAGE=%s@%s\n", o.CacheRepo, digest.String())
+ return nil
}
- err := envbuilder.Run(inv.Context(), options)
+ err := envbuilder.Run(inv.Context(), o, preExec)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "error: %s", err)
+ o.Logger(log.LevelError, "error: %s", err)
}
return err
},
diff --git a/cmd/envbuilder/main_test.go b/cmd/envbuilder/main_test.go
deleted file mode 100644
index ed1e0377..00000000
--- a/cmd/envbuilder/main_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package main
-
-import (
- "context"
- "encoding/json"
- "net/http"
- "net/http/httptest"
- "path/filepath"
- "testing"
- "time"
-
- "cdr.dev/slog/sloggers/slogtest"
- "github.com/coder/envbuilder/internal/notcodersdk"
- "github.com/coder/serpent"
- "github.com/google/uuid"
- "github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/require"
-)
-
-func Test_sendLogs(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
- // Random token for testing log fowarding
- agentToken := uuid.NewString()
-
- // Server to read logs posted by envbuilder. Matched to backlog limit.
- logCh := make(chan notcodersdk.Log, 100)
- logs := make([]notcodersdk.Log, 0)
- go func() {
- for {
- select {
- case <-ctx.Done():
- return
- case log, ok := <-logCh:
- if !ok {
- return
- }
- logs = append(logs, log)
- }
- }
- }()
- logSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if !assert.Equal(t, http.MethodPatch, r.Method) {
- w.WriteHeader(http.StatusMethodNotAllowed)
- return
- }
- assert.Equal(t, agentToken, r.Header.Get(notcodersdk.SessionTokenHeader))
- var res notcodersdk.PatchLogs
- if !assert.NoError(t, json.NewDecoder(r.Body).Decode(&res)) {
- w.WriteHeader(http.StatusInternalServerError)
- return
- }
- if !assert.Equal(t, notcodersdk.ExternalLogSourceID, res.LogSourceID) {
- w.WriteHeader(http.StatusInternalServerError)
- return
- }
- for _, log := range res.Logs {
- logCh <- log
- }
- w.WriteHeader(http.StatusOK)
- }))
-
- // Make an empty working directory
- tmpDir := t.TempDir()
- t.Setenv("ENVBUILDER_DEVCONTAINER_DIR", tmpDir)
- t.Setenv("ENVBUILDER_DOCKERFILE_DIR", filepath.Join(tmpDir, "Dockerfile"))
- t.Setenv("ENVBUILDER_WORKSPACE_FOLDER", tmpDir)
- t.Setenv("CODER_AGENT_TOKEN", agentToken)
- t.Setenv("CODER_AGENT_URL", logSrv.URL)
-
- testLogger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
- cmd := envbuilderCmd()
- inv := &serpent.Invocation{
- Command: &cmd,
- Args: []string{},
- Logger: testLogger,
- Environ: serpent.Environ{},
- }
-
- err := inv.WithOS().Run()
- require.ErrorContains(t, err, "no such file or directory")
- require.NotEmpty(t, logs)
- require.Contains(t, logs[len(logs)-1].Output, "no such file or directory")
-}
diff --git a/devcontainer/devcontainer.go b/devcontainer/devcontainer.go
index 7ac8d26d..6135c0ef 100644
--- a/devcontainer/devcontainer.go
+++ b/devcontainer/devcontainer.go
@@ -15,6 +15,8 @@ import (
"github.com/go-git/go-billy/v5"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/v1/remote"
+ "github.com/moby/buildkit/frontend/dockerfile/instructions"
+ "github.com/moby/buildkit/frontend/dockerfile/parser"
"github.com/moby/buildkit/frontend/dockerfile/shell"
"github.com/tailscale/hujson"
)
@@ -202,16 +204,9 @@ func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir string,
// We should make a best-effort attempt to find the user.
// Features must be executed as root, so we need to swap back
// to the running user afterwards.
- params.User = UserFromDockerfile(params.DockerfileContent)
- }
- if params.User == "" {
- imageRef, err := ImageFromDockerfile(params.DockerfileContent)
+ params.User, err = UserFromDockerfile(params.DockerfileContent)
if err != nil {
- return nil, fmt.Errorf("parse image from dockerfile: %w", err)
- }
- params.User, err = UserFromImage(imageRef)
- if err != nil {
- return nil, fmt.Errorf("get user from image: %w", err)
+ return nil, fmt.Errorf("user from dockerfile: %w", err)
}
}
remoteUser := s.RemoteUser
@@ -313,17 +308,82 @@ func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir
// UserFromDockerfile inspects the contents of a provided Dockerfile
// and returns the user that will be used to run the container.
-func UserFromDockerfile(dockerfileContent string) string {
- lines := strings.Split(dockerfileContent, "\n")
- // Iterate over lines in reverse
- for i := len(lines) - 1; i >= 0; i-- {
- line := lines[i]
- if !strings.HasPrefix(line, "USER ") {
+func UserFromDockerfile(dockerfileContent string) (user string, err error) {
+ res, err := parser.Parse(strings.NewReader(dockerfileContent))
+ if err != nil {
+ return "", fmt.Errorf("parse dockerfile: %w", err)
+ }
+
+ // Parse stages and user commands to determine the relevant user
+ // from the final stage.
+ var (
+ stages []*instructions.Stage
+ stageNames = make(map[string]*instructions.Stage)
+ stageUser = make(map[*instructions.Stage]*instructions.UserCommand)
+ currentStage *instructions.Stage
+ )
+ for _, child := range res.AST.Children {
+ inst, err := instructions.ParseInstruction(child)
+ if err != nil {
+ return "", fmt.Errorf("parse instruction: %w", err)
+ }
+
+ switch i := inst.(type) {
+ case *instructions.Stage:
+ stages = append(stages, i)
+ if i.Name != "" {
+ stageNames[i.Name] = i
+ }
+ currentStage = i
+ case *instructions.UserCommand:
+ if currentStage == nil {
+ continue
+ }
+ stageUser[currentStage] = i
+ }
+ }
+
+ // Iterate over stages in bottom-up order to find the user,
+ // skipping any stages not referenced by the final stage.
+ lookupStage := stages[len(stages)-1]
+ for i := len(stages) - 1; i >= 0; i-- {
+ stage := stages[i]
+ if stage != lookupStage {
continue
}
- return strings.TrimSpace(strings.TrimPrefix(line, "USER "))
+
+ if user, ok := stageUser[stage]; ok {
+ return user.User, nil
+ }
+
+ // If we reach the scratch stage, we can't determine the user.
+ if stage.BaseName == "scratch" {
+ return "", nil
+ }
+
+ // Check if this FROM references another stage.
+ if stage.BaseName != "" {
+ var ok bool
+ lookupStage, ok = stageNames[stage.BaseName]
+ if ok {
+ continue
+ }
+ }
+
+ // If we can't find a user command, try to find the user from
+ // the image.
+ ref, err := name.ParseReference(strings.TrimSpace(stage.BaseName))
+ if err != nil {
+ return "", fmt.Errorf("parse image ref %q: %w", stage.BaseName, err)
+ }
+ user, err := UserFromImage(ref)
+ if err != nil {
+ return "", fmt.Errorf("user from image %s: %w", ref.Name(), err)
+ }
+ return user, nil
}
- return ""
+
+ return "", nil
}
// ImageFromDockerfile inspects the contents of a provided Dockerfile
diff --git a/devcontainer/devcontainer_test.go b/devcontainer/devcontainer_test.go
index c18c6b73..923680b9 100644
--- a/devcontainer/devcontainer_test.go
+++ b/devcontainer/devcontainer_test.go
@@ -190,12 +190,6 @@ func TestCompileDevContainer(t *testing.T) {
})
}
-func TestUserFromDockerfile(t *testing.T) {
- t.Parallel()
- user := devcontainer.UserFromDockerfile("FROM ubuntu\nUSER kyle")
- require.Equal(t, "kyle", user)
-}
-
func TestImageFromDockerfile(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
@@ -224,27 +218,156 @@ func TestImageFromDockerfile(t *testing.T) {
}
}
-func TestUserFromImage(t *testing.T) {
+func TestUserFrom(t *testing.T) {
t.Parallel()
- registry := registrytest.New(t)
- image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
- Config: v1.Config{
- User: "example",
- },
- }})
- require.NoError(t, err)
- parsed, err := url.Parse(registry)
- require.NoError(t, err)
- parsed.Path = "coder/test:latest"
- ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
- require.NoError(t, err)
- err = remote.Write(ref, image)
- require.NoError(t, err)
+ t.Run("Image", func(t *testing.T) {
+ t.Parallel()
+ registry := registrytest.New(t)
+ image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
+ Config: v1.Config{
+ User: "example",
+ },
+ }})
+ require.NoError(t, err)
- user, err := devcontainer.UserFromImage(ref)
- require.NoError(t, err)
- require.Equal(t, "example", user)
+ parsed, err := url.Parse(registry)
+ require.NoError(t, err)
+ parsed.Path = "coder/test:latest"
+ ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
+ require.NoError(t, err)
+ err = remote.Write(ref, image)
+ require.NoError(t, err)
+
+ user, err := devcontainer.UserFromImage(ref)
+ require.NoError(t, err)
+ require.Equal(t, "example", user)
+ })
+
+ t.Run("Dockerfile", func(t *testing.T) {
+ t.Parallel()
+ tests := []struct {
+ name string
+ content string
+ user string
+ }{
+ {
+ name: "Empty",
+ content: "FROM scratch",
+ user: "",
+ },
+ {
+ name: "User",
+ content: "FROM scratch\nUSER kyle",
+ user: "kyle",
+ },
+ {
+ name: "Env with default",
+ content: "FROM scratch\nENV MYUSER=maf\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ {
+ name: "Env var with default",
+ content: "FROM scratch\nUSER ${MYUSER:-maf}",
+ user: "${MYUSER:-maf}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ {
+ name: "Arg",
+ content: "FROM scratch\nARG MYUSER\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "" or populated but the current implementation doesn't support this.
+ },
+ {
+ name: "Arg with default",
+ content: "FROM scratch\nARG MYUSER=maf\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+ user, err := devcontainer.UserFromDockerfile(tt.content)
+ require.NoError(t, err)
+ require.Equal(t, tt.user, user)
+ })
+ }
+ })
+
+ t.Run("Multi-stage", func(t *testing.T) {
+ t.Parallel()
+
+ registry := registrytest.New(t)
+ for tag, user := range map[string]string{
+ "one": "maf",
+ "two": "fam",
+ } {
+ image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
+ Config: v1.Config{
+ User: user,
+ },
+ }})
+ require.NoError(t, err)
+ parsed, err := url.Parse(registry)
+ require.NoError(t, err)
+ parsed.Path = "coder/test:" + tag
+ ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
+ fmt.Println(ref)
+ require.NoError(t, err)
+ err = remote.Write(ref, image)
+ require.NoError(t, err)
+ }
+
+ tests := []struct {
+ name string
+ images map[string]string
+ content string
+ user string
+ }{
+ {
+ name: "Single",
+ content: "FROM coder/test:one",
+ user: "maf",
+ },
+ {
+ name: "Multi",
+ content: "FROM ubuntu AS u\nFROM coder/test:two",
+ user: "fam",
+ },
+ {
+ name: "Multi-2",
+ content: "FROM coder/test:two AS two\nUSER maffam\nFROM coder/test:one AS one",
+ user: "maf",
+ },
+ {
+ name: "Multi-3",
+ content: "FROM coder/test:two AS two\nFROM coder/test:one AS one\nUSER fammaf",
+ user: "fammaf",
+ },
+ {
+ name: "Multi-4",
+ content: `FROM ubuntu AS a
+USER root
+RUN useradd --create-home pickme
+USER pickme
+FROM a AS other
+USER root
+RUN useradd --create-home notme
+USER notme
+FROM a`,
+ user: "pickme",
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+
+ content := strings.ReplaceAll(tt.content, "coder/test", strings.TrimPrefix(registry, "http://")+"/coder/test")
+
+ user, err := devcontainer.UserFromDockerfile(content)
+ require.NoError(t, err)
+ require.Equal(t, tt.user, user)
+ })
+ }
+ })
}
type emptyImage struct {
diff --git a/docs/caching.md b/docs/caching.md
new file mode 100644
index 00000000..5963083e
--- /dev/null
+++ b/docs/caching.md
@@ -0,0 +1,65 @@
+# Layer Caching
+
+Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable.
+
+```bash
+ENVBUILDER_CACHE_REPO=ghcr.io/coder/repo-cache
+```
+
+To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`:
+
+```bash
+docker run -it --rm \
+ -v /tmp/envbuilder-cache:/cache \
+ -e ENVBUILDER_LAYER_CACHE_DIR=/cache
+ ...
+```
+
+Each layer is stored in the registry as a separate image. The image tag is the hash of the layer's contents. The image digest is the hash of the image tag. The image digest is used to pull the layer from the registry.
+
+The performance improvement of builds depends on the complexity of your
+Dockerfile. For
+[`coder/coder`](https://github.com/coder/coder/blob/main/dogfood/contents/Dockerfile),
+uncached builds take 36m while cached builds take 40s (~98% improvement).
+
+# Pushing the built image
+
+Set `ENVBUILDER_PUSH_IMAGE=1` to push the entire image to the cache repo
+in addition to individual layers. `ENVBUILDER_CACHE_REPO` **must** be set in
+order for this to work.
+
+> **Note:** this option forces Envbuilder to perform a "reproducible" build.
+> This will force timestamps for all newly added files to be set to the start of the UNIX epoch.
+
+# Probe Layer Cache
+
+To check for the presence of a pre-built image, set
+`ENVBUILDER_GET_CACHED_IMAGE=1`. Instead of building the image, this will
+perform a "dry-run" build of the image, consulting `ENVBUILDER_CACHE_REPO` for
+each layer.
+
+If any layer is found not to be present in the cache repo, envbuilder
+will exit with an error. Otherwise, the image will be emitted in the log output prefixed with the string
+`ENVBUILDER_CACHED_IMAGE=...`.
+
+# Image Caching
+
+When the base container is large, it can take a long time to pull the image from the registry. You can pre-pull the image into a read-only volume and mount it into the container to speed up builds.
+
+```bash
+# Pull your base image from the registry to a local directory.
+docker run --rm \
+ -v /tmp/kaniko-cache:/cache \
+ gcr.io/kaniko-project/warmer:latest \
+ --cache-dir=/cache \
+ --image=
+
+# Run envbuilder with the local image cache.
+docker run -it --rm \
+ -v /tmp/kaniko-cache:/image-cache:ro \
+ -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache
+```
+
+In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
+
+A sample script to pre-fetch a number of images can be viewed [here](./examples/kaniko-cache-warmer.sh). This can be run, for example, as a cron job to periodically fetch the latest versions of a number of base images.
diff --git a/docs/container-registry-auth.md b/docs/container-registry-auth.md
new file mode 100644
index 00000000..e0d7663e
--- /dev/null
+++ b/docs/container-registry-auth.md
@@ -0,0 +1,77 @@
+# Container Registry Authentication
+
+envbuilder uses Kaniko to build containers. You should [follow their instructions](https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries) to create an authentication configuration.
+
+After you have a configuration that resembles the following:
+
+```json
+{
+ "auths": {
+ "https://index.docker.io/v1/": {
+ "auth": "base64-encoded-username-and-password"
+ }
+ }
+}
+```
+
+`base64` encode the JSON and provide it to envbuilder as the `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable.
+
+Alternatively, if running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and
+pass it into the pod as a volume mount. This example will work for all registries.
+
+```shell
+# Artifactory example
+kubectl create secret docker-registry regcred \
+ --docker-server=my-artifactory.jfrog.io \
+ --docker-username=read-only \
+ --docker-password=secret-pass \
+ --docker-email=me@example.com \
+ -n coder
+```
+
+```hcl
+resource "kubernetes_deployment" "example" {
+ metadata {
+ namespace = coder
+ }
+ spec {
+ spec {
+ container {
+ # Define the volumeMount with the pull credentials
+ volume_mount {
+ name = "docker-config-volume"
+ mount_path = "/.envbuilder/config.json"
+ sub_path = ".dockerconfigjson"
+ }
+ }
+ # Define the volume which maps to the pull credentials
+ volume {
+ name = "docker-config-volume"
+ secret {
+ secret_name = "regcred"
+ }
+ }
+ }
+ }
+}
+```
+
+## Docker Hub
+
+Authenticate with `docker login` to generate `~/.docker/config.json`. Encode this file using the `base64` command:
+
+```bash
+$ base64 -w0 ~/.docker/config.json
+ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
+```
+
+Provide the encoded JSON config to envbuilder:
+
+```env
+ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
+```
+
+## Docker-in-Docker
+
+See [here](./docs/docker.md) for instructions on running Docker containers inside
+environments built by Envbuilder.
diff --git a/docs/custom-certificates.md b/docs/custom-certificates.md
new file mode 100644
index 00000000..dd33192f
--- /dev/null
+++ b/docs/custom-certificates.md
@@ -0,0 +1,5 @@
+# Custom Certificates
+
+- [`ENVBUILDER_SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate.
+- [`ENVBUILDER_SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files.
+- `ENVBUILDER_SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start.
diff --git a/docs/docker.md b/docs/docker.md
index 4ed032e3..56ce9d05 100644
--- a/docs/docker.md
+++ b/docs/docker.md
@@ -1,7 +1,24 @@
# Docker inside Envbuilder
There are a number of approaches you can use to have access to a Docker daemon
-from inside Envbuilder:
+from inside Envbuilder.
+
+> Note: some of the below methods involve setting `ENVBUILDER_INIT_SCRIPT` to
+> work around the lack of an init system inside the Docker container.
+> If you are attempting to use the below approaches with [Coder](https://github.com/coder/coder),
+> you may need to instead add the relevant content of the init script to your
+> agent startup script in your template.
+> For example:
+>
+> ```terraform
+> resource "coder_agent" "dev" {
+> ...
+> startup_script = <<-EOT
+> set -eux -o pipefail
+> nohup dockerd > /var/log/docker.log 2>&1 &
+> EOT
+> }
+> ```
## Docker Outside of Docker (DooD)
@@ -27,7 +44,6 @@ docker run -it --rm \
ghcr.io/coder/envbuilder:latest
```
-
## Docker-in-Docker (DinD)
**Security:** Low
@@ -41,8 +57,8 @@ Example:
> Note that due to a lack of init system, the Docker daemon
> needs to be started separately inside the container. In this example, we
-> create a custom entrypoint to start the Docker daemon in the background and
-> call this entrypoint via `ENVBUILDER_INIT_SCRIPT`.
+> create a custom script to start the Docker daemon in the background and
+> call this entrypoint via the Devcontainer `onCreateCommand` lifecycle hook.
```console
docker run -it --rm \
@@ -50,7 +66,7 @@ docker run -it --rm \
-v /tmp/envbuilder:/workspaces \
-e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \
-e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/02_dind \
- -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \
+ -e ENVBUILDER_INIT_SCRIPT=bash \
ghcr.io/coder/envbuilder:latest
```
@@ -59,8 +75,14 @@ docker run -it --rm \
The above can also be accomplished using the [`docker-in-docker` Devcontainer
feature](https://github.com/devcontainers/features/tree/main/src/docker-in-docker).
-> Note: we still need the custom entrypoint to start the docker startup script.
-> See https://github.com/devcontainers/features/blob/main/src/docker-in-docker/devcontainer-feature.json#L60
+> Note: we still need the `onCreateCommand` to start Docker.
+> See
+> [here](https://github.com/devcontainers/features/blob/main/src/docker-in-docker/devcontainer-feature.json#L65)
+> for more details.
+>
+> Known issue: `/run` does not get symlinked correctly to `/var/run`.
+> To work around this, we create the symlink manually before running
+> the script to start the Docker daemon.
Example:
@@ -70,7 +92,7 @@ docker run -it --rm \
-v /tmp/envbuilder:/workspaces \
-e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \
-e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/03_dind_feature \
- -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \
+ -e ENVBUILDER_INIT_SCRIPT=bash \
ghcr.io/coder/envbuilder:latest
```
@@ -79,7 +101,7 @@ docker run -it --rm \
**Security:** Medium
**Convenience:** Medium
-This approach runs a Docker daemon in *rootless* mode.
+This approach runs a Docker daemon in _rootless_ mode.
While this still requires a privileged container, this allows you to restrict
usage of the `root` user inside the container, as the Docker daemon will be run
under a "fake" root user (via `rootlesskit`). The user inside the workspace can
@@ -113,6 +135,7 @@ including transparently enabling Docker inside workspaces. Most notably, it
access inside their workspaces, if required.
Example:
+
```console
docker run -it --rm \
-v /tmp/envbuilder:/workspaces \
diff --git a/docs/env-variables.md b/docs/env-variables.md
new file mode 100644
index 00000000..1c80f4fc
--- /dev/null
+++ b/docs/env-variables.md
@@ -0,0 +1,42 @@
+
+# Environment Variables
+
+| Flag | Environment variable | Default | Description |
+| - | - | - | - |
+| `--setup-script` | `ENVBUILDER_SETUP_SCRIPT` | | The script to run before the init script. It runs as the root user regardless of the user specified in the devcontainer.json file. SetupScript is ran as the root user prior to the init script. It is used to configure envbuilder dynamically during the runtime. e.g. specifying whether to start systemd or tiny init for PID 1. |
+| `--init-script` | `ENVBUILDER_INIT_SCRIPT` | | The script to run to initialize the workspace. Default: `sleep infinity`. |
+| `--init-command` | `ENVBUILDER_INIT_COMMAND` | | The command to run to initialize the workspace. Default: `/bin/sh`. |
+| `--init-args` | `ENVBUILDER_INIT_ARGS` | | The arguments to pass to the init command. They are split according to /bin/sh rules with https://github.com/kballard/go-shellquote. |
+| `--cache-repo` | `ENVBUILDER_CACHE_REPO` | | The name of the container registry to push the cache image to. If this is empty, the cache will not be pushed. |
+| `--base-image-cache-dir` | `ENVBUILDER_BASE_IMAGE_CACHE_DIR` | | The path to a directory where the base image can be found. This should be a read-only directory solely mounted for the purpose of caching the base image. |
+| `--layer-cache-dir` | `ENVBUILDER_LAYER_CACHE_DIR` | | The path to a directory where built layers will be stored. This spawns an in-memory registry to serve the layers from. |
+| `--devcontainer-dir` | `ENVBUILDER_DEVCONTAINER_DIR` | | The path to the folder containing the devcontainer.json file that will be used to build the workspace and can either be an absolute path or a path relative to the workspace folder. If not provided, defaults to `.devcontainer`. |
+| `--devcontainer-json-path` | `ENVBUILDER_DEVCONTAINER_JSON_PATH` | | The path to a devcontainer.json file that is either an absolute path or a path relative to DevcontainerDir. This can be used in cases where one wants to substitute an edited devcontainer.json file for the one that exists in the repo. |
+| `--dockerfile-path` | `ENVBUILDER_DOCKERFILE_PATH` | | The relative path to the Dockerfile that will be used to build the workspace. This is an alternative to using a devcontainer that some might find simpler. |
+| `--build-context-path` | `ENVBUILDER_BUILD_CONTEXT_PATH` | | Can be specified when a DockerfilePath is specified outside the base WorkspaceFolder. This path MUST be relative to the WorkspaceFolder path into which the repo is cloned. |
+| `--cache-ttl-days` | `ENVBUILDER_CACHE_TTL_DAYS` | | The number of days to use cached layers before expiring them. Defaults to 7 days. |
+| `--docker-config-base64` | `ENVBUILDER_DOCKER_CONFIG_BASE64` | | The base64 encoded Docker config file that will be used to pull images from private container registries. |
+| `--fallback-image` | `ENVBUILDER_FALLBACK_IMAGE` | | Specifies an alternative image to use when neither an image is declared in the devcontainer.json file nor a Dockerfile is present. If there's a build failure (from a faulty Dockerfile) or a misconfiguration, this image will be the substitute. Set ExitOnBuildFailure to true to halt the container if the build faces an issue. |
+| `--exit-on-build-failure` | `ENVBUILDER_EXIT_ON_BUILD_FAILURE` | | Terminates the container upon a build failure. This is handy when preferring the FALLBACK_IMAGE in cases where no devcontainer.json or image is provided. However, it ensures that the container stops if the build process encounters an error. |
+| `--force-safe` | `ENVBUILDER_FORCE_SAFE` | | Ignores any filesystem safety checks. This could cause serious harm to your system! This is used in cases where bypass is needed to unblock customers. |
+| `--insecure` | `ENVBUILDER_INSECURE` | | Bypass TLS verification when cloning and pulling from container registries. |
+| `--ignore-paths` | `ENVBUILDER_IGNORE_PATHS` | | The comma separated list of paths to ignore when building the workspace. |
+| `--skip-rebuild` | `ENVBUILDER_SKIP_REBUILD` | | Skip building if the MagicFile exists. This is used to skip building when a container is restarting. e.g. docker stop -> docker start This value can always be set to true - even if the container is being started for the first time. |
+| `--git-url` | `ENVBUILDER_GIT_URL` | | The URL of a Git repository containing a Devcontainer or Docker image to clone. This is optional. |
+| `--git-clone-depth` | `ENVBUILDER_GIT_CLONE_DEPTH` | | The depth to use when cloning the Git repository. |
+| `--git-clone-single-branch` | `ENVBUILDER_GIT_CLONE_SINGLE_BRANCH` | | Clone only a single branch of the Git repository. |
+| `--git-username` | `ENVBUILDER_GIT_USERNAME` | | The username to use for Git authentication. This is optional. |
+| `--git-password` | `ENVBUILDER_GIT_PASSWORD` | | The password to use for Git authentication. This is optional. |
+| `--git-ssh-private-key-path` | `ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH` | | Path to an SSH private key to be used for Git authentication. |
+| `--git-http-proxy-url` | `ENVBUILDER_GIT_HTTP_PROXY_URL` | | The URL for the HTTP proxy. This is optional. |
+| `--workspace-folder` | `ENVBUILDER_WORKSPACE_FOLDER` | | The path to the workspace folder that will be built. This is optional. |
+| `--ssl-cert-base64` | `ENVBUILDER_SSL_CERT_BASE64` | | The content of an SSL cert file. This is useful for self-signed certificates. |
+| `--export-env-file` | `ENVBUILDER_EXPORT_ENV_FILE` | | Optional file path to a .env file where envbuilder will dump environment variables from devcontainer.json and the built container image. |
+| `--post-start-script-path` | `ENVBUILDER_POST_START_SCRIPT_PATH` | | The path to a script that will be created by envbuilder based on the postStartCommand in devcontainer.json, if any is specified (otherwise the script is not created). If this is set, the specified InitCommand should check for the presence of this script and execute it after successful startup. |
+| `--coder-agent-url` | `CODER_AGENT_URL` | | URL of the Coder deployment. If CODER_AGENT_TOKEN is also set, logs from envbuilder will be forwarded here and will be visible in the workspace build logs. |
+| `--coder-agent-token` | `CODER_AGENT_TOKEN` | | Authentication token for a Coder agent. If this is set, then CODER_AGENT_URL must also be set. |
+| `--coder-agent-subsystem` | `CODER_AGENT_SUBSYSTEM` | | Coder agent subsystems to report when forwarding logs. The envbuilder subsystem is always included. |
+| `--push-image` | `ENVBUILDER_PUSH_IMAGE` | | Push the built image to a remote registry. This option forces a reproducible build. |
+| `--get-cached-image` | `ENVBUILDER_GET_CACHED_IMAGE` | | Print the digest of the cached image, if available. Exits with an error if not found. |
+| `--remote-repo-build-mode` | `ENVBUILDER_REMOTE_REPO_BUILD_MODE` | `false` | Use the remote repository as the source of truth when building the image. Enabling this option ignores user changes to local files and they will not be reflected in the image. This can be used to improving cache utilization when multiple users are building working on the same repository. |
+| `--verbose` | `ENVBUILDER_VERBOSE` | | Enable verbose logging. |
diff --git a/docs/git-auth.md b/docs/git-auth.md
new file mode 100644
index 00000000..5f0acb0b
--- /dev/null
+++ b/docs/git-auth.md
@@ -0,0 +1,66 @@
+# Git Authentication
+
+Two methods of authentication are supported:
+
+## HTTP Authentication
+
+If `ENVBUILDER_GIT_URL` starts with `http://` or `https://`, envbuilder will
+authenticate with `ENVBUILDER_GIT_USERNAME` and `ENVBUILDER_GIT_PASSWORD`, if set.
+
+For access token-based authentication, follow the following schema (if empty, there's no need to provide the field):
+
+| Provider | `ENVBUILDER_GIT_USERNAME` | `ENVBUILDER_GIT_PASSWORD` |
+| ------------ | ------------------------- | ------------------------- |
+| GitHub | [access-token] | |
+| GitLab | oauth2 | [access-token] |
+| BitBucket | x-token-auth | [access-token] |
+| Azure DevOps | [access-token] | |
+
+If using envbuilder inside of [Coder](https://github.com/coder/coder), you can use the `coder_external_auth` Terraform resource to automatically provide this token on workspace creation:
+
+```hcl
+data "coder_external_auth" "github" {
+ id = "github"
+}
+
+resource "docker_container" "dev" {
+ env = [
+ ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token,
+ ]
+}
+```
+
+## SSH Authentication
+
+If `ENVBUILDER_GIT_URL` does not start with `http://` or `https://`,
+envbuilder will assume SSH authentication. You have the following options:
+
+1. Public/Private key authentication: set `ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH` to the path of an
+ SSH private key mounted inside the container. Envbuilder will use this SSH
+ key to authenticate. Example:
+
+ ```bash
+ docker run -it --rm \
+ -v /tmp/envbuilder:/workspaces \
+ -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
+ -e ENVBUILDER_INIT_SCRIPT=bash \
+ -e ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH=/.ssh/id_rsa \
+ -v /home/user/id_rsa:/.ssh/id_rsa \
+ ghcr.io/coder/envbuilder
+ ```
+
+1. Agent-based authentication: set `SSH_AUTH_SOCK` and mount in your agent socket, for example:
+
+```bash
+ docker run -it --rm \
+ -v /tmp/envbuilder:/workspaces \
+ -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
+ -e ENVBUILDER_INIT_SCRIPT=bash \
+ -e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \
+ -v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \
+ ghcr.io/coder/envbuilder
+```
+
+> Note: by default, envbuilder will accept and log all host keys. If you need
+> strict host key checking, set `SSH_KNOWN_HOSTS` and mount in a `known_hosts`
+> file.
diff --git a/docs/usage-with-coder.md b/docs/usage-with-coder.md
new file mode 100644
index 00000000..cb0e58cb
--- /dev/null
+++ b/docs/usage-with-coder.md
@@ -0,0 +1,27 @@
+# Usage with Coder
+
+Coder provides sample
+[Docker](https://github.com/coder/coder/tree/main/examples/templates/devcontainer-docker)
+and
+[Kubernetes](https://github.com/coder/coder/tree/main/examples/templates/devcontainer-kubernetes)
+templates for use with Envbuilder. You can import these templates and modify them to fit
+your specific requirements.
+
+Below are some specific points to be aware of when using Envbuilder with a Coder
+deployment:
+
+- The `ENVBUILDER_INIT_SCRIPT` should execute `coder_agent.main.init_script` in
+ order for you to be able to connect to your workspace.
+- In order for the Agent init script to be able to fetch the agent binary from
+ your Coder deployment, the resulting Devcontainer must contain a download tool
+ such as `curl`, `wget`, or `busybox`.
+- `CODER_AGENT_TOKEN` should be included in the environment variables for the
+ Envbuilder container. You can also set `CODER_AGENT_URL` if required.
+
+## Git Branch Selection
+
+Choose a branch using `ENVBUILDER_GIT_URL` with a _ref/heads_ reference. For instance:
+
+```
+ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch
+```
diff --git a/docs/using-local-files.md b/docs/using-local-files.md
new file mode 100644
index 00000000..3c4f9b24
--- /dev/null
+++ b/docs/using-local-files.md
@@ -0,0 +1,34 @@
+# Using local files
+
+If you don't have a remote Git repo or you want to quickly iterate with some
+local files, simply omit `ENVBUILDER_GIT_URL` and instead mount the directory
+containing your code to `/workspaces/empty` inside the Envbuilder container.
+
+For example:
+
+```shell
+# Create a sample Devcontainer and Dockerfile in the current directory
+printf '{"build": { "dockerfile": "Dockerfile"}}' > devcontainer.json
+printf 'FROM debian:bookworm\nRUN apt-get update && apt-get install -y cowsay' > Dockerfile
+
+# Run envbuilder with the current directory mounted into `/workspaces/empty`.
+# The instructions to add /usr/games to $PATH have been omitted for brevity.
+docker run -it --rm -e ENVBUILDER_INIT_SCRIPT='bash' -v $PWD:/workspaces/empty ghcr.io/coder/envbuilder:latest
+```
+
+Alternatively, if you prefer to mount your project files elsewhere, tell
+Envbuilder where to find them by specifying `ENVBUILDER_WORKSPACE_FOLDER`:
+
+```shell
+docker run -it --rm -e ENVBUILDER_INIT_SCRIPT='bash ' -e ENVBUILDER_WORKSPACE_FOLDER=/src -v $PWD:/src ghcr.io/coder/envbuilder:latest
+```
+
+By default, Envbuilder will look for a `devcontainer.json` or `Dockerfile` in
+both `${ENVBUILDER_WORKSPACE_FOLDER}` and `${ENVBUILDER_WORKSPACE_FOLDER}/.devcontainer`.
+You can control where it looks with `ENVBUILDER_DEVCONTAINER_DIR` if needed.
+
+```shell
+ls build/
+Dockerfile devcontainer.json
+docker run -it --rm -e ENVBUILDER_INIT_SCRIPT='bash' -e ENVBUILDER_DEVCONTAINER_DIR=build -v $PWD:/src ghcr.io/coder/envbuilder:latest
+```
diff --git a/envbuilder.go b/envbuilder.go
index 5538ea9c..47cc228d 100644
--- a/envbuilder.go
+++ b/envbuilder.go
@@ -4,7 +4,6 @@ import (
"bufio"
"bytes"
"context"
- "crypto/x509"
"encoding/base64"
"encoding/json"
"errors"
@@ -21,203 +20,197 @@ import (
"sort"
"strconv"
"strings"
+ "sync"
"syscall"
"time"
- "github.com/kballard/go-shellquote"
- "github.com/mattn/go-isatty"
+ "github.com/coder/envbuilder/buildinfo"
+ "github.com/coder/envbuilder/git"
+ "github.com/coder/envbuilder/options"
+ "github.com/go-git/go-billy/v5"
"github.com/GoogleContainerTools/kaniko/pkg/config"
"github.com/GoogleContainerTools/kaniko/pkg/creds"
"github.com/GoogleContainerTools/kaniko/pkg/executor"
"github.com/GoogleContainerTools/kaniko/pkg/util"
- giturls "github.com/chainguard-dev/git-urls"
"github.com/coder/envbuilder/devcontainer"
"github.com/coder/envbuilder/internal/ebutil"
- "github.com/coder/envbuilder/internal/notcodersdk"
- "github.com/containerd/containerd/platforms"
+ "github.com/coder/envbuilder/internal/magicdir"
+ "github.com/coder/envbuilder/log"
+ "github.com/containerd/platforms"
"github.com/distribution/distribution/v3/configuration"
"github.com/distribution/distribution/v3/registry/handlers"
_ "github.com/distribution/distribution/v3/registry/storage/driver/filesystem"
"github.com/docker/cli/cli/config/configfile"
"github.com/fatih/color"
- "github.com/go-git/go-billy/v5"
- "github.com/go-git/go-billy/v5/osfs"
- "github.com/go-git/go-git/v5/plumbing/transport"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/remote"
+ "github.com/kballard/go-shellquote"
+ "github.com/mattn/go-isatty"
"github.com/sirupsen/logrus"
"github.com/tailscale/hujson"
"golang.org/x/xerrors"
)
-const (
- // WorkspacesDir is the path to the directory where
- // all workspaces are stored by default.
- WorkspacesDir = "/workspaces"
-
- // EmptyWorkspaceDir is the path to a workspace that has
- // nothing going on... it's empty!
- EmptyWorkspaceDir = WorkspacesDir + "/empty"
-
- // MagicDir is where all envbuilder related files are stored.
- // This is a special directory that must not be modified
- // by the user or images.
- MagicDir = "/.envbuilder"
-)
-
-var (
- ErrNoFallbackImage = errors.New("no fallback image has been specified")
-
- // MagicFile is a file that is created in the workspace
- // when envbuilder has already been run. This is used
- // to skip building when a container is restarting.
- // e.g. docker stop -> docker start
- MagicFile = filepath.Join(MagicDir, "built")
-)
+// ErrNoFallbackImage is returned when no fallback image has been specified.
+var ErrNoFallbackImage = errors.New("no fallback image has been specified")
// DockerConfig represents the Docker configuration file.
type DockerConfig configfile.ConfigFile
+type runtimeDataStore struct {
+ // Runtime data.
+ Image bool `json:"-"`
+ Built bool `json:"-"`
+ SkippedRebuild bool `json:"-"`
+ Scripts devcontainer.LifecycleScripts `json:"-"`
+ ImageEnv []string `json:"-"`
+ ContainerEnv map[string]string `json:"-"`
+ RemoteEnv map[string]string `json:"-"`
+ DevcontainerPath string `json:"-"`
+
+ // Data stored in the magic image file.
+ ContainerUser string `json:"container_user"`
+}
+
+type execArgsInfo struct {
+ InitCommand string
+ InitArgs []string
+ UserInfo userInfo
+ Environ []string
+}
+
// Run runs the envbuilder.
// Logger is the logf to use for all operations.
// Filesystem is the filesystem to use for all operations.
// Defaults to the host filesystem.
-func Run(ctx context.Context, options Options) error {
- // Temporarily removed these from the default settings to prevent conflicts
- // between current and legacy environment variables that add default values.
- // Once the legacy environment variables are phased out, this can be
- // reinstated to the previous default values.
- if len(options.IgnorePaths) == 0 {
- options.IgnorePaths = []string{"/var/run"}
- }
- if options.InitScript == "" {
- options.InitScript = "sleep infinity"
- }
- if options.InitCommand == "" {
- options.InitCommand = "/bin/sh"
+// preExec are any functions that should be called before exec'ing the init
+// command. This is useful for ensuring that defers get run.
+func Run(ctx context.Context, opts options.Options, preExec ...func()) error {
+ var args execArgsInfo
+ // Run in a separate function to ensure all defers run before we
+ // setuid or exec.
+ err := run(ctx, opts, &args)
+ if err != nil {
+ return err
}
- if options.CacheRepo == "" && options.PushImage {
- return fmt.Errorf("--cache-repo must be set when using --push-image")
+
+ err = syscall.Setgid(args.UserInfo.gid)
+ if err != nil {
+ return fmt.Errorf("set gid: %w", err)
}
- // Default to the shell!
- initArgs := []string{"-c", options.InitScript}
- if options.InitArgs != "" {
- var err error
- initArgs, err = shellquote.Split(options.InitArgs)
- if err != nil {
- return fmt.Errorf("parse init args: %w", err)
- }
+ err = syscall.Setuid(args.UserInfo.uid)
+ if err != nil {
+ return fmt.Errorf("set uid: %w", err)
}
- if options.Filesystem == nil {
- options.Filesystem = &osfsWithChmod{osfs.New("/")}
+
+ opts.Logger(log.LevelInfo, "=== Running init command as user %q: %q", args.UserInfo.user.Username, append([]string{opts.InitCommand}, args.InitArgs...))
+ for _, fn := range preExec {
+ fn()
}
- if options.WorkspaceFolder == "" {
- f, err := DefaultWorkspaceFolder(options.GitURL)
- if err != nil {
- return err
- }
- options.WorkspaceFolder = f
+
+ err = syscall.Exec(args.InitCommand, append([]string{args.InitCommand}, args.InitArgs...), args.Environ)
+ if err != nil {
+ return fmt.Errorf("exec init script: %w", err)
}
+ return errors.New("exec failed")
+}
+
+func run(ctx context.Context, opts options.Options, execArgs *execArgsInfo) error {
+ defer options.UnsetEnv()
+
+ magicDir := magicdir.At(opts.MagicDirBase)
+
stageNumber := 0
startStage := func(format string, args ...any) func(format string, args ...any) {
now := time.Now()
stageNumber++
stageNum := stageNumber
- options.Logger(notcodersdk.LogLevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...))
+ opts.Logger(log.LevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...))
return func(format string, args ...any) {
- options.Logger(notcodersdk.LogLevelInfo, "#%d: %s [%s]", stageNum, fmt.Sprintf(format, args...), time.Since(now))
+ opts.Logger(log.LevelInfo, "#%d: %s [%s]", stageNum, fmt.Sprintf(format, args...), time.Since(now))
}
}
- options.Logger(notcodersdk.LogLevelInfo, "%s - Build development environments from repositories in a container", newColor(color.Bold).Sprintf("envbuilder"))
+ if opts.GetCachedImage {
+ return fmt.Errorf("developer error: use RunCacheProbe instead")
+ }
+ if opts.CacheRepo == "" && opts.PushImage {
+ return fmt.Errorf("--cache-repo must be set when using --push-image")
+ }
- var caBundle []byte
- if options.SSLCertBase64 != "" {
- certPool, err := x509.SystemCertPool()
- if err != nil {
- return xerrors.Errorf("get global system cert pool: %w", err)
- }
- data, err := base64.StdEncoding.DecodeString(options.SSLCertBase64)
+ // Default to the shell.
+ execArgs.InitCommand = opts.InitCommand
+ execArgs.InitArgs = []string{"-c", opts.InitScript}
+ if opts.InitArgs != "" {
+ var err error
+ execArgs.InitArgs, err = shellquote.Split(opts.InitArgs)
if err != nil {
- return xerrors.Errorf("base64 decode ssl cert: %w", err)
- }
- ok := certPool.AppendCertsFromPEM(data)
- if !ok {
- return xerrors.Errorf("failed to append the ssl cert to the global pool: %s", data)
+ return fmt.Errorf("parse init args: %w", err)
}
- caBundle = data
}
- if options.DockerConfigBase64 != "" {
- decoded, err := base64.StdEncoding.DecodeString(options.DockerConfigBase64)
- if err != nil {
- return fmt.Errorf("decode docker config: %w", err)
+ opts.Logger(log.LevelInfo, "%s %s - Build development environments from repositories in a container", newColor(color.Bold).Sprintf("envbuilder"), buildinfo.Version())
+
+ cleanupDockerConfigJSON, err := initDockerConfigJSON(opts.Logger, magicDir, opts.DockerConfigBase64)
+ if err != nil {
+ return err
+ }
+ defer func() {
+ if err := cleanupDockerConfigJSON(); err != nil {
+ opts.Logger(log.LevelError, "failed to cleanup docker config JSON: %w", err)
}
- var configFile DockerConfig
- decoded, err = hujson.Standardize(decoded)
- if err != nil {
- return fmt.Errorf("humanize json for docker config: %w", err)
+ }() // best effort
+
+ runtimeData := runtimeDataStore{
+ ContainerEnv: make(map[string]string),
+ RemoteEnv: make(map[string]string),
+ }
+ if fileExists(opts.Filesystem, magicDir.Image()) {
+ if err = parseMagicImageFile(opts.Filesystem, magicDir.Image(), &runtimeData); err != nil {
+ return fmt.Errorf("parse magic image file: %w", err)
}
- err = json.Unmarshal(decoded, &configFile)
- if err != nil {
- return fmt.Errorf("parse docker config: %w", err)
+ runtimeData.Image = true
+
+ // Some options are only applicable for builds.
+ if opts.RemoteRepoBuildMode {
+ opts.Logger(log.LevelDebug, "Ignoring %s option, it is not supported when using a pre-built image.", options.WithEnvPrefix("REMOTE_REPO_BUILD_MODE"))
+ opts.RemoteRepoBuildMode = false
}
- err = os.WriteFile(filepath.Join(MagicDir, "config.json"), decoded, 0o644)
- if err != nil {
- return fmt.Errorf("write docker config: %w", err)
+ if opts.ExportEnvFile != "" {
+ // Currently we can't support this as we don't have access to the
+ // post-build computed env vars to know which ones to export.
+ opts.Logger(log.LevelWarn, "Ignoring %s option, it is not supported when using a pre-built image.", options.WithEnvPrefix("EXPORT_ENV_FILE"))
+ opts.ExportEnvFile = ""
}
}
+ runtimeData.Built = fileExists(opts.Filesystem, magicDir.Built())
+ buildTimeWorkspaceFolder := opts.WorkspaceFolder
var fallbackErr error
var cloned bool
- if options.GitURL != "" {
+ if opts.GitURL != "" {
endStage := startStage("📦 Cloning %s to %s...",
- newColor(color.FgCyan).Sprintf(options.GitURL),
- newColor(color.FgCyan).Sprintf(options.WorkspaceFolder),
+ newColor(color.FgCyan).Sprintf(opts.GitURL),
+ newColor(color.FgCyan).Sprintf(opts.WorkspaceFolder),
)
-
- reader, writer := io.Pipe()
- defer reader.Close()
- defer writer.Close()
- go func() {
- data := make([]byte, 4096)
- for {
- read, err := reader.Read(data)
- if err != nil {
- return
- }
- content := data[:read]
- for _, line := range strings.Split(string(content), "\r") {
- if line == "" {
- continue
- }
- options.Logger(notcodersdk.LogLevelInfo, "#1: %s", strings.TrimSpace(line))
- }
- }
- }()
-
- cloneOpts := CloneRepoOptions{
- Path: options.WorkspaceFolder,
- Storage: options.Filesystem,
- Insecure: options.Insecure,
- Progress: writer,
- SingleBranch: options.GitCloneSingleBranch,
- Depth: int(options.GitCloneDepth),
- CABundle: caBundle,
+ stageNum := stageNumber
+ logStage := func(format string, args ...any) {
+ opts.Logger(log.LevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...))
}
- cloneOpts.RepoAuth = SetupRepoAuth(&options)
- if options.GitHTTPProxyURL != "" {
- cloneOpts.ProxyOptions = transport.ProxyOptions{
- URL: options.GitHTTPProxyURL,
- }
+ cloneOpts, err := git.CloneOptionsFromOptions(logStage, opts)
+ if err != nil {
+ return fmt.Errorf("git clone options: %w", err)
}
- cloneOpts.RepoURL = options.GitURL
- cloned, fallbackErr = CloneRepo(ctx, cloneOpts)
+ w := git.ProgressWriter(logStage)
+ defer w.Close()
+ cloneOpts.Progress = w
+
+ cloned, fallbackErr = git.CloneRepo(ctx, logStage, cloneOpts)
if fallbackErr == nil {
if cloned {
endStage("📦 Cloned repository!")
@@ -225,511 +218,523 @@ func Run(ctx context.Context, options Options) error {
endStage("📦 The repository already exists!")
}
} else {
- options.Logger(notcodersdk.LogLevelError, "Failed to clone repository: %s", fallbackErr.Error())
- options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...")
+ opts.Logger(log.LevelError, "Failed to clone repository: %s", fallbackErr.Error())
+ if !runtimeData.Image {
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ }
}
- }
- defaultBuildParams := func() (*devcontainer.Compiled, error) {
- dockerfile := filepath.Join(MagicDir, "Dockerfile")
- file, err := options.Filesystem.OpenFile(dockerfile, os.O_CREATE|os.O_WRONLY, 0o644)
- if err != nil {
- return nil, err
- }
- defer file.Close()
- if options.FallbackImage == "" {
- if fallbackErr != nil {
- return nil, xerrors.Errorf("%s: %w", fallbackErr.Error(), ErrNoFallbackImage)
+ _ = w.Close()
+
+ // Always clone the repo in remote repo build mode into a location that
+ // we control that isn't affected by the users changes.
+ if opts.RemoteRepoBuildMode {
+ cloneOpts, err := git.CloneOptionsFromOptions(logStage, opts)
+ if err != nil {
+ return fmt.Errorf("git clone options: %w", err)
}
- // We can't use errors.Join here because our tests
- // don't support parsing a multiline error.
- return nil, ErrNoFallbackImage
- }
- content := "FROM " + options.FallbackImage
- _, err = file.Write([]byte(content))
- if err != nil {
- return nil, err
+ cloneOpts.Path = magicDir.Join("repo")
+
+ endStage := startStage("📦 Remote repo build mode enabled, cloning %s to %s for build context...",
+ newColor(color.FgCyan).Sprintf(opts.GitURL),
+ newColor(color.FgCyan).Sprintf(cloneOpts.Path),
+ )
+
+ w := git.ProgressWriter(logStage)
+ defer w.Close()
+ cloneOpts.Progress = w
+
+ fallbackErr = git.ShallowCloneRepo(ctx, logStage, cloneOpts)
+ if fallbackErr == nil {
+ endStage("📦 Cloned repository!")
+ buildTimeWorkspaceFolder = cloneOpts.Path
+ } else {
+ opts.Logger(log.LevelError, "Failed to clone repository for remote repo mode: %s", fallbackErr.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ }
+
+ _ = w.Close()
}
- return &devcontainer.Compiled{
- DockerfilePath: dockerfile,
- DockerfileContent: content,
- BuildContext: MagicDir,
- }, nil
}
- var (
- buildParams *devcontainer.Compiled
- scripts devcontainer.LifecycleScripts
-
- devcontainerPath string
- )
- if options.DockerfilePath == "" {
- // Only look for a devcontainer if a Dockerfile wasn't specified.
- // devcontainer is a standard, so it's reasonable to be the default.
- var devcontainerDir string
- var err error
- devcontainerPath, devcontainerDir, err = findDevcontainerJSON(options)
- if err != nil {
- options.Logger(notcodersdk.LogLevelError, "Failed to locate devcontainer.json: %s", err.Error())
- options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...")
- } else {
- // We know a devcontainer exists.
- // Let's parse it and use it!
- file, err := options.Filesystem.Open(devcontainerPath)
+ if !runtimeData.Image {
+ defaultBuildParams := func() (*devcontainer.Compiled, error) {
+ dockerfile := magicDir.Join("Dockerfile")
+ file, err := opts.Filesystem.OpenFile(dockerfile, os.O_CREATE|os.O_WRONLY, 0o644)
if err != nil {
- return fmt.Errorf("open devcontainer.json: %w", err)
+ return nil, err
}
defer file.Close()
- content, err := io.ReadAll(file)
+ if opts.FallbackImage == "" {
+ if fallbackErr != nil {
+ return nil, xerrors.Errorf("%s: %w", fallbackErr.Error(), ErrNoFallbackImage)
+ }
+ // We can't use errors.Join here because our tests
+ // don't support parsing a multiline error.
+ return nil, ErrNoFallbackImage
+ }
+ content := "FROM " + opts.FallbackImage
+ _, err = file.Write([]byte(content))
if err != nil {
- return fmt.Errorf("read devcontainer.json: %w", err)
+ return nil, err
}
- devContainer, err := devcontainer.Parse(content)
- if err == nil {
- var fallbackDockerfile string
- if !devContainer.HasImage() && !devContainer.HasDockerfile() {
- defaultParams, err := defaultBuildParams()
+ return &devcontainer.Compiled{
+ DockerfilePath: dockerfile,
+ DockerfileContent: content,
+ BuildContext: magicDir.Path(),
+ }, nil
+ }
+
+ var buildParams *devcontainer.Compiled
+ if opts.DockerfilePath == "" {
+ // Only look for a devcontainer if a Dockerfile wasn't specified.
+ // devcontainer is a standard, so it's reasonable to be the default.
+ var devcontainerDir string
+ var err error
+ runtimeData.DevcontainerPath, devcontainerDir, err = findDevcontainerJSON(buildTimeWorkspaceFolder, opts)
+ if err != nil {
+ opts.Logger(log.LevelError, "Failed to locate devcontainer.json: %s", err.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ } else {
+ // We know a devcontainer exists.
+ // Let's parse it and use it!
+ file, err := opts.Filesystem.Open(runtimeData.DevcontainerPath)
+ if err != nil {
+ return fmt.Errorf("open devcontainer.json: %w", err)
+ }
+ defer file.Close()
+ content, err := io.ReadAll(file)
+ if err != nil {
+ return fmt.Errorf("read devcontainer.json: %w", err)
+ }
+ devContainer, err := devcontainer.Parse(content)
+ if err == nil {
+ var fallbackDockerfile string
+ if !devContainer.HasImage() && !devContainer.HasDockerfile() {
+ defaultParams, err := defaultBuildParams()
+ if err != nil {
+ return fmt.Errorf("no Dockerfile or image found: %w", err)
+ }
+ opts.Logger(log.LevelInfo, "No Dockerfile or image specified; falling back to the default image...")
+ fallbackDockerfile = defaultParams.DockerfilePath
+ }
+ buildParams, err = devContainer.Compile(opts.Filesystem, devcontainerDir, magicDir.Path(), fallbackDockerfile, opts.WorkspaceFolder, false, os.LookupEnv)
if err != nil {
- return fmt.Errorf("no Dockerfile or image found: %w", err)
+ return fmt.Errorf("compile devcontainer.json: %w", err)
}
- options.Logger(notcodersdk.LogLevelInfo, "No Dockerfile or image specified; falling back to the default image...")
- fallbackDockerfile = defaultParams.DockerfilePath
+ if buildParams.User != "" {
+ runtimeData.ContainerUser = buildParams.User
+ }
+ runtimeData.Scripts = devContainer.LifecycleScripts
+ } else {
+ opts.Logger(log.LevelError, "Failed to parse devcontainer.json: %s", err.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
}
- buildParams, err = devContainer.Compile(options.Filesystem, devcontainerDir, MagicDir, fallbackDockerfile, options.WorkspaceFolder, false, os.LookupEnv)
+ }
+ } else {
+ // If a Dockerfile was specified, we use that.
+ dockerfilePath := filepath.Join(buildTimeWorkspaceFolder, opts.DockerfilePath)
+
+ // If the dockerfilePath is specified and deeper than the base of WorkspaceFolder AND the BuildContextPath is
+ // not defined, show a warning
+ dockerfileDir := filepath.Dir(dockerfilePath)
+ if dockerfileDir != filepath.Clean(buildTimeWorkspaceFolder) && opts.BuildContextPath == "" {
+ opts.Logger(log.LevelWarn, "given dockerfile %q is below %q and no custom build context has been defined", dockerfilePath, buildTimeWorkspaceFolder)
+ opts.Logger(log.LevelWarn, "\t-> set BUILD_CONTEXT_PATH to %q to fix", dockerfileDir)
+ }
+
+ dockerfile, err := opts.Filesystem.Open(dockerfilePath)
+ if err == nil {
+ content, err := io.ReadAll(dockerfile)
if err != nil {
- return fmt.Errorf("compile devcontainer.json: %w", err)
+ return fmt.Errorf("read Dockerfile: %w", err)
+ }
+ buildParams = &devcontainer.Compiled{
+ DockerfilePath: dockerfilePath,
+ DockerfileContent: string(content),
+ BuildContext: filepath.Join(buildTimeWorkspaceFolder, opts.BuildContextPath),
}
- scripts = devContainer.LifecycleScripts
- } else {
- options.Logger(notcodersdk.LogLevelError, "Failed to parse devcontainer.json: %s", err.Error())
- options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...")
}
}
- } else {
- // If a Dockerfile was specified, we use that.
- dockerfilePath := filepath.Join(options.WorkspaceFolder, options.DockerfilePath)
- // If the dockerfilePath is specified and deeper than the base of WorkspaceFolder AND the BuildContextPath is
- // not defined, show a warning
- dockerfileDir := filepath.Dir(dockerfilePath)
- if dockerfileDir != filepath.Clean(options.WorkspaceFolder) && options.BuildContextPath == "" {
- options.Logger(notcodersdk.LogLevelWarn, "given dockerfile %q is below %q and no custom build context has been defined", dockerfilePath, options.WorkspaceFolder)
- options.Logger(notcodersdk.LogLevelWarn, "\t-> set BUILD_CONTEXT_PATH to %q to fix", dockerfileDir)
- }
-
- dockerfile, err := options.Filesystem.Open(dockerfilePath)
- if err == nil {
- content, err := io.ReadAll(dockerfile)
+ if buildParams == nil {
+ // If there isn't a devcontainer.json file in the repository,
+ // we fallback to whatever the `DefaultImage` is.
+ var err error
+ buildParams, err = defaultBuildParams()
if err != nil {
- return fmt.Errorf("read Dockerfile: %w", err)
+ return fmt.Errorf("no Dockerfile or devcontainer.json found: %w", err)
}
- buildParams = &devcontainer.Compiled{
- DockerfilePath: dockerfilePath,
- DockerfileContent: string(content),
- BuildContext: filepath.Join(options.WorkspaceFolder, options.BuildContextPath),
- }
- }
- }
-
- if buildParams == nil {
- // If there isn't a devcontainer.json file in the repository,
- // we fallback to whatever the `DefaultImage` is.
- var err error
- buildParams, err = defaultBuildParams()
- if err != nil {
- return fmt.Errorf("no Dockerfile or devcontainer.json found: %w", err)
}
- }
- HijackLogrus(func(entry *logrus.Entry) {
- for _, line := range strings.Split(entry.Message, "\r") {
- options.Logger(notcodersdk.LogLevelInfo, "#%d: %s", stageNumber, color.HiBlackString(line))
+ lvl := log.LevelInfo
+ if opts.Verbose {
+ lvl = log.LevelDebug
}
- })
+ log.HijackLogrus(lvl, func(entry *logrus.Entry) {
+ for _, line := range strings.Split(entry.Message, "\r") {
+ opts.Logger(log.FromLogrus(entry.Level), "#%d: %s", stageNumber, color.HiBlackString(line))
+ }
+ })
- var closeAfterBuild func()
- // Allows quick testing of layer caching using a local directory!
- if options.LayerCacheDir != "" {
- cfg := &configuration.Configuration{
- Storage: configuration.Storage{
- "filesystem": configuration.Parameters{
- "rootdirectory": options.LayerCacheDir,
- },
- },
- }
- cfg.Log.Level = "error"
+ if opts.LayerCacheDir != "" {
+ if opts.CacheRepo != "" {
+ opts.Logger(log.LevelWarn, "Overriding cache repo with local registry...")
+ }
+ localRegistry, closeLocalRegistry, err := serveLocalRegistry(ctx, opts.Logger, opts.LayerCacheDir)
+ if err != nil {
+ return err
+ }
+ defer closeLocalRegistry()
+ opts.CacheRepo = localRegistry
+ }
+
+ // IgnorePaths in the Kaniko opts doesn't properly ignore paths.
+ // So we add them to the default ignore list. See:
+ // https://github.com/GoogleContainerTools/kaniko/blob/63be4990ca5a60bdf06ddc4d10aa4eca0c0bc714/cmd/executor/cmd/root.go#L136
+ ignorePaths := append([]string{
+ magicDir.Path(),
+ opts.WorkspaceFolder,
+ // See: https://github.com/coder/envbuilder/issues/37
+ "/etc/resolv.conf",
+ }, opts.IgnorePaths...)
+
+ if opts.LayerCacheDir != "" {
+ ignorePaths = append(ignorePaths, opts.LayerCacheDir)
+ }
+
+ for _, ignorePath := range ignorePaths {
+ util.AddToDefaultIgnoreList(util.IgnoreListEntry{
+ Path: ignorePath,
+ PrefixMatchOnly: false,
+ AllowedPaths: nil,
+ })
+ }
+
+ // In order to allow 'resuming' envbuilder, embed the binary into the image
+ // if it is being pushed.
+ // As these files will be owned by root, it is considerate to clean up
+ // after we're done!
+ cleanupBuildContext := func() {}
+ if opts.PushImage {
+ // Add exceptions in Kaniko's ignorelist for these magic files we add.
+ if err := util.AddAllowedPathToDefaultIgnoreList(opts.BinaryPath); err != nil {
+ return fmt.Errorf("add envbuilder binary to ignore list: %w", err)
+ }
+ if err := util.AddAllowedPathToDefaultIgnoreList(magicDir.Image()); err != nil {
+ return fmt.Errorf("add magic image file to ignore list: %w", err)
+ }
+ if err := util.AddAllowedPathToDefaultIgnoreList(magicDir.Features()); err != nil {
+ return fmt.Errorf("add features to ignore list: %w", err)
+ }
+ magicTempDir := magicdir.At(buildParams.BuildContext, magicdir.TempDir)
+ if err := opts.Filesystem.MkdirAll(magicTempDir.Path(), 0o755); err != nil {
+ return fmt.Errorf("create magic temp dir in build context: %w", err)
+ }
+ // Add the magic directives that embed the binary into the built image.
+ buildParams.DockerfileContent += magicdir.Directives
+
+ envbuilderBinDest := filepath.Join(magicTempDir.Path(), "envbuilder")
+ magicImageDest := magicTempDir.Image()
+
+ // Clean up after build!
+ var cleanupOnce sync.Once
+ cleanupBuildContext = func() {
+ cleanupOnce.Do(func() {
+ for _, path := range []string{magicImageDest, envbuilderBinDest, magicTempDir.Path()} {
+ if err := opts.Filesystem.Remove(path); err != nil {
+ opts.Logger(log.LevelWarn, "failed to clean up magic temp dir from build context: %w", err)
+ }
+ }
+ })
+ }
+ defer cleanupBuildContext()
- // Spawn an in-memory registry to cache built layers...
- registry := handlers.NewApp(ctx, cfg)
+ // Copy the envbuilder binary into the build context. External callers
+ // will need to specify the path to the desired envbuilder binary.
+ opts.Logger(log.LevelDebug, "copying envbuilder binary at %q to build context %q", opts.BinaryPath, envbuilderBinDest)
+ if err := copyFile(opts.Filesystem, opts.BinaryPath, envbuilderBinDest, 0o755); err != nil {
+ return fmt.Errorf("copy envbuilder binary to build context: %w", err)
+ }
- listener, err := net.Listen("tcp", "127.0.0.1:0")
- if err != nil {
- return err
- }
- tcpAddr, ok := listener.Addr().(*net.TCPAddr)
- if !ok {
- return fmt.Errorf("listener addr was of wrong type: %T", listener.Addr())
- }
- srv := &http.Server{
- Handler: registry,
- }
- go func() {
- err := srv.Serve(listener)
- if err != nil && !errors.Is(err, http.ErrServerClosed) {
- options.Logger(notcodersdk.LogLevelError, "Failed to serve registry: %s", err.Error())
+ // Also write the magic file that signifies the image has been built.
+ // Since the user in the image is set to root, we also store the user
+ // in the magic file to be used by envbuilder when the image is run.
+ opts.Logger(log.LevelDebug, "writing magic image file at %q in build context %q", magicImageDest, magicTempDir)
+ if err := writeMagicImageFile(opts.Filesystem, magicImageDest, runtimeData); err != nil {
+ return fmt.Errorf("write magic image file in build context: %w", err)
}
- }()
- closeAfterBuild = func() {
- _ = srv.Close()
- _ = listener.Close()
- }
- if options.CacheRepo != "" {
- options.Logger(notcodersdk.LogLevelWarn, "Overriding cache repo with local registry...")
}
- options.CacheRepo = fmt.Sprintf("localhost:%d/local/cache", tcpAddr.Port)
- }
-
- // IgnorePaths in the Kaniko options doesn't properly ignore paths.
- // So we add them to the default ignore list. See:
- // https://github.com/GoogleContainerTools/kaniko/blob/63be4990ca5a60bdf06ddc4d10aa4eca0c0bc714/cmd/executor/cmd/root.go#L136
- ignorePaths := append([]string{
- MagicDir,
- options.WorkspaceFolder,
- // See: https://github.com/coder/envbuilder/issues/37
- "/etc/resolv.conf",
- }, options.IgnorePaths...)
- if options.LayerCacheDir != "" {
- ignorePaths = append(ignorePaths, options.LayerCacheDir)
- }
-
- for _, ignorePath := range ignorePaths {
- util.AddToDefaultIgnoreList(util.IgnoreListEntry{
- Path: ignorePath,
- PrefixMatchOnly: false,
- AllowedPaths: nil,
- })
- }
-
- // In order to allow 'resuming' envbuilder, embed the binary into the image
- // if it is being pushed
- if options.PushImage {
- exePath, err := os.Executable()
+ // temp move of all ro mounts
+ tempRemountDest := magicDir.Join("mnt")
+ // ignorePrefixes is a superset of ignorePaths that we pass to kaniko's
+ // IgnoreList.
+ ignorePrefixes := append([]string{"/dev", "/proc", "/sys"}, ignorePaths...)
+ restoreMounts, err := ebutil.TempRemount(opts.Logger, tempRemountDest, ignorePrefixes...)
+ defer func() { // restoreMounts should never be nil
+ if err := restoreMounts(); err != nil {
+ opts.Logger(log.LevelError, "restore mounts: %s", err.Error())
+ }
+ }()
if err != nil {
- return xerrors.Errorf("get exe path: %w", err)
- }
- // Add an exception for the current running binary in kaniko ignore list
- if err := util.AddAllowedPathToDefaultIgnoreList(exePath); err != nil {
- return xerrors.Errorf("add exe path to ignore list: %w", err)
- }
- // Copy the envbuilder binary into the build context.
- buildParams.DockerfileContent += fmt.Sprintf(`
-COPY --chmod=0755 %s %s
-USER root
-WORKDIR /
-ENTRYPOINT [%q]`, exePath, exePath, exePath)
- dst := filepath.Join(buildParams.BuildContext, exePath)
- if err := copyFile(exePath, dst); err != nil {
- return xerrors.Errorf("copy running binary to build context: %w", err)
- }
- }
-
- // temp move of all ro mounts
- tempRemountDest := filepath.Join("/", MagicDir, "mnt")
- // ignorePrefixes is a superset of ignorePaths that we pass to kaniko's
- // IgnoreList.
- ignorePrefixes := append([]string{"/proc", "/sys"}, ignorePaths...)
- restoreMounts, err := ebutil.TempRemount(options.Logger, tempRemountDest, ignorePrefixes...)
- defer func() { // restoreMounts should never be nil
- if err := restoreMounts(); err != nil {
- options.Logger(notcodersdk.LogLevelError, "restore mounts: %s", err.Error())
- }
- }()
- if err != nil {
- return fmt.Errorf("temp remount: %w", err)
- }
-
- skippedRebuild := false
- build := func() (v1.Image, error) {
- _, err := options.Filesystem.Stat(MagicFile)
- if err == nil && options.SkipRebuild {
- endStage := startStage("🏗️ Skipping build because of cache...")
- imageRef, err := devcontainer.ImageFromDockerfile(buildParams.DockerfileContent)
- if err != nil {
- return nil, fmt.Errorf("image from dockerfile: %w", err)
+ return fmt.Errorf("temp remount: %w", err)
+ }
+
+ stdoutWriter, closeStdout := log.Writer(opts.Logger)
+ defer closeStdout()
+ stderrWriter, closeStderr := log.Writer(opts.Logger)
+ defer closeStderr()
+ build := func() (v1.Image, error) {
+ defer cleanupBuildContext()
+ if runtimeData.Built && opts.SkipRebuild {
+ endStage := startStage("🏗️ Skipping build because of cache...")
+ imageRef, err := devcontainer.ImageFromDockerfile(buildParams.DockerfileContent)
+ if err != nil {
+ return nil, fmt.Errorf("image from dockerfile: %w", err)
+ }
+ image, err := remote.Image(imageRef, remote.WithAuthFromKeychain(creds.GetKeychain()))
+ if err != nil {
+ return nil, fmt.Errorf("image from remote: %w", err)
+ }
+ endStage("🏗️ Found image from remote!")
+ runtimeData.Built = false
+ runtimeData.SkippedRebuild = true
+ return image, nil
}
- image, err := remote.Image(imageRef, remote.WithAuthFromKeychain(creds.GetKeychain()))
+
+ // This is required for deleting the filesystem prior to build!
+ err = util.InitIgnoreList()
if err != nil {
- return nil, fmt.Errorf("image from remote: %w", err)
+ return nil, fmt.Errorf("init ignore list: %w", err)
}
- endStage("🏗️ Found image from remote!")
- skippedRebuild = true
- return image, nil
- }
- // This is required for deleting the filesystem prior to build!
- err = util.InitIgnoreList()
- if err != nil {
- return nil, fmt.Errorf("init ignore list: %w", err)
- }
+ // It's possible that the container will already have files in it, and
+ // we don't want to merge a new container with the old one.
+ if err := maybeDeleteFilesystem(opts.Logger, opts.ForceSafe); err != nil {
+ return nil, fmt.Errorf("delete filesystem: %w", err)
+ }
- // It's possible that the container will already have files in it, and
- // we don't want to merge a new container with the old one.
- if err := maybeDeleteFilesystem(options.Logger, options.ForceSafe); err != nil {
- return nil, fmt.Errorf("delete filesystem: %w", err)
- }
+ cacheTTL := time.Hour * 24 * 7
+ if opts.CacheTTLDays != 0 {
+ cacheTTL = time.Hour * 24 * time.Duration(opts.CacheTTLDays)
+ }
- stdoutReader, stdoutWriter := io.Pipe()
- stderrReader, stderrWriter := io.Pipe()
- defer stdoutReader.Close()
- defer stdoutWriter.Close()
- defer stderrReader.Close()
- defer stderrWriter.Close()
- go func() {
- scanner := bufio.NewScanner(stdoutReader)
- for scanner.Scan() {
- options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text())
+ // At this point we have all the context, we can now build!
+ registryMirror := []string{}
+ if val, ok := os.LookupEnv("KANIKO_REGISTRY_MIRROR"); ok {
+ registryMirror = strings.Split(val, ";")
}
- }()
- go func() {
- scanner := bufio.NewScanner(stderrReader)
- for scanner.Scan() {
- options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text())
+ var destinations []string
+ if opts.CacheRepo != "" {
+ destinations = append(destinations, opts.CacheRepo)
}
- }()
- cacheTTL := time.Hour * 24 * 7
- if options.CacheTTLDays != 0 {
- cacheTTL = time.Hour * 24 * time.Duration(options.CacheTTLDays)
- }
-
- // At this point we have all the context, we can now build!
- registryMirror := []string{}
- if val, ok := os.LookupEnv("KANIKO_REGISTRY_MIRROR"); ok {
- registryMirror = strings.Split(val, ";")
- }
- var destinations []string
- if options.CacheRepo != "" {
- destinations = append(destinations, options.CacheRepo)
- }
- opts := &config.KanikoOptions{
- // Boilerplate!
- CustomPlatform: platforms.Format(platforms.Normalize(platforms.DefaultSpec())),
- SnapshotMode: "redo",
- RunV2: true,
- RunStdout: stdoutWriter,
- RunStderr: stderrWriter,
- Destinations: destinations,
- NoPush: !options.PushImage || len(destinations) == 0,
- CacheRunLayers: true,
- CacheCopyLayers: true,
- CompressedCaching: true,
- Compression: config.ZStd,
- // Maps to "default" level, ~100-300 MB/sec according to
- // benchmarks in klauspost/compress README
- // https://github.com/klauspost/compress/blob/67a538e2b4df11f8ec7139388838a13bce84b5d5/zstd/encoder_options.go#L188
- CompressionLevel: 3,
- CacheOptions: config.CacheOptions{
- // Cache for a week by default!
- CacheTTL: cacheTTL,
- CacheDir: options.BaseImageCacheDir,
- },
- ForceUnpack: true,
- BuildArgs: buildParams.BuildArgs,
- CacheRepo: options.CacheRepo,
- Cache: options.CacheRepo != "" || options.BaseImageCacheDir != "",
- DockerfilePath: buildParams.DockerfilePath,
- DockerfileContent: buildParams.DockerfileContent,
- RegistryOptions: config.RegistryOptions{
- Insecure: options.Insecure,
- InsecurePull: options.Insecure,
- SkipTLSVerify: options.Insecure,
- // Enables registry mirror features in Kaniko, see more in link below
- // https://github.com/GoogleContainerTools/kaniko?tab=readme-ov-file#flag---registry-mirror
- // Related to PR #114
- // https://github.com/coder/envbuilder/pull/114
- RegistryMirrors: registryMirror,
- },
- SrcContext: buildParams.BuildContext,
+ kOpts := &config.KanikoOptions{
+ // Boilerplate!
+ CustomPlatform: platforms.Format(platforms.Normalize(platforms.DefaultSpec())),
+ SnapshotMode: "redo",
+ RunV2: true,
+ RunStdout: stdoutWriter,
+ RunStderr: stderrWriter,
+ Destinations: destinations,
+ NoPush: !opts.PushImage || len(destinations) == 0,
+ CacheRunLayers: true,
+ CacheCopyLayers: true,
+ ForceBuildMetadata: opts.PushImage, // Force layers with no changes to be cached, required for cache probing.
+ CompressedCaching: true,
+ Compression: config.ZStd,
+ // Maps to "default" level, ~100-300 MB/sec according to
+ // benchmarks in klauspost/compress README
+ // https://github.com/klauspost/compress/blob/67a538e2b4df11f8ec7139388838a13bce84b5d5/zstd/encoder_options.go#L188
+ CompressionLevel: 3,
+ CacheOptions: config.CacheOptions{
+ CacheTTL: cacheTTL,
+ CacheDir: opts.BaseImageCacheDir,
+ },
+ ForceUnpack: true,
+ BuildArgs: buildParams.BuildArgs,
+ CacheRepo: opts.CacheRepo,
+ Cache: opts.CacheRepo != "" || opts.BaseImageCacheDir != "",
+ DockerfilePath: buildParams.DockerfilePath,
+ DockerfileContent: buildParams.DockerfileContent,
+ RegistryOptions: config.RegistryOptions{
+ Insecure: opts.Insecure,
+ InsecurePull: opts.Insecure,
+ SkipTLSVerify: opts.Insecure,
+ // Enables registry mirror features in Kaniko, see more in link below
+ // https://github.com/GoogleContainerTools/kaniko?tab=readme-ov-file#flag---registry-mirror
+ // Related to PR #114
+ // https://github.com/coder/envbuilder/pull/114
+ RegistryMirrors: registryMirror,
+ },
+ SrcContext: buildParams.BuildContext,
- // For cached image utilization, produce reproducible builds.
- Reproducible: options.PushImage,
- }
+ // For cached image utilization, produce reproducible builds.
+ Reproducible: opts.PushImage,
+ }
- if options.GetCachedImage {
- endStage := startStage("🏗️ Checking for cached image...")
- image, err := executor.DoCacheProbe(opts)
+ endStage := startStage("🏗️ Building image...")
+ image, err := executor.DoBuild(kOpts)
if err != nil {
- return nil, xerrors.Errorf("get cached image: %w", err)
+ return nil, xerrors.Errorf("do build: %w", err)
}
- digest, err := image.Digest()
- if err != nil {
- return nil, xerrors.Errorf("get cached image digest: %w", err)
+ endStage("🏗️ Built image!")
+ if opts.PushImage {
+ endStage = startStage("🏗️ Pushing image...")
+ if err := executor.DoPush(image, kOpts); err != nil {
+ return nil, xerrors.Errorf("do push: %w", err)
+ }
+ endStage("🏗️ Pushed image!")
}
- endStage("🏗️ Found cached image!")
- _, _ = fmt.Fprintf(os.Stdout, "ENVBUILDER_CACHED_IMAGE=%s@%s\n", options.CacheRepo, digest.String())
- os.Exit(0)
+
+ return image, err
}
- endStage := startStage("🏗️ Building image...")
- image, err := executor.DoBuild(opts)
+ // At this point we have all the context, we can now build!
+ image, err := build()
if err != nil {
- return nil, xerrors.Errorf("do build: %w", err)
- }
- endStage("🏗️ Built image!")
- if options.PushImage {
- endStage = startStage("🏗️ Pushing image...")
- if err := executor.DoPush(image, opts); err != nil {
- return nil, xerrors.Errorf("do push: %w", err)
+ fallback := false
+ switch {
+ case strings.Contains(err.Error(), "parsing dockerfile"):
+ fallback = true
+ fallbackErr = err
+ case strings.Contains(err.Error(), "error building stage"):
+ fallback = true
+ fallbackErr = err
+ // This occurs when the image cannot be found!
+ case strings.Contains(err.Error(), "authentication required"):
+ fallback = true
+ fallbackErr = err
+ // This occurs from Docker Hub when the image cannot be found!
+ case strings.Contains(err.Error(), "manifest unknown"):
+ fallback = true
+ fallbackErr = err
+ case strings.Contains(err.Error(), "unexpected status code 401 Unauthorized"):
+ opts.Logger(log.LevelError, "Unable to pull the provided image. Ensure your registry credentials are correct!")
+ }
+ if !fallback || opts.ExitOnBuildFailure {
+ return err
}
- endStage("🏗️ Pushed image!")
+ opts.Logger(log.LevelError, "Failed to build: %s", err)
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ buildParams, err = defaultBuildParams()
+ if err != nil {
+ return err
+ }
+ image, err = build()
}
-
- return image, err
- }
-
- // At this point we have all the context, we can now build!
- image, err := build()
- if err != nil {
- fallback := false
- switch {
- case strings.Contains(err.Error(), "parsing dockerfile"):
- fallback = true
- fallbackErr = err
- case strings.Contains(err.Error(), "error building stage"):
- fallback = true
- fallbackErr = err
- // This occurs when the image cannot be found!
- case strings.Contains(err.Error(), "authentication required"):
- fallback = true
- fallbackErr = err
- // This occurs from Docker Hub when the image cannot be found!
- case strings.Contains(err.Error(), "manifest unknown"):
- fallback = true
- fallbackErr = err
- case strings.Contains(err.Error(), "unexpected status code 401 Unauthorized"):
- options.Logger(notcodersdk.LogLevelError, "Unable to pull the provided image. Ensure your registry credentials are correct!")
- }
- if !fallback || options.ExitOnBuildFailure {
- return err
- }
- options.Logger(notcodersdk.LogLevelError, "Failed to build: %s", err)
- options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...")
- buildParams, err = defaultBuildParams()
if err != nil {
- return err
+ return fmt.Errorf("build with kaniko: %w", err)
}
- image, err = build()
- }
- if err != nil {
- return fmt.Errorf("build with kaniko: %w", err)
- }
-
- if closeAfterBuild != nil {
- closeAfterBuild()
- }
-
- if err := restoreMounts(); err != nil {
- return fmt.Errorf("restore mounts: %w", err)
- }
- // Create the magic file to indicate that this build
- // has already been ran before!
- file, err := options.Filesystem.Create(MagicFile)
- if err != nil {
- return fmt.Errorf("create magic file: %w", err)
- }
- _ = file.Close()
-
- configFile, err := image.ConfigFile()
- if err != nil {
- return fmt.Errorf("get image config: %w", err)
- }
-
- containerEnv := make(map[string]string)
- remoteEnv := make(map[string]string)
-
- // devcontainer metadata can be persisted through a standard label
- devContainerMetadata, exists := configFile.Config.Labels["devcontainer.metadata"]
- if exists {
- var devContainer []*devcontainer.Spec
- devContainerMetadataBytes, err := hujson.Standardize([]byte(devContainerMetadata))
- if err != nil {
- return fmt.Errorf("humanize json for dev container metadata: %w", err)
+ if err := restoreMounts(); err != nil {
+ return fmt.Errorf("restore mounts: %w", err)
}
- err = json.Unmarshal(devContainerMetadataBytes, &devContainer)
+
+ configFile, err := image.ConfigFile()
if err != nil {
- return fmt.Errorf("unmarshal metadata: %w", err)
+ return fmt.Errorf("get image config: %w", err)
}
- options.Logger(notcodersdk.LogLevelInfo, "#3: 👀 Found devcontainer.json label metadata in image...")
- for _, container := range devContainer {
- if container.RemoteUser != "" {
- options.Logger(notcodersdk.LogLevelInfo, "#3: 🧑 Updating the user to %q!", container.RemoteUser)
- configFile.Config.User = container.RemoteUser
- }
- maps.Copy(containerEnv, container.ContainerEnv)
- maps.Copy(remoteEnv, container.RemoteEnv)
- if !container.OnCreateCommand.IsEmpty() {
- scripts.OnCreateCommand = container.OnCreateCommand
- }
- if !container.UpdateContentCommand.IsEmpty() {
- scripts.UpdateContentCommand = container.UpdateContentCommand
+ runtimeData.ImageEnv = configFile.Config.Env
+
+ // Dev Container metadata can be persisted through a standard label.
+ // Note that this currently only works when we're building the image,
+ // not when we're using a pre-built image as we don't have access to
+ // labels.
+ devContainerMetadata, exists := configFile.Config.Labels["devcontainer.metadata"]
+ if exists {
+ var devContainer []*devcontainer.Spec
+ devContainerMetadataBytes, err := hujson.Standardize([]byte(devContainerMetadata))
+ if err != nil {
+ return fmt.Errorf("humanize json for dev container metadata: %w", err)
}
- if !container.PostCreateCommand.IsEmpty() {
- scripts.PostCreateCommand = container.PostCreateCommand
+ err = json.Unmarshal(devContainerMetadataBytes, &devContainer)
+ if err != nil {
+ return fmt.Errorf("unmarshal metadata: %w", err)
}
- if !container.PostStartCommand.IsEmpty() {
- scripts.PostStartCommand = container.PostStartCommand
+ opts.Logger(log.LevelInfo, "#%d: 👀 Found devcontainer.json label metadata in image...", stageNumber)
+ for _, container := range devContainer {
+ if container.ContainerUser != "" {
+ opts.Logger(log.LevelInfo, "#%d: 🧑 Updating the user to %q!", stageNumber, container.ContainerUser)
+
+ configFile.Config.User = container.ContainerUser
+ }
+ maps.Copy(runtimeData.ContainerEnv, container.ContainerEnv)
+ maps.Copy(runtimeData.RemoteEnv, container.RemoteEnv)
+ if !container.OnCreateCommand.IsEmpty() {
+ runtimeData.Scripts.OnCreateCommand = container.OnCreateCommand
+ }
+ if !container.UpdateContentCommand.IsEmpty() {
+ runtimeData.Scripts.UpdateContentCommand = container.UpdateContentCommand
+ }
+ if !container.PostCreateCommand.IsEmpty() {
+ runtimeData.Scripts.PostCreateCommand = container.PostCreateCommand
+ }
+ if !container.PostStartCommand.IsEmpty() {
+ runtimeData.Scripts.PostStartCommand = container.PostStartCommand
+ }
}
}
- }
-
- // Sanitize the environment of any options!
- unsetOptionsEnv()
- // Remove the Docker config secret file!
- if options.DockerConfigBase64 != "" {
- c := filepath.Join(MagicDir, "config.json")
- err = os.Remove(c)
- if err != nil {
- if !errors.Is(err, fs.ErrNotExist) {
- return fmt.Errorf("remove docker config: %w", err)
+ maps.Copy(runtimeData.ContainerEnv, buildParams.ContainerEnv)
+ maps.Copy(runtimeData.RemoteEnv, buildParams.RemoteEnv)
+ if runtimeData.ContainerUser == "" && configFile.Config.User != "" {
+ runtimeData.ContainerUser = configFile.Config.User
+ }
+ } else {
+ runtimeData.DevcontainerPath, _, err = findDevcontainerJSON(opts.WorkspaceFolder, opts)
+ if err == nil {
+ file, err := opts.Filesystem.Open(runtimeData.DevcontainerPath)
+ if err != nil {
+ return fmt.Errorf("open devcontainer.json: %w", err)
+ }
+ defer file.Close()
+ content, err := io.ReadAll(file)
+ if err != nil {
+ return fmt.Errorf("read devcontainer.json: %w", err)
+ }
+ devContainer, err := devcontainer.Parse(content)
+ if err == nil {
+ maps.Copy(runtimeData.ContainerEnv, devContainer.ContainerEnv)
+ maps.Copy(runtimeData.RemoteEnv, devContainer.RemoteEnv)
+ if devContainer.ContainerUser != "" {
+ runtimeData.ContainerUser = devContainer.ContainerUser
+ }
+ runtimeData.Scripts = devContainer.LifecycleScripts
} else {
- fmt.Fprintln(os.Stderr, "failed to remove the Docker config secret file: %w", c)
+ opts.Logger(log.LevelError, "Failed to parse devcontainer.json: %s", err.Error())
}
}
}
- environ, err := os.ReadFile("/etc/environment")
- if err == nil {
- for _, env := range strings.Split(string(environ), "\n") {
- pair := strings.SplitN(env, "=", 2)
- if len(pair) != 2 {
- continue
- }
- os.Setenv(pair[0], pair[1])
- }
+ // Sanitize the environment of any opts!
+ options.UnsetEnv()
+
+ // Set the environment from /etc/environment first, so it can be
+ // overridden by the image and devcontainer settings.
+ err = setEnvFromEtcEnvironment(opts.Logger)
+ if err != nil {
+ return fmt.Errorf("set env from /etc/environment: %w", err)
}
allEnvKeys := make(map[string]struct{})
// It must be set in this parent process otherwise nothing will be found!
- for _, env := range configFile.Config.Env {
+ for _, env := range runtimeData.ImageEnv {
pair := strings.SplitN(env, "=", 2)
os.Setenv(pair[0], pair[1])
allEnvKeys[pair[0]] = struct{}{}
}
- maps.Copy(containerEnv, buildParams.ContainerEnv)
- maps.Copy(remoteEnv, buildParams.RemoteEnv)
// Set Envbuilder runtime markers
- containerEnv["ENVBUILDER"] = "true"
- if devcontainerPath != "" {
- containerEnv["DEVCONTAINER"] = "true"
- containerEnv["DEVCONTAINER_CONFIG"] = devcontainerPath
+ runtimeData.ContainerEnv["ENVBUILDER"] = "true"
+ if runtimeData.DevcontainerPath != "" {
+ runtimeData.ContainerEnv["DEVCONTAINER"] = "true"
+ runtimeData.ContainerEnv["DEVCONTAINER_CONFIG"] = runtimeData.DevcontainerPath
}
- for _, env := range []map[string]string{containerEnv, remoteEnv} {
+ for _, env := range []map[string]string{runtimeData.ContainerEnv, runtimeData.RemoteEnv} {
envKeys := make([]string, 0, len(env))
for key := range env {
envKeys = append(envKeys, key)
@@ -737,7 +742,7 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
}
sort.Strings(envKeys)
for _, envVar := range envKeys {
- value := devcontainer.SubstituteVars(env[envVar], options.WorkspaceFolder, os.LookupEnv)
+ value := devcontainer.SubstituteVars(env[envVar], opts.WorkspaceFolder, os.LookupEnv)
os.Setenv(envVar, value)
}
}
@@ -747,10 +752,10 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
// in the export. We should have generated a complete set of environment
// on the intial build, so exporting environment variables a second time
// isn't useful anyway.
- if options.ExportEnvFile != "" && !skippedRebuild {
- exportEnvFile, err := os.Create(options.ExportEnvFile)
+ if opts.ExportEnvFile != "" && !runtimeData.SkippedRebuild {
+ exportEnvFile, err := opts.Filesystem.Create(opts.ExportEnvFile)
if err != nil {
- return fmt.Errorf("failed to open EXPORT_ENV_FILE %q: %w", options.ExportEnvFile, err)
+ return fmt.Errorf("failed to open %s %q: %w", options.WithEnvPrefix("EXPORT_ENV_FILE"), opts.ExportEnvFile, err)
}
envKeys := make([]string, 0, len(allEnvKeys))
@@ -765,15 +770,15 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
exportEnvFile.Close()
}
- username := configFile.Config.User
- if buildParams.User != "" {
- username = buildParams.User
- }
- if username == "" {
- options.Logger(notcodersdk.LogLevelWarn, "#3: no user specified, using root")
+ // Remove the Docker config secret file!
+ if err := cleanupDockerConfigJSON(); err != nil {
+ return err
}
- userInfo, err := getUser(username)
+ if runtimeData.ContainerUser == "" {
+ opts.Logger(log.LevelWarn, "#%d: no user specified, using root", stageNumber)
+ }
+ execArgs.UserInfo, err = getUser(runtimeData.ContainerUser)
if err != nil {
return fmt.Errorf("update user: %w", err)
}
@@ -787,13 +792,13 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
//
// We need to change the ownership of the files to the user that will
// be running the init script.
- if chownErr := filepath.Walk(options.WorkspaceFolder, func(path string, _ os.FileInfo, err error) error {
+ if chownErr := filepath.Walk(opts.WorkspaceFolder, func(path string, _ os.FileInfo, err error) error {
if err != nil {
return err
}
- return os.Chown(path, userInfo.uid, userInfo.gid)
+ return os.Chown(path, execArgs.UserInfo.uid, execArgs.UserInfo.gid)
}); chownErr != nil {
- options.Logger(notcodersdk.LogLevelError, "chown %q: %s", userInfo.user.HomeDir, chownErr.Error())
+ opts.Logger(log.LevelError, "chown %q: %s", execArgs.UserInfo.user.HomeDir, chownErr.Error())
endStage("⚠️ Failed to the ownership of the workspace, you may need to fix this manually!")
} else {
endStage("👤 Updated the ownership of the workspace!")
@@ -802,26 +807,26 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
// We may also need to update the ownership of the user homedir.
// Skip this step if the user is root.
- if userInfo.uid != 0 {
- endStage := startStage("🔄 Updating ownership of %s...", userInfo.user.HomeDir)
- if chownErr := filepath.Walk(userInfo.user.HomeDir, func(path string, _ fs.FileInfo, err error) error {
+ if execArgs.UserInfo.uid != 0 {
+ endStage := startStage("🔄 Updating ownership of %s...", execArgs.UserInfo.user.HomeDir)
+ if chownErr := filepath.Walk(execArgs.UserInfo.user.HomeDir, func(path string, _ fs.FileInfo, err error) error {
if err != nil {
return err
}
- return os.Chown(path, userInfo.uid, userInfo.gid)
+ return os.Chown(path, execArgs.UserInfo.uid, execArgs.UserInfo.gid)
}); chownErr != nil {
- options.Logger(notcodersdk.LogLevelError, "chown %q: %s", userInfo.user.HomeDir, chownErr.Error())
- endStage("⚠️ Failed to update ownership of %s, you may need to fix this manually!", userInfo.user.HomeDir)
+ opts.Logger(log.LevelError, "chown %q: %s", execArgs.UserInfo.user.HomeDir, chownErr.Error())
+ endStage("⚠️ Failed to update ownership of %s, you may need to fix this manually!", execArgs.UserInfo.user.HomeDir)
} else {
- endStage("🏡 Updated ownership of %s!", userInfo.user.HomeDir)
+ endStage("🏡 Updated ownership of %s!", execArgs.UserInfo.user.HomeDir)
}
}
- err = os.MkdirAll(options.WorkspaceFolder, 0o755)
+ err = opts.Filesystem.MkdirAll(opts.WorkspaceFolder, 0o755)
if err != nil {
return fmt.Errorf("create workspace folder: %w", err)
}
- err = os.Chdir(options.WorkspaceFolder)
+ err = os.Chdir(opts.WorkspaceFolder)
if err != nil {
return fmt.Errorf("change directory: %w", err)
}
@@ -832,36 +837,46 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
// example, TARGET_USER may be set to root in the case where we will
// exec systemd as the init command, but that doesn't mean we should
// run the lifecycle scripts as root.
- os.Setenv("HOME", userInfo.user.HomeDir)
- if err := execLifecycleScripts(ctx, options, scripts, skippedRebuild, userInfo); err != nil {
+ os.Setenv("HOME", execArgs.UserInfo.user.HomeDir)
+ if err := execLifecycleScripts(ctx, opts, runtimeData.Scripts, !runtimeData.Built, execArgs.UserInfo); err != nil {
return err
}
+ // Create the magic file to indicate that this build
+ // has already been ran before!
+ if !runtimeData.Built {
+ file, err := opts.Filesystem.Create(magicDir.Built())
+ if err != nil {
+ return fmt.Errorf("create magic file: %w", err)
+ }
+ _ = file.Close()
+ }
+
// The setup script can specify a custom initialization command
// and arguments to run instead of the default shell.
//
// This is useful for hooking into the environment for a specific
// init to PID 1.
- if options.SetupScript != "" {
+ if opts.SetupScript != "" {
// We execute the initialize script as the root user!
os.Setenv("HOME", "/root")
- options.Logger(notcodersdk.LogLevelInfo, "=== Running the setup command %q as the root user...", options.SetupScript)
+ opts.Logger(log.LevelInfo, "=== Running the setup command %q as the root user...", opts.SetupScript)
envKey := "ENVBUILDER_ENV"
- envFile := filepath.Join("/", MagicDir, "environ")
- file, err := os.Create(envFile)
+ envFile := magicDir.Join("environ")
+ file, err := opts.Filesystem.Create(envFile)
if err != nil {
return fmt.Errorf("create environ file: %w", err)
}
_ = file.Close()
- cmd := exec.CommandContext(ctx, "/bin/sh", "-c", options.SetupScript)
+ cmd := exec.CommandContext(ctx, "/bin/sh", "-c", opts.SetupScript)
cmd.Env = append(os.Environ(),
fmt.Sprintf("%s=%s", envKey, envFile),
- fmt.Sprintf("TARGET_USER=%s", userInfo.user.Username),
+ fmt.Sprintf("TARGET_USER=%s", execArgs.UserInfo.user.Username),
)
- cmd.Dir = options.WorkspaceFolder
+ cmd.Dir = opts.WorkspaceFolder
// This allows for a really nice and clean experience to experiement with!
// e.g. docker run --it --rm -e INIT_SCRIPT bash ...
if isatty.IsTerminal(os.Stdout.Fd()) && isatty.IsTerminal(os.Stdin.Fd()) {
@@ -873,7 +888,7 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
go func() {
scanner := bufio.NewScanner(&buf)
for scanner.Scan() {
- options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text())
+ opts.Logger(log.LevelInfo, "%s", scanner.Text())
}
}()
@@ -903,16 +918,16 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
key := pair[0]
switch key {
case "INIT_COMMAND":
- options.InitCommand = pair[1]
+ execArgs.InitCommand = pair[1]
updatedCommand = true
case "INIT_ARGS":
- initArgs, err = shellquote.Split(pair[1])
+ execArgs.InitArgs, err = shellquote.Split(pair[1])
if err != nil {
return fmt.Errorf("split init args: %w", err)
}
updatedArgs = true
case "TARGET_USER":
- userInfo, err = getUser(pair[1])
+ execArgs.UserInfo, err = getUser(pair[1])
if err != nil {
return fmt.Errorf("update user: %w", err)
}
@@ -923,48 +938,407 @@ ENTRYPOINT [%q]`, exePath, exePath, exePath)
if updatedCommand && !updatedArgs {
// Because our default is a shell we need to empty the args
// if the command was updated. This a tragic hack, but it works.
- initArgs = []string{}
+ execArgs.InitArgs = []string{}
}
}
// Hop into the user that should execute the initialize script!
- os.Setenv("HOME", userInfo.user.HomeDir)
+ os.Setenv("HOME", execArgs.UserInfo.user.HomeDir)
- err = syscall.Setgid(userInfo.gid)
- if err != nil {
- return fmt.Errorf("set gid: %w", err)
+ // Set last to ensure all environment changes are complete.
+ execArgs.Environ = os.Environ()
+
+ return nil
+}
+
+// RunCacheProbe performs a 'dry-run' build of the image and checks that
+// all of the resulting layers are present in options.CacheRepo.
+func RunCacheProbe(ctx context.Context, opts options.Options) (v1.Image, error) {
+ defer options.UnsetEnv()
+ if !opts.GetCachedImage {
+ return nil, fmt.Errorf("developer error: RunCacheProbe must be run with --get-cached-image")
+ }
+ if opts.CacheRepo == "" {
+ return nil, fmt.Errorf("--cache-repo must be set when using --get-cached-image")
+ }
+
+ magicDir := magicdir.At(opts.MagicDirBase)
+
+ stageNumber := 0
+ startStage := func(format string, args ...any) func(format string, args ...any) {
+ now := time.Now()
+ stageNumber++
+ stageNum := stageNumber
+ opts.Logger(log.LevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...))
+
+ return func(format string, args ...any) {
+ opts.Logger(log.LevelInfo, "#%d: %s [%s]", stageNum, fmt.Sprintf(format, args...), time.Since(now))
+ }
}
- err = syscall.Setuid(userInfo.uid)
+
+ opts.Logger(log.LevelInfo, "%s %s - Build development environments from repositories in a container", newColor(color.Bold).Sprintf("envbuilder"), buildinfo.Version())
+
+ cleanupDockerConfigJSON, err := initDockerConfigJSON(opts.Logger, magicDir, opts.DockerConfigBase64)
if err != nil {
- return fmt.Errorf("set uid: %w", err)
+ return nil, err
+ }
+ defer func() {
+ if err := cleanupDockerConfigJSON(); err != nil {
+ opts.Logger(log.LevelError, "failed to cleanup docker config JSON: %w", err)
+ }
+ }() // best effort
+
+ buildTimeWorkspaceFolder := opts.WorkspaceFolder
+ var fallbackErr error
+ var cloned bool
+ if opts.GitURL != "" {
+ endStage := startStage("📦 Cloning %s to %s...",
+ newColor(color.FgCyan).Sprintf(opts.GitURL),
+ newColor(color.FgCyan).Sprintf(opts.WorkspaceFolder),
+ )
+ stageNum := stageNumber
+ logStage := func(format string, args ...any) {
+ opts.Logger(log.LevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...))
+ }
+
+ // In cache probe mode we should only attempt to clone the full
+ // repository if remote repo build mode isn't enabled.
+ if !opts.RemoteRepoBuildMode {
+ cloneOpts, err := git.CloneOptionsFromOptions(logStage, opts)
+ if err != nil {
+ return nil, fmt.Errorf("git clone options: %w", err)
+ }
+
+ w := git.ProgressWriter(logStage)
+ defer w.Close()
+ cloneOpts.Progress = w
+
+ cloned, fallbackErr = git.CloneRepo(ctx, logStage, cloneOpts)
+ if fallbackErr == nil {
+ if cloned {
+ endStage("📦 Cloned repository!")
+ } else {
+ endStage("📦 The repository already exists!")
+ }
+ } else {
+ opts.Logger(log.LevelError, "Failed to clone repository: %s", fallbackErr.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ }
+
+ _ = w.Close()
+ } else {
+ cloneOpts, err := git.CloneOptionsFromOptions(logStage, opts)
+ if err != nil {
+ return nil, fmt.Errorf("git clone options: %w", err)
+ }
+ cloneOpts.Path = magicDir.Join("repo")
+
+ endStage := startStage("📦 Remote repo build mode enabled, cloning %s to %s for build context...",
+ newColor(color.FgCyan).Sprintf(opts.GitURL),
+ newColor(color.FgCyan).Sprintf(cloneOpts.Path),
+ )
+
+ w := git.ProgressWriter(logStage)
+ defer w.Close()
+ cloneOpts.Progress = w
+
+ fallbackErr = git.ShallowCloneRepo(ctx, logStage, cloneOpts)
+ if fallbackErr == nil {
+ endStage("📦 Cloned repository!")
+ buildTimeWorkspaceFolder = cloneOpts.Path
+ } else {
+ opts.Logger(log.LevelError, "Failed to clone repository for remote repo mode: %s", fallbackErr.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ }
+
+ _ = w.Close()
+ }
+ }
+
+ defaultBuildParams := func() (*devcontainer.Compiled, error) {
+ dockerfile := magicDir.Join("Dockerfile")
+ file, err := opts.Filesystem.OpenFile(dockerfile, os.O_CREATE|os.O_WRONLY, 0o644)
+ if err != nil {
+ return nil, err
+ }
+ defer file.Close()
+ if opts.FallbackImage == "" {
+ if fallbackErr != nil {
+ return nil, fmt.Errorf("%s: %w", fallbackErr.Error(), ErrNoFallbackImage)
+ }
+ // We can't use errors.Join here because our tests
+ // don't support parsing a multiline error.
+ return nil, ErrNoFallbackImage
+ }
+ content := "FROM " + opts.FallbackImage
+ _, err = file.Write([]byte(content))
+ if err != nil {
+ return nil, err
+ }
+ return &devcontainer.Compiled{
+ DockerfilePath: dockerfile,
+ DockerfileContent: content,
+ BuildContext: magicDir.Path(),
+ }, nil
+ }
+
+ var (
+ buildParams *devcontainer.Compiled
+ devcontainerPath string
+ )
+ if opts.DockerfilePath == "" {
+ // Only look for a devcontainer if a Dockerfile wasn't specified.
+ // devcontainer is a standard, so it's reasonable to be the default.
+ var devcontainerDir string
+ var err error
+ devcontainerPath, devcontainerDir, err = findDevcontainerJSON(buildTimeWorkspaceFolder, opts)
+ if err != nil {
+ opts.Logger(log.LevelError, "Failed to locate devcontainer.json: %s", err.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ } else {
+ // We know a devcontainer exists.
+ // Let's parse it and use it!
+ file, err := opts.Filesystem.Open(devcontainerPath)
+ if err != nil {
+ return nil, fmt.Errorf("open devcontainer.json: %w", err)
+ }
+ defer file.Close()
+ content, err := io.ReadAll(file)
+ if err != nil {
+ return nil, fmt.Errorf("read devcontainer.json: %w", err)
+ }
+ devContainer, err := devcontainer.Parse(content)
+ if err == nil {
+ var fallbackDockerfile string
+ if !devContainer.HasImage() && !devContainer.HasDockerfile() {
+ defaultParams, err := defaultBuildParams()
+ if err != nil {
+ return nil, fmt.Errorf("no Dockerfile or image found: %w", err)
+ }
+ opts.Logger(log.LevelInfo, "No Dockerfile or image specified; falling back to the default image...")
+ fallbackDockerfile = defaultParams.DockerfilePath
+ }
+ buildParams, err = devContainer.Compile(opts.Filesystem, devcontainerDir, magicDir.Path(), fallbackDockerfile, opts.WorkspaceFolder, false, os.LookupEnv)
+ if err != nil {
+ return nil, fmt.Errorf("compile devcontainer.json: %w", err)
+ }
+ } else {
+ opts.Logger(log.LevelError, "Failed to parse devcontainer.json: %s", err.Error())
+ opts.Logger(log.LevelError, "Falling back to the default image...")
+ }
+ }
+ } else {
+ // If a Dockerfile was specified, we use that.
+ dockerfilePath := filepath.Join(buildTimeWorkspaceFolder, opts.DockerfilePath)
+
+ // If the dockerfilePath is specified and deeper than the base of WorkspaceFolder AND the BuildContextPath is
+ // not defined, show a warning
+ dockerfileDir := filepath.Dir(dockerfilePath)
+ if dockerfileDir != filepath.Clean(buildTimeWorkspaceFolder) && opts.BuildContextPath == "" {
+ opts.Logger(log.LevelWarn, "given dockerfile %q is below %q and no custom build context has been defined", dockerfilePath, buildTimeWorkspaceFolder)
+ opts.Logger(log.LevelWarn, "\t-> set BUILD_CONTEXT_PATH to %q to fix", dockerfileDir)
+ }
+
+ dockerfile, err := opts.Filesystem.Open(dockerfilePath)
+ if err == nil {
+ content, err := io.ReadAll(dockerfile)
+ if err != nil {
+ return nil, fmt.Errorf("read Dockerfile: %w", err)
+ }
+ buildParams = &devcontainer.Compiled{
+ DockerfilePath: dockerfilePath,
+ DockerfileContent: string(content),
+ BuildContext: filepath.Join(buildTimeWorkspaceFolder, opts.BuildContextPath),
+ }
+ }
+ }
+
+ // When probing the build cache, there is no fallback!
+ if buildParams == nil {
+ return nil, fmt.Errorf("no Dockerfile or devcontainer.json found")
+ }
+
+ lvl := log.LevelInfo
+ if opts.Verbose {
+ lvl = log.LevelDebug
+ }
+ log.HijackLogrus(lvl, func(entry *logrus.Entry) {
+ for _, line := range strings.Split(entry.Message, "\r") {
+ opts.Logger(log.FromLogrus(entry.Level), "#%d: %s", stageNumber, color.HiBlackString(line))
+ }
+ })
+
+ if opts.LayerCacheDir != "" {
+ if opts.CacheRepo != "" {
+ opts.Logger(log.LevelWarn, "Overriding cache repo with local registry...")
+ }
+ localRegistry, closeLocalRegistry, err := serveLocalRegistry(ctx, opts.Logger, opts.LayerCacheDir)
+ if err != nil {
+ return nil, err
+ }
+ defer closeLocalRegistry()
+ opts.CacheRepo = localRegistry
+ }
+
+ // IgnorePaths in the Kaniko opts doesn't properly ignore paths.
+ // So we add them to the default ignore list. See:
+ // https://github.com/GoogleContainerTools/kaniko/blob/63be4990ca5a60bdf06ddc4d10aa4eca0c0bc714/cmd/executor/cmd/root.go#L136
+ ignorePaths := append([]string{
+ magicDir.Path(),
+ opts.WorkspaceFolder,
+ // See: https://github.com/coder/envbuilder/issues/37
+ "/etc/resolv.conf",
+ }, opts.IgnorePaths...)
+
+ if opts.LayerCacheDir != "" {
+ ignorePaths = append(ignorePaths, opts.LayerCacheDir)
+ }
+
+ for _, ignorePath := range ignorePaths {
+ util.AddToDefaultIgnoreList(util.IgnoreListEntry{
+ Path: ignorePath,
+ PrefixMatchOnly: false,
+ AllowedPaths: nil,
+ })
+ }
+
+ // We expect an image built and pushed by envbuilder to have the envbuilder
+ // binary present at a predefined path. In order to correctly replicate the
+ // build via executor.RunCacheProbe we need to have the *exact* copy of the
+ // envbuilder binary available used to build the image and we also need to
+ // add the magic directives to the Dockerfile content.
+ // MAGICDIR
+ buildParams.DockerfileContent += magicdir.Directives
+
+ magicTempDir := filepath.Join(buildParams.BuildContext, magicdir.TempDir)
+ if err := opts.Filesystem.MkdirAll(magicTempDir, 0o755); err != nil {
+ return nil, fmt.Errorf("create magic temp dir in build context: %w", err)
+ }
+ envbuilderBinDest := filepath.Join(magicTempDir, "envbuilder")
+ magicImageDest := filepath.Join(magicTempDir, "image")
+
+ // Clean up after probe!
+ defer func() {
+ for _, path := range []string{magicImageDest, envbuilderBinDest, magicTempDir} {
+ if err := opts.Filesystem.Remove(path); err != nil {
+ opts.Logger(log.LevelWarn, "failed to clean up magic temp dir from build context: %w", err)
+ }
+ }
+ }()
+
+ // Copy the envbuilder binary into the build context. External callers
+ // will need to specify the path to the desired envbuilder binary.
+ opts.Logger(log.LevelDebug, "copying envbuilder binary at %q to build context %q", opts.BinaryPath, envbuilderBinDest)
+ if err := copyFile(opts.Filesystem, opts.BinaryPath, envbuilderBinDest, 0o755); err != nil {
+ return nil, xerrors.Errorf("copy envbuilder binary to build context: %w", err)
+ }
+
+ // Also write the magic file that signifies the image has been built.
+ // Since the user in the image is set to root, we also store the user
+ // in the magic file to be used by envbuilder when the image is run.
+ opts.Logger(log.LevelDebug, "writing magic image file at %q in build context %q", magicImageDest, magicTempDir)
+ runtimeData := runtimeDataStore{ContainerUser: buildParams.User}
+ if err := writeMagicImageFile(opts.Filesystem, magicImageDest, runtimeData); err != nil {
+ return nil, fmt.Errorf("write magic image file in build context: %w", err)
}
- options.Logger(notcodersdk.LogLevelInfo, "=== Running the init command %s %+v as the %q user...", options.InitCommand, initArgs, userInfo.user.Username)
+ stdoutWriter, closeStdout := log.Writer(opts.Logger)
+ defer closeStdout()
+ stderrWriter, closeStderr := log.Writer(opts.Logger)
+ defer closeStderr()
+ cacheTTL := time.Hour * 24 * 7
+ if opts.CacheTTLDays != 0 {
+ cacheTTL = time.Hour * 24 * time.Duration(opts.CacheTTLDays)
+ }
- err = syscall.Exec(options.InitCommand, append([]string{options.InitCommand}, initArgs...), os.Environ())
+ // At this point we have all the context, we can now build!
+ registryMirror := []string{}
+ if val, ok := os.LookupEnv("KANIKO_REGISTRY_MIRROR"); ok {
+ registryMirror = strings.Split(val, ";")
+ }
+ var destinations []string
+ if opts.CacheRepo != "" {
+ destinations = append(destinations, opts.CacheRepo)
+ }
+ kOpts := &config.KanikoOptions{
+ // Boilerplate!
+ CustomPlatform: platforms.Format(platforms.Normalize(platforms.DefaultSpec())),
+ SnapshotMode: "redo",
+ RunV2: true,
+ RunStdout: stdoutWriter,
+ RunStderr: stderrWriter,
+ Destinations: destinations,
+ NoPush: true,
+ CacheRunLayers: true,
+ CacheCopyLayers: true,
+ ForceBuildMetadata: true, // Force layers with no changes to be cached, required for cache probing.
+ CompressedCaching: true,
+ Compression: config.ZStd,
+ // Maps to "default" level, ~100-300 MB/sec according to
+ // benchmarks in klauspost/compress README
+ // https://github.com/klauspost/compress/blob/67a538e2b4df11f8ec7139388838a13bce84b5d5/zstd/encoder_options.go#L188
+ CompressionLevel: 3,
+ CacheOptions: config.CacheOptions{
+ CacheTTL: cacheTTL,
+ CacheDir: opts.BaseImageCacheDir,
+ },
+ ForceUnpack: true,
+ BuildArgs: buildParams.BuildArgs,
+ CacheRepo: opts.CacheRepo,
+ Cache: opts.CacheRepo != "" || opts.BaseImageCacheDir != "",
+ DockerfilePath: buildParams.DockerfilePath,
+ DockerfileContent: buildParams.DockerfileContent,
+ RegistryOptions: config.RegistryOptions{
+ Insecure: opts.Insecure,
+ InsecurePull: opts.Insecure,
+ SkipTLSVerify: opts.Insecure,
+ // Enables registry mirror features in Kaniko, see more in link below
+ // https://github.com/GoogleContainerTools/kaniko?tab=readme-ov-file#flag---registry-mirror
+ // Related to PR #114
+ // https://github.com/coder/envbuilder/pull/114
+ RegistryMirrors: registryMirror,
+ },
+ SrcContext: buildParams.BuildContext,
+
+ // When performing a cache probe, always perform reproducible snapshots.
+ Reproducible: true,
+ }
+
+ endStage := startStage("🏗️ Checking for cached image...")
+ image, err := executor.DoCacheProbe(kOpts)
if err != nil {
- return fmt.Errorf("exec init script: %w", err)
+ return nil, fmt.Errorf("get cached image: %w", err)
}
- return nil
+ endStage("🏗️ Found cached image!")
+
+ // Sanitize the environment of any opts!
+ options.UnsetEnv()
+
+ // Remove the Docker config secret file!
+ if err := cleanupDockerConfigJSON(); err != nil {
+ return nil, err
+ }
+
+ return image, nil
}
-// DefaultWorkspaceFolder returns the default workspace folder
-// for a given repository URL.
-func DefaultWorkspaceFolder(repoURL string) (string, error) {
- if repoURL == "" {
- return EmptyWorkspaceDir, nil
+func setEnvFromEtcEnvironment(logf log.Func) error {
+ environ, err := os.ReadFile("/etc/environment")
+ if errors.Is(err, os.ErrNotExist) {
+ logf(log.LevelDebug, "Not loading environment from /etc/environment, file does not exist")
+ return nil
}
- parsed, err := giturls.Parse(repoURL)
if err != nil {
- return "", err
+ return err
}
- name := strings.Split(parsed.Path, "/")
- hasOwnerAndRepo := len(name) >= 2
- if !hasOwnerAndRepo {
- return EmptyWorkspaceDir, nil
+ for _, env := range strings.Split(string(environ), "\n") {
+ pair := strings.SplitN(env, "=", 2)
+ if len(pair) != 2 {
+ continue
+ }
+ os.Setenv(pair[0], pair[1])
}
- repo := strings.TrimSuffix(name[len(name)-1], ".git")
- return fmt.Sprintf("/workspaces/%s", repo), nil
+ return nil
}
type userInfo struct {
@@ -1017,7 +1391,7 @@ func findUser(nameOrID string) (*user.User, error) {
func execOneLifecycleScript(
ctx context.Context,
- logf func(level notcodersdk.LogLevel, format string, args ...any),
+ logf func(level log.Level, format string, args ...any),
s devcontainer.LifecycleScript,
scriptName string,
userInfo userInfo,
@@ -1025,9 +1399,9 @@ func execOneLifecycleScript(
if s.IsEmpty() {
return nil
}
- logf(notcodersdk.LogLevelInfo, "=== Running %s as the %q user...", scriptName, userInfo.user.Username)
+ logf(log.LevelInfo, "=== Running %s as the %q user...", scriptName, userInfo.user.Username)
if err := s.Execute(ctx, userInfo.uid, userInfo.gid); err != nil {
- logf(notcodersdk.LogLevelError, "Failed to run %s: %v", scriptName, err)
+ logf(log.LevelError, "Failed to run %s: %v", scriptName, err)
return err
}
return nil
@@ -1035,16 +1409,16 @@ func execOneLifecycleScript(
func execLifecycleScripts(
ctx context.Context,
- options Options,
+ options options.Options,
scripts devcontainer.LifecycleScripts,
- skippedRebuild bool,
+ firstStart bool,
userInfo userInfo,
) error {
if options.PostStartScriptPath != "" {
_ = os.Remove(options.PostStartScriptPath)
}
- if !skippedRebuild {
+ if firstStart {
if err := execOneLifecycleScript(ctx, options.Logger, scripts.OnCreateCommand, "onCreateCommand", userInfo); err != nil {
// skip remaining lifecycle commands
return nil
@@ -1089,40 +1463,17 @@ func createPostStartScript(path string, postStartCommand devcontainer.LifecycleS
return nil
}
-// unsetOptionsEnv unsets all environment variables that are used
-// to configure the options.
-func unsetOptionsEnv() {
- var o Options
- for _, opt := range o.CLI() {
- if opt.Env == "" {
- continue
- }
- // Do not strip options that do not have the magic prefix!
- // For example, CODER_AGENT_URL, CODER_AGENT_TOKEN, CODER_AGENT_SUBSYSTEM.
- if !strings.HasPrefix(opt.Env, envPrefix) {
- continue
- }
- // Strip both with and without prefix.
- os.Unsetenv(opt.Env)
- os.Unsetenv(strings.TrimPrefix(opt.Env, envPrefix))
- }
-}
-
func newColor(value ...color.Attribute) *color.Color {
c := color.New(value...)
c.EnableColor()
return c
}
-type osfsWithChmod struct {
- billy.Filesystem
-}
-
-func (fs *osfsWithChmod) Chmod(name string, mode os.FileMode) error {
- return os.Chmod(name, mode)
-}
+func findDevcontainerJSON(workspaceFolder string, options options.Options) (string, string, error) {
+ if workspaceFolder == "" {
+ workspaceFolder = options.WorkspaceFolder
+ }
-func findDevcontainerJSON(options Options) (string, string, error) {
// 0. Check if custom devcontainer directory or path is provided.
if options.DevcontainerDir != "" || options.DevcontainerJSONPath != "" {
devcontainerDir := options.DevcontainerDir
@@ -1132,7 +1483,7 @@ func findDevcontainerJSON(options Options) (string, string, error) {
// If `devcontainerDir` is not an absolute path, assume it is relative to the workspace folder.
if !filepath.IsAbs(devcontainerDir) {
- devcontainerDir = filepath.Join(options.WorkspaceFolder, devcontainerDir)
+ devcontainerDir = filepath.Join(workspaceFolder, devcontainerDir)
}
// An absolute location always takes a precedence.
@@ -1151,20 +1502,20 @@ func findDevcontainerJSON(options Options) (string, string, error) {
return devcontainerPath, devcontainerDir, nil
}
- // 1. Check `options.WorkspaceFolder`/.devcontainer/devcontainer.json.
- location := filepath.Join(options.WorkspaceFolder, ".devcontainer", "devcontainer.json")
+ // 1. Check `workspaceFolder`/.devcontainer/devcontainer.json.
+ location := filepath.Join(workspaceFolder, ".devcontainer", "devcontainer.json")
if _, err := options.Filesystem.Stat(location); err == nil {
return location, filepath.Dir(location), nil
}
- // 2. Check `options.WorkspaceFolder`/devcontainer.json.
- location = filepath.Join(options.WorkspaceFolder, "devcontainer.json")
+ // 2. Check `workspaceFolder`/devcontainer.json.
+ location = filepath.Join(workspaceFolder, "devcontainer.json")
if _, err := options.Filesystem.Stat(location); err == nil {
return location, filepath.Dir(location), nil
}
- // 3. Check every folder: `options.WorkspaceFolder`/.devcontainer//devcontainer.json.
- devcontainerDir := filepath.Join(options.WorkspaceFolder, ".devcontainer")
+ // 3. Check every folder: `workspaceFolder`/.devcontainer//devcontainer.json.
+ devcontainerDir := filepath.Join(workspaceFolder, ".devcontainer")
fileInfos, err := options.Filesystem.ReadDir(devcontainerDir)
if err != nil {
@@ -1173,13 +1524,13 @@ func findDevcontainerJSON(options Options) (string, string, error) {
for _, fileInfo := range fileInfos {
if !fileInfo.IsDir() {
- options.Logger(notcodersdk.LogLevelDebug, `%s is a file`, fileInfo.Name())
+ options.Logger(log.LevelDebug, `%s is a file`, fileInfo.Name())
continue
}
location := filepath.Join(devcontainerDir, fileInfo.Name(), "devcontainer.json")
if _, err := options.Filesystem.Stat(location); err != nil {
- options.Logger(notcodersdk.LogLevelDebug, `stat %s failed: %s`, location, err.Error())
+ options.Logger(log.LevelDebug, `stat %s failed: %s`, location, err.Error())
continue
}
@@ -1191,41 +1542,187 @@ func findDevcontainerJSON(options Options) (string, string, error) {
// maybeDeleteFilesystem wraps util.DeleteFilesystem with a guard to hopefully stop
// folks from unwittingly deleting their entire root directory.
-func maybeDeleteFilesystem(log LoggerFunc, force bool) error {
+func maybeDeleteFilesystem(logger log.Func, force bool) error {
+ // We always expect the magic directory to be set to the default, signifying that
+ // the user is running envbuilder in a container.
+ // If this is set to anything else we should bail out to prevent accidental data loss.
+ // defaultMagicDir := magicdir.MagicDir("")
kanikoDir, ok := os.LookupEnv("KANIKO_DIR")
- if !ok || strings.TrimSpace(kanikoDir) != MagicDir {
- if force {
- bailoutSecs := 10
- log(notcodersdk.LogLevelWarn, "WARNING! BYPASSING SAFETY CHECK! THIS WILL DELETE YOUR ROOT FILESYSTEM!")
- log(notcodersdk.LogLevelWarn, "You have %d seconds to bail out!", bailoutSecs)
- for i := bailoutSecs; i > 0; i-- {
- log(notcodersdk.LogLevelWarn, "%d...", i)
- <-time.After(time.Second)
- }
- } else {
- log(notcodersdk.LogLevelError, "KANIKO_DIR is not set to %s. Bailing!\n", MagicDir)
- log(notcodersdk.LogLevelError, "To bypass this check, set FORCE_SAFE=true.")
+ if !ok || strings.TrimSpace(kanikoDir) != magicdir.Default.Path() {
+ if !force {
+ logger(log.LevelError, "KANIKO_DIR is not set to %s. Bailing!\n", magicdir.Default.Path())
+ logger(log.LevelError, "To bypass this check, set FORCE_SAFE=true.")
return errors.New("safety check failed")
}
+ bailoutSecs := 10
+ logger(log.LevelWarn, "WARNING! BYPASSING SAFETY CHECK! THIS WILL DELETE YOUR ROOT FILESYSTEM!")
+ logger(log.LevelWarn, "You have %d seconds to bail out!", bailoutSecs)
+ for i := bailoutSecs; i > 0; i-- {
+ logger(log.LevelWarn, "%d...", i)
+ <-time.After(time.Second)
+ }
}
return util.DeleteFilesystem()
}
-func copyFile(src, dst string) error {
- content, err := os.ReadFile(src)
+func fileExists(fs billy.Filesystem, path string) bool {
+ _, err := fs.Stat(path)
+ return err == nil
+}
+
+func copyFile(fs billy.Filesystem, src, dst string, mode fs.FileMode) error {
+ srcF, err := fs.Open(src)
+ if err != nil {
+ return fmt.Errorf("open src file: %w", err)
+ }
+ defer srcF.Close()
+
+ err = fs.MkdirAll(filepath.Dir(dst), mode)
+ if err != nil {
+ return fmt.Errorf("create destination dir failed: %w", err)
+ }
+
+ dstF, err := fs.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, mode)
if err != nil {
- return xerrors.Errorf("read file failed: %w", err)
+ return fmt.Errorf("open dest file for writing: %w", err)
}
+ defer dstF.Close()
+
+ if _, err := io.Copy(dstF, srcF); err != nil {
+ return fmt.Errorf("copy failed: %w", err)
+ }
+ return nil
+}
- err = os.MkdirAll(filepath.Dir(dst), 0o755)
+func writeMagicImageFile(fs billy.Filesystem, path string, v any) error {
+ file, err := fs.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
if err != nil {
- return xerrors.Errorf("mkdir all failed: %w", err)
+ return fmt.Errorf("create magic image file: %w", err)
}
+ defer file.Close()
- err = os.WriteFile(dst, content, 0o644)
+ enc := json.NewEncoder(file)
+ enc.SetIndent("", " ")
+ if err := enc.Encode(v); err != nil {
+ return fmt.Errorf("encode magic image file: %w", err)
+ }
+
+ return nil
+}
+
+func parseMagicImageFile(fs billy.Filesystem, path string, v any) error {
+ file, err := fs.Open(path)
if err != nil {
- return xerrors.Errorf("write file failed: %w", err)
+ return fmt.Errorf("open magic image file: %w", err)
+ }
+ defer file.Close()
+
+ dec := json.NewDecoder(file)
+ dec.DisallowUnknownFields()
+ if err := dec.Decode(v); err != nil {
+ return fmt.Errorf("decode magic image file: %w", err)
}
+
return nil
}
+
+func initDockerConfigJSON(logf log.Func, magicDir magicdir.MagicDir, dockerConfigBase64 string) (func() error, error) {
+ var cleanupOnce sync.Once
+ noop := func() error { return nil }
+ if dockerConfigBase64 == "" {
+ return noop, nil
+ }
+ cfgPath := magicDir.Join("config.json")
+ decoded, err := base64.StdEncoding.DecodeString(dockerConfigBase64)
+ if err != nil {
+ return noop, fmt.Errorf("decode docker config: %w", err)
+ }
+ var configFile DockerConfig
+ decoded, err = hujson.Standardize(decoded)
+ if err != nil {
+ return noop, fmt.Errorf("humanize json for docker config: %w", err)
+ }
+ err = json.Unmarshal(decoded, &configFile)
+ if err != nil {
+ return noop, fmt.Errorf("parse docker config: %w", err)
+ }
+ for k := range configFile.AuthConfigs {
+ logf(log.LevelInfo, "Docker config contains auth for registry %q", k)
+ }
+ err = os.WriteFile(cfgPath, decoded, 0o644)
+ if err != nil {
+ return noop, fmt.Errorf("write docker config: %w", err)
+ }
+ logf(log.LevelInfo, "Wrote Docker config JSON to %s", cfgPath)
+ oldDockerConfig := os.Getenv("DOCKER_CONFIG")
+ _ = os.Setenv("DOCKER_CONFIG", magicDir.Path())
+ newDockerConfig := os.Getenv("DOCKER_CONFIG")
+ logf(log.LevelInfo, "Set DOCKER_CONFIG to %s", newDockerConfig)
+ cleanup := func() error {
+ var cleanupErr error
+ cleanupOnce.Do(func() {
+ // Restore the old DOCKER_CONFIG value.
+ os.Setenv("DOCKER_CONFIG", oldDockerConfig)
+ logf(log.LevelInfo, "Restored DOCKER_CONFIG to %s", oldDockerConfig)
+ // Remove the Docker config secret file!
+ if cleanupErr = os.Remove(cfgPath); err != nil {
+ if !errors.Is(err, fs.ErrNotExist) {
+ cleanupErr = fmt.Errorf("remove docker config: %w", cleanupErr)
+ }
+ logf(log.LevelError, "Failed to remove the Docker config secret file: %s", cleanupErr)
+ }
+ })
+ return cleanupErr
+ }
+ return cleanup, err
+}
+
+// Allows quick testing of layer caching using a local directory!
+func serveLocalRegistry(ctx context.Context, logf log.Func, layerCacheDir string) (string, func(), error) {
+ noop := func() {}
+ if layerCacheDir == "" {
+ return "", noop, nil
+ }
+ cfg := &configuration.Configuration{
+ Storage: configuration.Storage{
+ "filesystem": configuration.Parameters{
+ "rootdirectory": layerCacheDir,
+ },
+ },
+ }
+ cfg.Log.Level = "error"
+
+ // Spawn an in-memory registry to cache built layers...
+ registry := handlers.NewApp(ctx, cfg)
+
+ listener, err := net.Listen("tcp", "127.0.0.1:0")
+ if err != nil {
+ return "", nil, fmt.Errorf("start listener for in-memory registry: %w", err)
+ }
+ tcpAddr, ok := listener.Addr().(*net.TCPAddr)
+ if !ok {
+ return "", noop, fmt.Errorf("listener addr was of wrong type: %T", listener.Addr())
+ }
+ srv := &http.Server{
+ Handler: registry,
+ }
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ err := srv.Serve(listener)
+ if err != nil && !errors.Is(err, http.ErrServerClosed) {
+ logf(log.LevelError, "Failed to serve registry: %s", err.Error())
+ }
+ }()
+ var closeOnce sync.Once
+ closer := func() {
+ closeOnce.Do(func() {
+ _ = srv.Close()
+ _ = listener.Close()
+ <-done
+ })
+ }
+ addr := fmt.Sprintf("localhost:%d/local/cache", tcpAddr.Port)
+ return addr, closer, nil
+}
diff --git a/envbuilder_internal_test.go b/envbuilder_internal_test.go
index 6ca5fc12..eb756071 100644
--- a/envbuilder_internal_test.go
+++ b/envbuilder_internal_test.go
@@ -3,6 +3,8 @@ package envbuilder
import (
"testing"
+ "github.com/coder/envbuilder/options"
+
"github.com/go-git/go-billy/v5/memfs"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -11,144 +13,169 @@ import (
func TestFindDevcontainerJSON(t *testing.T) {
t.Parallel()
- t.Run("empty filesystem", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
-
- // when
- _, _, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.Error(t, err)
- })
-
- t.Run("devcontainer.json is missing", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
-
- // when
- _, _, err = findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.Error(t, err)
- })
-
- t.Run("default configuration", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer", devcontainerDir)
- })
-
- t.Run("overridden .devcontainer directory", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/experimental-devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/experimental-devcontainer/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- DevcontainerDir: "experimental-devcontainer",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/experimental-devcontainer/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/experimental-devcontainer", devcontainerDir)
- })
-
- t.Run("overridden devcontainer.json path", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/experimental.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- DevcontainerJSONPath: "experimental.json",
+ defaultWorkspaceFolder := "/workspace"
+
+ for _, tt := range []struct {
+ name string
+ workspaceFolder string
+ }{
+ {
+ name: "Default",
+ workspaceFolder: defaultWorkspaceFolder,
+ },
+ {
+ name: "RepoMode",
+ workspaceFolder: "/.envbuilder/repo",
+ },
+ } {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+
+ t.Run("empty filesystem", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+
+ // when
+ _, _, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.Error(t, err)
+ })
+
+ t.Run("devcontainer.json is missing", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+
+ // when
+ _, _, err = findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.Error(t, err)
+ })
+
+ t.Run("default configuration", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer", devcontainerDir)
+ })
+
+ t.Run("overridden .devcontainer directory", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/experimental-devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/experimental-devcontainer/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ DevcontainerDir: "experimental-devcontainer",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/experimental-devcontainer/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/experimental-devcontainer", devcontainerDir)
+ })
+
+ t.Run("overridden devcontainer.json path", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/experimental.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ DevcontainerJSONPath: "experimental.json",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/experimental.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer", devcontainerDir)
+ })
+
+ t.Run("devcontainer.json in workspace root", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"", devcontainerDir)
+ })
+
+ t.Run("devcontainer.json in subfolder of .devcontainer", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer/sample", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/sample/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/sample/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/sample", devcontainerDir)
+ })
})
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/experimental.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer", devcontainerDir)
- })
-
- t.Run("devcontainer.json in workspace root", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace", devcontainerDir)
- })
-
- t.Run("devcontainer.json in subfolder of .devcontainer", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer/sample", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/sample/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/sample/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer/sample", devcontainerDir)
- })
+ }
}
diff --git a/examples/docker/02_dind/Dockerfile b/examples/docker/02_dind/Dockerfile
index 70a215b0..aa29519b 100644
--- a/examples/docker/02_dind/Dockerfile
+++ b/examples/docker/02_dind/Dockerfile
@@ -1,6 +1,23 @@
FROM ubuntu:noble
+
+# Install Docker using Docker's convenience script.
RUN apt-get update && \
- apt-get install -y curl apt-transport-https && \
- curl -fsSL https://get.docker.com/ | sh -s -
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+ apt-get install -y curl sudo apt-transport-https && \
+ curl -fsSL https://get.docker.com/ | sh -s -
+
+# The ubuntu:noble image includes a non-root user by default,
+# but it does not have sudo privileges. We need to set this up.
+# Note: we chown /var/run/docker.sock to the non-root user
+# in the onCreateCommand script. Ideally you would add the
+# non-root user to the docker group, but in this scenario
+# this is a 'single-user' environment. It also avoids us
+# having to run `newgrp docker`.
+RUN echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+# Switch to the non-root user.
+USER ubuntu
+
+ENTRYPOINT ["bash"]
diff --git a/examples/docker/02_dind/devcontainer.json b/examples/docker/02_dind/devcontainer.json
index 1933fd86..6649501c 100644
--- a/examples/docker/02_dind/devcontainer.json
+++ b/examples/docker/02_dind/devcontainer.json
@@ -1,5 +1,6 @@
{
"build": {
"dockerfile": "Dockerfile"
- }
-}
\ No newline at end of file
+ },
+ "onCreateCommand": "/on-create.sh"
+}
diff --git a/examples/docker/02_dind/entrypoint.sh b/examples/docker/02_dind/entrypoint.sh
deleted file mode 100755
index 38ac3318..00000000
--- a/examples/docker/02_dind/entrypoint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-nohup dockerd > /var/log/docker.log 2>&1 &
-
-exec bash --login
\ No newline at end of file
diff --git a/examples/docker/02_dind/on-create.sh b/examples/docker/02_dind/on-create.sh
new file mode 100755
index 00000000..8b369e23
--- /dev/null
+++ b/examples/docker/02_dind/on-create.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Start Docker in the background.
+sudo -u root /bin/sh -c 'nohup dockerd > /var/log/docker.log &'
+
+# Wait up to 10 seconds for Docker to start.
+for attempt in $(seq 1 10); do
+ if [[ $attempt -eq 10 ]]; then
+ echo "Failed to start Docker"
+ exit 1
+ fi
+ if [[ ! -e /var/run/docker.sock ]]; then
+ sleep 1
+ else
+ break
+ fi
+done
+
+# Change the owner of the Docker socket so that the non-root user can use it.
+sudo chown ubuntu:docker /var/run/docker.sock
diff --git a/examples/docker/03_dind_feature/Dockerfile b/examples/docker/03_dind_feature/Dockerfile
index 12f1c1a0..49c6646a 100644
--- a/examples/docker/03_dind_feature/Dockerfile
+++ b/examples/docker/03_dind_feature/Dockerfile
@@ -1,3 +1,22 @@
FROM ubuntu:noble
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+
+# Install some dependencies such as curl and sudo.
+# Also set up passwordless sudo for the ubuntu user.
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y \
+ curl \
+ sudo \
+ apt-transport-https && \
+ echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+# Switch to the non-root user.
+USER ubuntu
+
+# The devcontainer feature provides /usr/local/share/docker-init.sh
+# which will handle most of the steps of setting up Docker.
+# We can't put this in the entrypoint as it gets overridden, so
+# we call it in the on-create script.
+ENTRYPOINT ["bash"]
diff --git a/examples/docker/03_dind_feature/devcontainer.json b/examples/docker/03_dind_feature/devcontainer.json
index e1b5a18a..58616a6d 100644
--- a/examples/docker/03_dind_feature/devcontainer.json
+++ b/examples/docker/03_dind_feature/devcontainer.json
@@ -2,7 +2,8 @@
"build": {
"dockerfile": "Dockerfile"
},
+ "onCreateCommand": "/on-create.sh",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
}
-}
\ No newline at end of file
+}
diff --git a/examples/docker/03_dind_feature/entrypoint.sh b/examples/docker/03_dind_feature/entrypoint.sh
deleted file mode 100755
index d18fb7dd..00000000
--- a/examples/docker/03_dind_feature/entrypoint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-/usr/local/share/docker-init.sh
-
-exec bash --login
\ No newline at end of file
diff --git a/examples/docker/03_dind_feature/on-create.sh b/examples/docker/03_dind_feature/on-create.sh
new file mode 100755
index 00000000..96bef1ca
--- /dev/null
+++ b/examples/docker/03_dind_feature/on-create.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Known issue: Kaniko does not symlink /run => /var/run properly.
+# This results in /var/run/ being owned by root:root which interferes
+# with accessing the Docker socket even if the permissions are set
+# correctly. Workaround: symlink it manually
+sudo ln -s /run /var/run
+
+# Run the docker init script. This needs to be
+# run as root. It will take care of starting the
+# daemon and adding the ubuntu user to the docker
+# group.
+sudo /usr/local/share/docker-init.sh
+
+# Change the owner of the Docker socket so that the non-root user can use it.
+sudo chown ubuntu:docker /var/run/docker.sock
diff --git a/examples/docker/04_dind_rootless/Dockerfile b/examples/docker/04_dind_rootless/Dockerfile
index 5358ce60..2d88aa17 100644
--- a/examples/docker/04_dind_rootless/Dockerfile
+++ b/examples/docker/04_dind_rootless/Dockerfile
@@ -1,8 +1,11 @@
FROM ubuntu:noble
+
# Based on UID of ubuntu user in container.
ENV XDG_RUNTIME_DIR /run/user/1000
ENV DOCKER_HOST unix:///${XDG_RUNTIME_DIR}/docker.sock
+
# Setup as root
+USER root
RUN apt-get update && \
# Install prerequisites
apt-get install -y apt-transport-https curl iproute2 uidmap && \
@@ -19,6 +22,8 @@ USER ubuntu
RUN dockerd-rootless-setuptool.sh install && \
docker context use rootless && \
mkdir -p /home/ubuntu/.local/share/docker
-# Add our custom entrypoint
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+ENTRYPOINT ["bash"]
\ No newline at end of file
diff --git a/examples/docker/04_dind_rootless/devcontainer.json b/examples/docker/04_dind_rootless/devcontainer.json
index 1933fd86..6649501c 100644
--- a/examples/docker/04_dind_rootless/devcontainer.json
+++ b/examples/docker/04_dind_rootless/devcontainer.json
@@ -1,5 +1,6 @@
{
"build": {
"dockerfile": "Dockerfile"
- }
-}
\ No newline at end of file
+ },
+ "onCreateCommand": "/on-create.sh"
+}
diff --git a/examples/docker/04_dind_rootless/entrypoint.sh b/examples/docker/04_dind_rootless/on-create.sh
similarity index 79%
rename from examples/docker/04_dind_rootless/entrypoint.sh
rename to examples/docker/04_dind_rootless/on-create.sh
index 6c8a6260..ba2fced5 100755
--- a/examples/docker/04_dind_rootless/entrypoint.sh
+++ b/examples/docker/04_dind_rootless/on-create.sh
@@ -3,6 +3,4 @@
set -euo pipefail
# Start the rootless docker daemon as a non-root user
-nohup rootlesskit --net=slirp4netns --mtu=1500 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run dockerd > "/tmp/dockerd-rootless.log" 2>&1 &
-
-exec bash --login
\ No newline at end of file
+nohup rootlesskit --net=slirp4netns --mtu=1500 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run dockerd >"/tmp/dockerd-rootless.log" 2>&1 &
diff --git a/git.go b/git/git.go
similarity index 61%
rename from git.go
rename to git/git.go
index 09984fb4..7d132c3a 100644
--- a/git.go
+++ b/git/git.go
@@ -1,4 +1,4 @@
-package envbuilder
+package git
import (
"context"
@@ -9,8 +9,9 @@ import (
"os"
"strings"
+ "github.com/coder/envbuilder/options"
+
giturls "github.com/chainguard-dev/git-urls"
- "github.com/coder/envbuilder/internal/notcodersdk"
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
@@ -45,11 +46,12 @@ type CloneRepoOptions struct {
// be cloned again.
//
// The bool returned states whether the repository was cloned or not.
-func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
+func CloneRepo(ctx context.Context, logf func(string, ...any), opts CloneRepoOptions) (bool, error) {
parsed, err := giturls.Parse(opts.RepoURL)
if err != nil {
return false, fmt.Errorf("parse url %q: %w", opts.RepoURL, err)
}
+ logf("Parsed Git URL as %q", parsed.Redacted())
if parsed.Hostname() == "dev.azure.com" {
// Azure DevOps requires capabilities multi_ack / multi_ack_detailed,
// which are not fully implemented and by default are included in
@@ -71,6 +73,7 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
transport.UnsupportedCapabilities = []capability.Capability{
capability.ThinPack,
}
+ logf("Workaround for Azure DevOps: marking thin-pack as unsupported")
}
err = opts.Storage.MkdirAll(opts.Path, 0o755)
@@ -124,6 +127,41 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
return true, nil
}
+// ShallowCloneRepo will clone the repository at the given URL into the given path
+// with a depth of 1. If the destination folder exists and is not empty, the
+// clone will not be performed.
+//
+// The bool returned states whether the repository was cloned or not.
+func ShallowCloneRepo(ctx context.Context, logf func(string, ...any), opts CloneRepoOptions) error {
+ opts.Depth = 1
+ opts.SingleBranch = true
+
+ if opts.Path == "" {
+ return errors.New("path is required")
+ }
+
+ // Avoid clobbering the destination.
+ if _, err := opts.Storage.Stat(opts.Path); err == nil {
+ files, err := opts.Storage.ReadDir(opts.Path)
+ if err != nil {
+ return fmt.Errorf("read dir %q: %w", opts.Path, err)
+ }
+ if len(files) > 0 {
+ return fmt.Errorf("directory %q is not empty", opts.Path)
+ }
+ }
+
+ cloned, err := CloneRepo(ctx, logf, opts)
+ if err != nil {
+ return err
+ }
+ if !cloned {
+ return errors.New("repository already exists")
+ }
+
+ return nil
+}
+
// ReadPrivateKey attempts to read an SSH private key from path
// and returns an ssh.Signer.
func ReadPrivateKey(path string) (gossh.Signer, error) {
@@ -145,14 +183,14 @@ func ReadPrivateKey(path string) (gossh.Signer, error) {
// LogHostKeyCallback is a HostKeyCallback that just logs host keys
// and does nothing else.
-func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
+func LogHostKeyCallback(logger func(string, ...any)) gossh.HostKeyCallback {
return func(hostname string, remote net.Addr, key gossh.PublicKey) error {
var sb strings.Builder
_ = knownhosts.WriteKnownHost(&sb, hostname, remote, key)
// skeema/knownhosts uses a fake public key to determine the host key
// algorithms. Ignore this one.
if s := sb.String(); !strings.Contains(s, "fake-public-key ZmFrZSBwdWJsaWMga2V5") {
- log(notcodersdk.LogLevelInfo, "#1: 🔑 Got host key: %s", strings.TrimSpace(s))
+ logger("🔑 Got host key: %s", strings.TrimSpace(s))
}
return nil
}
@@ -166,6 +204,8 @@ func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
// | https?://host.tld/repo | Not Set | Set | HTTP Basic |
// | https?://host.tld/repo | Set | Not Set | HTTP Basic |
// | https?://host.tld/repo | Set | Set | HTTP Basic |
+// | file://path/to/repo | - | - | None |
+// | path/to/repo | - | - | None |
// | All other formats | - | - | SSH |
//
// For SSH authentication, the default username is "git" but will honour
@@ -177,27 +217,42 @@ func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
// If SSH_KNOWN_HOSTS is not set, the SSH auth method will be configured
// to accept and log all host keys. Otherwise, host key checking will be
// performed as usual.
-func SetupRepoAuth(options *Options) transport.AuthMethod {
+func SetupRepoAuth(logf func(string, ...any), options *options.Options) transport.AuthMethod {
if options.GitURL == "" {
- options.Logger(notcodersdk.LogLevelInfo, "#1: ❔ No Git URL supplied!")
+ logf("❔ No Git URL supplied!")
return nil
}
- if strings.HasPrefix(options.GitURL, "http://") || strings.HasPrefix(options.GitURL, "https://") {
+ parsedURL, err := giturls.Parse(options.GitURL)
+ if err != nil {
+ logf("❌ Failed to parse Git URL: %s", err.Error())
+ return nil
+ }
+
+ if parsedURL.Scheme == "http" || parsedURL.Scheme == "https" {
// Special case: no auth
if options.GitUsername == "" && options.GitPassword == "" {
- options.Logger(notcodersdk.LogLevelInfo, "#1: 👤 Using no authentication!")
+ logf("👤 Using no authentication!")
return nil
}
// Basic Auth
// NOTE: we previously inserted the credentials into the repo URL.
// This was removed in https://github.com/coder/envbuilder/pull/141
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔒 Using HTTP basic authentication!")
+ logf("🔒 Using HTTP basic authentication!")
return &githttp.BasicAuth{
Username: options.GitUsername,
Password: options.GitPassword,
}
}
+ if parsedURL.Scheme == "file" {
+ // go-git will try to fallback to using the `git` command for local
+ // filesystem clones. However, it's more likely than not that the
+ // `git` command is not present in the container image. Log a warning
+ // but continue. Also, no auth.
+ logf("🚧 Using local filesystem clone! This requires the git executable to be present!")
+ return nil
+ }
+
// Generally git clones over SSH use the 'git' user, but respect
// GIT_USERNAME if set.
if options.GitUsername == "" {
@@ -205,30 +260,30 @@ func SetupRepoAuth(options *Options) transport.AuthMethod {
}
// Assume SSH auth for all other formats.
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using SSH authentication!")
+ logf("🔑 Using SSH authentication!")
var signer ssh.Signer
if options.GitSSHPrivateKeyPath != "" {
s, err := ReadPrivateKey(options.GitSSHPrivateKeyPath)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error())
+ logf("❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error())
} else {
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using %s key!", s.PublicKey().Type())
+ logf("🔑 Using %s key!", s.PublicKey().Type())
signer = s
}
}
// If no SSH key set, fall back to agent auth.
if signer == nil {
- options.Logger(notcodersdk.LogLevelError, "#1: 🔑 No SSH key found, falling back to agent!")
+ logf("🔑 No SSH key found, falling back to agent!")
auth, err := gitssh.NewSSHAgentAuth(options.GitUsername)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to connect to SSH agent: %s", err.Error())
+ logf("❌ Failed to connect to SSH agent: " + err.Error())
return nil // nothing else we can do
}
if os.Getenv("SSH_KNOWN_HOSTS") == "" {
- options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
- auth.HostKeyCallback = LogHostKeyCallback(options.Logger)
+ logf("🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
+ auth.HostKeyCallback = LogHostKeyCallback(logf)
}
return auth
}
@@ -246,8 +301,80 @@ func SetupRepoAuth(options *Options) transport.AuthMethod {
// Duplicated code due to Go's type system.
if os.Getenv("SSH_KNOWN_HOSTS") == "" {
- options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
- auth.HostKeyCallback = LogHostKeyCallback(options.Logger)
+ logf("🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
+ auth.HostKeyCallback = LogHostKeyCallback(logf)
}
return auth
}
+
+func CloneOptionsFromOptions(logf func(string, ...any), options options.Options) (CloneRepoOptions, error) {
+ caBundle, err := options.CABundle()
+ if err != nil {
+ return CloneRepoOptions{}, err
+ }
+
+ cloneOpts := CloneRepoOptions{
+ RepoURL: options.GitURL,
+ Path: options.WorkspaceFolder,
+ Storage: options.Filesystem,
+ Insecure: options.Insecure,
+ SingleBranch: options.GitCloneSingleBranch,
+ Depth: int(options.GitCloneDepth),
+ CABundle: caBundle,
+ }
+
+ cloneOpts.RepoAuth = SetupRepoAuth(logf, &options)
+ if options.GitHTTPProxyURL != "" {
+ cloneOpts.ProxyOptions = transport.ProxyOptions{
+ URL: options.GitHTTPProxyURL,
+ }
+ }
+
+ return cloneOpts, nil
+}
+
+type progressWriter struct {
+ io.WriteCloser
+ r io.ReadCloser
+ done chan struct{}
+}
+
+func (w *progressWriter) Close() error {
+ err := w.WriteCloser.Close()
+ <-w.done
+ err2 := w.r.Close()
+ if err != nil {
+ return err
+ }
+ return err2
+}
+
+func ProgressWriter(write func(line string, args ...any)) io.WriteCloser {
+ reader, writer := io.Pipe()
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ data := make([]byte, 4096)
+ for {
+ read, err := reader.Read(data)
+ if err != nil {
+ return
+ }
+ content := data[:read]
+ for _, line := range strings.Split(string(content), "\r") {
+ if line == "" {
+ continue
+ }
+ // Escape % signs so that they don't get interpreted as format specifiers
+ line = strings.Replace(line, "%", "%%", -1)
+ write(strings.TrimSpace(line))
+ }
+ }
+ }()
+
+ return &progressWriter{
+ WriteCloser: writer,
+ r: reader,
+ done: done,
+ }
+}
diff --git a/git_test.go b/git/git_test.go
similarity index 73%
rename from git_test.go
rename to git/git_test.go
index 35a1289c..e7a58f90 100644
--- a/git_test.go
+++ b/git/git_test.go
@@ -1,4 +1,4 @@
-package envbuilder_test
+package git_test
import (
"context"
@@ -12,10 +12,11 @@ import (
"regexp"
"testing"
- "github.com/coder/envbuilder"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/git"
+ "github.com/coder/envbuilder/options"
"github.com/coder/envbuilder/testutil/gittest"
"github.com/coder/envbuilder/testutil/mwtest"
+
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
"github.com/go-git/go-billy/v5/osfs"
@@ -88,7 +89,7 @@ func TestCloneRepo(t *testing.T) {
clientFS := memfs.New()
// A repo already exists!
_ = gittest.NewRepo(t, clientFS)
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/",
RepoURL: srv.URL,
Storage: clientFS,
@@ -106,7 +107,7 @@ func TestCloneRepo(t *testing.T) {
srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: srv.URL,
Storage: clientFS,
@@ -143,7 +144,7 @@ func TestCloneRepo(t *testing.T) {
authURL.User = url.UserPassword(tc.username, tc.password)
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: authURL.String(),
Storage: clientFS,
@@ -166,6 +167,73 @@ func TestCloneRepo(t *testing.T) {
}
}
+func TestShallowCloneRepo(t *testing.T) {
+ t.Parallel()
+
+ t.Run("NotEmpty", func(t *testing.T) {
+ t.Parallel()
+ srvFS := memfs.New()
+ _ = gittest.NewRepo(t, srvFS,
+ gittest.Commit(t, "README.md", "Hello, world!", "Many wow!"),
+ gittest.Commit(t, "foo", "bar!", "Such commit!"),
+ gittest.Commit(t, "baz", "qux", "V nice!"),
+ )
+ authMW := mwtest.BasicAuthMW("test", "test")
+ srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+
+ clientFS := memfs.New()
+ // Not empty.
+ err := clientFS.MkdirAll("/repo", 0o500)
+ require.NoError(t, err)
+ f, err := clientFS.Create("/repo/not-empty")
+ require.NoError(t, err)
+ require.NoError(t, f.Close())
+
+ err = git.ShallowCloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
+ Path: "/repo",
+ RepoURL: srv.URL,
+ Storage: clientFS,
+ RepoAuth: &githttp.BasicAuth{
+ Username: "test",
+ Password: "test",
+ },
+ })
+ require.Error(t, err)
+ })
+ t.Run("OK", func(t *testing.T) {
+ // 2024/08/01 13:22:08 unsupported capability: shallow
+ // clone "http://127.0.0.1:41499": unexpected client error: unexpected requesting "http://127.0.0.1:41499/git-upload-pack" status code: 500
+ t.Skip("The gittest server doesn't support shallow cloning, skip for now...")
+
+ t.Parallel()
+ srvFS := memfs.New()
+ _ = gittest.NewRepo(t, srvFS,
+ gittest.Commit(t, "README.md", "Hello, world!", "Many wow!"),
+ gittest.Commit(t, "foo", "bar!", "Such commit!"),
+ gittest.Commit(t, "baz", "qux", "V nice!"),
+ )
+ authMW := mwtest.BasicAuthMW("test", "test")
+ srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+
+ clientFS := memfs.New()
+
+ err := git.ShallowCloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
+ Path: "/repo",
+ RepoURL: srv.URL,
+ Storage: clientFS,
+ RepoAuth: &githttp.BasicAuth{
+ Username: "test",
+ Password: "test",
+ },
+ })
+ require.NoError(t, err)
+ for _, path := range []string{"README.md", "foo", "baz"} {
+ _, err := clientFS.Stat(filepath.Join("/repo", path))
+ require.NoError(t, err)
+ }
+ })
+}
+
func TestCloneRepoSSH(t *testing.T) {
t.Parallel()
@@ -182,7 +250,7 @@ func TestCloneRepoSSH(t *testing.T) {
gitURL := tr.String()
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -214,7 +282,7 @@ func TestCloneRepoSSH(t *testing.T) {
clientFS := memfs.New()
anotherKey := randKeygen(t)
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -244,7 +312,7 @@ func TestCloneRepoSSH(t *testing.T) {
gitURL := tr.String()
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -265,30 +333,26 @@ func TestCloneRepoSSH(t *testing.T) {
func TestSetupRepoAuth(t *testing.T) {
t.Setenv("SSH_AUTH_SOCK", "")
t.Run("Empty", func(t *testing.T) {
- opts := &envbuilder.Options{
- Logger: testLog(t),
- }
- auth := envbuilder.SetupRepoAuth(opts)
+ opts := &options.Options{}
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth)
})
t.Run("HTTP/NoAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "http://host.tld/repo",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth)
})
t.Run("HTTP/BasicAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "http://host.tld/repo",
GitUsername: "user",
GitPassword: "pass",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
ba, ok := auth.(*githttp.BasicAuth)
require.True(t, ok)
require.Equal(t, opts.GitUsername, ba.Username)
@@ -296,13 +360,12 @@ func TestSetupRepoAuth(t *testing.T) {
})
t.Run("HTTPS/BasicAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "https://host.tld/repo",
GitUsername: "user",
GitPassword: "pass",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
ba, ok := auth.(*githttp.BasicAuth)
require.True(t, ok)
require.Equal(t, opts.GitUsername, ba.Username)
@@ -311,24 +374,22 @@ func TestSetupRepoAuth(t *testing.T) {
t.Run("SSH/WithScheme", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://host.tld/repo",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/NoScheme", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
@@ -336,37 +397,34 @@ func TestSetupRepoAuth(t *testing.T) {
t.Run("SSH/OtherScheme", func(t *testing.T) {
// Anything that is not https:// or http:// is treated as SSH.
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "git://git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/GitUsername", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "host.tld:12345/repo/path",
GitSSHPrivateKeyPath: kPath,
GitUsername: "user",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/PrivateKey", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
pk, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
require.NotNil(t, pk.Signer)
@@ -376,13 +434,36 @@ func TestSetupRepoAuth(t *testing.T) {
})
t.Run("SSH/NoAuthMethods", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://git@host.tld:repo/path",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth) // TODO: actually test SSH_AUTH_SOCK
})
+
+ t.Run("NoHostname/RepoOnly", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
+
+ t.Run("NoHostname/Org/Repo", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "org/repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
+
+ t.Run("NoHostname/AbsolutePathish", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "/org/repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
}
func mustRead(t *testing.T, fs billy.Filesystem, path string) string {
@@ -404,12 +485,6 @@ func randKeygen(t *testing.T) gossh.Signer {
return signer
}
-func testLog(t *testing.T) envbuilder.LoggerFunc {
- return func(_ notcodersdk.LogLevel, format string, args ...interface{}) {
- t.Logf(format, args...)
- }
-}
-
// nolint:gosec // Throw-away key for testing. DO NOT REUSE.
var testKey = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
diff --git a/go.mod b/go.mod
index c831fdfc..9fa1d696 100644
--- a/go.mod
+++ b/go.mod
@@ -1,49 +1,54 @@
module github.com/coder/envbuilder
-go 1.22
-
-toolchain go1.22.3
+go 1.22.4
// There are a few options we need added to Kaniko!
// See: https://github.com/GoogleContainerTools/kaniko/compare/main...coder:kaniko:main
-replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15
+replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374
+
+// Required to import codersdk due to gvisor dependency.
+replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374
require (
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6
github.com/GoogleContainerTools/kaniko v1.9.2
github.com/breml/rootcerts v0.2.10
github.com/chainguard-dev/git-urls v1.0.2
+ github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352
github.com/coder/retry v1.5.1
github.com/coder/serpent v0.7.0
- github.com/containerd/containerd v1.7.15
+ github.com/containerd/platforms v0.2.1
github.com/distribution/distribution/v3 v3.0.0-alpha.1
- github.com/docker/cli v26.1.0+incompatible
- github.com/docker/docker v26.1.0+incompatible
+ github.com/docker/cli v27.2.0+incompatible
+ github.com/docker/docker v26.1.5+incompatible
github.com/fatih/color v1.17.0
github.com/gliderlabs/ssh v0.3.7
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.12.0
- github.com/google/go-containerregistry v0.19.1
+ github.com/google/go-cmp v0.6.0
+ github.com/google/go-containerregistry v0.20.1
github.com/google/uuid v1.6.0
github.com/hashicorp/go-multierror v1.1.1
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/mattn/go-isatty v0.0.20
github.com/moby/buildkit v0.13.1
github.com/otiai10/copy v1.14.0
- github.com/prometheus/procfs v0.15.0
+ github.com/prometheus/procfs v0.15.1
github.com/sirupsen/logrus v1.9.3
- github.com/skeema/knownhosts v1.2.2
+ github.com/skeema/knownhosts v1.3.0
github.com/stretchr/testify v1.9.0
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
go.uber.org/mock v0.4.0
- golang.org/x/crypto v0.24.0
- golang.org/x/sync v0.7.0
+ golang.org/x/crypto v0.26.0
+ golang.org/x/mod v0.21.0
+ golang.org/x/sync v0.8.0
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
)
require (
cloud.google.com/go/compute/metadata v0.3.0 // indirect
dario.cat/mergo v1.0.0 // indirect
+ filippo.io/edwards25519 v1.1.0 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
@@ -56,12 +61,23 @@ require (
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/Microsoft/go-winio v0.6.1 // indirect
- github.com/Microsoft/hcsshim v0.11.4 // indirect
- github.com/ProtonMail/go-crypto v1.0.0 // indirect
+ github.com/DataDog/appsec-internal-go v1.5.0 // indirect
+ github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 // indirect
+ github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
+ github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
+ github.com/DataDog/go-libddwaf/v2 v2.4.2 // indirect
+ github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
+ github.com/DataDog/gostackparse v0.7.0 // indirect
+ github.com/DataDog/sketches-go v1.4.2 // indirect
+ github.com/Microsoft/go-winio v0.6.2 // indirect
+ github.com/Microsoft/hcsshim v0.11.7 // indirect
+ github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
+ github.com/akutz/memconn v0.1.0 // indirect
+ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 // indirect
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
- github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
+ github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+ github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
@@ -72,6 +88,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
@@ -79,65 +96,107 @@ require (
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
+ github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/charmbracelet/lipgloss v0.8.0 // indirect
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
github.com/cilium/ebpf v0.12.3 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 // indirect
+ github.com/coder/quartz v0.1.0 // indirect
+ github.com/coder/terraform-provider-coder v0.23.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/cgroups/v3 v3.0.2 // indirect
+ github.com/containerd/containerd v1.7.19 // indirect
+ github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/continuity v0.4.3 // indirect
+ github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
- github.com/containerd/ttrpc v1.2.3 // indirect
+ github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
+ github.com/coreos/go-iptables v0.6.0 // indirect
+ github.com/coreos/go-oidc/v3 v3.10.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
- github.com/docker/docker-credential-helpers v0.8.1 // indirect
+ github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
+ github.com/dustin/go-humanize v1.0.1 // indirect
github.com/ePirat/docker-credential-gitlabci v1.0.0 // indirect
+ github.com/ebitengine/purego v0.6.0-alpha.5 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/frankban/quicktest v1.14.6 // indirect
+ github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+ github.com/go-chi/chi/v5 v5.0.10 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+ github.com/go-jose/go-jose/v4 v4.0.1 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
+ github.com/go-ole/go-ole v1.2.6 // indirect
github.com/godbus/dbus/v5 v5.1.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
- github.com/google/go-cmp v0.6.0 // indirect
+ github.com/google/btree v1.1.2 // indirect
+ github.com/google/nftables v0.2.0 // indirect
+ github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect
github.com/gorilla/handlers v1.5.1 // indirect
github.com/gorilla/mux v1.8.1 // indirect
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
+ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
+ github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-memdb v1.3.2 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
+ github.com/hashicorp/go-version v1.7.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
+ github.com/hashicorp/hcl/v2 v2.21.0 // indirect
+ github.com/hashicorp/logutils v1.0.0 // indirect
+ github.com/hashicorp/terraform-plugin-go v0.12.0 // indirect
+ github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect
+ github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 // indirect
+ github.com/hashicorp/yamux v0.1.1 // indirect
+ github.com/hdevalence/ed25519consensus v0.1.0 // indirect
+ github.com/illarion/gonotify v1.0.1 // indirect
+ github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
- github.com/karrick/godirwalk v1.16.1 // indirect
+ github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect
+ github.com/jsimonetti/rtnetlink v1.3.5 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
- github.com/klauspost/compress v1.17.4 // indirect
+ github.com/klauspost/compress v1.17.9 // indirect
+ github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
+ github.com/mdlayher/genetlink v1.3.2 // indirect
+ github.com/mdlayher/netlink v1.7.2 // indirect
+ github.com/mdlayher/sdnotify v1.0.0 // indirect
+ github.com/mdlayher/socket v0.5.0 // indirect
+ github.com/miekg/dns v1.1.55 // indirect
github.com/minio/highwayhash v1.0.2 // indirect
+ github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
+ github.com/mitchellh/go-ps v1.0.0 // indirect
+ github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+ github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
+ github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
@@ -154,47 +213,88 @@ require (
github.com/muesli/termenv v0.15.2 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
- github.com/opencontainers/runtime-spec v1.1.0 // indirect
+ github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
+ github.com/outcaste-io/ristretto v0.2.3 // indirect
+ github.com/philhofer/fwd v1.1.2 // indirect
+ github.com/pierrec/lz4/v4 v4.1.18 // indirect
github.com/pion/transport/v2 v2.0.0 // indirect
github.com/pion/udp v0.1.4 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.18.0 // indirect
- github.com/prometheus/client_model v0.5.0 // indirect
- github.com/prometheus/common v0.46.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.0 // indirect
+ github.com/prometheus/common v0.48.0 // indirect
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
github.com/redis/go-redis/v9 v9.1.0 // indirect
+ github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
+ github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
+ github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+ github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
+ github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d // indirect
+ github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e // indirect
+ github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
+ github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 // indirect
+ github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 // indirect
+ github.com/tcnksm/go-httpstat v0.2.0 // indirect
+ github.com/tinylib/msgp v1.1.8 // indirect
+ github.com/twpayne/go-vfs/v5 v5.0.4 // indirect
+ github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a // indirect
+ github.com/valyala/fasthttp v1.55.0 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
+ github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
+ github.com/vishvananda/netns v0.0.4 // indirect
+ github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+ github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
+ github.com/vmihailenco/tagparser v0.1.2 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
+ github.com/zclconf/go-cty v1.14.4 // indirect
+ github.com/zeebo/errs v1.3.0 // indirect
go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
+ go.nhat.io/otelsql v0.13.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/otel v1.24.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
- go.uber.org/goleak v1.3.0 // indirect
+ go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+ go.uber.org/atomic v1.11.0 // indirect
+ go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
+ go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 // indirect
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
- golang.org/x/mod v0.17.0 // indirect
- golang.org/x/net v0.25.0 // indirect
- golang.org/x/oauth2 v0.19.0 // indirect
- golang.org/x/sys v0.21.0 // indirect
- golang.org/x/term v0.21.0 // indirect
- golang.org/x/text v0.16.0 // indirect
+ golang.org/x/net v0.26.0 // indirect
+ golang.org/x/oauth2 v0.20.0 // indirect
+ golang.org/x/sys v0.23.0 // indirect
+ golang.org/x/term v0.23.0 // indirect
+ golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
- google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
- google.golang.org/grpc v1.63.2 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ golang.org/x/tools v0.22.0 // indirect
+ golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+ golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
+ google.golang.org/appengine v1.6.8 // indirect
+ google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
+ google.golang.org/grpc v1.64.1 // indirect
+ google.golang.org/protobuf v1.34.1 // indirect
+ gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
+ gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc // indirect
+ inet.af/peercred v0.0.0-20210906144145-0893ea02156a // indirect
+ nhooyr.io/websocket v1.8.7 // indirect
+ storj.io/drpc v0.0.33 // indirect
+ tailscale.com v1.46.1 // indirect
)
diff --git a/go.sum b/go.sum
index ee16941c..07dc01db 100644
--- a/go.sum
+++ b/go.sum
@@ -1,15 +1,19 @@
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 h1:KHblWIE/KHOwQ6lEbMZt6YpcGve2FEZ1sDtrW1Am5UI=
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6/go.mod h1:NaoTA7KwopCrnaSb0JXTC0PTp/O/Y83Lndnq0OEV3ZQ=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/logging v1.9.0 h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw=
cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE=
-cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg=
-cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
+cloud.google.com/go/longrunning v0.5.6 h1:xAe8+0YaWoCKr9t1+aWe+OeQgN/iJK1fEgZSXmjuEaE=
+cloud.google.com/go/longrunning v0.5.6/go.mod h1:vUaDrWYOMKRuhiv6JBnn49YxCPz2Ayn9GqyjaBT8/mA=
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/mkcert v1.4.4 h1:8eVbbwfVlaqUM7OwuftKc2nuYOoTDQWqsoXmzoXZdbc=
+filippo.io/mkcert v1.4.4/go.mod h1:VyvOchVuAye3BoUsPUOOofKygVwLV2KQMVFJNRq+1dA=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
@@ -42,23 +46,53 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
+github.com/DataDog/appsec-internal-go v1.5.0 h1:8kS5zSx5T49uZ8dZTdT19QVAvC/B8ByyZdhQKYQWHno=
+github.com/DataDog/appsec-internal-go v1.5.0/go.mod h1:pEp8gjfNLtEOmz+iZqC8bXhu0h4k7NUsW/qiQb34k1U=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 h1:bUMSNsw1iofWiju9yc1f+kBd33E3hMJtq9GuU602Iy8=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0/go.mod h1:HzySONXnAgSmIQfL6gOv9hWprKJkx8CicuXuUbmgWfo=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 h1:5nE6N3JSs2IG3xzMthNFhXfOaXlrsdgqmJ73lndFf8c=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp0Bey4MrrJyiV2tVxxJb6BmLomPvN1RgAvjGaQ=
+github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
+github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
+github.com/DataDog/go-libddwaf/v2 v2.4.2 h1:ilquGKUmN9/Ty0sIxiEyznVRxP3hKfmH15Y1SMq5gjA=
+github.com/DataDog/go-libddwaf/v2 v2.4.2/go.mod h1:gsCdoijYQfj8ce/T2bEDNPZFIYnmHluAgVDpuQOWMZE=
+github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
+github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
+github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
+github.com/DataDog/gostackparse v0.7.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/DataDog/sketches-go v1.4.2 h1:gppNudE9d19cQ98RYABOetxIhpTCl4m7CnbRZjvVA/o=
+github.com/DataDog/sketches-go v1.4.2/go.mod h1:xJIXldczJyyjnbDop7ZZcLxJdV3+7Kra7H1KMgpgkLk=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
-github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
-github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
-github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
+github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A=
+github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
+github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I=
+github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
+github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
+github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
-github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
+github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
@@ -79,6 +113,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 h1:iT1/grX+znbCNKzF3nd54/5Zq6CYNnR5ZEHWnuWqULM=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3/go.mod h1:loBAHYxz7JyucJvq4xuW9vunu8iCzjNYfSrQg2QEczA=
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
@@ -95,6 +131,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bool64/shared v0.1.5 h1:fp3eUhBsrSjNCQPcSdQqZxxh9bBwrYiZ+zOKFkM0/2E=
+github.com/bool64/shared v0.1.5/go.mod h1:081yz68YC9jeFB3+Bbmno2RFWvGKv1lPKkMP6MHJlPs=
github.com/breml/rootcerts v0.2.10 h1:UGVZ193UTSUASpGtg6pbDwzOd7XQP+at0Ssg1/2E4h8=
github.com/breml/rootcerts v0.2.10/go.mod h1:24FDtzYMpqIeYC7QzaE8VPRQaFZU5TIUDlyk8qwjD88=
github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
@@ -102,68 +140,94 @@ github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0=
github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk=
+github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ=
github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o=
github.com/charmbracelet/lipgloss v0.8.0 h1:IS00fk4XAHcf8uZKc3eHeMUTCxUH6NkaTrdyCQk84RU=
github.com/charmbracelet/lipgloss v0.8.0/go.mod h1:p4eYUZZJ/0oXTuCQKFF8mqyKCz0ja6y+7DniDDw5KKU=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM=
github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4=
github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15 h1:Rne2frxrqtLEQ/v4f/wS550Yp/WXLCRFzDuxg8b9woM=
-github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15/go.mod h1:YMK7BlxerzLlMwihGxNWUaFoN9LXCij4P+w/8/fNlcM=
+github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOcqqCaASj/nu65TRYEFcTt8qRQfHZXX0=
+github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo=
+github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374 h1:/cyXf0vTSwFh7evQqeWHXXl14aRfC4CsNIYxOenJytQ=
+github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
+github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=
+github.com/coder/quartz v0.1.0/go.mod h1:vsiCc+AHViMKH2CQpGIpFgdHIEQsxwm8yCscqKmzbRA=
github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc=
github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY=
github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0=
github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA=
+github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374 h1:a5Eg7D5e2oAc0tN56ee4yxtiTo76ztpRlk6geljaZp8=
+github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374/go.mod h1:rp6BIJxCp127/hvvDWNkHC9MxAlKvQfoOtBr8s5sCqo=
+github.com/coder/terraform-provider-coder v0.23.0 h1:DuNLWxhnGlXyG0g+OCAZRI6xd8+bJjIEnE4F3hYgA4E=
+github.com/coder/terraform-provider-coder v0.23.0/go.mod h1:wMun9UZ9HT2CzF6qPPBup1odzBpVUc0/xSFoXgdI3tk=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes=
-github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY=
+github.com/containerd/containerd v1.7.19 h1:/xQ4XRJ0tamDkdzrrBAUy/LE5nCcxFKdBm4EcPrSMEE=
+github.com/containerd/containerd v1.7.19/go.mod h1:h4FtNYUUMB4Phr6v+xG89RYKj9XccvbNSCKjdufCrkc=
+github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
+github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
+github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
-github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0=
-github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM=
+github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
+github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
+github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
+github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
+github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
@@ -172,14 +236,14 @@ github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiU
github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlPXifX/UQ3Y=
-github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.2.0+incompatible h1:yHD1QEB1/0vr5eBNpu8tncu8gWxg8EydFPOSKHzXSMM=
+github.com/docker/cli v27.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM=
-github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
-github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g=
+github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
+github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@@ -188,8 +252,13 @@ github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQ
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/ePirat/docker-credential-gitlabci v1.0.0 h1:YRkUSvkON6rT88vtscClAmPEYWhtltGEAuRVYtz1/+Y=
github.com/ePirat/docker-credential-gitlabci v1.0.0/go.mod h1:Ptmh+D0lzBQtgb6+QHjXl9HqOn3T1P8fKUHldiSQQGA=
+github.com/ebitengine/purego v0.6.0-alpha.5 h1:EYID3JOAdmQ4SNZYJHu9V6IqOeRQDBYxqKAg9PyoHFY=
+github.com/ebitengine/purego v0.6.0-alpha.5/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -198,6 +267,7 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -205,9 +275,22 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
+github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
+github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
+github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
@@ -216,6 +299,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -224,7 +309,32 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
+github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
+github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -237,15 +347,22 @@ github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=
+github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@@ -257,6 +374,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
+github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -267,9 +386,16 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=
-github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
+github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0=
+github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/nftables v0.2.0 h1:PbJwaBmbVLzpeldoeUKGkE2RjstrjPKMl6oLrfEJ6/8=
+github.com/google/nftables v0.2.0/go.mod h1:Beg6V6zZ3oEn0JuiUQ4wqwuyqqzasOltcoXPtgLbFp4=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -277,11 +403,22 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
+github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -289,9 +426,13 @@ github.com/hashicorp/go-memdb v1.3.2 h1:RBKHOsnSszpU6vxq80LzC2BaQjuuvoyaQbkLTf7V
github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
+github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
@@ -300,17 +441,54 @@ github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGN
github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk=
+github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA=
+github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14=
+github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
+github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go=
+github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8=
+github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec=
+github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
+github.com/hashicorp/terraform-plugin-go v0.12.0 h1:6wW9mT1dSs0Xq4LR6HXj1heQ5ovr5GxXNJwkErZzpJw=
+github.com/hashicorp/terraform-plugin-go v0.12.0/go.mod h1:kwhmaWHNDvT1B3QiSJdAtrB/D4RaKSY/v3r2BuoWK4M=
+github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs=
+github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 h1:+KxZULPsbjpAVoP0WNj/8aVW6EqpcX5JcUcQ5wl7Da4=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0/go.mod h1:DwGJG3KNxIPluVk6hexvDfYR/MS/eKGpiztJoT3Bbbw=
+github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg=
+github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI=
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/hdevalence/ed25519consensus v0.1.0 h1:jtBwzzcHuTmFrQN6xQZn6CQEO/V9f7HsjsjeEZ6auqU=
+github.com/hdevalence/ed25519consensus v0.1.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
+github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02 h1:AgcIVYPa6XJnU3phs104wLj8l5GEththEw6+F79YsIY=
+github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
+github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
+github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE=
+github.com/illarion/gonotify v1.0.1 h1:F1d+0Fgbq/sDWjj/r66ekjDG+IDeecQKUFH4wNwsoio=
+github.com/illarion/gonotify v1.0.1/go.mod h1:zt5pmDofZpU1f8aqlK0+95eQhoEAn/d4G4B/FjVW4jE=
+github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA=
+github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
+github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
+github.com/jsimonetti/rtnetlink v1.3.5 h1:hVlNQNRlLDGZz31gBPicsG7Q53rnlsz1l1Ix/9XlpVA=
+github.com/jsimonetti/rtnetlink v1.3.5/go.mod h1:0LFedyiTkebnd43tE4YAkWGIq9jQphow4CcwxaT2Y00=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
-github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -318,9 +496,14 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
+github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -329,10 +512,17 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -340,12 +530,32 @@ github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRC
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
+github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
+github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
+github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ3c=
+github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
+github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
+github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g=
github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
+github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
+github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
+github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c h1:cqn374mizHuIWj+OSJCajGr/phAmuMug9qIX3l9CflE=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/buildkit v0.13.1 h1:L8afOFhPq2RPJJSr/VyzbufwID7jquZVB7oFHbPRcPE=
github.com/moby/buildkit v0.13.1/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
@@ -372,9 +582,12 @@ github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
@@ -382,20 +595,35 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt
github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
+github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0=
+github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
+github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
+github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
+github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
+github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
github.com/pion/transport/v2 v2.0.0 h1:bsMYyqHCbkvHwj+eNCFBuxtlKndKfyGI2vaQmM3fIE4=
github.com/pion/transport/v2 v2.0.0/go.mod h1:HS2MEBJTwD+1ZI2eSXSvHJx/HnzQqRy2/LXxt6eVMHc=
@@ -414,22 +642,22 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
-github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
+github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y=
-github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek=
-github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
@@ -437,21 +665,29 @@ github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnA
github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY=
github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
-github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -460,28 +696,94 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/swaggest/assertjson v1.9.0 h1:dKu0BfJkIxv/xe//mkCrK5yZbs79jL7OVf9Ija7o2xQ=
+github.com/swaggest/assertjson v1.9.0/go.mod h1:b+ZKX2VRiUjxfUIal0HDN85W0nHPAYUbYH5WkkSsFsU=
+github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d h1:K3j02b5j2Iw1xoggN9B2DIEkhWGheqFOeDkdJdBrJI8=
+github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d/go.mod h1:2P+hpOwd53e7JMX/L4f3VXkv1G+33ES6IWZSrkIeWNs=
+github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e h1:JyeJF/HuSwvxWtsR1c0oKX1lzaSH5Wh4aX+MgiStaGQ=
+github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e/go.mod h1:DjoeCULdP6vTJ/xY+nzzR9LaUHprkbZEpNidX0aqEEk=
+github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
+github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a/go.mod h1:DFSS3NAGHthKo1gTlmEcSBiZrRJXi28rLNd/1udP1c8=
+github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 h1:zrsUcqrG2uQSPhaUPjUQwozcRdDdSxxqhNgNZ3drZFk=
+github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0=
+github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 h1:zwsem4CaamMdC3tFoTpzrsUSMDPV0K6rhnQdF7kXekQ=
+github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
+github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0=
+github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8=
+github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
+github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/twpayne/go-vfs/v5 v5.0.4 h1:/ne3h+rW7f5YOyOFguz+3ztfUwzOLR0Vts3y0mMAitg=
+github.com/twpayne/go-vfs/v5 v5.0.4/go.mod h1:zTPFJUbgsEMFNSWnWQlLq9wh4AN83edZzx3VXbxrS1w=
+github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a h1:BH1SOPEvehD2kVrndDnGJiUF0TrBpNs+iyYocu6h0og=
+github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
+github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.55.0 h1:Zkefzgt6a7+bVKHnu/YaYSOPfNYNisSVBo/unVCf8k8=
+github.com/valyala/fasthttp v1.55.0/go.mod h1:NkY9JtkrpPKmgwV3HTaS2HWaJss9RSIsRVfcxxoHiOM=
github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
+github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
+github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
+github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc=
+github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA=
+github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8=
+github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
+github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
+github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
+github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
+github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
go.etcd.io/etcd/raft/v3 v3.5.6 h1:tOmx6Ym6rn2GpZOrvTGJZciJHek6RnC3U/zNInzIN50=
go.etcd.io/etcd/raft/v3 v3.5.6/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0=
+go.nhat.io/otelsql v0.13.0 h1:L6obwZRxgFQqeSvo7jCemP659fu7pqsDHQNuZ3Ev1yI=
+go.nhat.io/otelsql v0.13.0/go.mod h1:HyYpqd7G9BK+9cPLydV+2JN/4J5D3wlX6+jDLTk52GE=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
@@ -490,23 +792,40 @@ go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.24.0 h1:JYE2HM7pZbOt5Jhk8ndWZTUWYOVift2cHjXVMkPdmdc=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.24.0/go.mod h1:yMb/8c6hVsnma0RpsBMNo0fEiQKeclawtgaIaOp2MLY=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.24.0 h1:s0PHtIkN+3xrbDOpt2M8OTG92cWqUESvzh2MxiR5xY8=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.24.0/go.mod h1:hZlFbDbRt++MMPCCfSJfmhkGIWnX1h3XjkfxZUjLrIA=
go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
+go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
+go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
+go.opentelemetry.io/otel/sdk/metric v1.24.0 h1:yyMQrPzF+k88/DbH7o4FMAs80puqd+9osbiBrJrz/w8=
+go.opentelemetry.io/otel/sdk/metric v1.24.0/go.mod h1:I6Y5FjH6rvEnTTAYQz3Mmv2kl6Ek5IIrmwTLqMrrOE0=
go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.3.1-0.20240429205332-517bace7cc29 h1:w0QrHuh0hhUZ++UTQaBM2DMdrWQghZ/UsUb+Wb1+8YE=
+go.uber.org/goleak v1.3.1-0.20240429205332-517bace7cc29/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H9rmp5nkDTAst8=
+go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
+go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 h1:X66ZEoMN2SuaoI/dfZVYobB6E5zjZyyHUMWlCA7MgGE=
+go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516/go.mod h1:TQvodOM+hJTioNQJilmLXu08JNb8i+ccq418+KWu1/Y=
+golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
+golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -515,11 +834,9 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
@@ -528,43 +845,47 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -572,43 +893,58 @@ golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -620,34 +956,42 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
+golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
-google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw=
+google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 h1:W5Xj/70xIA4x60O/IFyXivR5MGqblAb8R3w26pnD6No=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
-google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -660,10 +1004,14 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 h1:zXQo6iv+dKRrDBxMXjRXLSKN2lY9uM34XFI4nPyp0eA=
+gopkg.in/DataDog/dd-trace-go.v1 v1.64.0/go.mod h1:qzwVu8Qr8CqzQNw2oKEXRdD+fMnjYatjYMGE0tdCVG4=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -678,7 +1026,23 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc h1:DXLLFYv/k/xr0rWcwVEvWme1GR36Oc4kNMspg38JeiE=
+gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
+honnef.co/go/gotraceui v0.2.0 h1:dmNsfQ9Vl3GwbiVD7Z8d/osC6WtGGrasyrC2suc4ZIQ=
+honnef.co/go/gotraceui v0.2.0/go.mod h1:qHo4/W75cA3bX0QQoSvDjbJa4R8mAyyFjbWAj63XElc=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
+howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
+inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg=
+inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU=
+nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
+nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE=
+software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ=
+storj.io/drpc v0.0.33 h1:yCGZ26r66ZdMP0IcTYsj7WDAUIIjzXk6DJhbhvt9FHI=
+storj.io/drpc v0.0.33/go.mod h1:vR804UNzhBa49NOJ6HeLjd2H3MakC1j5Gv8bsOQT6N4=
diff --git a/init.sh b/init.sh
index 350a664a..a2990e0d 100644
--- a/init.sh
+++ b/init.sh
@@ -3,5 +3,5 @@
echo hey there
sleep 1
-echo INIT_COMMAND=/bin/sh >> $ENVBUILDER_ENV
-echo INIT_ARGS="-c /bin/bash" >> $ENVBUILDER_ENV
\ No newline at end of file
+echo INIT_COMMAND=/bin/sh >> "${ENVBUILDER_ENV}"
+echo INIT_ARGS="-c /bin/bash" >> "${ENVBUILDER_ENV}"
\ No newline at end of file
diff --git a/integration/integration_test.go b/integration/integration_test.go
index 1364e966..b7332c04 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -17,15 +17,22 @@ import (
"os"
"os/exec"
"path/filepath"
+ "regexp"
+ "slices"
"strings"
"testing"
"time"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/envbuilder"
"github.com/coder/envbuilder/devcontainer/features"
+ "github.com/coder/envbuilder/internal/magicdir"
+ "github.com/coder/envbuilder/options"
"github.com/coder/envbuilder/testutil/gittest"
"github.com/coder/envbuilder/testutil/mwtest"
"github.com/coder/envbuilder/testutil/registrytest"
+
clitypes "github.com/docker/cli/cli/config/types"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
@@ -35,10 +42,11 @@ import (
"github.com/docker/docker/api/types/volume"
"github.com/docker/docker/client"
"github.com/docker/docker/pkg/stdcopy"
- "github.com/go-git/go-billy/v5/memfs"
+ "github.com/google/go-cmp/cmp"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/registry"
+ v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/google/go-containerregistry/pkg/v1/remote/transport"
"github.com/google/uuid"
@@ -52,6 +60,71 @@ const (
testImageUbuntu = "localhost:5000/envbuilder-test-ubuntu:latest"
)
+func TestLogs(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ logsDone := make(chan struct{})
+
+ logHandler := func(w http.ResponseWriter, r *http.Request) {
+ switch r.URL.Path {
+ case "/api/v2/buildinfo":
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ case "/api/v2/workspaceagents/me/logs":
+ w.WriteHeader(http.StatusOK)
+ tokHdr := r.Header.Get(codersdk.SessionTokenHeader)
+ assert.Equal(t, token, tokHdr)
+ var req agentsdk.PatchLogs
+ err := json.NewDecoder(r.Body).Decode(&req)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ for _, log := range req.Logs {
+ t.Logf("got log: %+v", log)
+ if strings.Contains(log.Output, "Running init command") {
+ close(logsDone)
+ return
+ }
+ }
+ return
+ default:
+ t.Errorf("unexpected request to %s", r.URL.Path)
+ w.WriteHeader(http.StatusNotFound)
+ return
+ }
+ }
+ logSrv := httptest.NewServer(http.HandlerFunc(logHandler))
+ defer logSrv.Close()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s`, testImageUbuntu),
+ },
+ })
+ _, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ "CODER_AGENT_URL=" + logSrv.URL,
+ "CODER_AGENT_TOKEN=" + token,
+ }})
+ require.NoError(t, err)
+ ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+ defer cancel()
+ select {
+ case <-ctx.Done():
+ t.Fatal("timed out waiting for logs")
+ case <-logsDone:
+ }
+}
+
func TestInitScriptInitCommand(t *testing.T) {
t.Parallel()
@@ -65,13 +138,13 @@ func TestInitScriptInitCommand(t *testing.T) {
w.WriteHeader(http.StatusOK)
}))
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
// Let's say /bin/sh is not available and we can only use /bin/ash
"Dockerfile": fmt.Sprintf("FROM %s\nRUN unlink /bin/sh", testImageAlpine),
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("INIT_SCRIPT", fmt.Sprintf(`wget -O - %q`, initSrv.URL)),
@@ -85,7 +158,7 @@ func TestInitScriptInitCommand(t *testing.T) {
}
require.NoError(t, ctx.Err(), "init script did not execute for prefixed env vars")
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
fmt.Sprintf(`INIT_SCRIPT=wget -O - %q`, initSrv.URL),
@@ -100,6 +173,72 @@ func TestInitScriptInitCommand(t *testing.T) {
require.NoError(t, ctx.Err(), "init script did not execute for legacy env vars")
}
+func TestDanglingBuildStage(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s as a
+RUN date > /root/date.txt`, testImageUbuntu),
+ },
+ })
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ }})
+ require.NoError(t, err)
+
+ output := execContainer(t, ctr, "cat /date.txt")
+ require.NotEmpty(t, strings.TrimSpace(output))
+}
+
+func TestUserFromMultistage(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s AS a
+USER root
+RUN useradd --create-home pickme
+USER pickme
+FROM a AS other
+USER root
+RUN useradd --create-home notme
+USER notme
+FROM a AS b`, testImageUbuntu),
+ },
+ })
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ }})
+ require.NoError(t, err)
+
+ // Check that envbuilder started command as user.
+ // Since envbuilder starts as root, probe for up to 10 seconds.
+ for i := 0; i < 10; i++ {
+ out := execContainer(t, ctr, "ps aux | awk '/^pickme * 1 / {print $1}' | sort -u")
+ got := strings.TrimSpace(out)
+ if got == "pickme" {
+ return
+ }
+ time.Sleep(time.Second)
+ }
+ require.Fail(t, "expected pid 1 to be running as pickme")
+}
+
func TestUidGid(t *testing.T) {
t.Parallel()
t.Run("MultiStage", func(t *testing.T) {
@@ -110,7 +249,7 @@ RUN mkdir -p /myapp/somedir \
&& touch /myapp/somedir/somefile \
&& chown 123:123 /myapp/somedir \
&& chown 321:321 /myapp/somedir/somefile
-
+
FROM %s
COPY --from=builder /myapp /myapp
RUN printf "%%s\n" \
@@ -124,12 +263,12 @@ RUN printf "%%s\n" \
/myapp/somedir/somefile \
> /tmp/got \
&& diff -u /tmp/got /tmp/expected`, testImageAlpine, testImageAlpine)
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": dockerFile,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -155,12 +294,12 @@ RUN mkdir -p /myapp/somedir \
/myapp/somedir/somefile \
> /tmp/got \
&& diff -u /tmp/got /tmp/expected`, testImageAlpine)
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": dockerFile,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -173,12 +312,12 @@ func TestForceSafe(t *testing.T) {
t.Run("Safe", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"KANIKO_DIR=/not/envbuilder",
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -189,12 +328,12 @@ func TestForceSafe(t *testing.T) {
// Careful with this one!
t.Run("Unsafe", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"KANIKO_DIR=/not/envbuilder",
envbuilderEnv("FORCE_SAFE", "true"),
@@ -206,14 +345,14 @@ func TestForceSafe(t *testing.T) {
func TestFailsGitAuth(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.ErrorContains(t, err, "authentication required")
@@ -221,14 +360,14 @@ func TestFailsGitAuth(t *testing.T) {
func TestSucceedsGitAuth(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("GIT_USERNAME", "kyle"),
@@ -241,18 +380,18 @@ func TestSucceedsGitAuth(t *testing.T) {
func TestSucceedsGitAuthInURL(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
u, err := url.Parse(srv.URL)
require.NoError(t, err)
u.User = url.UserPassword("kyle", "testing")
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", u.String()),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -306,8 +445,8 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
require.NoError(t, err)
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -330,7 +469,7 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
".devcontainer/feature3/install.sh": "echo $GRAPE > /test3output",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -347,12 +486,12 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
func TestBuildFromDockerfile(t *testing.T) {
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString([]byte(`{"experimental": "enabled"}`))),
@@ -363,18 +502,19 @@ func TestBuildFromDockerfile(t *testing.T) {
require.Equal(t, "hello", strings.TrimSpace(output))
// Verify that the Docker configuration secret file is removed
- output = execContainer(t, ctr, "stat "+filepath.Join(envbuilder.MagicDir, "config.json"))
+ configJSONContainerPath := magicdir.Default.Join("config.json")
+ output = execContainer(t, ctr, "stat "+configJSONContainerPath)
require.Contains(t, output, "No such file or directory")
}
func TestBuildPrintBuildOutput(t *testing.T) {
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine + "\nRUN echo hello",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -397,8 +537,8 @@ func TestBuildPrintBuildOutput(t *testing.T) {
func TestBuildIgnoreVarRunSecrets(t *testing.T) {
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
@@ -408,7 +548,7 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
require.NoError(t, err)
t.Run("ReadWrite", func(t *testing.T) {
- ctr, err := runEnvbuilder(t, options{
+ ctr, err := runEnvbuilder(t, runOpts{
env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -422,7 +562,7 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
})
t.Run("ReadOnly", func(t *testing.T) {
- ctr, err := runEnvbuilder(t, options{
+ ctr, err := runEnvbuilder(t, runOpts{
env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -438,12 +578,12 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
func TestBuildWithSetupScript(t *testing.T) {
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SETUP_SCRIPT", "echo \"INIT_ARGS=-c 'echo hi > /wow && sleep infinity'\" >> $ENVBUILDER_ENV"),
@@ -458,8 +598,8 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/custom/devcontainer.json": `{
"name": "Test",
"build": {
@@ -469,7 +609,7 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) {
".devcontainer/custom/Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DEVCONTAINER_DIR", ".devcontainer/custom"),
}})
@@ -483,8 +623,8 @@ func TestBuildFromDevcontainerInSubfolder(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/subfolder/devcontainer.json": `{
"name": "Test",
"build": {
@@ -494,7 +634,7 @@ func TestBuildFromDevcontainerInSubfolder(t *testing.T) {
".devcontainer/subfolder/Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -507,8 +647,8 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"devcontainer.json": `{
"name": "Test",
"build": {
@@ -518,7 +658,7 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
"Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -528,13 +668,13 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
}
func TestBuildCustomCertificates(t *testing.T) {
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- tls: true,
+ TLS: true,
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SSL_CERT_BASE64", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
@@ -550,12 +690,12 @@ func TestBuildCustomCertificates(t *testing.T) {
func TestBuildStopStartCached(t *testing.T) {
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SKIP_REBUILD", "true"),
@@ -586,7 +726,7 @@ func TestCloneFailsFallback(t *testing.T) {
t.Parallel()
t.Run("BadRepo", func(t *testing.T) {
t.Parallel()
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", "bad-value"),
}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
@@ -598,12 +738,12 @@ func TestBuildFailsFallback(t *testing.T) {
t.Run("BadDockerfile", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "bad syntax",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -613,13 +753,13 @@ func TestBuildFailsFallback(t *testing.T) {
t.Run("FailsBuild", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": `FROM ` + testImageAlpine + `
RUN exit 1`,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -628,24 +768,24 @@ RUN exit 1`,
t.Run("BadDevcontainer", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": "not json",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
})
t.Run("NoImageOrDockerfile", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": "{}",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("FALLBACK_IMAGE", testImageAlpine),
}})
@@ -658,12 +798,12 @@ RUN exit 1`,
func TestExitBuildOnFailure(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "bad syntax",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("FALLBACK_IMAGE", testImageAlpine),
@@ -677,8 +817,8 @@ func TestContainerEnv(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -697,7 +837,7 @@ func TestContainerEnv(t *testing.T) {
".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("EXPORT_ENV_FILE", "/env"),
}})
@@ -719,8 +859,8 @@ func TestUnsetOptionsEnv(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -730,7 +870,7 @@ func TestUnsetOptionsEnv(t *testing.T) {
".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"GIT_URL", srv.URL,
envbuilderEnv("GIT_PASSWORD", "supersecret"),
@@ -741,13 +881,13 @@ func TestUnsetOptionsEnv(t *testing.T) {
require.NoError(t, err)
output := execContainer(t, ctr, "cat /root/env.txt")
- var os envbuilder.Options
+ var os options.Options
for _, s := range strings.Split(strings.TrimSpace(output), "\n") {
for _, o := range os.CLI() {
if strings.HasPrefix(s, o.Env) {
assert.Fail(t, "environment variable should be stripped when running init script", s)
}
- optWithoutPrefix := strings.TrimPrefix(o.Env, envbuilder.WithEnvPrefix(""))
+ optWithoutPrefix := strings.TrimPrefix(o.Env, options.WithEnvPrefix(""))
if strings.HasPrefix(s, optWithoutPrefix) {
assert.Fail(t, "environment variable should be stripped when running init script", s)
}
@@ -759,8 +899,8 @@ func TestLifecycleScripts(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -777,7 +917,7 @@ func TestLifecycleScripts(t *testing.T) {
".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nUSER nobody",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -795,8 +935,8 @@ func TestPostStartScript(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -816,7 +956,7 @@ RUN chmod +x /bin/init.sh
USER nobody`,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("POST_START_SCRIPT_PATH", "/tmp/post-start.sh"),
envbuilderEnv("INIT_COMMAND", "/bin/init.sh"),
@@ -845,12 +985,12 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -864,8 +1004,8 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
@@ -879,7 +1019,7 @@ func TestPrivateRegistry(t *testing.T) {
})
require.NoError(t, err)
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)),
@@ -896,8 +1036,8 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
@@ -911,7 +1051,7 @@ func TestPrivateRegistry(t *testing.T) {
})
require.NoError(t, err)
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)),
@@ -968,7 +1108,7 @@ func setupPassthroughRegistry(t *testing.T, image string, opts *setupPassthrough
}
func TestNoMethodFails(t *testing.T) {
- _, err := runEnvbuilder(t, options{env: []string{}})
+ _, err := runEnvbuilder(t, runOpts{env: []string{}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
}
@@ -1039,10 +1179,10 @@ COPY %s .`, testImageAlpine, inclFile)
tc := tc
t.Run(tc.name, func(t *testing.T) {
- srv := createGitServer(t, gitServerOptions{
- files: tc.files,
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: tc.files,
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", tc.dockerfilePath),
envbuilderEnv("BUILD_CONTEXT_PATH", tc.buildContextPath),
@@ -1063,9 +1203,15 @@ func TestPushImage(t *testing.T) {
t.Run("CacheWithoutPush", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1084,18 +1230,18 @@ func TestPushImage(t *testing.T) {
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
}})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
+ // When: we run envbuilder with no PUSH_IMAGE set
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
}})
@@ -1105,21 +1251,31 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref)
require.ErrorContains(t, err, "MANIFEST_UNKNOWN", "expected image to not be present before build + push")
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should not succeed, as
+ // the envbuilder binary is not present in the pushed image.
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
}})
- require.NoError(t, err)
+ require.ErrorContains(t, err, "uncached COPY command is not supported in cache probe mode")
})
t.Run("CacheAndPush", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1137,102 +1293,283 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("VERBOSE", "1"),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
- }})
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
+ defer cli.Close()
- // Then: the image should be pushed
- img, err := remote.Image(ref)
- require.NoError(t, err, "expected image to be present after build + push")
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
- // Then: the image should have its directives replaced with those required
- // to run envbuilder automatically
- configFile, err := img.ConfigFile()
- require.NoError(t, err, "expected image to return a config file")
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
- assert.Equal(t, "root", configFile.Config.User, "user must be root")
- assert.Equal(t, "/", configFile.Config.WorkingDir, "workdir must be /")
- if assert.Len(t, configFile.Config.Entrypoint, 1) {
- assert.Equal(t, "/.envbuilder/bin/envbuilder", configFile.Config.Entrypoint[0], "incorrect entrypoint")
- }
+ // Then: the envbuilder binary exists in the image!
+ out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
+ require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
+ out = execContainer(t, ctr.ID, "cat /root/date.txt")
+ require.NotEmpty(t, strings.TrimSpace(out))
+ })
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- ctrID, err := runEnvbuilder(t, options{env: []string{
+ t.Run("CacheAndPushDevcontainerOnly", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/devcontainer.json": fmt.Sprintf(`{"image": %q}`, testImageAlpine),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.NoError(t, err)
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached COPY command")
+ // Then: it should fail to build the image and nothing should be pushed
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
- // Then: the cached image ref should be emitted in the container logs
- ctx, cancel := context.WithCancel(context.Background())
- t.Cleanup(cancel)
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
defer cli.Close()
- logs, err := cli.ContainerLogs(ctx, ctrID, container.LogsOptions{
- ShowStdout: true,
- ShowStderr: true,
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Then: the envbuilder binary exists in the image!
+ out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
+ require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
+ require.NotEmpty(t, strings.TrimSpace(out))
+ })
+
+ t.Run("CompareBuiltAndCachedImageEnvironment", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ wantSpecificOutput := []string{
+ "containeruser",
+ "FROM_CONTAINER=container",
+ "FROM_CONTAINER_ENV=containerEnv",
+ "FROM_REMOTE_ENV=remoteEnv",
+ "CONTAINER_OVERRIDE_C=containerEnv",
+ "CONTAINER_OVERRIDE_CR=remoteEnv",
+ "CONTAINER_OVERRIDE_R=remoteEnv",
+ }
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`
+ FROM %s
+ ENV FROM_CONTAINER=container
+ ENV CONTAINER_OVERRIDE_C=container
+ ENV CONTAINER_OVERRIDE_CR=container
+ ENV CONTAINER_OVERRIDE_R=container
+ RUN adduser -D containeruser
+ RUN adduser -D remoteuser
+ USER root
+ `, testImageAlpine),
+ ".devcontainer/devcontainer.json": `
+ {
+ "dockerFile": "Dockerfile",
+ "containerUser": "containeruser",
+ "containerEnv": {
+ "FROM_CONTAINER_ENV": "containerEnv",
+ "CONTAINER_OVERRIDE_C": "containerEnv",
+ "CONTAINER_OVERRIDE_CR": "containerEnv",
+ },
+ "remoteUser": "remoteuser",
+ "remoteEnv": {
+ "FROM_REMOTE_ENV": "remoteEnv",
+ "CONTAINER_OVERRIDE_CR": "remoteEnv",
+ "CONTAINER_OVERRIDE_R": "remoteEnv",
+ },
+ "onCreateCommand": "echo onCreateCommand",
+ "postCreateCommand": "echo postCreateCommand",
+ }
+ `,
+ },
})
- require.NoError(t, err)
- defer logs.Close()
- logBytes, err := io.ReadAll(logs)
- require.NoError(t, err)
- require.Regexp(t, `ENVBUILDER_CACHED_IMAGE=(\S+)`, string(logBytes))
- // When: we pull the image we just built
- rc, err := cli.ImagePull(ctx, ref.String(), image.PullOptions{})
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
require.NoError(t, err)
- t.Cleanup(func() { _ = rc.Close() })
- _, err = io.ReadAll(rc)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("INIT_SCRIPT", "echo '[start]' && whoami && env && echo '[end]'"),
+ envbuilderEnv("INIT_COMMAND", "/bin/ash"),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ ctrID, err := runEnvbuilder(t, runOpts{env: append(opts, envbuilderEnv("PUSH_IMAGE", "1"))})
+ require.NoError(t, err, "envbuilder push image failed")
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
+ defer cli.Close()
+
+ var started bool
+ var wantOutput, gotOutput []string
+ logs, _ := streamContainerLogs(t, cli, ctrID)
+ for {
+ log := <-logs
+ if log == "[start]" {
+ started = true
+ continue
+ }
+ if log == "[end]" {
+ break
+ }
+ if started {
+ wantOutput = append(wantOutput, log)
+ }
+ }
+ started = false
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
// When: we run the image we just built
- ctr, err := cli.ContainerCreate(ctx, &container.Config{
- Image: ref.String(),
- Entrypoint: []string{"sleep", "infinity"},
- Labels: map[string]string{
- testContainerLabel: "true",
+ ctrID, err = runEnvbuilder(t, runOpts{
+ image: cachedRef.String(),
+ env: opts,
+ })
+ require.NoError(t, err, "envbuilder run cached image failed")
+
+ logs, _ = streamContainerLogs(t, cli, ctrID)
+ for {
+ log := <-logs
+ if log == "[start]" {
+ started = true
+ continue
+ }
+ if log == "[end]" {
+ break
+ }
+ if started {
+ gotOutput = append(gotOutput, log)
+ }
+ }
+
+ slices.Sort(wantOutput)
+ slices.Sort(gotOutput)
+ if diff := cmp.Diff(wantOutput, gotOutput); diff != "" {
+ t.Fatalf("unexpected output (-want +got):\n%s", diff)
+ }
+
+ for _, want := range wantSpecificOutput {
+ assert.Contains(t, gotOutput, want, "expected specific output %q to be present", want)
+ }
+ })
+
+ t.Run("CacheAndPushWithNoChangeLayers", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": fmt.Sprintf(`
+FROM %[1]s
+RUN touch /foo
+RUN echo "Hi, please don't put me in a layer (I guess you won't listen to me...)"
+RUN touch /bar
+`, testImageAlpine),
},
- }, nil, nil, nil, "")
- require.NoError(t, err)
- t.Cleanup(func() {
- _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
- RemoveVolumes: true,
- Force: true,
- })
})
- err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{})
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
// Then: the envbuilder binary exists in the image!
out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
- out = execContainer(t, ctr.ID, "cat /root/date.txt")
require.NotEmpty(t, strings.TrimSpace(out))
})
t.Run("CacheAndPushAuth", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1243,18 +1580,18 @@ func TestPushImage(t *testing.T) {
})
// Given: an empty registry
- opts := setupInMemoryRegistryOpts{
+ authOpts := setupInMemoryRegistryOpts{
Username: "testing",
Password: "testing",
}
- remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password})
- testReg := setupInMemoryRegistry(t, opts)
+ remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: authOpts.Username, Password: authOpts.Password})
+ testReg := setupInMemoryRegistry(t, authOpts)
testRepo := testReg + "/test"
regAuthJSON, err := json.Marshal(envbuilder.DockerConfig{
AuthConfigs: map[string]clitypes.AuthConfig{
testRepo: {
- Username: opts.Username,
- Password: opts.Password,
+ Username: authOpts.Username,
+ Password: authOpts.Password,
},
},
})
@@ -1264,46 +1601,47 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
- envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
- }})
- require.NoError(t, err)
+ _ = pushImage(t, ref, remoteAuthOpt, opts...)
// Then: the image should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.NoError(t, err, "expected image to be present after build + push")
// Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
- }})
+ )})
require.NoError(t, err)
})
t.Run("CacheAndPushAuthFail", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1314,35 +1652,36 @@ func TestPushImage(t *testing.T) {
})
// Given: an empty registry
- opts := setupInMemoryRegistryOpts{
+ authOpts := setupInMemoryRegistryOpts{
Username: "testing",
Password: "testing",
}
- remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password})
- testReg := setupInMemoryRegistry(t, opts)
+ remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: authOpts.Username, Password: authOpts.Password})
+ testReg := setupInMemoryRegistry(t, authOpts)
testRepo := testReg + "/test"
ref, err := name.ParseReference(testRepo + ":latest")
require.NoError(t, err)
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("PUSH_IMAGE", "1"),
- }})
+ )})
// Then: it should fail with an Unauthorized error
require.ErrorContains(t, err, "401 Unauthorized", "expected unauthorized error using no auth when cache repo requires it")
@@ -1352,22 +1691,29 @@ func TestPushImage(t *testing.T) {
})
t.Run("CacheAndPushMultistage", func(t *testing.T) {
- // Currently fails with:
- // /home/coder/src/coder/envbuilder/integration/integration_test.go:1417: "error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory"
- // /home/coder/src/coder/envbuilder/integration/integration_test.go:1156:
- // Error Trace: /home/coder/src/coder/envbuilder/integration/integration_test.go:1156
- // Error: Received unexpected error:
- // error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory
- // Test: TestPushImage/CacheAndPushMultistage
- t.Skip("TODO: https://github.com/coder/envbuilder/issues/230")
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- "Dockerfile": fmt.Sprintf(`FROM %s AS a
-RUN date --utc > /root/date.txt
-FROM %s as b
-COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": fmt.Sprintf(`
+FROM %[1]s AS prebuild
+RUN mkdir /the-past /the-future \
+ && echo "hello from the past" > /the-past/hello.txt \
+ && cd /the-past \
+ && ln -s hello.txt hello.link \
+ && echo "hello from the future" > /the-future/hello.txt
+
+FROM %[1]s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+COPY --from=prebuild /the-past /the-past
+COPY --from=prebuild /the-future/hello.txt /the-future/hello.txt
+`, testImageAlpine),
},
})
@@ -1379,50 +1725,134 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
+ envbuilderEnv("GET_CACHED_IMAGE", "1"),
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- ctrID, err := runEnvbuilder(t, options{env: []string{
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Then: The files from the prebuild stage are present.
+ out := execContainer(t, ctr.ID, "/bin/sh -c 'cat /the-past/hello.txt /the-future/hello.txt; readlink -f /the-past/hello.link'")
+ require.Equal(t, "hello from the past\nhello from the future\n/the-past/hello.txt", strings.TrimSpace(out))
+ })
+
+ t.Run("MultistgeCacheMissAfterChange", func(t *testing.T) {
+ t.Parallel()
+ dockerfilePrebuildContents := fmt.Sprintf(`
+FROM %[1]s AS prebuild
+RUN mkdir /the-past /the-future \
+ && echo "hello from the past" > /the-past/hello.txt \
+ && cd /the-past \
+ && ln -s hello.txt hello.link \
+ && echo "hello from the future" > /the-future/hello.txt
+
+# Workaround for https://github.com/coder/envbuilder/issues/231
+FROM %[1]s
+`, testImageAlpine)
+
+ dockerfileContents := fmt.Sprintf(`
+FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+COPY --from=prebuild /the-past /the-past
+COPY --from=prebuild /the-future/hello.txt /the-future/hello.txt
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt
+`, testImageAlpine)
+
+ newServer := func(dockerfile string) *httptest.Server {
+ return gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{"Dockerfile": dockerfile},
+ })
+ }
+ srv := newServer(dockerfilePrebuildContents + dockerfileContents)
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil,
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ )
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ _, err = runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
require.NoError(t, err)
- // Then: The file copied from stage a should be present
- out := execContainer(t, ctrID, "cat /date.txt")
- require.NotEmpty(t, out)
- // Then: the image should be pushed
- _, err = remote.Image(ref)
- require.NoError(t, err, "expected image to be present after build + push")
+ // When: we change the Dockerfile
+ srv.Close()
+ dockerfilePrebuildContents = strings.Replace(dockerfilePrebuildContents, "hello from the future", "hello from the future, but different", 1)
+ srv = newServer(dockerfilePrebuildContents)
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
+ // When: we rebuild the prebuild stage so that the cache is created
+ _ = pushImage(t, ref, nil,
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ )
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should still fail
+ // on the second stage because the first stage file has changed.
+ srv.Close()
+ srv = newServer(dockerfilePrebuildContents + dockerfileContents)
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ envbuilderEnv("VERBOSE", "1"),
}})
- require.NoError(t, err)
+ require.ErrorContains(t, err, "error probing build cache: uncached COPY command")
})
t.Run("PushImageRequiresCache", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1433,7 +1863,7 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
})
// When: we run envbuilder with PUSH_IMAGE set but no cache repo set
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("PUSH_IMAGE", "1"),
}})
@@ -1446,9 +1876,15 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
t.Run("PushErr", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1463,7 +1899,7 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
notRegURL := strings.TrimPrefix(notRegSrv.URL, "http://") + "/test"
// When: we run envbuilder with PUSH_IMAGE set
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", notRegURL),
envbuilderEnv("PUSH_IMAGE", "1"),
@@ -1472,14 +1908,128 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
// Then: envbuilder should fail with a descriptive error
require.ErrorContains(t, err, "failed to push to destination")
})
+
+ t.Run("CacheAndPushDevcontainerFeatures", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ // NOTE(mafredri): We can't cache the feature in our local
+ // registry because the image media type is incompatible.
+ ".devcontainer/devcontainer.json": fmt.Sprintf(`
+{
+ "image": %q,
+ "features": {
+ "ghcr.io/devcontainers/feature-starter/color:1": {
+ "favorite": "green"
+ }
+ }
+}
+`, testImageUbuntu),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Check that the feature is present in the image.
+ out := execContainer(t, ctr.ID, "/usr/local/bin/color")
+ require.Contains(t, strings.TrimSpace(out), "my favorite color is green")
+ })
+
+ t.Run("CacheAndPushUser", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+RUN useradd -m -s /bin/bash devalot
+USER devalot
+`, testImageUbuntu),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Check that envbuilder started command as user.
+ // Since envbuilder starts as root, probe for up to 10 seconds.
+ for i := 0; i < 10; i++ {
+ out := execContainer(t, ctr.ID, "ps aux | awk '/^devalot * 1 / {print $1}' | sort -u")
+ got := strings.TrimSpace(out)
+ if got == "devalot" {
+ return
+ }
+ time.Sleep(time.Second)
+ }
+ require.Fail(t, "expected pid 1 to be running as devalot")
+ })
}
func TestChownHomedir(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1499,7 +2049,7 @@ USER test
// Run envbuilder with a Docker volume mounted to homedir
volName := fmt.Sprintf("%s%d-home", t.Name(), time.Now().Unix())
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}, volumes: map[string]string{volName: "/home/test"}})
require.NoError(t, err)
@@ -1551,33 +2101,6 @@ func TestMain(m *testing.M) {
m.Run()
}
-type gitServerOptions struct {
- files map[string]string
- username string
- password string
- authMW func(http.Handler) http.Handler
- tls bool
-}
-
-// createGitServer creates a git repository with an in-memory filesystem
-// and serves it over HTTP using a httptest.Server.
-func createGitServer(t *testing.T, opts gitServerOptions) *httptest.Server {
- t.Helper()
- if opts.authMW == nil {
- opts.authMW = mwtest.BasicAuthMW(opts.username, opts.password)
- }
- commits := make([]gittest.CommitFunc, 0)
- for path, content := range opts.files {
- commits = append(commits, gittest.Commit(t, path, content, "my test commit"))
- }
- fs := memfs.New()
- _ = gittest.NewRepo(t, fs, commits...)
- if opts.tls {
- return httptest.NewTLSServer(opts.authMW(gittest.NewServer(fs)))
- }
- return httptest.NewServer(opts.authMW(gittest.NewServer(fs)))
-}
-
func checkTestRegistry() {
resp, err := http.Get("http://localhost:5000/v2/_catalog")
if err != nil {
@@ -1612,13 +2135,101 @@ func cleanOldEnvbuilders() {
panic(err)
}
for _, ctr := range ctrs {
- cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
+ if err := cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
Force: true,
- })
+ }); err != nil {
+ _, _ = fmt.Fprintf(os.Stderr, "failed to remove old test container: %s\n", err.Error())
+ }
}
}
-type options struct {
+func pushImage(t *testing.T, ref name.Reference, remoteOpt remote.Option, env ...string) v1.Image {
+ t.Helper()
+
+ var remoteOpts []remote.Option
+ if remoteOpt != nil {
+ remoteOpts = append(remoteOpts, remoteOpt)
+ }
+
+ _, err := runEnvbuilder(t, runOpts{env: append(env, envbuilderEnv("PUSH_IMAGE", "1"))})
+ require.NoError(t, err, "envbuilder push image failed")
+
+ img, err := remote.Image(ref, remoteOpts...)
+ require.NoError(t, err, "expected image to be present after build + push")
+
+ // The image should have its directives replaced with those required
+ // to run envbuilder automatically
+ configFile, err := img.ConfigFile()
+ require.NoError(t, err, "expected image to return a config file")
+
+ assert.Equal(t, "root", configFile.Config.User, "user must be root")
+ assert.Equal(t, "/", configFile.Config.WorkingDir, "workdir must be /")
+ if assert.Len(t, configFile.Config.Entrypoint, 1) {
+ assert.Equal(t, "/.envbuilder/bin/envbuilder", configFile.Config.Entrypoint[0], "incorrect entrypoint")
+ }
+
+ require.False(t, t.Failed(), "pushImage failed")
+
+ return img
+}
+
+func getCachedImage(ctx context.Context, t *testing.T, cli *client.Client, env ...string) name.Reference {
+ ctrID, err := runEnvbuilder(t, runOpts{env: append(env, envbuilderEnv("GET_CACHED_IMAGE", "1"))})
+ require.NoError(t, err)
+
+ logs, err := cli.ContainerLogs(ctx, ctrID, container.LogsOptions{
+ ShowStdout: true,
+ ShowStderr: true,
+ })
+ require.NoError(t, err)
+ defer logs.Close()
+ logBytes, err := io.ReadAll(logs)
+ require.NoError(t, err)
+
+ re := regexp.MustCompile(`ENVBUILDER_CACHED_IMAGE=(\S+)`)
+ matches := re.FindStringSubmatch(string(logBytes))
+ require.Len(t, matches, 2, "envbuilder cached image not found")
+ ref, err := name.ParseReference(matches[1])
+ require.NoError(t, err, "failed to parse cached image reference")
+ return ref
+}
+
+func startContainerFromRef(ctx context.Context, t *testing.T, cli *client.Client, ref name.Reference) container.CreateResponse {
+ // Ensure that we can pull the image.
+ rc, err := cli.ImagePull(ctx, ref.String(), image.PullOptions{})
+ require.NoError(t, err)
+ t.Cleanup(func() { _ = rc.Close() })
+ _, err = io.Copy(io.Discard, rc)
+ require.NoError(t, err)
+
+ // Start the container.
+ ctr, err := cli.ContainerCreate(ctx, &container.Config{
+ Image: ref.String(),
+ Labels: map[string]string{
+ testContainerLabel: "true",
+ },
+ }, nil, nil, nil, "")
+ require.NoError(t, err)
+
+ t.Cleanup(func() {
+ // Start a new context to ensure that the container is removed.
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+ defer cancel()
+
+ _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
+ RemoveVolumes: true,
+ Force: true,
+ })
+ })
+
+ err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{})
+ require.NoError(t, err)
+
+ return ctr
+}
+
+type runOpts struct {
+ image string
binds []string
env []string
volumes map[string]string
@@ -1626,7 +2237,7 @@ type options struct {
// runEnvbuilder starts the envbuilder container with the given environment
// variables and returns the container ID.
-func runEnvbuilder(t *testing.T, options options) (string, error) {
+func runEnvbuilder(t *testing.T, opts runOpts) (string, error) {
t.Helper()
ctx := context.Background()
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
@@ -1635,7 +2246,7 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
cli.Close()
})
mounts := make([]mount.Mount, 0)
- for volName, volPath := range options.volumes {
+ for volName, volPath := range opts.volumes {
mounts = append(mounts, mount.Mount{
Type: mount.TypeVolume,
Source: volName,
@@ -1649,15 +2260,25 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
_ = cli.VolumeRemove(ctx, volName, true)
})
}
+ img := "envbuilder:latest"
+ if opts.image != "" {
+ // Pull the image first so we can start it afterwards.
+ rc, err := cli.ImagePull(ctx, opts.image, image.PullOptions{})
+ require.NoError(t, err, "failed to pull image")
+ t.Cleanup(func() { _ = rc.Close() })
+ _, err = io.Copy(io.Discard, rc)
+ require.NoError(t, err, "failed to read image pull response")
+ img = opts.image
+ }
ctr, err := cli.ContainerCreate(ctx, &container.Config{
- Image: "envbuilder:latest",
- Env: options.env,
+ Image: img,
+ Env: opts.env,
Labels: map[string]string{
testContainerLabel: "true",
},
}, &container.HostConfig{
NetworkMode: container.NetworkMode("host"),
- Binds: options.binds,
+ Binds: opts.binds,
Mounts: mounts,
}, nil, nil, "")
require.NoError(t, err)
@@ -1673,7 +2294,7 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
logChan, errChan := streamContainerLogs(t, cli, ctr.ID)
go func() {
for log := range logChan {
- if strings.HasPrefix(log, "=== Running the init command") {
+ if strings.HasPrefix(log, "=== Running init command") {
errChan <- nil
return
}
@@ -1746,5 +2367,5 @@ func streamContainerLogs(t *testing.T, cli *client.Client, containerID string) (
}
func envbuilderEnv(env string, value string) string {
- return fmt.Sprintf("%s=%s", envbuilder.WithEnvPrefix(env), value)
+ return fmt.Sprintf("%s=%s", options.WithEnvPrefix(env), value)
}
diff --git a/internal/chmodfs/chmodfs.go b/internal/chmodfs/chmodfs.go
new file mode 100644
index 00000000..1242417a
--- /dev/null
+++ b/internal/chmodfs/chmodfs.go
@@ -0,0 +1,21 @@
+package chmodfs
+
+import (
+ "os"
+
+ "github.com/go-git/go-billy/v5"
+)
+
+func New(fs billy.Filesystem) billy.Filesystem {
+ return &osfsWithChmod{
+ Filesystem: fs,
+ }
+}
+
+type osfsWithChmod struct {
+ billy.Filesystem
+}
+
+func (fs *osfsWithChmod) Chmod(name string, mode os.FileMode) error {
+ return os.Chmod(name, mode)
+}
diff --git a/internal/ebutil/libs.go b/internal/ebutil/libs.go
new file mode 100644
index 00000000..58206c0c
--- /dev/null
+++ b/internal/ebutil/libs.go
@@ -0,0 +1,86 @@
+package ebutil
+
+import (
+ "errors"
+ "fmt"
+ "os"
+ "path/filepath"
+)
+
+// Container runtimes like NVIDIA mount individual libraries into the container
+// (e.g. `.so.`) and create symlinks for them
+// (e.g. `.so.1`). This code helps with finding the right library
+// directory for the target Linux distribution as well as locating the symlinks.
+//
+// Please see [#143 (comment)] for further details.
+//
+// [#143 (comment)]: https://github.com/coder/envbuilder/issues/143#issuecomment-2192405828
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L29
+const usrLibDir = "/usr/lib64"
+
+const debianVersionFile = "/etc/debian_version"
+
+// libraryDirectoryPath returns the library directory. It returns a multiarch
+// directory if the distribution is Debian or a derivative.
+//
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/nvc_container.c#L152-L165
+func libraryDirectoryPath(m mounter) (string, error) {
+ // Debian and its derivatives use a multiarch directory scheme.
+ if _, err := m.Stat(debianVersionFile); err != nil && !errors.Is(err, os.ErrNotExist) {
+ return "", fmt.Errorf("check if debian: %w", err)
+ } else if err == nil {
+ return usrLibMultiarchDir, nil
+ }
+
+ return usrLibDir, nil
+}
+
+// libraryDirectorySymlinks returns a mapping of each library (basename) with a
+// list of their symlinks (basename). Libraries with no symlinks do not appear
+// in the mapping.
+func libraryDirectorySymlinks(m mounter, libDir string) (map[string][]string, error) {
+ des, err := m.ReadDir(libDir)
+ if err != nil {
+ return nil, fmt.Errorf("read directory %s: %w", libDir, err)
+ }
+
+ libsSymlinks := make(map[string][]string)
+ for _, de := range des {
+ if de.IsDir() {
+ continue
+ }
+
+ if de.Type()&os.ModeSymlink != os.ModeSymlink {
+ // Not a symlink. Skip.
+ continue
+ }
+
+ symlink := filepath.Join(libDir, de.Name())
+ path, err := m.EvalSymlinks(symlink)
+ if err != nil {
+ return nil, fmt.Errorf("eval symlink %s: %w", symlink, err)
+ }
+
+ path = filepath.Base(path)
+ if _, ok := libsSymlinks[path]; !ok {
+ libsSymlinks[path] = make([]string, 0, 1)
+ }
+
+ libsSymlinks[path] = append(libsSymlinks[path], de.Name())
+ }
+
+ return libsSymlinks, nil
+}
+
+// moveLibSymlinks moves a list of symlinks from source to destination directory.
+func moveLibSymlinks(m mounter, symlinks []string, srcDir, destDir string) error {
+ for _, l := range symlinks {
+ oldpath := filepath.Join(srcDir, l)
+ newpath := filepath.Join(destDir, l)
+ if err := m.Rename(oldpath, newpath); err != nil {
+ return fmt.Errorf("move symlink %s => %s: %w", oldpath, newpath, err)
+ }
+ }
+ return nil
+}
diff --git a/internal/ebutil/libs_amd64.go b/internal/ebutil/libs_amd64.go
new file mode 100644
index 00000000..b3f8230b
--- /dev/null
+++ b/internal/ebutil/libs_amd64.go
@@ -0,0 +1,7 @@
+//go:build amd64
+
+package ebutil
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L36
+
+const usrLibMultiarchDir = "/usr/lib/x86_64-linux-gnu"
diff --git a/internal/ebutil/libs_arm.go b/internal/ebutil/libs_arm.go
new file mode 100644
index 00000000..f73e3c44
--- /dev/null
+++ b/internal/ebutil/libs_arm.go
@@ -0,0 +1,7 @@
+//go:build arm
+
+package ebutil
+
+// This constant is for 64-bit systems. 32-bit ARM is not supported.
+// If ever it becomes supported, it should be handled with a `usrLib32MultiarchDir` constant.
+const usrLibMultiarchDir = "/var/empty"
diff --git a/internal/ebutil/libs_arm64.go b/internal/ebutil/libs_arm64.go
new file mode 100644
index 00000000..c76fb834
--- /dev/null
+++ b/internal/ebutil/libs_arm64.go
@@ -0,0 +1,7 @@
+//go:build arm64
+
+package ebutil
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L52
+
+const usrLibMultiarchDir = "/usr/lib/aarch64-linux-gnu"
diff --git a/internal/ebutil/mock_mounter_test.go b/internal/ebutil/mock_mounter_test.go
index 7445376a..4e664f4c 100644
--- a/internal/ebutil/mock_mounter_test.go
+++ b/internal/ebutil/mock_mounter_test.go
@@ -42,6 +42,21 @@ func (m *Mockmounter) EXPECT() *MockmounterMockRecorder {
return m.recorder
}
+// EvalSymlinks mocks base method.
+func (m *Mockmounter) EvalSymlinks(arg0 string) (string, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "EvalSymlinks", arg0)
+ ret0, _ := ret[0].(string)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// EvalSymlinks indicates an expected call of EvalSymlinks.
+func (mr *MockmounterMockRecorder) EvalSymlinks(arg0 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EvalSymlinks", reflect.TypeOf((*Mockmounter)(nil).EvalSymlinks), arg0)
+}
+
// GetMounts mocks base method.
func (m *Mockmounter) GetMounts() ([]*procfs.MountInfo, error) {
m.ctrl.T.Helper()
@@ -100,6 +115,35 @@ func (mr *MockmounterMockRecorder) OpenFile(arg0, arg1, arg2 any) *gomock.Call {
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenFile", reflect.TypeOf((*Mockmounter)(nil).OpenFile), arg0, arg1, arg2)
}
+// ReadDir mocks base method.
+func (m *Mockmounter) ReadDir(arg0 string) ([]os.DirEntry, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "ReadDir", arg0)
+ ret0, _ := ret[0].([]os.DirEntry)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// ReadDir indicates an expected call of ReadDir.
+func (mr *MockmounterMockRecorder) ReadDir(arg0 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReadDir", reflect.TypeOf((*Mockmounter)(nil).ReadDir), arg0)
+}
+
+// Rename mocks base method.
+func (m *Mockmounter) Rename(arg0, arg1 string) error {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "Rename", arg0, arg1)
+ ret0, _ := ret[0].(error)
+ return ret0
+}
+
+// Rename indicates an expected call of Rename.
+func (mr *MockmounterMockRecorder) Rename(arg0, arg1 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Rename", reflect.TypeOf((*Mockmounter)(nil).Rename), arg0, arg1)
+}
+
// Stat mocks base method.
func (m *Mockmounter) Stat(arg0 string) (os.FileInfo, error) {
m.ctrl.T.Helper()
diff --git a/internal/ebutil/remount.go b/internal/ebutil/remount.go
index f4a2b416..c6c6e6ed 100644
--- a/internal/ebutil/remount.go
+++ b/internal/ebutil/remount.go
@@ -1,6 +1,7 @@
package ebutil
import (
+ "errors"
"fmt"
"os"
"path/filepath"
@@ -8,7 +9,7 @@ import (
"sync"
"syscall"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/hashicorp/go-multierror"
"github.com/prometheus/procfs"
)
@@ -33,17 +34,27 @@ import (
// to restore the original mount points. If an error is encountered while attempting to perform
// the operation, calling the returned function will make a best-effort attempt to restore
// the original state.
-func TempRemount(logf func(notcodersdk.LogLevel, string, ...any), dest string, ignorePrefixes ...string) (restore func() error, err error,
+func TempRemount(logf log.Func, dest string, ignorePrefixes ...string) (restore func() error, err error,
) {
return tempRemount(&realMounter{}, logf, dest, ignorePrefixes...)
}
-func tempRemount(m mounter, logf func(notcodersdk.LogLevel, string, ...any), base string, ignorePrefixes ...string) (restore func() error, err error) {
+func tempRemount(m mounter, logf log.Func, base string, ignorePrefixes ...string) (restore func() error, err error) {
mountInfos, err := m.GetMounts()
if err != nil {
return func() error { return nil }, fmt.Errorf("get mounts: %w", err)
}
+ libDir, err := libraryDirectoryPath(m)
+ if err != nil {
+ return func() error { return nil }, fmt.Errorf("get lib directory: %w", err)
+ }
+
+ libsSymlinks, err := libraryDirectorySymlinks(m, libDir)
+ if err != nil && !errors.Is(err, os.ErrNotExist) {
+ return func() error { return nil }, fmt.Errorf("read lib symlinks: %w", err)
+ }
+
// temp move of all ro mounts
mounts := map[string]string{}
var restoreOnce sync.Once
@@ -51,8 +62,19 @@ func tempRemount(m mounter, logf func(notcodersdk.LogLevel, string, ...any), bas
// closer to attempt to restore original mount points
restore = func() error {
restoreOnce.Do(func() {
+ if len(mounts) == 0 {
+ return
+ }
+
+ newLibDir, err := libraryDirectoryPath(m)
+ if err != nil {
+ merr = multierror.Append(merr, fmt.Errorf("get new lib directory: %w", err))
+ return
+ }
+
for orig, moved := range mounts {
- if err := remount(m, moved, orig); err != nil {
+ logf(log.LevelDebug, "restore mount %s", orig)
+ if err := remount(m, moved, orig, newLibDir, libsSymlinks); err != nil {
merr = multierror.Append(merr, fmt.Errorf("restore mount: %w", err))
}
}
@@ -64,20 +86,21 @@ outer:
for _, mountInfo := range mountInfos {
// TODO: do this for all mounts
if _, ok := mountInfo.Options["ro"]; !ok {
- logf(notcodersdk.LogLevelTrace, "skip rw mount %s", mountInfo.MountPoint)
+ logf(log.LevelDebug, "skip rw mount %s", mountInfo.MountPoint)
continue
}
for _, prefix := range ignorePrefixes {
if strings.HasPrefix(mountInfo.MountPoint, prefix) {
- logf(notcodersdk.LogLevelTrace, "skip mount %s under ignored prefix %s", mountInfo.MountPoint, prefix)
+ logf(log.LevelDebug, "skip mount %s under ignored prefix %s", mountInfo.MountPoint, prefix)
continue outer
}
}
src := mountInfo.MountPoint
dest := filepath.Join(base, src)
- if err := remount(m, src, dest); err != nil {
+ logf(log.LevelDebug, "temp remount %s", src)
+ if err := remount(m, src, dest, libDir, libsSymlinks); err != nil {
return restore, fmt.Errorf("temp remount: %w", err)
}
@@ -87,30 +110,48 @@ outer:
return restore, nil
}
-func remount(m mounter, src, dest string) error {
+func remount(m mounter, src, dest, libDir string, libsSymlinks map[string][]string) error {
stat, err := m.Stat(src)
if err != nil {
return fmt.Errorf("stat %s: %w", src, err)
}
+
var destDir string
if stat.IsDir() {
destDir = dest
} else {
destDir = filepath.Dir(dest)
+ if destDir == usrLibDir || destDir == usrLibMultiarchDir {
+ // Restore mount to libDir
+ destDir = libDir
+ dest = filepath.Join(destDir, stat.Name())
+ }
}
+
if err := m.MkdirAll(destDir, 0o750); err != nil {
return fmt.Errorf("ensure path: %w", err)
}
+
if !stat.IsDir() {
f, err := m.OpenFile(dest, os.O_CREATE, 0o640)
if err != nil {
return fmt.Errorf("ensure file path: %w", err)
}
- defer f.Close()
+ // This ensure the file is created, it will not be used. It can be closed immediately.
+ f.Close()
+
+ if symlinks, ok := libsSymlinks[stat.Name()]; ok {
+ srcDir := filepath.Dir(src)
+ if err := moveLibSymlinks(m, symlinks, srcDir, destDir); err != nil {
+ return err
+ }
+ }
}
+
if err := m.Mount(src, dest, "bind", syscall.MS_BIND, ""); err != nil {
return fmt.Errorf("bind mount %s => %s: %w", src, dest, err)
}
+
if err := m.Unmount(src, 0); err != nil {
return fmt.Errorf("unmount orig src %s: %w", src, err)
}
@@ -131,6 +172,12 @@ type mounter interface {
Mount(string, string, string, uintptr, string) error
// Unmount wraps syscall.Unmount
Unmount(string, int) error
+ // ReadDir wraps os.ReadDir
+ ReadDir(string) ([]os.DirEntry, error)
+ // EvalSymlinks wraps filepath.EvalSymlinks
+ EvalSymlinks(string) (string, error)
+ // Rename wraps os.Rename
+ Rename(string, string) error
}
// realMounter implements mounter and actually does the thing.
@@ -161,3 +208,15 @@ func (m *realMounter) OpenFile(name string, flag int, perm os.FileMode) (*os.Fil
func (m *realMounter) Stat(path string) (os.FileInfo, error) {
return os.Stat(path)
}
+
+func (m *realMounter) ReadDir(name string) ([]os.DirEntry, error) {
+ return os.ReadDir(name)
+}
+
+func (m *realMounter) EvalSymlinks(path string) (string, error) {
+ return filepath.EvalSymlinks(path)
+}
+
+func (m *realMounter) Rename(oldpath, newpath string) error {
+ return os.Rename(oldpath, newpath)
+}
diff --git a/internal/ebutil/remount_internal_test.go b/internal/ebutil/remount_internal_test.go
index 41036177..8ff0440d 100644
--- a/internal/ebutil/remount_internal_test.go
+++ b/internal/ebutil/remount_internal_test.go
@@ -2,12 +2,13 @@ package ebutil
import (
"os"
+ "runtime"
"strings"
"syscall"
"testing"
time "time"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/mock/gomock"
@@ -15,6 +16,12 @@ import (
"github.com/prometheus/procfs"
)
+var expectedLibMultiarchDir = map[string]string{
+ "amd64": "/usr/lib/x86_64-linux-gnu",
+ "arm": "/var/empty",
+ "arm64": "/usr/lib/aarch64-linux-gnu",
+}
+
func Test_tempRemount(t *testing.T) {
t.Parallel()
@@ -26,11 +33,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(nil)
@@ -51,12 +61,15 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
mm.EXPECT().Mount("/usr/bin/utility", "/.test/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/usr/bin/utility", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
mm.EXPECT().MkdirAll("/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().OpenFile("/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
mm.EXPECT().Mount("/.test/usr/bin/utility", "/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
@@ -70,6 +83,202 @@ func Test_tempRemount(t *testing.T) {
_ = remount()
})
+ t.Run("OKLib", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("/usr/lib64/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", "/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibDebian", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, nil)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll(expectedLibMultiarchDir[runtime.GOARCH], os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibFromDebianToNotDebian", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, nil)
+ mm.EXPECT().ReadDir(expectedLibMultiarchDir[runtime.GOARCH]).Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks(expectedLibMultiarchDir[runtime.GOARCH]+"/lib-other.so").Return(expectedLibMultiarchDir[runtime.GOARCH]+"/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test"+expectedLibMultiarchDir[runtime.GOARCH], os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so", "/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(nil)
+ mm.EXPECT().Mount(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so", "/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibNoSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ }, nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
t.Run("IgnorePrefixes", func(t *testing.T) {
t.Parallel()
@@ -78,6 +287,8 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
remount, err := tempRemount(mm, fakeLog(t), "/.test", "/var/lib")
require.NoError(t, err)
@@ -97,6 +308,39 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrStatDebianVersion", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
+ t.Run("ErrReadLibDir", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
t.Run("ErrMkdirAll", func(t *testing.T) {
t.Parallel()
@@ -105,7 +349,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError)
remount, err := tempRemount(mm, fakeLog(t), "/.test")
@@ -114,6 +360,69 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrOpenFile", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
+ t.Run("ErrMoveSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
t.Run("ErrMountBind", func(t *testing.T) {
t.Parallel()
@@ -122,7 +431,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError)
@@ -140,7 +451,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(assert.AnError)
@@ -151,6 +464,28 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrRemountStatDebianVersion", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
+ mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
t.Run("ErrRemountMkdirAll", func(t *testing.T) {
t.Parallel()
@@ -159,11 +494,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError)
remount, err := tempRemount(mm, fakeLog(t), "/.test")
@@ -172,6 +510,82 @@ func Test_tempRemount(t *testing.T) {
require.ErrorContains(t, err, assert.AnError.Error())
})
+ t.Run("ErrRemountOpenFile", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/usr/bin/utility", "/.test/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/bin/utility", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
+ t.Run("ErrRemountMoveSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("/usr/lib64/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", "/usr/lib64/lib.so").Return(assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
t.Run("ErrRemountMountBind", func(t *testing.T) {
t.Parallel()
@@ -180,11 +594,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError)
@@ -202,11 +619,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(assert.AnError)
@@ -233,18 +653,19 @@ func fakeMounts(mounts ...string) []*procfs.MountInfo {
return m
}
-func fakeLog(t *testing.T) func(notcodersdk.LogLevel, string, ...any) {
+func fakeLog(t *testing.T) func(log.Level, string, ...any) {
t.Helper()
- return func(_ notcodersdk.LogLevel, s string, a ...any) {
+ return func(_ log.Level, s string, a ...any) {
t.Logf(s, a...)
}
}
type fakeFileInfo struct {
+ name string
isDir bool
}
-func (fi *fakeFileInfo) Name() string { return "" }
+func (fi *fakeFileInfo) Name() string { return fi.name }
func (fi *fakeFileInfo) Size() int64 { return 0 }
func (fi *fakeFileInfo) Mode() os.FileMode { return 0 }
func (fi *fakeFileInfo) ModTime() time.Time { return time.Time{} }
@@ -252,3 +673,16 @@ func (fi *fakeFileInfo) IsDir() bool { return fi.isDir }
func (fi *fakeFileInfo) Sys() any { return nil }
var _ os.FileInfo = &fakeFileInfo{}
+
+type fakeDirEntry struct {
+ name string
+ isDir bool
+ mode os.FileMode
+}
+
+func (de *fakeDirEntry) Name() string { return de.name }
+func (de *fakeDirEntry) IsDir() bool { return de.isDir }
+func (de *fakeDirEntry) Type() os.FileMode { return de.mode }
+func (de *fakeDirEntry) Info() (os.FileInfo, error) { return nil, nil }
+
+var _ os.DirEntry = &fakeDirEntry{}
diff --git a/internal/magicdir/magicdir.go b/internal/magicdir/magicdir.go
new file mode 100644
index 00000000..5e062514
--- /dev/null
+++ b/internal/magicdir/magicdir.go
@@ -0,0 +1,83 @@
+package magicdir
+
+import (
+ "fmt"
+ "path/filepath"
+)
+
+const (
+ // defaultMagicDirBase is the default working location for envbuilder.
+ // This is a special directory that must not be modified by the user
+ // or images. This is intentionally unexported.
+ defaultMagicDirBase = "/.envbuilder"
+
+ // TempDir is a directory inside the build context inside which
+ // we place files referenced by MagicDirectives.
+ TempDir = ".envbuilder.tmp"
+)
+
+var (
+ // Default is the default working directory for Envbuilder.
+ // This defaults to /.envbuilder. It should only be used when Envbuilder
+ // is known to be running as root inside a container.
+ Default MagicDir
+ // Directives are directives automatically appended to Dockerfiles
+ // when pushing the image. These directives allow the built image to be
+ // 're-used'.
+ Directives = fmt.Sprintf(`
+COPY --chmod=0755 %[1]s/envbuilder %[2]s/bin/envbuilder
+COPY --chmod=0644 %[1]s/image %[2]s/image
+USER root
+WORKDIR /
+ENTRYPOINT ["%[2]s/bin/envbuilder"]
+`, TempDir, defaultMagicDirBase)
+)
+
+// MagicDir is a working directory for envbuilder. It
+// will also be present in images built by envbuilder.
+type MagicDir struct {
+ base string
+}
+
+// At returns a MagicDir rooted at filepath.Join(paths...)
+func At(paths ...string) MagicDir {
+ if len(paths) == 0 {
+ return MagicDir{}
+ }
+ return MagicDir{base: filepath.Join(paths...)}
+}
+
+// Join returns the result of filepath.Join([m.Path, paths...]).
+func (m MagicDir) Join(paths ...string) string {
+ return filepath.Join(append([]string{m.Path()}, paths...)...)
+}
+
+// String returns the string representation of the MagicDir.
+func (m MagicDir) Path() string {
+ // Instead of the zero value, use defaultMagicDir.
+ if m.base == "" {
+ return defaultMagicDirBase
+ }
+ return m.base
+}
+
+// Built is a file that is created in the workspace
+// when envbuilder has already been run. This is used
+// to skip building when a container is restarting.
+// e.g. docker stop -> docker start
+func (m MagicDir) Built() string {
+ return m.Join("built")
+}
+
+// Image is a file that is created in the image when
+// envbuilder has already been run. This is used to skip
+// the destructive initial build step when 'resuming' envbuilder
+// from a previously built image.
+func (m MagicDir) Image() string {
+ return m.Join("image")
+}
+
+// Features is a directory that contains feature files.
+func (m MagicDir) Features() string {
+ return m.Join("features")
+}
diff --git a/internal/magicdir/magicdir_internal_test.go b/internal/magicdir/magicdir_internal_test.go
new file mode 100644
index 00000000..43b66ba0
--- /dev/null
+++ b/internal/magicdir/magicdir_internal_test.go
@@ -0,0 +1,38 @@
+package magicdir
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func Test_MagicDir(t *testing.T) {
+ t.Parallel()
+
+ t.Run("Default", func(t *testing.T) {
+ t.Parallel()
+ require.Equal(t, defaultMagicDirBase+"/foo", Default.Join("foo"))
+ require.Equal(t, defaultMagicDirBase, Default.Path())
+ require.Equal(t, defaultMagicDirBase+"/built", Default.Built())
+ require.Equal(t, defaultMagicDirBase+"/image", Default.Image())
+ })
+
+ t.Run("ZeroValue", func(t *testing.T) {
+ t.Parallel()
+ var md MagicDir
+ require.Equal(t, defaultMagicDirBase+"/foo", md.Join("foo"))
+ require.Equal(t, defaultMagicDirBase, md.Path())
+ require.Equal(t, defaultMagicDirBase+"/built", md.Built())
+ require.Equal(t, defaultMagicDirBase+"/image", md.Image())
+ })
+
+ t.Run("At", func(t *testing.T) {
+ t.Parallel()
+ tmpDir := t.TempDir()
+ md := At(tmpDir)
+ require.Equal(t, tmpDir+"/foo", md.Join("foo"))
+ require.Equal(t, tmpDir, md.Path())
+ require.Equal(t, tmpDir+"/built", md.Built())
+ require.Equal(t, tmpDir+"/image", md.Image())
+ })
+}
diff --git a/internal/notcodersdk/agentclient.go b/internal/notcodersdk/agentclient.go
deleted file mode 100644
index e65bc4cc..00000000
--- a/internal/notcodersdk/agentclient.go
+++ /dev/null
@@ -1,430 +0,0 @@
-package notcodersdk
-
-import (
- "bytes"
- "context"
- "encoding/json"
- "errors"
- "fmt"
- "io"
- "mime"
- "net/http"
- "net/http/httputil"
- "net/url"
- "strings"
- "sync"
- "time"
-
- "github.com/google/uuid"
- "golang.org/x/xerrors"
-)
-
-const (
- SessionTokenHeader = "Coder-Session-Token"
-)
-
-type AgentSubsystem string
-
-const (
- AgentSubsystemEnvbuilder AgentSubsystem = "envbuilder"
-)
-
-// ExternalLogSourceID is the statically-defined ID of a log-source that
-// appears as "External" in the dashboard.
-//
-// This is to support legacy API-consumers that do not create their own
-// log-source. This should be removed in the future.
-var ExternalLogSourceID = uuid.MustParse("3b579bf4-1ed8-4b99-87a8-e9a1e3410410")
-
-type LogLevel string
-
-const (
- LogLevelTrace LogLevel = "trace"
- LogLevelDebug LogLevel = "debug"
- LogLevelInfo LogLevel = "info"
- LogLevelWarn LogLevel = "warn"
- LogLevelError LogLevel = "error"
-)
-
-type Log struct {
- CreatedAt time.Time `json:"created_at"`
- Output string `json:"output"`
- Level LogLevel `json:"level"`
-}
-
-type PatchLogs struct {
- LogSourceID uuid.UUID `json:"log_source_id"`
- Logs []Log `json:"logs"`
-}
-
-// New returns a client that is used to interact with the
-// Coder API from a workspace agent.
-func New(serverURL *url.URL) *Client {
- return &Client{
- URL: serverURL,
- HTTPClient: &http.Client{},
- }
-}
-
-// Client wraps `notcodersdk.Client` with specific functions
-// scoped to a workspace agent.
-type Client struct {
- // mu protects the fields sessionToken, logger, and logBodies. These
- // need to be safe for concurrent access.
- mu sync.RWMutex
- sessionToken string
- logBodies bool
-
- HTTPClient *http.Client
- URL *url.URL
-
- // SessionTokenHeader is an optional custom header to use for setting tokens. By
- // default 'Coder-Session-Token' is used.
- SessionTokenHeader string
-
- // PlainLogger may be set to log HTTP traffic in a human-readable form.
- // It uses the LogBodies option.
- PlainLogger io.Writer
-}
-
-// SessionToken returns the currently set token for the client.
-func (c *Client) SessionToken() string {
- c.mu.RLock()
- defer c.mu.RUnlock()
- return c.sessionToken
-}
-
-// SetSessionToken returns the currently set token for the client.
-func (c *Client) SetSessionToken(token string) {
- c.mu.Lock()
- defer c.mu.Unlock()
- c.sessionToken = token
-}
-
-// PatchLogs writes log messages to the agent startup script.
-// Log messages are limited to 1MB in total.
-//
-// Deprecated: use the DRPCAgentClient.BatchCreateLogs instead
-func (c *Client) PatchLogs(ctx context.Context, req PatchLogs) error {
- res, err := c.Request(ctx, http.MethodPatch, "/api/v2/workspaceagents/me/logs", req)
- if err != nil {
- return err
- }
- defer res.Body.Close()
- if res.StatusCode != http.StatusOK {
- return ReadBodyAsError(res)
- }
- return nil
-}
-
-// RequestOption is a function that can be used to modify an http.Request.
-type RequestOption func(*http.Request)
-
-// Request performs a HTTP request with the body provided. The caller is
-// responsible for closing the response body.
-func (c *Client) Request(ctx context.Context, method, path string, body interface{}, opts ...RequestOption) (*http.Response, error) {
- serverURL, err := c.URL.Parse(path)
- if err != nil {
- return nil, xerrors.Errorf("parse url: %w", err)
- }
-
- var r io.Reader
- if body != nil {
- switch data := body.(type) {
- case io.Reader:
- r = data
- case []byte:
- r = bytes.NewReader(data)
- default:
- // Assume JSON in all other cases.
- buf := bytes.NewBuffer(nil)
- enc := json.NewEncoder(buf)
- enc.SetEscapeHTML(false)
- err = enc.Encode(body)
- if err != nil {
- return nil, xerrors.Errorf("encode body: %w", err)
- }
- r = buf
- }
- }
-
- // Copy the request body so we can log it.
- var reqBody []byte
- c.mu.RLock()
- logBodies := c.logBodies
- c.mu.RUnlock()
- if r != nil && logBodies {
- reqBody, err = io.ReadAll(r)
- if err != nil {
- return nil, xerrors.Errorf("read request body: %w", err)
- }
- r = bytes.NewReader(reqBody)
- }
-
- req, err := http.NewRequestWithContext(ctx, method, serverURL.String(), r)
- if err != nil {
- return nil, xerrors.Errorf("create request: %w", err)
- }
-
- tokenHeader := c.SessionTokenHeader
- if tokenHeader == "" {
- tokenHeader = SessionTokenHeader
- }
- req.Header.Set(tokenHeader, c.SessionToken())
-
- if r != nil {
- req.Header.Set("Content-Type", "application/json")
- }
- for _, opt := range opts {
- opt(req)
- }
-
- resp, err := c.HTTPClient.Do(req)
-
- // We log after sending the request because the HTTP Transport may modify
- // the request within Do, e.g. by adding headers.
- if resp != nil && c.PlainLogger != nil {
- out, err := httputil.DumpRequest(resp.Request, logBodies)
- if err != nil {
- return nil, xerrors.Errorf("dump request: %w", err)
- }
- out = prefixLines([]byte("http --> "), out)
- _, _ = c.PlainLogger.Write(out)
- }
-
- if err != nil {
- return nil, err
- }
-
- if c.PlainLogger != nil {
- out, err := httputil.DumpResponse(resp, logBodies)
- if err != nil {
- return nil, xerrors.Errorf("dump response: %w", err)
- }
- out = prefixLines([]byte("http <-- "), out)
- _, _ = c.PlainLogger.Write(out)
- }
-
- // Copy the response body so we can log it if it's a loggable mime type.
- var respBody []byte
- if resp.Body != nil && logBodies {
- mimeType := parseMimeType(resp.Header.Get("Content-Type"))
- if _, ok := loggableMimeTypes[mimeType]; ok {
- respBody, err = io.ReadAll(resp.Body)
- if err != nil {
- return nil, xerrors.Errorf("copy response body for logs: %w", err)
- }
- err = resp.Body.Close()
- if err != nil {
- return nil, xerrors.Errorf("close response body: %w", err)
- }
- resp.Body = io.NopCloser(bytes.NewReader(respBody))
- }
- }
-
- return resp, err
-}
-
-func parseMimeType(contentType string) string {
- mimeType, _, err := mime.ParseMediaType(contentType)
- if err != nil {
- mimeType = strings.TrimSpace(strings.Split(contentType, ";")[0])
- }
-
- return mimeType
-}
-
-// loggableMimeTypes is a list of MIME types that are safe to log
-// the output of. This is useful for debugging or testing.
-var loggableMimeTypes = map[string]struct{}{
- "application/json": {},
- "text/plain": {},
- // lots of webserver error pages are HTML
- "text/html": {},
-}
-
-func prefixLines(prefix, s []byte) []byte {
- ss := bytes.NewBuffer(make([]byte, 0, len(s)*2))
- for _, line := range bytes.Split(s, []byte("\n")) {
- _, _ = ss.Write(prefix)
- _, _ = ss.Write(line)
- _ = ss.WriteByte('\n')
- }
- return ss.Bytes()
-}
-
-// ReadBodyAsError reads the response as a codersdk.Response, and
-// wraps it in a codersdk.Error type for easy marshaling.
-//
-// This will always return an error, so only call it if the response failed
-// your expectations. Usually via status code checking.
-// nolint:staticcheck
-func ReadBodyAsError(res *http.Response) error {
- if res == nil {
- return xerrors.Errorf("no body returned")
- }
- defer res.Body.Close()
-
- var requestMethod, requestURL string
- if res.Request != nil {
- requestMethod = res.Request.Method
- if res.Request.URL != nil {
- requestURL = res.Request.URL.String()
- }
- }
-
- var helpMessage string
- if res.StatusCode == http.StatusUnauthorized {
- // 401 means the user is not logged in
- // 403 would mean that the user is not authorized
- helpMessage = "Try logging in using 'coder login'."
- }
-
- resp, err := io.ReadAll(res.Body)
- if err != nil {
- return xerrors.Errorf("read body: %w", err)
- }
-
- if mimeErr := ExpectJSONMime(res); mimeErr != nil {
- if len(resp) > 2048 {
- resp = append(resp[:2048], []byte("...")...)
- }
- if len(resp) == 0 {
- resp = []byte("no response body")
- }
- return &Error{
- statusCode: res.StatusCode,
- method: requestMethod,
- url: requestURL,
- Response: Response{
- Message: mimeErr.Error(),
- Detail: string(resp),
- },
- Helper: helpMessage,
- }
- }
-
- var m Response
- err = json.NewDecoder(bytes.NewBuffer(resp)).Decode(&m)
- if err != nil {
- if errors.Is(err, io.EOF) {
- return &Error{
- statusCode: res.StatusCode,
- Response: Response{
- Message: "empty response body",
- },
- Helper: helpMessage,
- }
- }
- return xerrors.Errorf("decode body: %w", err)
- }
- if m.Message == "" {
- if len(resp) > 1024 {
- resp = append(resp[:1024], []byte("...")...)
- }
- m.Message = fmt.Sprintf("unexpected status code %d, response has no message", res.StatusCode)
- m.Detail = string(resp)
- }
-
- return &Error{
- Response: m,
- statusCode: res.StatusCode,
- method: requestMethod,
- url: requestURL,
- Helper: helpMessage,
- }
-}
-
-// Response represents a generic HTTP response.
-type Response struct {
- // Message is an actionable message that depicts actions the request took.
- // These messages should be fully formed sentences with proper punctuation.
- // Examples:
- // - "A user has been created."
- // - "Failed to create a user."
- Message string `json:"message"`
- // Detail is a debug message that provides further insight into why the
- // action failed. This information can be technical and a regular golang
- // err.Error() text.
- // - "database: too many open connections"
- // - "stat: too many open files"
- Detail string `json:"detail,omitempty"`
- // Validations are form field-specific friendly error messages. They will be
- // shown on a form field in the UI. These can also be used to add additional
- // context if there is a set of errors in the primary 'Message'.
- Validations []ValidationError `json:"validations,omitempty"`
-}
-
-// ValidationError represents a scoped error to a user input.
-type ValidationError struct {
- Field string `json:"field" validate:"required"`
- Detail string `json:"detail" validate:"required"`
-}
-
-func (e ValidationError) Error() string {
- return fmt.Sprintf("field: %s detail: %s", e.Field, e.Detail)
-}
-
-var _ error = (*ValidationError)(nil)
-
-// Error represents an unaccepted or invalid request to the API.
-// @typescript-ignore Error
-type Error struct {
- Response
-
- statusCode int
- method string
- url string
-
- Helper string
-}
-
-func (e *Error) StatusCode() int {
- return e.statusCode
-}
-
-func (e *Error) Method() string {
- return e.method
-}
-
-func (e *Error) URL() string {
- return e.url
-}
-
-func (e *Error) Friendly() string {
- var sb strings.Builder
- _, _ = fmt.Fprintf(&sb, "%s. %s", strings.TrimSuffix(e.Message, "."), e.Helper)
- for _, err := range e.Validations {
- _, _ = fmt.Fprintf(&sb, "\n- %s: %s", err.Field, err.Detail)
- }
- return sb.String()
-}
-
-func (e *Error) Error() string {
- var builder strings.Builder
- if e.method != "" && e.url != "" {
- _, _ = fmt.Fprintf(&builder, "%v %v: ", e.method, e.url)
- }
- _, _ = fmt.Fprintf(&builder, "unexpected status code %d: %s", e.statusCode, e.Message)
- if e.Helper != "" {
- _, _ = fmt.Fprintf(&builder, ": %s", e.Helper)
- }
- if e.Detail != "" {
- _, _ = fmt.Fprintf(&builder, "\n\tError: %s", e.Detail)
- }
- for _, err := range e.Validations {
- _, _ = fmt.Fprintf(&builder, "\n\t%s: %s", err.Field, err.Detail)
- }
- return builder.String()
-}
-
-// ExpectJSONMime is a helper function that will assert the content type
-// of the response is application/json.
-func ExpectJSONMime(res *http.Response) error {
- contentType := res.Header.Get("Content-Type")
- mimeType := parseMimeType(contentType)
- if mimeType != "application/json" {
- return xerrors.Errorf("unexpected non-JSON response %q", contentType)
- }
- return nil
-}
diff --git a/internal/notcodersdk/doc.go b/internal/notcodersdk/doc.go
deleted file mode 100644
index cfa92db6..00000000
--- a/internal/notcodersdk/doc.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Package notcodersdk contains manually-vendored code from
-// github.com/coder/coder/v2/codersdk.
-//
-// This code is currently required for sending workspace build logs to
-// coder. It was manually vendored to avoid dependency issues.
-//
-// If the direct integration is moved outside of envbuilder,
-// this package can safely be removed.
-// See the below issues for context:
-// - https://github.com/coder/envbuilder/issues/178
-// - https://github.com/coder/coder/issues/11342
-// - https://github.com/coder/envbuilder/issues/193
-package notcodersdk
diff --git a/internal/notcodersdk/logs.go b/internal/notcodersdk/logs.go
deleted file mode 100644
index 6ca4aca8..00000000
--- a/internal/notcodersdk/logs.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package notcodersdk
-
-import (
- "context"
- "errors"
- "net/http"
- "time"
-
- "github.com/google/uuid"
- "golang.org/x/xerrors"
-
- "cdr.dev/slog"
- "github.com/coder/retry"
-)
-
-type logsSenderOptions struct {
- flushTimeout time.Duration
-}
-
-// LogsSender will send agent startup logs to the server. Calls to
-// sendLog are non-blocking and will return an error if flushAndClose
-// has been called. Calling sendLog concurrently is not supported. If
-// the context passed to flushAndClose is canceled, any remaining logs
-// will be discarded.
-//
-// Deprecated: Use NewLogSender instead, based on the v2 Agent API.
-func LogsSender(sourceID uuid.UUID, patchLogs func(ctx context.Context, req PatchLogs) error, logger slog.Logger, opts ...func(*logsSenderOptions)) (sendLog func(ctx context.Context, log ...Log) error, flushAndClose func(context.Context) error) {
- o := logsSenderOptions{
- flushTimeout: 250 * time.Millisecond,
- }
- for _, opt := range opts {
- opt(&o)
- }
-
- // The main context is used to close the sender goroutine and cancel
- // any outbound requests to the API. The shutdown context is used to
- // signal the sender goroutine to flush logs and then exit.
- ctx, cancel := context.WithCancel(context.Background())
- shutdownCtx, shutdown := context.WithCancel(ctx)
-
- // Synchronous sender, there can only be one outbound send at a time.
- sendDone := make(chan struct{})
- send := make(chan []Log, 1)
- go func() {
- // Set flushTimeout and backlogLimit so that logs are uploaded
- // once every 250ms or when 100 logs have been added to the
- // backlog, whichever comes first.
- backlogLimit := 100
-
- flush := time.NewTicker(o.flushTimeout)
-
- var backlog []Log
- defer func() {
- flush.Stop()
- if len(backlog) > 0 {
- logger.Warn(ctx, "startup logs sender exiting early, discarding logs", slog.F("discarded_logs_count", len(backlog)))
- }
- logger.Debug(ctx, "startup logs sender exited")
- close(sendDone)
- }()
-
- done := false
- for {
- flushed := false
- select {
- case <-ctx.Done():
- return
- case <-shutdownCtx.Done():
- done = true
-
- // Check queued logs before flushing.
- select {
- case logs := <-send:
- backlog = append(backlog, logs...)
- default:
- }
- case <-flush.C:
- flushed = true
- case logs := <-send:
- backlog = append(backlog, logs...)
- flushed = len(backlog) >= backlogLimit
- }
-
- if (done || flushed) && len(backlog) > 0 {
- flush.Stop() // Lower the chance of a double flush.
-
- // Retry uploading logs until successful or a specific
- // error occurs. Note that we use the main context here,
- // meaning these requests won't be interrupted by
- // shutdown.
- var err error
- for r := retry.New(time.Second, 5*time.Second); r.Wait(ctx); {
- err = patchLogs(ctx, PatchLogs{
- Logs: backlog,
- LogSourceID: sourceID,
- })
- if err == nil {
- break
- }
-
- if errors.Is(err, context.Canceled) {
- break
- }
- // This error is expected to be codersdk.Error, but it has
- // private fields so we can't fake it in tests.
- var statusErr interface{ StatusCode() int }
- if errors.As(err, &statusErr) {
- if statusErr.StatusCode() == http.StatusRequestEntityTooLarge {
- logger.Warn(ctx, "startup logs too large, discarding logs", slog.F("discarded_logs_count", len(backlog)), slog.Error(err))
- err = nil
- break
- }
- }
- logger.Error(ctx, "startup logs sender failed to upload logs, retrying later", slog.F("logs_count", len(backlog)), slog.Error(err))
- }
- if err != nil {
- return
- }
- backlog = nil
-
- // Anchor flush to the last log upload.
- flush.Reset(o.flushTimeout)
- }
- if done {
- return
- }
- }
- }()
-
- var queue []Log
- sendLog = func(callCtx context.Context, log ...Log) error {
- select {
- case <-shutdownCtx.Done():
- return xerrors.Errorf("closed: %w", shutdownCtx.Err())
- case <-callCtx.Done():
- return callCtx.Err()
- case queue = <-send:
- // Recheck to give priority to context cancellation.
- select {
- case <-shutdownCtx.Done():
- return xerrors.Errorf("closed: %w", shutdownCtx.Err())
- case <-callCtx.Done():
- return callCtx.Err()
- default:
- }
- // Queue has not been captured by sender yet, re-use.
- default:
- }
-
- queue = append(queue, log...)
- send <- queue // Non-blocking.
- queue = nil
-
- return nil
- }
- flushAndClose = func(callCtx context.Context) error {
- defer cancel()
- shutdown()
- select {
- case <-sendDone:
- return nil
- case <-callCtx.Done():
- cancel()
- <-sendDone
- return callCtx.Err()
- }
- }
- return sendLog, flushAndClose
-}
diff --git a/log.go b/log.go
deleted file mode 100644
index ad476c1d..00000000
--- a/log.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package envbuilder
-
-import (
- "io"
-
- "github.com/sirupsen/logrus"
-)
-
-// HijackLogrus hijacks the logrus logger and calls the callback for each log entry.
-// This is an abuse of logrus, the package that Kaniko uses, but it exposes
-// no other way to obtain the log entries.
-func HijackLogrus(callback func(entry *logrus.Entry)) {
- logrus.StandardLogger().SetOutput(io.Discard)
- logrus.StandardLogger().SetFormatter(&logrusFormatter{
- callback: callback,
- empty: []byte{},
- })
-}
-
-type logrusFormatter struct {
- callback func(entry *logrus.Entry)
- empty []byte
-}
-
-func (f *logrusFormatter) Format(entry *logrus.Entry) ([]byte, error) {
- f.callback(entry)
- return f.empty, nil
-}
diff --git a/log/coder.go b/log/coder.go
new file mode 100644
index 00000000..d31092d5
--- /dev/null
+++ b/log/coder.go
@@ -0,0 +1,184 @@
+package log
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/url"
+ "os"
+ "sync"
+ "time"
+
+ "cdr.dev/slog"
+ "cdr.dev/slog/sloggers/sloghuman"
+ "github.com/coder/coder/v2/agent/proto"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
+ "github.com/coder/retry"
+ "github.com/google/uuid"
+ "golang.org/x/mod/semver"
+)
+
+var (
+ // We set a relatively high connection timeout for the initial connection.
+ // There is an unfortunate race between the envbuilder container starting and the
+ // associated provisioner job completing.
+ rpcConnectTimeout = 30 * time.Second
+ logSendGracePeriod = 10 * time.Second
+ minAgentAPIV2 = "v2.9"
+)
+
+// Coder establishes a connection to the Coder instance located at coderURL and
+// authenticates using token. It then establishes a dRPC connection to the Agent
+// API and begins sending logs. If the version of Coder does not support the
+// Agent API, it will fall back to using the PatchLogs endpoint. The closer is
+// used to close the logger and to wait at most logSendGracePeriod for logs to
+// be sent. Cancelling the context will close the logs immediately without
+// waiting for logs to be sent.
+func Coder(ctx context.Context, coderURL *url.URL, token string) (logger Func, closer func(), err error) {
+ // To troubleshoot issues, we need some way of logging.
+ metaLogger := slog.Make(sloghuman.Sink(os.Stderr))
+ defer metaLogger.Sync()
+ client := initClient(coderURL, token)
+ bi, err := client.SDK.BuildInfo(ctx)
+ if err != nil {
+ return nil, nil, fmt.Errorf("get coder build version: %w", err)
+ }
+ if semver.Compare(semver.MajorMinor(bi.Version), minAgentAPIV2) < 0 {
+ metaLogger.Warn(ctx, "Detected Coder version incompatible with AgentAPI v2, falling back to deprecated API", slog.F("coder_version", bi.Version))
+ logger, closer = sendLogsV1(ctx, client, metaLogger.Named("send_logs_v1"))
+ return logger, closer, nil
+ }
+
+ // Create a new context so we can ensure the connection is torn down.
+ ctx, cancel := context.WithCancel(ctx)
+ defer func() {
+ if err != nil {
+ cancel()
+ }
+ }()
+ // Note that ctx passed to initRPC will be inherited by the
+ // underlying connection, nothing we can do about that here.
+ dac, err := initRPC(ctx, client, metaLogger.Named("init_rpc"))
+ if err != nil {
+ // Logged externally
+ return nil, nil, fmt.Errorf("init coder rpc client: %w", err)
+ }
+ ls := agentsdk.NewLogSender(metaLogger.Named("coder_log_sender"))
+ metaLogger.Warn(ctx, "Sending logs via AgentAPI v2", slog.F("coder_version", bi.Version))
+ logger, loggerCloser := sendLogsV2(ctx, dac, ls, metaLogger.Named("send_logs_v2"))
+ var closeOnce sync.Once
+ closer = func() {
+ loggerCloser()
+
+ closeOnce.Do(func() {
+ // Typically cancel would be after Close, but we want to be
+ // sure there's nothing that might block on Close.
+ cancel()
+ _ = dac.DRPCConn().Close()
+ })
+ }
+ return logger, closer, nil
+}
+
+type coderLogSender interface {
+ Enqueue(uuid.UUID, ...agentsdk.Log)
+ SendLoop(context.Context, agentsdk.LogDest) error
+ Flush(uuid.UUID)
+ WaitUntilEmpty(context.Context) error
+}
+
+func initClient(coderURL *url.URL, token string) *agentsdk.Client {
+ client := agentsdk.New(coderURL)
+ client.SetSessionToken(token)
+ return client
+}
+
+func initRPC(ctx context.Context, client *agentsdk.Client, l slog.Logger) (proto.DRPCAgentClient20, error) {
+ var c proto.DRPCAgentClient20
+ var err error
+ retryCtx, retryCancel := context.WithTimeout(ctx, rpcConnectTimeout)
+ defer retryCancel()
+ attempts := 0
+ for r := retry.New(100*time.Millisecond, time.Second); r.Wait(retryCtx); {
+ attempts++
+ // Maximize compatibility.
+ c, err = client.ConnectRPC20(ctx)
+ if err != nil {
+ l.Debug(ctx, "Failed to connect to Coder", slog.F("error", err), slog.F("attempt", attempts))
+ continue
+ }
+ break
+ }
+ if c == nil {
+ return nil, err
+ }
+ return proto.NewDRPCAgentClient(c.DRPCConn()), nil
+}
+
+// sendLogsV1 uses the PatchLogs endpoint to send logs.
+// This is deprecated, but required for backward compatibility with older versions of Coder.
+func sendLogsV1(ctx context.Context, client *agentsdk.Client, l slog.Logger) (logger Func, closer func()) {
+ // nolint: staticcheck // required for backwards compatibility
+ sendLog, flushAndClose := agentsdk.LogsSender(agentsdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{})
+ var mu sync.Mutex
+ return func(lvl Level, msg string, args ...any) {
+ log := agentsdk.Log{
+ CreatedAt: time.Now(),
+ Output: fmt.Sprintf(msg, args...),
+ Level: codersdk.LogLevel(lvl),
+ }
+ mu.Lock()
+ defer mu.Unlock()
+ if err := sendLog(ctx, log); err != nil {
+ l.Warn(ctx, "failed to send logs to Coder", slog.Error(err))
+ }
+ }, func() {
+ ctx, cancel := context.WithTimeout(ctx, logSendGracePeriod)
+ defer cancel()
+ if err := flushAndClose(ctx); err != nil {
+ l.Warn(ctx, "failed to flush logs", slog.Error(err))
+ }
+ }
+}
+
+// sendLogsV2 uses the v2 agent API to send logs. Only compatibile with coder versions >= 2.9.
+func sendLogsV2(ctx context.Context, dest agentsdk.LogDest, ls coderLogSender, l slog.Logger) (logger Func, closer func()) {
+ sendCtx, sendCancel := context.WithCancel(ctx)
+ done := make(chan struct{})
+ uid := uuid.New()
+ go func() {
+ defer close(done)
+ if err := ls.SendLoop(sendCtx, dest); err != nil {
+ if !errors.Is(err, context.Canceled) {
+ l.Warn(ctx, "failed to send logs to Coder", slog.Error(err))
+ }
+ }
+ }()
+
+ var closeOnce sync.Once
+ return func(l Level, msg string, args ...any) {
+ ls.Enqueue(uid, agentsdk.Log{
+ CreatedAt: time.Now(),
+ Output: fmt.Sprintf(msg, args...),
+ Level: codersdk.LogLevel(l),
+ })
+ }, func() {
+ closeOnce.Do(func() {
+ // Trigger a flush and wait for logs to be sent.
+ ls.Flush(uid)
+ ctx, cancel := context.WithTimeout(ctx, logSendGracePeriod)
+ defer cancel()
+ err := ls.WaitUntilEmpty(ctx)
+ if err != nil {
+ l.Warn(ctx, "log sender did not empty", slog.Error(err))
+ }
+
+ // Stop the send loop.
+ sendCancel()
+ })
+
+ // Wait for the send loop to finish.
+ <-done
+ }
+}
diff --git a/log/coder_internal_test.go b/log/coder_internal_test.go
new file mode 100644
index 00000000..8b8bb632
--- /dev/null
+++ b/log/coder_internal_test.go
@@ -0,0 +1,367 @@
+package log
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "math/rand"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "sync"
+ "testing"
+ "time"
+
+ "cdr.dev/slog/sloggers/slogtest"
+ "github.com/coder/coder/v2/agent/proto"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
+ "github.com/google/uuid"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestCoder(t *testing.T) {
+ t.Parallel()
+
+ t.Run("V1/OK", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ gotLogs := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(gotLogs) })
+ tokHdr := r.Header.Get(codersdk.SessionTokenHeader)
+ assert.Equal(t, token, tokHdr)
+ req, ok := decodeV1Logs(t, w, r)
+ if !ok {
+ return
+ }
+ if assert.Len(t, req.Logs, 1) {
+ assert.Equal(t, "hello world", req.Logs[0].Output)
+ assert.Equal(t, codersdk.LogLevelInfo, req.Logs[0].Level)
+ }
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ logger, _ := newCoderLogger(ctx, t, srv.URL, token)
+ logger(LevelInfo, "hello %s", "world")
+ <-gotLogs
+ })
+
+ t.Run("V1/Close", func(t *testing.T) {
+ t.Parallel()
+
+ var got []agentsdk.Log
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ req, ok := decodeV1Logs(t, w, r)
+ if !ok {
+ return
+ }
+ got = append(got, req.Logs...)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ logger, closer := newCoderLogger(ctx, t, srv.URL, uuid.NewString())
+ logger(LevelInfo, "1")
+ logger(LevelInfo, "2")
+ closer()
+ logger(LevelInfo, "3")
+ require.Len(t, got, 2)
+ assert.Equal(t, "1", got[0].Output)
+ assert.Equal(t, "2", got[1].Output)
+ })
+
+ t.Run("V1/ErrUnauthorized", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ authFailed := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(authFailed) })
+ w.WriteHeader(http.StatusUnauthorized)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ log, _, err := Coder(ctx, u, token)
+ require.NoError(t, err)
+ // defer closeLog()
+ log(LevelInfo, "hello %s", "world")
+ <-authFailed
+ })
+
+ t.Run("V1/ErrNotCoder", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerCalled := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ defer closeOnce.Do(func() { close(handlerCalled) })
+ _, _ = fmt.Fprintf(w, `hello world`)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "get coder build version")
+ require.ErrorContains(t, err, "unexpected non-JSON response")
+ <-handlerCalled
+ })
+
+ // In this test, we just fake out the DRPC server.
+ t.Run("V2/OK", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ld := &fakeLogDest{t: t}
+ ls := agentsdk.NewLogSender(slogtest.Make(t, nil))
+ logFunc, logsDone := sendLogsV2(ctx, ld, ls, slogtest.Make(t, nil))
+ defer logsDone()
+
+ // Send some logs
+ for i := 0; i < 10; i++ {
+ logFunc(LevelInfo, "info log %d", i+1)
+ }
+
+ // Cancel and wait for flush
+ cancel()
+ t.Logf("cancelled")
+ logsDone()
+
+ require.Len(t, ld.logs, 10)
+ })
+
+ // In this test, we just fake out the DRPC server.
+ t.Run("V2/Close", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ld := &fakeLogDest{t: t}
+ ls := agentsdk.NewLogSender(slogtest.Make(t, nil))
+ logger, closer := sendLogsV2(ctx, ld, ls, slogtest.Make(t, nil))
+ defer closer()
+
+ logger(LevelInfo, "1")
+ logger(LevelInfo, "2")
+ closer()
+ logger(LevelInfo, "3")
+
+ require.Len(t, ld.logs, 2)
+ })
+
+ // In this test, we validate that a 401 error on the initial connect
+ // results in a retry. When envbuilder initially attempts to connect
+ // using the Coder agent token, the workspace build may not yet have
+ // completed.
+ t.Run("V2/Retry", func(t *testing.T) {
+ t.Parallel()
+ ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+ defer cancel()
+
+ token := uuid.NewString()
+ done := make(chan struct{})
+ handlerSend := make(chan int)
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ t.Logf("test handler: %s", r.URL.Path)
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ code := <-handlerSend
+ t.Logf("test handler response: %d", code)
+ w.WriteHeader(code)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ var connectError error
+ go func() {
+ defer close(handlerSend)
+ defer close(done)
+ _, _, connectError = Coder(ctx, u, token)
+ }()
+
+ // Initial: unauthorized
+ handlerSend <- http.StatusUnauthorized
+ // 2nd try: still unauthorized
+ handlerSend <- http.StatusUnauthorized
+ // 3rd try: authorized
+ handlerSend <- http.StatusOK
+
+ cancel()
+
+ <-done
+ require.ErrorContains(t, connectError, "failed to WebSocket dial")
+ require.ErrorIs(t, connectError, context.Canceled)
+ })
+}
+
+//nolint:paralleltest // We need to replace a global timeout.
+func TestCoderRPCTimeout(t *testing.T) {
+ // This timeout is picked with the current subtests in mind, it
+ // should not be changed without good reason.
+ testReplaceTimeout(t, &rpcConnectTimeout, 500*time.Millisecond)
+
+ // In this test, we just stand up an endpoint that does not
+ // do dRPC. We'll try to connect, fail to websocket upgrade
+ // and eventually give up after rpcConnectTimeout.
+ t.Run("V2/Err", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerDone := make(chan struct{})
+ handlerWait := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(handlerDone) })
+ <-handlerWait
+ w.WriteHeader(http.StatusOK)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), rpcConnectTimeout/2)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "failed to WebSocket dial")
+ require.ErrorIs(t, err, context.DeadlineExceeded)
+ close(handlerWait)
+ <-handlerDone
+ })
+
+ t.Run("V2/Timeout", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerDone := make(chan struct{})
+ handlerWait := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(handlerDone) })
+ <-handlerWait
+ w.WriteHeader(http.StatusOK)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), rpcConnectTimeout*2)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "failed to WebSocket dial")
+ require.ErrorIs(t, err, context.DeadlineExceeded)
+ close(handlerWait)
+ <-handlerDone
+ })
+}
+
+func decodeV1Logs(t *testing.T, w http.ResponseWriter, r *http.Request) (agentsdk.PatchLogs, bool) {
+ t.Helper()
+ var req agentsdk.PatchLogs
+ err := json.NewDecoder(r.Body).Decode(&req)
+ if !assert.NoError(t, err) {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return req, false
+ }
+ return req, true
+}
+
+func newCoderLogger(ctx context.Context, t *testing.T, us string, token string) (Func, func()) {
+ t.Helper()
+ u, err := url.Parse(us)
+ require.NoError(t, err)
+ logger, closer, err := Coder(ctx, u, token)
+ require.NoError(t, err)
+ t.Cleanup(closer)
+ return logger, closer
+}
+
+type fakeLogDest struct {
+ t testing.TB
+ logs []*proto.Log
+}
+
+func (d *fakeLogDest) BatchCreateLogs(ctx context.Context, request *proto.BatchCreateLogsRequest) (*proto.BatchCreateLogsResponse, error) {
+ d.t.Logf("got %d logs, ", len(request.Logs))
+ d.logs = append(d.logs, request.Logs...)
+ return &proto.BatchCreateLogsResponse{}, nil
+}
+
+func testReplaceTimeout(t *testing.T, v *time.Duration, d time.Duration) {
+ t.Helper()
+ if isParallel(t) {
+ t.Fatal("cannot replace timeout in parallel test")
+ }
+ old := *v
+ *v = d
+ t.Cleanup(func() { *v = old })
+}
+
+func isParallel(t *testing.T) (ret bool) {
+ t.Helper()
+ // This is a hack to determine if the test is running in parallel
+ // via property of t.Setenv.
+ defer func() {
+ if r := recover(); r != nil {
+ ret = true
+ }
+ }()
+ // Random variable name to avoid collisions.
+ t.Setenv(fmt.Sprintf("__TEST_CHECK_IS_PARALLEL_%d", rand.Int()), "1")
+ return false
+}
diff --git a/log/log.go b/log/log.go
new file mode 100644
index 00000000..8519d6b0
--- /dev/null
+++ b/log/log.go
@@ -0,0 +1,76 @@
+package log
+
+import (
+ "bufio"
+ "fmt"
+ "io"
+ "strings"
+
+ "github.com/coder/coder/v2/codersdk"
+)
+
+type Func func(l Level, msg string, args ...any)
+
+type Level string
+
+// Below constants are the same as their codersdk equivalents.
+const (
+ LevelTrace = Level(codersdk.LogLevelTrace)
+ LevelDebug = Level(codersdk.LogLevelDebug)
+ LevelInfo = Level(codersdk.LogLevelInfo)
+ LevelWarn = Level(codersdk.LogLevelWarn)
+ LevelError = Level(codersdk.LogLevelError)
+)
+
+// New logs to the provided io.Writer.
+func New(w io.Writer, verbose bool) Func {
+ return func(l Level, msg string, args ...any) {
+ if !verbose {
+ switch l {
+ case LevelDebug, LevelTrace:
+ return
+ }
+ }
+ _, _ = fmt.Fprintf(w, msg, args...)
+ if !strings.HasSuffix(msg, "\n") {
+ _, _ = fmt.Fprintf(w, "\n")
+ }
+ }
+}
+
+// Wrap wraps the provided LogFuncs into a single Func.
+func Wrap(fs ...Func) Func {
+ return func(l Level, msg string, args ...any) {
+ for _, f := range fs {
+ f(l, msg, args...)
+ }
+ }
+}
+
+// Writer returns an io.Writer that logs all writes in a separate goroutine.
+// It is the responsibility of the caller to call the returned
+// function to stop the goroutine.
+func Writer(logf Func) (io.Writer, func()) {
+ pipeReader, pipeWriter := io.Pipe()
+ doneCh := make(chan struct{})
+ go func() {
+ defer pipeWriter.Close()
+ defer pipeReader.Close()
+ scanner := bufio.NewScanner(pipeReader)
+ for {
+ select {
+ case <-doneCh:
+ return
+ default:
+ if !scanner.Scan() {
+ return
+ }
+ logf(LevelInfo, "%s", scanner.Text())
+ }
+ }
+ }()
+ closer := func() {
+ close(doneCh)
+ }
+ return pipeWriter, closer
+}
diff --git a/log/log_test.go b/log/log_test.go
new file mode 100644
index 00000000..adeff7b1
--- /dev/null
+++ b/log/log_test.go
@@ -0,0 +1,29 @@
+package log_test
+
+import (
+ "strings"
+ "testing"
+
+ "github.com/coder/envbuilder/log"
+ "github.com/stretchr/testify/require"
+)
+
+func Test_Verbose(t *testing.T) {
+ t.Parallel()
+
+ t.Run("true", func(t *testing.T) {
+ var sb strings.Builder
+ l := log.New(&sb, true)
+ l(log.LevelDebug, "hello")
+ l(log.LevelInfo, "world")
+ require.Equal(t, "hello\nworld\n", sb.String())
+ })
+
+ t.Run("false", func(t *testing.T) {
+ var sb strings.Builder
+ l := log.New(&sb, false)
+ l(log.LevelDebug, "hello")
+ l(log.LevelInfo, "world")
+ require.Equal(t, "world\n", sb.String())
+ })
+}
diff --git a/log/logrus.go b/log/logrus.go
new file mode 100644
index 00000000..3d70b114
--- /dev/null
+++ b/log/logrus.go
@@ -0,0 +1,61 @@
+package log
+
+import (
+ "io"
+
+ "github.com/sirupsen/logrus"
+)
+
+// HijackLogrus hijacks the logrus logger and calls the callback for each log entry.
+// This is an abuse of logrus, the package that Kaniko uses, but it exposes
+// no other way to obtain the log entries.
+func HijackLogrus(lvl Level, callback func(entry *logrus.Entry)) {
+ logrus.StandardLogger().SetOutput(io.Discard)
+ logrus.StandardLogger().SetLevel(ToLogrus(lvl))
+ logrus.StandardLogger().SetFormatter(&logrusFormatter{
+ callback: callback,
+ empty: []byte{},
+ })
+}
+
+type logrusFormatter struct {
+ callback func(entry *logrus.Entry)
+ empty []byte
+}
+
+func (f *logrusFormatter) Format(entry *logrus.Entry) ([]byte, error) {
+ f.callback(entry)
+ return f.empty, nil
+}
+
+func ToLogrus(lvl Level) logrus.Level {
+ switch lvl {
+ case LevelTrace:
+ return logrus.TraceLevel
+ case LevelDebug:
+ return logrus.DebugLevel
+ case LevelInfo:
+ return logrus.InfoLevel
+ case LevelWarn:
+ return logrus.WarnLevel
+ case LevelError:
+ return logrus.ErrorLevel
+ default:
+ return logrus.InfoLevel
+ }
+}
+
+func FromLogrus(lvl logrus.Level) Level {
+ switch lvl {
+ case logrus.TraceLevel:
+ return LevelTrace
+ case logrus.DebugLevel:
+ return LevelDebug
+ case logrus.InfoLevel:
+ return LevelInfo
+ case logrus.WarnLevel:
+ return LevelWarn
+ default: // Error, Fatal, Panic
+ return LevelError
+ }
+}
diff --git a/log/logrus_test.go b/log/logrus_test.go
new file mode 100644
index 00000000..7b606696
--- /dev/null
+++ b/log/logrus_test.go
@@ -0,0 +1,110 @@
+package log_test
+
+import (
+ "context"
+ "testing"
+ "time"
+
+ "github.com/coder/envbuilder/log"
+ "github.com/sirupsen/logrus"
+ "github.com/stretchr/testify/require"
+)
+
+func TestHijackLogrus_Info(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelInfo, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ logrus.Debug("Debugging!")
+ // We should receive the below.
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Testing!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Warning!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func TestHijackLogrus_Debug(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelDebug, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ // We should receive the below.
+ logrus.Debug("Debugging!")
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Debugging!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Testing!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Warning!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func TestHijackLogrus_Error(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelError, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ logrus.Debug("Debugging!")
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ // We should receive the below.
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func rcvCtx[T any](ctx context.Context, t *testing.T, ch <-chan T) (v T) {
+ t.Helper()
+ select {
+ case <-ctx.Done():
+ t.Fatal("timeout")
+ case v = <-ch:
+ }
+ return v
+}
diff --git a/log_test.go b/log_test.go
deleted file mode 100644
index 63d5e6cd..00000000
--- a/log_test.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package envbuilder_test
-
-import (
- "testing"
-
- "github.com/coder/envbuilder"
- "github.com/sirupsen/logrus"
- "github.com/stretchr/testify/require"
-)
-
-func TestHijackLogrus(t *testing.T) {
- messages := make(chan *logrus.Entry, 1)
- envbuilder.HijackLogrus(func(entry *logrus.Entry) {
- messages <- entry
- })
- logrus.Infof("Testing!")
- message := <-messages
- require.Equal(t, "Testing!", message.Message)
-}
diff --git a/options/defaults.go b/options/defaults.go
new file mode 100644
index 00000000..220480d8
--- /dev/null
+++ b/options/defaults.go
@@ -0,0 +1,68 @@
+package options
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/go-git/go-billy/v5/osfs"
+
+ giturls "github.com/chainguard-dev/git-urls"
+ "github.com/coder/envbuilder/internal/chmodfs"
+ "github.com/coder/envbuilder/internal/magicdir"
+)
+
+// EmptyWorkspaceDir is the path to a workspace that has
+// nothing going on... it's empty!
+var EmptyWorkspaceDir = "/workspaces/empty"
+
+// DefaultWorkspaceFolder returns the default workspace folder
+// for a given repository URL.
+func DefaultWorkspaceFolder(repoURL string) string {
+ if repoURL == "" {
+ return EmptyWorkspaceDir
+ }
+ parsed, err := giturls.Parse(repoURL)
+ if err != nil {
+ return EmptyWorkspaceDir
+ }
+ name := strings.Split(parsed.Path, "/")
+ hasOwnerAndRepo := len(name) >= 2
+ if !hasOwnerAndRepo {
+ return EmptyWorkspaceDir
+ }
+ repo := strings.TrimSuffix(name[len(name)-1], ".git")
+ return fmt.Sprintf("/workspaces/%s", repo)
+}
+
+func (o *Options) SetDefaults() {
+ // Temporarily removed these from the default settings to prevent conflicts
+ // between current and legacy environment variables that add default values.
+ // Once the legacy environment variables are phased out, this can be
+ // reinstated to the previous default values.
+ if len(o.IgnorePaths) == 0 {
+ o.IgnorePaths = []string{
+ "/var/run",
+ // KinD adds these paths to pods, so ignore them by default.
+ "/product_uuid", "/product_name",
+ }
+ }
+ if o.InitScript == "" {
+ o.InitScript = "sleep infinity"
+ }
+ if o.InitCommand == "" {
+ o.InitCommand = "/bin/sh"
+ }
+
+ if o.Filesystem == nil {
+ o.Filesystem = chmodfs.New(osfs.New("/"))
+ }
+ if o.WorkspaceFolder == "" {
+ o.WorkspaceFolder = DefaultWorkspaceFolder(o.GitURL)
+ }
+ if o.BinaryPath == "" {
+ o.BinaryPath = "/.envbuilder/bin/envbuilder"
+ }
+ if o.MagicDirBase == "" {
+ o.MagicDirBase = magicdir.Default.Path()
+ }
+}
diff --git a/envbuilder_test.go b/options/defaults_test.go
similarity index 57%
rename from envbuilder_test.go
rename to options/defaults_test.go
index 6af599c9..4387c084 100644
--- a/envbuilder_test.go
+++ b/options/defaults_test.go
@@ -1,9 +1,14 @@
-package envbuilder_test
+package options_test
import (
"testing"
- "github.com/coder/envbuilder"
+ "github.com/coder/envbuilder/internal/chmodfs"
+ "github.com/go-git/go-billy/v5/osfs"
+
+ "github.com/stretchr/testify/assert"
+
+ "github.com/coder/envbuilder/options"
"github.com/stretchr/testify/require"
)
@@ -38,13 +43,12 @@ func TestDefaultWorkspaceFolder(t *testing.T) {
{
name: "empty",
gitURL: "",
- expected: envbuilder.EmptyWorkspaceDir,
+ expected: options.EmptyWorkspaceDir,
},
}
for _, tt := range successTests {
t.Run(tt.name, func(t *testing.T) {
- dir, err := envbuilder.DefaultWorkspaceFolder(tt.gitURL)
- require.NoError(t, err)
+ dir := options.DefaultWorkspaceFolder(tt.gitURL)
require.Equal(t, tt.expected, dir)
})
}
@@ -64,9 +68,27 @@ func TestDefaultWorkspaceFolder(t *testing.T) {
}
for _, tt := range invalidTests {
t.Run(tt.name, func(t *testing.T) {
- dir, err := envbuilder.DefaultWorkspaceFolder(tt.invalidURL)
- require.NoError(t, err)
- require.Equal(t, envbuilder.EmptyWorkspaceDir, dir)
+ dir := options.DefaultWorkspaceFolder(tt.invalidURL)
+ require.Equal(t, options.EmptyWorkspaceDir, dir)
})
}
}
+
+func TestOptions_SetDefaults(t *testing.T) {
+ t.Parallel()
+
+ expected := options.Options{
+ InitScript: "sleep infinity",
+ InitCommand: "/bin/sh",
+ IgnorePaths: []string{"/var/run", "/product_uuid", "/product_name"},
+ Filesystem: chmodfs.New(osfs.New("/")),
+ GitURL: "",
+ WorkspaceFolder: options.EmptyWorkspaceDir,
+ MagicDirBase: "/.envbuilder",
+ BinaryPath: "/.envbuilder/bin/envbuilder",
+ }
+
+ var actual options.Options
+ actual.SetDefaults()
+ assert.Equal(t, expected, actual)
+}
diff --git a/options.go b/options/options.go
similarity index 86%
rename from options.go
rename to options/options.go
index 2913fdea..18bd56d1 100644
--- a/options.go
+++ b/options/options.go
@@ -1,15 +1,17 @@
-package envbuilder
+package options
import (
+ "crypto/x509"
+ "encoding/base64"
+ "fmt"
+ "os"
"strings"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/coder/serpent"
"github.com/go-git/go-billy/v5"
)
-type LoggerFunc func(level notcodersdk.LogLevel, format string, args ...interface{})
-
// Options contains the configuration for the envbuilder.
type Options struct {
// SetupScript is the script to run before the init script. It runs as the
@@ -125,7 +127,9 @@ type Options struct {
// execute it after successful startup.
PostStartScriptPath string
// Logger is the logger to use for all operations.
- Logger LoggerFunc
+ Logger log.Func
+ // Verbose controls whether to send verbose logs.
+ Verbose bool
// Filesystem is the filesystem to use for all operations. Defaults to the
// host filesystem.
Filesystem billy.Filesystem
@@ -145,6 +149,23 @@ type Options struct {
// GetCachedImage is a flag to determine if the cached image is available,
// and if it is, to return it.
GetCachedImage bool
+
+ // RemoteRepoBuildMode uses the remote repository as the source of truth
+ // when building the image. Enabling this option ignores user changes to
+ // local files and they will not be reflected in the image. This can be
+ // used to improving cache utilization when multiple users are building
+ // working on the same repository.
+ RemoteRepoBuildMode bool
+
+ // BinaryPath is the path to the local envbuilder binary when
+ // attempting to probe the build cache. This is only relevant when
+ // GetCachedImage is true.
+ BinaryPath string
+
+ // MagicDirBase is the path to the directory where all envbuilder files should be
+ // stored. By default, this is set to `/.envbuilder`. This is intentionally
+ // excluded from the CLI options.
+ MagicDirBase string
}
const envPrefix = "ENVBUILDER_"
@@ -416,6 +437,30 @@ func (o *Options) CLI() serpent.OptionSet {
Description: "Print the digest of the cached image, if available. " +
"Exits with an error if not found.",
},
+ {
+ Flag: "binary-path",
+ Env: WithEnvPrefix("BINARY_PATH"),
+ Value: serpent.StringOf(&o.BinaryPath),
+ Hidden: true,
+ Description: "Specify the path to an Envbuilder binary for use when probing the build cache.",
+ },
+ {
+ Flag: "remote-repo-build-mode",
+ Env: WithEnvPrefix("REMOTE_REPO_BUILD_MODE"),
+ Value: serpent.BoolOf(&o.RemoteRepoBuildMode),
+ Default: "false",
+ Description: "Use the remote repository as the source of truth " +
+ "when building the image. Enabling this option ignores user changes " +
+ "to local files and they will not be reflected in the image. This can " +
+ "be used to improving cache utilization when multiple users are building " +
+ "working on the same repository.",
+ },
+ {
+ Flag: "verbose",
+ Env: WithEnvPrefix("VERBOSE"),
+ Value: serpent.BoolOf(&o.Verbose),
+ Description: "Enable verbose logging.",
+ },
}
// Add options without the prefix for backward compatibility. These options
@@ -457,6 +502,9 @@ func (o *Options) Markdown() string {
_, _ = sb.WriteString("| - | - | - | - |\n")
for _, opt := range cliOptions {
+ if opt.Hidden {
+ continue
+ }
d := opt.Default
if d != "" {
d = "`" + d + "`"
@@ -475,6 +523,26 @@ func (o *Options) Markdown() string {
return sb.String()
}
+func (o *Options) CABundle() ([]byte, error) {
+ if o.SSLCertBase64 == "" {
+ return nil, nil
+ }
+
+ certPool, err := x509.SystemCertPool()
+ if err != nil {
+ return nil, fmt.Errorf("get global system cert pool: %w", err)
+ }
+ data, err := base64.StdEncoding.DecodeString(o.SSLCertBase64)
+ if err != nil {
+ return nil, fmt.Errorf("base64 decode ssl cert: %w", err)
+ }
+ ok := certPool.AppendCertsFromPEM(data)
+ if !ok {
+ return nil, fmt.Errorf("failed to append the ssl cert to the global pool: %s", data)
+ }
+ return data, nil
+}
+
func skipDeprecatedOptions(options []serpent.Option) []serpent.Option {
var activeOptions []serpent.Option
@@ -487,3 +555,26 @@ func skipDeprecatedOptions(options []serpent.Option) []serpent.Option {
return activeOptions
}
+
+// UnsetEnv unsets all environment variables that are used
+// to configure the options.
+func UnsetEnv() {
+ var o Options
+ for _, opt := range o.CLI() {
+ if opt.Env == "" {
+ continue
+ }
+ // Do not strip options that do not have the magic prefix!
+ // For example, CODER_AGENT_URL, CODER_AGENT_TOKEN, CODER_AGENT_SUBSYSTEM.
+ if !strings.HasPrefix(opt.Env, envPrefix) {
+ continue
+ }
+ // Strip both with and without prefix.
+ _ = os.Unsetenv(opt.Env)
+ _ = os.Unsetenv(strings.TrimPrefix(opt.Env, envPrefix))
+ }
+
+ // Unset the Kaniko environment variable which we set it in the
+ // Dockerfile to ensure correct behavior during building.
+ _ = os.Unsetenv("KANIKO_DIR")
+}
diff --git a/options_test.go b/options/options_test.go
similarity index 88%
rename from options_test.go
rename to options/options_test.go
index e32af9e6..bf7a216c 100644
--- a/options_test.go
+++ b/options/options_test.go
@@ -1,4 +1,4 @@
-package envbuilder_test
+package options_test
import (
"bytes"
@@ -6,7 +6,8 @@ import (
"os"
"testing"
- "github.com/coder/envbuilder"
+ "github.com/coder/envbuilder/options"
+
"github.com/coder/serpent"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -16,50 +17,50 @@ import (
func TestEnvOptionParsing(t *testing.T) {
t.Run("string", func(t *testing.T) {
const val = "setup.sh"
- t.Setenv(envbuilder.WithEnvPrefix("SETUP_SCRIPT"), val)
+ t.Setenv(options.WithEnvPrefix("SETUP_SCRIPT"), val)
o := runCLI()
require.Equal(t, o.SetupScript, val)
})
t.Run("int", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("CACHE_TTL_DAYS"), "7")
+ t.Setenv(options.WithEnvPrefix("CACHE_TTL_DAYS"), "7")
o := runCLI()
require.Equal(t, o.CacheTTLDays, int64(7))
})
t.Run("string array", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("IGNORE_PATHS"), "/var,/temp")
+ t.Setenv(options.WithEnvPrefix("IGNORE_PATHS"), "/var,/temp")
o := runCLI()
require.Equal(t, o.IgnorePaths, []string{"/var", "/temp"})
})
t.Run("bool", func(t *testing.T) {
t.Run("lowercase", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "true")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "false")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "true")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "false")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("uppercase", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "TRUE")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "FALSE")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "TRUE")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "FALSE")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("numeric", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "1")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "0")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "1")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "0")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("empty", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "")
o := runCLI()
require.False(t, o.GitCloneSingleBranch)
})
@@ -142,7 +143,7 @@ var updateCLIOutputGoldenFiles = flag.Bool("update", false, "update options CLI
// TestCLIOutput tests that the default CLI output is as expected.
func TestCLIOutput(t *testing.T) {
- var o envbuilder.Options
+ var o options.Options
cmd := serpent.Command{
Use: "envbuilder",
Options: o.CLI(),
@@ -171,8 +172,8 @@ func TestCLIOutput(t *testing.T) {
}
}
-func runCLI() envbuilder.Options {
- var o envbuilder.Options
+func runCLI() options.Options {
+ var o options.Options
cmd := serpent.Command{
Options: o.CLI(),
Handler: func(inv *serpent.Invocation) error {
diff --git a/testdata/options.golden b/options/testdata/options.golden
similarity index 93%
rename from testdata/options.golden
rename to options/testdata/options.golden
index 73e68540..0bfbd64a 100644
--- a/testdata/options.golden
+++ b/options/testdata/options.golden
@@ -138,6 +138,13 @@ OPTIONS:
Push the built image to a remote registry. This option forces a
reproducible build.
+ --remote-repo-build-mode bool, $ENVBUILDER_REMOTE_REPO_BUILD_MODE (default: false)
+ Use the remote repository as the source of truth when building the
+ image. Enabling this option ignores user changes to local files and
+ they will not be reflected in the image. This can be used to improving
+ cache utilization when multiple users are building working on the same
+ repository.
+
--setup-script string, $ENVBUILDER_SETUP_SCRIPT
The script to run before the init script. It runs as the root user
regardless of the user specified in the devcontainer.json file.
@@ -155,6 +162,9 @@ OPTIONS:
The content of an SSL cert file. This is useful for self-signed
certificates.
+ --verbose bool, $ENVBUILDER_VERBOSE
+ Enable verbose logging.
+
--workspace-folder string, $ENVBUILDER_WORKSPACE_FOLDER
The path to the workspace folder that will be built. This is optional.
diff --git a/scripts/Dockerfile b/scripts/Dockerfile
index b8198a1d..6259407b 100644
--- a/scripts/Dockerfile
+++ b/scripts/Dockerfile
@@ -4,7 +4,5 @@ ARG TARGETARCH
COPY envbuilder-${TARGETARCH} /.envbuilder/bin/envbuilder
ENV KANIKO_DIR /.envbuilder
-# Kaniko looks for the Docker config at $DOCKER_CONFIG/config.json
-ENV DOCKER_CONFIG /.envbuilder
ENTRYPOINT ["/.envbuilder/bin/envbuilder"]
diff --git a/scripts/build.sh b/scripts/build.sh
index 2fac5e04..40545199 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,12 +1,12 @@
#!/usr/bin/env bash
-cd $(dirname "${BASH_SOURCE[0]}")
+cd "$(dirname "${BASH_SOURCE[0]}")"
set -euo pipefail
archs=()
push=false
base="envbuilder"
-tag="latest"
+tag=""
for arg in "$@"; do
if [[ $arg == --arch=* ]]; then
@@ -30,6 +30,10 @@ if [ ${#archs[@]} -eq 0 ]; then
archs=( "$current" )
fi
+if [[ -z "${tag}" ]]; then
+ tag=$(./version.sh)
+fi
+
# We have to use docker buildx to tag multiple images with
# platforms tragically, so we have to create a builder.
BUILDER_NAME="envbuilder"
@@ -46,15 +50,17 @@ fi
# Ensure the builder is bootstrapped and ready to use
docker buildx inspect --bootstrap &> /dev/null
+ldflags=(-X "'github.com/coder/envbuilder/buildinfo.tag=$tag'")
+
for arch in "${archs[@]}"; do
echo "Building for $arch..."
- GOARCH=$arch CGO_ENABLED=0 go build -o ./envbuilder-$arch ../cmd/envbuilder &
+ GOARCH=$arch CGO_ENABLED=0 go build -ldflags="${ldflags[*]}" -o "./envbuilder-${arch}" ../cmd/envbuilder &
done
wait
args=()
for arch in "${archs[@]}"; do
- args+=( --platform linux/$arch )
+ args+=( --platform "linux/${arch}" )
done
if [ "$push" = true ]; then
args+=( --push )
@@ -62,10 +68,12 @@ else
args+=( --load )
fi
-docker buildx build --builder $BUILDER_NAME "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile .
+# coerce semver build tags into something docker won't complain about
+tag="${tag//\+/-}"
+docker buildx build --builder $BUILDER_NAME "${args[@]}" -t "${base}:${tag}" -t "${base}:latest" -f Dockerfile .
# Check if archs contains the current. If so, then output a message!
-if [[ -z "${CI:-}" ]] && [[ " ${archs[@]} " =~ " ${current} " ]]; then
- docker tag $base:$tag envbuilder:latest
- echo "Tagged $current as envbuilder:latest!"
+if [[ -z "${CI:-}" ]] && [[ " ${archs[*]} " =~ ${current} ]]; then
+ docker tag "${base}:${tag}" envbuilder:latest
+ echo "Tagged $current as ${base}:${tag} ${base}:latest!"
fi
diff --git a/scripts/develop.sh b/scripts/develop.sh
index 8336eca7..c209c8aa 100755
--- a/scripts/develop.sh
+++ b/scripts/develop.sh
@@ -1,11 +1,11 @@
#!/usr/bin/env bash
-cd $(dirname "${BASH_SOURCE[0]}")
+cd "$(dirname "${BASH_SOURCE[0]}")"
set -euxo pipefail
-./build.sh
+./build.sh || exit 1
docker run --rm -it \
- -e GIT_URL=https://github.com/denoland/deno \
- -e INIT_SCRIPT="bash" \
+ -e ENVBUILDER_GIT_URL=https://github.com/denoland/deno \
+ -e ENVBUILDER_INIT_SCRIPT="bash" \
envbuilder:latest
diff --git a/scripts/diagram-dark.png b/scripts/diagram-dark.png
new file mode 100644
index 00000000..50476628
Binary files /dev/null and b/scripts/diagram-dark.png differ
diff --git a/scripts/diagram-dark.svg b/scripts/diagram-dark.svg
index 3cf09ba2..d3044acb 100644
--- a/scripts/diagram-dark.svg
+++ b/scripts/diagram-dark.svg
@@ -1,10 +1,10 @@
-Create Workspace Code Edit Dockerfile Restart Workspace
-Create Workspace Code Edit Dockerfile Restart Workspace
+ Create Workspace Code Edit Dockerfile Restart Workspace
-Create Workspace Code Edit Dockerfile Restart Workspace
+ 
+ 
- 
-