From 67ff4df4b75d117a14363bce59aacd34c783c27c Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Tue, 16 Nov 2021 07:19:27 +0100 Subject: [PATCH] add `cgroup-parent`, `shm-size`, `ulimit` inputs Signed-off-by: CrazyMax --- .github/workflows/ci.yml | 80 +++++++++++++++++++++++++++++++ .github/workflows/e2e.yml | 2 +- .github/workflows/example.yml | 4 +- .github/workflows/virtual-env.yml | 2 +- README.md | 13 +++-- __tests__/context.test.ts | 56 ++++++++++++++++------ action.yml | 19 ++++++-- dist/index.js | 12 +++++ src/context.ts | 15 ++++++ test/cgroup.Dockerfile | 2 + test/shmsize.Dockerfile | 2 + test/ulimit.Dockerfile | 2 + 12 files changed, 181 insertions(+), 28 deletions(-) create mode 100644 test/cgroup.Dockerfile create mode 100644 test/shmsize.Dockerfile create mode 100644 test/ulimit.Dockerfile diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 063a36d..2f6fbae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -336,6 +336,86 @@ jobs: if: always() uses: crazy-max/ghaction-dump-context@v1 + shm-size: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/shmsize.Dockerfile + tags: name/app:latest + shm-size: 2g + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + ulimit: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/ulimit.Dockerfile + tags: name/app:latest + ulimit: | + nofile=1024:1024 + nproc=3 + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + + cgroup-parent: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + with: + version: v0.7.0 + driver-opts: | + image=moby/buildkit:master + - + name: Build + uses: ./ + with: + context: ./test + file: ./test/cgroup.Dockerfile + tags: name/app:latest + cgroup-parent: foo + - + name: Dump context + if: always() + uses: crazy-max/ghaction-dump-context@v1 + multi: runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e70538d..fd97e7c 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -3,7 +3,7 @@ name: e2e on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' push: branches: - master diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 0e2eb04..4ad2ab7 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -1,9 +1,9 @@ -# This workflow is provided just as an usage example and not for repo testing/verification +# This workflow is provided just as an example and not for repo testing/verification name: example on: schedule: - - cron: '0 10 * * 0' # everyday sunday at 10am + - cron: '0 10 * * 0' push: branches: - '**' diff --git a/.github/workflows/virtual-env.yml b/.github/workflows/virtual-env.yml index 1b7f44e..13c08a8 100644 --- a/.github/workflows/virtual-env.yml +++ b/.github/workflows/virtual-env.yml @@ -3,7 +3,7 @@ name: virtual-env on: workflow_dispatch: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' jobs: os: diff --git a/README.md b/README.md index f77ec79..ffd1ab4 100644 --- a/README.md +++ b/README.md @@ -190,11 +190,12 @@ Following inputs can be used as `step.with` keys | Name | Type | Description | |---------------------|----------|------------------------------------| -| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) | +| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `build-args` | List | List of build-time variables | -| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) | -| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) | +| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) | +| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) | +| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build | | `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) | | `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) | | `labels` | List | List of metadata for an image | @@ -205,11 +206,13 @@ Following inputs can be used as `step.with` keys | `platforms` | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build | | `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) | | `push` | Bool | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) | -| `secrets` | List | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) | -| `secret-files` | List | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) | +| `secrets` | List | List of secrets to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) | +| `secret-files` | List | List of secret files to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) | +| `shm-size` | String | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) | | `ssh` | List | List of SSH agent socket or keys to expose to the build | | `tags` | List/CSV | List of tags | | `target` | String | Sets the target stage to build | +| `ulimit` | List | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) | ### outputs diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts index bb917cf..7b6c164 100644 --- a/__tests__/context.test.ts +++ b/__tests__/context.test.ts @@ -147,7 +147,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -164,7 +164,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -183,7 +183,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -204,7 +204,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -224,7 +224,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -241,7 +241,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -259,7 +259,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -278,7 +278,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -301,7 +301,7 @@ describe('getArgs', () => { ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -336,7 +336,7 @@ ccc"`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -374,7 +374,7 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -404,7 +404,7 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -428,7 +428,7 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'false'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -450,7 +450,7 @@ ccc`], ['load', 'false'], ['no-cache', 'false'], ['push', 'true'], - ['pull', 'false'] + ['pull', 'false'], ]), [ 'buildx', @@ -463,6 +463,34 @@ ccc`], '.' ] ], + [ + 14, + '0.7.0', + new Map([ + ['context', '.'], + ['file', './test/Dockerfile'], + ['cgroup-parent', 'foo'], + ['shm-size', '2g'], + ['ulimit', `nofile=1024:1024 +nproc=3`], + ['load', 'false'], + ['no-cache', 'false'], + ['push', 'false'], + ['pull', 'false'], + ]), + [ + 'buildx', + 'build', + '--cgroup-parent', 'foo', + '--file', './test/Dockerfile', + '--iidfile', '/tmp/.docker-build-push-jest/iidfile', + '--shm-size', '2g', + '--ulimit', 'nofile=1024:1024', + '--ulimit', 'nproc=3', + '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file', + '.' + ] + ], ])( '[%d] given %p with %p as inputs, returns %p', async (num: number, buildxVersion: string, inputs: Map, expected: Array) => { diff --git a/action.yml b/action.yml index abcfe2f..9f94b26 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ branding: inputs: allow: - description: "List of extra privileged entitlement (eg. network.host,security.insecure)" + description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" required: false build-args: description: "List of build-time variables" @@ -17,10 +17,13 @@ inputs: description: "Builder instance" required: false cache-from: - description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)" + description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)" required: false cache-to: - description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)" + description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)" + required: false + cgroup-parent: + description: "Optional parent cgroup for the container used in the build" required: false context: description: "Build's context is the set of files located in the specified PATH or URL" @@ -57,10 +60,13 @@ inputs: required: false default: 'false' secrets: - description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)" + description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" required: false secret-files: - description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)" + description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" + required: false + shm-size: + description: "Size of /dev/shm (e.g., 2g)" required: false ssh: description: "List of SSH agent socket or keys to expose to the build" @@ -71,6 +77,9 @@ inputs: target: description: "Sets the target stage to build" required: false + ulimit: + description: "Ulimit options (e.g., nofile=1024:1024)" + required: false github-token: description: "GitHub Token used to authenticate against a repository for Git context" default: ${{ github.token }} diff --git a/dist/index.js b/dist/index.js index 2064a02..af2cd48 100644 --- a/dist/index.js +++ b/dist/index.js @@ -274,6 +274,7 @@ function getInputs(defaultContext) { builder: core.getInput('builder'), cacheFrom: yield getInputList('cache-from', true), cacheTo: yield getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: yield getInputList('labels', true), @@ -286,9 +287,11 @@ function getInputs(defaultContext) { push: core.getBooleanInput('push'), secrets: yield getInputList('secrets', true), secretFiles: yield getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: yield getInputList('ssh'), tags: yield getInputList('tags'), target: core.getInput('target'), + ulimit: yield getInputList('ulimit', true), githubToken: core.getInput('github-token') }; }); @@ -319,6 +322,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () { args.push('--cache-to', cacheTo); })); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); + } if (inputs.file) { args.push('--file', inputs.file); } @@ -353,6 +359,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', yield buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } yield exports.asyncForEach(inputs.ssh, (ssh) => __awaiter(this, void 0, void 0, function* () { args.push('--ssh', ssh); })); @@ -362,6 +371,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) { if (inputs.target) { args.push('--target', inputs.target); } + yield exports.asyncForEach(inputs.ulimit, (ulimit) => __awaiter(this, void 0, void 0, function* () { + args.push('--ulimit', ulimit); + })); return args; }); } diff --git a/src/context.ts b/src/context.ts index 0759ea4..e538ac7 100644 --- a/src/context.ts +++ b/src/context.ts @@ -18,6 +18,7 @@ export interface Inputs { builder: string; cacheFrom: string[]; cacheTo: string[]; + cgroupParent: string; context: string; file: string; labels: string[]; @@ -30,9 +31,11 @@ export interface Inputs { push: boolean; secrets: string[]; secretFiles: string[]; + shmSize: string; ssh: string[]; tags: string[]; target: string; + ulimit: string[]; githubToken: string; } @@ -68,6 +71,7 @@ export async function getInputs(defaultContext: string): Promise { builder: core.getInput('builder'), cacheFrom: await getInputList('cache-from', true), cacheTo: await getInputList('cache-to', true), + cgroupParent: core.getInput('cgroup-parent'), context: core.getInput('context') || defaultContext, file: core.getInput('file'), labels: await getInputList('labels', true), @@ -80,9 +84,11 @@ export async function getInputs(defaultContext: string): Promise { push: core.getBooleanInput('push'), secrets: await getInputList('secrets', true), secretFiles: await getInputList('secret-files', true), + shmSize: core.getInput('shm-size'), ssh: await getInputList('ssh'), tags: await getInputList('tags'), target: core.getInput('target'), + ulimit: await getInputList('ulimit', true), githubToken: core.getInput('github-token') }; } @@ -109,6 +115,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio await asyncForEach(inputs.cacheTo, async cacheTo => { args.push('--cache-to', cacheTo); }); + if (inputs.cgroupParent) { + args.push('--cgroup-parent', inputs.cgroupParent); + } if (inputs.file) { args.push('--file', inputs.file); } @@ -141,6 +150,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) { args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); } + if (inputs.shmSize) { + args.push('--shm-size', inputs.shmSize); + } await asyncForEach(inputs.ssh, async ssh => { args.push('--ssh', ssh); }); @@ -150,6 +162,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio if (inputs.target) { args.push('--target', inputs.target); } + await asyncForEach(inputs.ulimit, async ulimit => { + args.push('--ulimit', ulimit); + }); return args; } diff --git a/test/cgroup.Dockerfile b/test/cgroup.Dockerfile new file mode 100644 index 0000000..d030144 --- /dev/null +++ b/test/cgroup.Dockerfile @@ -0,0 +1,2 @@ +FROM alpine +RUN cat /proc/self/cgroup diff --git a/test/shmsize.Dockerfile b/test/shmsize.Dockerfile new file mode 100644 index 0000000..0524f22 --- /dev/null +++ b/test/shmsize.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN mount | grep /dev/shm diff --git a/test/ulimit.Dockerfile b/test/ulimit.Dockerfile new file mode 100644 index 0000000..279e706 --- /dev/null +++ b/test/ulimit.Dockerfile @@ -0,0 +1,2 @@ +FROM busybox +RUN ulimit -a