Skip to content

Commit

Permalink
Merge pull request #412 from crazy-max/docker-disable-dct
Browse files Browse the repository at this point in the history
disable DCT for docker commands
  • Loading branch information
crazy-max authored Jul 17, 2024
2 parents d283be9 + d36bef4 commit 163d33a
Show file tree
Hide file tree
Showing 5 changed files with 148 additions and 35 deletions.
113 changes: 98 additions & 15 deletions __tests__/docker/docker.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import osm = require('os');
import * as rimraf from 'rimraf';

import {Docker} from '../../src/docker/docker';
import {Exec} from '../../src/exec';

import {ConfigFile} from '../../src/types/docker/docker';

Expand Down Expand Up @@ -105,48 +104,132 @@ describe('isAvailable', () => {
});
});

describe('exec', () => {
it('returns docker version', async () => {
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.exec(['version'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
expect(Object.keys(callfunc[1]?.env || {}).length).toBeGreaterThan(0);
const env = callfunc[1]?.env;
expect(env).toHaveProperty('DOCKER_CONTENT_TRUST');
expect(env?.DOCKER_CONTENT_TRUST).toBe('false');
if (callfunc[1]?.env) {
// already checked env
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['version'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});

describe('getExecOutput', () => {
it('returns docker version', async () => {
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.getExecOutput(['version'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
expect(Object.keys(callfunc[1]?.env || {}).length).toBeGreaterThan(0);
const env = callfunc[1]?.env;
expect(env).toHaveProperty('DOCKER_CONTENT_TRUST');
expect(env?.DOCKER_CONTENT_TRUST).toBe('false');
if (callfunc[1]?.env) {
// already checked env
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['version'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});

describe('context', () => {
it('call docker context show', async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput');
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.context().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['context', 'inspect', '--format', '{{.Name}}'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['context', 'inspect', '--format', '{{.Name}}'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});

describe('contextInspect', () => {
it('call docker context inspect', async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput');
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.contextInspect('foo').catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['context', 'inspect', '--format=json', 'foo'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['context', 'inspect', '--format=json', 'foo'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});

describe('printVersion', () => {
it('call docker version', async () => {
const execSpy = jest.spyOn(Exec, 'exec');
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.printVersion().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['version']);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([['version']]);
});
});

describe('printInfo', () => {
it('call docker info', async () => {
const execSpy = jest.spyOn(Exec, 'exec');
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.printInfo().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['info']);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([['info']]);
});
});
6 changes: 3 additions & 3 deletions src/buildkit/buildkit.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ import * as semver from 'semver';

import {Buildx} from '../buildx/buildx';
import {Builder} from '../buildx/builder';
import {Docker} from '../docker/docker';
import {Config} from './config';
import {Exec} from '../exec';

import {BuilderInfo, NodeInfo} from '../types/buildx/builder';

Expand Down Expand Up @@ -51,13 +51,13 @@ export class BuildKit {

private async getVersionWithinImage(nodeName: string): Promise<string> {
core.debug(`BuildKit.getVersionWithinImage nodeName: ${nodeName}`);
return Exec.getExecOutput(`docker`, ['inspect', '--format', '{{.Config.Image}}', `${Buildx.containerNamePrefix}${nodeName}`], {
return Docker.getExecOutput(['inspect', '--format', '{{.Config.Image}}', `${Buildx.containerNamePrefix}${nodeName}`], {
ignoreReturnCode: true,
silent: true
}).then(bkitimage => {
if (bkitimage.exitCode == 0 && bkitimage.stdout.length > 0) {
core.debug(`BuildKit.getVersionWithinImage image: ${bkitimage.stdout.trim()}`);
return Exec.getExecOutput(`docker`, ['run', '--rm', bkitimage.stdout.trim(), '--version'], {
return Docker.getExecOutput(['run', '--rm', bkitimage.stdout.trim(), '--version'], {
ignoreReturnCode: true,
silent: true
}).then(bkitversion => {
Expand Down
6 changes: 5 additions & 1 deletion src/buildx/history.ts
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,11 @@ export class History {
]
core.info(`[command]docker ${dockerRunArgs.join(' ')}`);
dockerRunProc = spawn('docker', dockerRunArgs, {
stdio: ['pipe', 'pipe', 'inherit']
stdio: ['pipe', 'pipe', 'inherit'],
env: {
...process.env,
DOCKER_CONTENT_TRUST: 'false'
}
});
fs.createReadStream(buildxOutFifoPath).pipe(dockerRunProc.stdin);
dockerRunProc.stdout.pipe(fs.createWriteStream(buildxInFifoPath));
Expand Down
39 changes: 32 additions & 7 deletions src/docker/docker.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import fs from 'fs';
import os from 'os';
import path from 'path';
import * as core from '@actions/core';
import {ExecOptions, ExecOutput} from '@actions/exec';
import * as io from '@actions/io';

import {Context} from '../context';
Expand Down Expand Up @@ -53,12 +54,36 @@ export class Docker {
});
}

public static async exec(args?: string[], options?: ExecOptions): Promise<number> {
return Exec.exec('docker', args, Docker.execOptions(options));
}

public static async getExecOutput(args?: string[], options?: ExecOptions): Promise<ExecOutput> {
return Exec.getExecOutput('docker', args, Docker.execOptions(options));
}

private static execOptions(options?: ExecOptions): ExecOptions {
if (!options) {
options = {};
}
if (!options.env) {
options.env = Object.assign({}, process.env, {
DOCKER_CONTENT_TRUST: 'false'
}) as {
[key: string]: string;
};
} else {
options.env.DOCKER_CONTENT_TRUST = 'false';
}
return options;
}

public static async context(name?: string): Promise<string> {
const args = ['context', 'inspect', '--format', '{{.Name}}'];
if (name) {
args.push(name);
}
return await Exec.getExecOutput(`docker`, args, {
return await Docker.getExecOutput(args, {
ignoreReturnCode: true,
silent: true
}).then(res => {
Expand All @@ -74,7 +99,7 @@ export class Docker {
if (name) {
args.push(name);
}
return await Exec.getExecOutput(`docker`, args, {
return await Docker.getExecOutput(args, {
ignoreReturnCode: true,
silent: true
}).then(res => {
Expand All @@ -86,11 +111,11 @@ export class Docker {
}

public static async printVersion(): Promise<void> {
await Exec.exec('docker', ['version']);
await Docker.exec(['version']);
}

public static async printInfo(): Promise<void> {
await Exec.exec('docker', ['info']);
await Docker.exec(['info']);
}

public static parseRepoTag(image: string): {repository: string; tag: string} {
Expand Down Expand Up @@ -138,7 +163,7 @@ export class Docker {
cacheFoundPath = await imageCache.find();
if (cacheFoundPath) {
core.info(`Image found from cache in ${cacheFoundPath}`);
await Exec.getExecOutput(`docker`, ['load', '-i', cacheFoundPath], {
await Docker.getExecOutput(['load', '-i', cacheFoundPath], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
Expand All @@ -149,7 +174,7 @@ export class Docker {
}

let pulled = true;
await Exec.getExecOutput(`docker`, ['pull', image], {
await Docker.getExecOutput(['pull', image], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
Expand All @@ -165,7 +190,7 @@ export class Docker {

if (cache && pulled) {
const imageTarPath = path.join(Context.tmpDir(), `${Util.hash(image)}.tar`);
await Exec.getExecOutput(`docker`, ['save', '-o', imageTarPath, image], {
await Docker.getExecOutput(['save', '-o', imageTarPath, image], {
ignoreReturnCode: true
}).then(async res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
Expand Down
19 changes: 10 additions & 9 deletions src/docker/install.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import * as io from '@actions/io';
import * as tc from '@actions/tool-cache';

import {Context} from '../context';
import {Docker} from './docker';
import {Exec} from '../exec';
import {Util} from '../util';
import {limaYamlData, dockerServiceLogsPs1, setupDockerWinPs1} from './assets';
Expand Down Expand Up @@ -219,8 +220,8 @@ export class Install {
});

await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});

return dockerHost;
Expand Down Expand Up @@ -309,8 +310,8 @@ EOF`,
});

await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});

return dockerHost;
Expand Down Expand Up @@ -352,8 +353,8 @@ EOF`,
});

await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});

return dockerHost;
Expand Down Expand Up @@ -395,7 +396,7 @@ EOF`,
await Exec.exec('limactl', ['delete', '--tty=false', this.limaInstanceName, '--force']);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
await core.group(`Cleaning up runDir`, async () => {
await Exec.exec('sudo', ['rm', '-rf', this.runDir]);
Expand All @@ -411,7 +412,7 @@ EOF`,
await Util.sleep(5);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
await core.group(`Cleaning up runDir`, async () => {
await Exec.exec('sudo', ['rm', '-rf', this.runDir], {
Expand All @@ -427,7 +428,7 @@ EOF`,
await Exec.exec(logCmd.command, logCmd.args);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
}

Expand Down

0 comments on commit 163d33a

Please sign in to comment.