* Revert "Change cache key calculation to be more reproducible. (#525)"
This reverts commit 1ffae47fdd.
* Add logging of composition key back
* Do not include build args in cache key
This should be save, given that the commands will have the args included
when the cache key gets built.
This flag, when set, takes a file in the container and writes the image digest to it. This can be used to extract the exact digest of the built image by surrounding tooling without having to parse the logs from Kaniko, for example by pointing the file to a mounted volume or to a file used durint exit status, such as with Kubernetes' [Termination message policy](https://kubernetes.io/docs/tasks/debug-application-cluster/determine-reason-pod-failure/)]
When the flag is not set, the digest is not written to file and the executor behaves as before. The digest is also written to file in case of a tarball or a `--no-push`.
Closes#654
Latest BuildKit/img no longer necessarily requires procMount to be unmasked, by
not unsharing PID namespaces.
The current drawback of BuildKit/img compared to kaniko is that BuildKit/img
requires seccomp and AppArmor to be disabled so as to create nested containers.
https://github.com/moby/buildkit/pull/768https://github.com/genuinetools/img/pull/221
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
* Add parent directories of adding files
* Add integration Dockerfile to test parent directory permissions
* Remove unnecessary helper method
* Use a file on the internet for integration Dockerfile
This change calculates the exact files and directories needed between
stages used in the COPY command. Instead of saving the entire
stage as a tarball, we now save only the necessary files.
The main reason is to include the fixes from
https://github.com/google/go-containerregistry/pull/401. This should
fix the build+push to quay.io (with v2 schema enabled) cases.
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
- We were validating usernames/groupnames existed in etc/passwd. Docker does not do this
- We were incorrectly caching USER commands. This was fixed automatically by fixing the first part.
* Update go-containerregistry
Update go-containerregistry since it can now handle image names of the
format repo:tag@digest.
Should fix#535.
Thanks @ViceIce for the fix!
* update go-containerregistry again
The description of Buildah is a bit outdated, most importantly Buildah
does not require root privileges (anymore). Also provide a more
detailed description copied from github.com/containers/buildah.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Calculating a manifest from a v1.tarball is very expensive. We can
store those locally as well, and use them if they exist.
This should eventually be replaced with oci layout support once that exists
in ggcr.
and our snapshot optimizations.
If a previous base image has a volume, the directory is added to the
list of files to snapshot. That directory may not actually exist in the image.
* Set TarPath to empty when pushing a layer
* Fix issues with layer caching, noPush and tarPath.
- Layer caching should work even when tarPath is specified, so this
commit changes the value of tarPath to empty when caching layers.
- When an image is built with just the tarPath and noPush
is true, we should still create the tarBall (which wasn't happening
before this commit).
* Set no-push to false for cache layers
* Remove extra log
* go-imports fix
We previously had an optimization that would skip snapshotting mutli-stage images
when in an intermediate stage, until the very end.
This conflicted with another optimization to avoid snapshotting when no files had changed.
Before we were using the full image digest, but that contains a timestamp. Now
we only use the layers themselves and the image config (env vars, etc.).
Also fix a bug in unpacking the layers themselves. mtimes can change during unpacking,
so set them all once at the end.
Nao YONASHIRO
priyawadhwa
Gijs
Johannes 'fish' Ziemke
Jake Shadle
Akihiro Suda
Balint Pato
Johan Hernandez
Dirk Gustke
dlorenc
Daisuke Taniwaki
Jason Hall
Vincent Demeester
Anthony Weston
Valentin Rothberg
Fredrik Lönnegren
Shuhei Kitagawa
James Rawlings
Anurag Goel