/* Copyright 2018 Google LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package dockerfile import ( "bytes" "fmt" "io/ioutil" "net/http" "regexp" "strconv" "strings" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/sirupsen/logrus" "github.com/GoogleContainerTools/kaniko/pkg/config" "github.com/GoogleContainerTools/kaniko/pkg/util" "github.com/moby/buildkit/frontend/dockerfile/instructions" "github.com/moby/buildkit/frontend/dockerfile/parser" "github.com/pkg/errors" ) func ParseStages(opts *config.KanikoOptions) ([]instructions.Stage, []instructions.ArgCommand, error) { var err error var d []uint8 match, _ := regexp.MatchString("^https?://", opts.DockerfilePath) if match { response, e := http.Get(opts.DockerfilePath) //nolint:noctx if e != nil { return nil, nil, e } d, err = ioutil.ReadAll(response.Body) } else { d, err = ioutil.ReadFile(opts.DockerfilePath) } if err != nil { return nil, nil, errors.Wrap(err, fmt.Sprintf("reading dockerfile at path %s", opts.DockerfilePath)) } stages, metaArgs, err := Parse(d) if err != nil { return nil, nil, errors.Wrap(err, "parsing dockerfile") } if opts.CacheCopyLayers && len(stages) >= 2 { return nil, nil, errors.New("kaniko does not support caching copy layers in multistage builds") } metaArgs, err = expandNested(metaArgs, opts.BuildArgs) if err != nil { return nil, nil, errors.Wrap(err, "expanding meta ARGs") } return stages, metaArgs, nil } // baseImageIndex returns the index of the stage the current stage is built off // returns -1 if the current stage isn't built off a previous stage func baseImageIndex(currentStage int, stages []instructions.Stage) int { currentStageBaseName := strings.ToLower(stages[currentStage].BaseName) for i, stage := range stages { if i > currentStage { break } if stage.Name == currentStageBaseName { return i } } return -1 } // Parse parses the contents of a Dockerfile and returns a list of commands func Parse(b []byte) ([]instructions.Stage, []instructions.ArgCommand, error) { p, err := parser.Parse(bytes.NewReader(b)) if err != nil { return nil, nil, err } stages, metaArgs, err := instructions.Parse(p.AST) if err != nil { return nil, nil, err } metaArgs, err = stripEnclosingQuotes(metaArgs) if err != nil { return nil, nil, err } return stages, metaArgs, nil } // expandNestedArgs tries to resolve nested ARG value against the previously defined ARGs func expandNested(metaArgs []instructions.ArgCommand, buildArgs []string) ([]instructions.ArgCommand, error) { var prevArgs []string for i, marg := range metaArgs { for j, arg := range marg.Args { v := arg.Value if v != nil { val, err := util.ResolveEnvironmentReplacement(*v, append(prevArgs, buildArgs...), false) if err != nil { return nil, err } prevArgs = append(prevArgs, arg.Key+"="+val) arg.Value = &val metaArgs[i].Args[j] = arg } } } return metaArgs, nil } // stripEnclosingQuotes removes quotes enclosing the value of each instructions.ArgCommand in a slice // if the quotes are escaped it leaves them func stripEnclosingQuotes(metaArgs []instructions.ArgCommand) ([]instructions.ArgCommand, error) { for i, marg := range metaArgs { for j, arg := range marg.Args { v := arg.Value if v != nil { val, err := extractValFromQuotes(*v) if err != nil { return nil, err } arg.Value = &val metaArgs[i].Args[j] = arg } } } return metaArgs, nil } func extractValFromQuotes(val string) (string, error) { backSlash := byte('\\') if len(val) < 2 { return val, nil } var leader string var tail string switch char := val[0]; char { case '\'', '"': leader = string([]byte{char}) case backSlash: switch char := val[1]; char { case '\'', '"': leader = string([]byte{backSlash, char}) } } // If the length of leader is greater than one then it must be an escaped // character. if len(leader) < 2 { switch char := val[len(val)-1]; char { case '\'', '"': tail = string([]byte{char}) } } else { switch char := val[len(val)-2:]; char { case `\'`, `\"`: tail = char } } if leader != tail { logrus.Infof("Leader %s tail %s", leader, tail) return "", errors.New("quotes wrapping arg values must be matched") } if leader == "" { return val, nil } if len(leader) == 2 { return val, nil } return val[1 : len(val)-1], nil } // targetStage returns the index of the target stage kaniko is trying to build func targetStage(stages []instructions.Stage, target string) (int, error) { if target == "" { return len(stages) - 1, nil } for i, stage := range stages { if strings.EqualFold(stage.Name, target) { return i, nil } } return -1, fmt.Errorf("%s is not a valid target build stage", target) } // ParseCommands parses an array of commands into an array of instructions.Command; used for onbuild func ParseCommands(cmdArray []string) ([]instructions.Command, error) { var cmds []instructions.Command cmdString := strings.Join(cmdArray, "\n") ast, err := parser.Parse(strings.NewReader(cmdString)) if err != nil { return nil, err } for _, child := range ast.AST.Children { cmd, err := instructions.ParseCommand(child) if err != nil { return nil, err } cmds = append(cmds, cmd) } return cmds, nil } // SaveStage returns true if the current stage will be needed later in the Dockerfile func saveStage(index int, stages []instructions.Stage) bool { currentStageName := stages[index].Name for stageIndex, stage := range stages { if stageIndex <= index { continue } if strings.ToLower(stage.BaseName) == currentStageName { if stage.BaseName != "" { return true } } } return false } // ResolveCrossStageCommands resolves any calls to previous stages with names to indices // Ex. --from=secondStage should be --from=1 for easier processing later on // As third party library lowers stage name in FROM instruction, this function resolves stage case insensitively. func ResolveCrossStageCommands(cmds []instructions.Command, stageNameToIdx map[string]string) { for _, cmd := range cmds { switch c := cmd.(type) { case *instructions.CopyCommand: if c.From != "" { if val, ok := stageNameToIdx[strings.ToLower(c.From)]; ok { c.From = val } } } } } // resolveStagesArgs resolves all the args from list of stages func resolveStagesArgs(stages []instructions.Stage, args []string) error { for i, s := range stages { resolvedBaseName, err := util.ResolveEnvironmentReplacement(s.BaseName, args, false) if err != nil { return errors.Wrap(err, fmt.Sprintf("resolving base name %s", s.BaseName)) } if s.BaseName != resolvedBaseName { stages[i].BaseName = resolvedBaseName } } return nil } func MakeKanikoStages(opts *config.KanikoOptions, stages []instructions.Stage, metaArgs []instructions.ArgCommand) ([]config.KanikoStage, error) { targetStage, err := targetStage(stages, opts.Target) if err != nil { return nil, errors.Wrap(err, "Error finding target stage") } args := unifyArgs(metaArgs, opts.BuildArgs) if err := resolveStagesArgs(stages, args); err != nil { return nil, errors.Wrap(err, "resolving args") } if opts.SkipUnusedStages { stages = skipUnusedStages(stages, &targetStage, opts.Target) } var kanikoStages []config.KanikoStage for index, stage := range stages { if len(stage.Name) > 0 { logrus.Infof("Resolved base name %s to %s", stage.BaseName, stage.Name) } baseImageIndex := baseImageIndex(index, stages) kanikoStages = append(kanikoStages, config.KanikoStage{ Stage: stage, BaseImageIndex: baseImageIndex, BaseImageStoredLocally: (baseImageIndex != -1), SaveStage: saveStage(index, stages), Final: index == targetStage, MetaArgs: metaArgs, Index: index, }) if index == targetStage { break } } return kanikoStages, nil } func GetOnBuildInstructions(config *v1.Config, stageNameToIdx map[string]string) ([]instructions.Command, error) { if config.OnBuild == nil || len(config.OnBuild) == 0 { return nil, nil } cmds, err := ParseCommands(config.OnBuild) if err != nil { return nil, err } // Iterate over commands and replace references to other stages with their index ResolveCrossStageCommands(cmds, stageNameToIdx) return cmds, nil } // unifyArgs returns the unified args between metaArgs and --build-arg // by default --build-arg overrides metaArgs except when --build-arg is empty func unifyArgs(metaArgs []instructions.ArgCommand, buildArgs []string) []string { argsMap := make(map[string]string) for _, marg := range metaArgs { for _, arg := range marg.Args { if arg.Value != nil { argsMap[arg.Key] = *arg.Value } } } splitter := "=" for _, a := range buildArgs { s := strings.Split(a, splitter) if len(s) > 1 && s[1] != "" { argsMap[s[0]] = s[1] } } var args []string for k, v := range argsMap { args = append(args, fmt.Sprintf("%s=%s", k, v)) } return args } // skipUnusedStages returns the list of used stages without the unnecessaries ones func skipUnusedStages(stages []instructions.Stage, lastStageIndex *int, target string) []instructions.Stage { stagesDependencies := make(map[string]bool) var onlyUsedStages []instructions.Stage idx := *lastStageIndex lastStageBaseName := stages[idx].BaseName for i := idx; i >= 0; i-- { s := stages[i] if (s.Name != "" && stagesDependencies[s.Name]) || s.Name == lastStageBaseName || i == idx { for _, c := range s.Commands { switch cmd := c.(type) { case *instructions.CopyCommand: stageName := cmd.From if copyFromIndex, err := strconv.Atoi(stageName); err == nil { stageName = stages[copyFromIndex].Name } if !stagesDependencies[stageName] { stagesDependencies[stageName] = true } } } if i != idx { stagesDependencies[s.BaseName] = true } } } dependenciesLen := len(stagesDependencies) if target == "" && dependenciesLen == 0 { return stages } else if dependenciesLen > 0 { for i := 0; i < idx; i++ { if stages[i].Name == "" { continue } s := stages[i] if stagesDependencies[s.Name] || s.Name == lastStageBaseName { onlyUsedStages = append(onlyUsedStages, s) } } } onlyUsedStages = append(onlyUsedStages, stages[idx]) if idx > len(onlyUsedStages)-1 { *lastStageIndex = len(onlyUsedStages) - 1 } return onlyUsedStages }