From 818c69a4eaaa2e69d4a2db24ff4888465e57ee11 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:36:15 +0200 Subject: [PATCH] always set buildkitd-flags if opt-in Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- README.md | 8 +++++++- __tests__/context.test.ts | 18 ++++++++++++++++++ action.yml | 1 - src/context.ts | 27 +++++++++++++++------------ 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 672fc77..bdf9e20 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,13 @@ The following inputs can be used as `step.with` keys: | `cache-binary` | Bool | `true` | Cache buildx binary to GitHub Actions cache backend | | `cleanup` | Bool | `true` | Cleanup temp files and remove builder at the end of a job | -_\* `buildkitd-config` and `buildkitd-config-inline` are mutually exclusive_ +> [!IMPORTANT] +> If you set the `buildkitd-flags` input, the default flags (`--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host`) +> will be reset. If you want to retain the default behavior, make sure to +> include these flags in your custom `buildkitd-flags` value. + +> [!NOTE] +> `buildkitd-config` and `buildkitd-config-inline` are mutually exclusive. ### outputs diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts index 720fd21..8a2b367 100644 --- a/__tests__/context.test.ts +++ b/__tests__/context.test.ts @@ -226,6 +226,24 @@ describe('getCreateArgs', () => { '--buildkitd-flags', '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host', '--config', tmpName, ] + ], + [ + 10, + 'v0.10.3', + new Map([ + ['install', 'false'], + ['use', 'false'], + ['driver', 'cloud'], + ['buildkitd-flags', '--allow-insecure-entitlement network.host'], + ['cache-binary', 'true'], + ['cleanup', 'true'], + ]), + [ + 'create', + '--name', 'builder-9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d', + '--driver', 'cloud', + '--buildkitd-flags', '--allow-insecure-entitlement network.host', + ] ] ])( '[%d] given buildx %s and %p as inputs, returns %p', diff --git a/action.yml b/action.yml index da3b05a..110fbed 100644 --- a/action.yml +++ b/action.yml @@ -19,7 +19,6 @@ inputs: required: false buildkitd-flags: description: 'BuildKit daemon flags' - default: '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' required: false buildkitd-config: description: 'BuildKit daemon config file' diff --git a/src/context.ts b/src/context.ts index 587b3d3..4fb8d47 100644 --- a/src/context.ts +++ b/src/context.ts @@ -8,6 +8,7 @@ import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Node} from '@docker/actions-toolkit/lib/types/buildx/builder'; export const builderNodeEnvPrefix = 'BUILDER_NODE'; +const defaultBuildkitdFlags = '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host'; export interface Inputs { version: string; @@ -32,7 +33,7 @@ export async function getInputs(): Promise { name: await getBuilderName(core.getInput('driver') || 'docker-container'), driver: core.getInput('driver') || 'docker-container', driverOpts: Util.getInputList('driver-opts', {ignoreComma: true, quote: false}), - buildkitdFlags: core.getInput('buildkitd-flags') || '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host', + buildkitdFlags: core.getInput('buildkitd-flags'), platforms: Util.getInputList('platforms'), install: core.getBooleanInput('install'), use: core.getBooleanInput('use'), @@ -52,11 +53,13 @@ export async function getBuilderName(driver: string): Promise { export async function getCreateArgs(inputs: Inputs, toolkit: Toolkit): Promise> { const args: Array = ['create', '--name', inputs.name, '--driver', inputs.driver]; if (await toolkit.buildx.versionSatisfies('>=0.3.0')) { - await Util.asyncForEach(inputs.driverOpts, async driverOpt => { + await Util.asyncForEach(inputs.driverOpts, async (driverOpt: string) => { args.push('--driver-opt', driverOpt); }); - if (driverSupportsFlags(inputs.driver) && inputs.buildkitdFlags) { + if (inputs.buildkitdFlags) { args.push('--buildkitd-flags', inputs.buildkitdFlags); + } else if (driverSupportsBuildkitdFlags(inputs.driver)) { + args.push('--buildkitd-flags', defaultBuildkitdFlags); } } if (inputs.platforms.length > 0) { @@ -65,12 +68,10 @@ export async function getCreateArgs(inputs: Inputs, toolkit: Toolkit): Promise=0.3.0'))) { - await Util.asyncForEach(node['driver-opts'], async driverOpt => { + await Util.asyncForEach(node['driver-opts'], async (driverOpt: string) => { args.push('--driver-opt', driverOpt); }); - if (driverSupportsFlags(inputs.driver) && node['buildkitd-flags']) { + if (node['buildkitd-flags']) { args.push('--buildkitd-flags', node['buildkitd-flags']); + } else if (driverSupportsBuildkitdFlags(inputs.driver)) { + args.push('--buildkitd-flags', defaultBuildkitdFlags); } } if (node.platforms) { @@ -110,6 +113,6 @@ export async function getInspectArgs(inputs: Inputs, toolkit: Toolkit): Promise< return args; } -function driverSupportsFlags(driver: string): boolean { +function driverSupportsBuildkitdFlags(driver: string): boolean { return driver == '' || driver == 'docker-container' || driver == 'docker' || driver == 'kubernetes'; }