disable DCT for docker commands

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2024-07-16 17:15:12 +02:00
parent 300c014384
commit d36bef4156
No known key found for this signature in database
GPG Key ID: ADE44D8C9D44FBE4
5 changed files with 150 additions and 37 deletions

View File

@ -22,7 +22,6 @@ import osm = require('os');
import * as rimraf from 'rimraf';
import {Docker} from '../../src/docker/docker';
import {Exec} from '../../src/exec';
import {ConfigFile} from '../../src/types/docker/docker';
@ -105,48 +104,132 @@ describe('isAvailable', () => {
});
});
describe('context', () => {
it('call docker context show', async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput');
await Docker.context().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['context', 'inspect', '--format', '{{.Name}}'], {
describe('exec', () => {
it('returns docker version', async () => {
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.exec(['version'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
expect(Object.keys(callfunc[1]?.env || {}).length).toBeGreaterThan(0);
const env = callfunc[1]?.env;
expect(env).toHaveProperty('DOCKER_CONTENT_TRUST');
expect(env?.DOCKER_CONTENT_TRUST).toBe('false');
if (callfunc[1]?.env) {
// already checked env
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['version'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});
describe('getExecOutput', () => {
it('returns docker version', async () => {
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.getExecOutput(['version'], {
ignoreReturnCode: true,
silent: true
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
expect(Object.keys(callfunc[1]?.env || {}).length).toBeGreaterThan(0);
const env = callfunc[1]?.env;
expect(env).toHaveProperty('DOCKER_CONTENT_TRUST');
expect(env?.DOCKER_CONTENT_TRUST).toBe('false');
if (callfunc[1]?.env) {
// already checked env
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['version'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});
describe('context', () => {
it('call docker context show', async () => {
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.context().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['context', 'inspect', '--format', '{{.Name}}'],
{
ignoreReturnCode: true,
silent: true
}
]);
});
});
describe('contextInspect', () => {
it('call docker context inspect', async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput');
const execSpy = jest.spyOn(Docker, 'getExecOutput');
await Docker.contextInspect('foo').catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['context', 'inspect', '--format=json', 'foo'], {
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([
['context', 'inspect', '--format=json', 'foo'],
{
ignoreReturnCode: true,
silent: true
});
}
]);
});
});
describe('printVersion', () => {
it('call docker version', async () => {
const execSpy = jest.spyOn(Exec, 'exec');
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.printVersion().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['version']);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([['version']]);
});
});
describe('printInfo', () => {
it('call docker info', async () => {
const execSpy = jest.spyOn(Exec, 'exec');
const execSpy = jest.spyOn(Docker, 'exec');
await Docker.printInfo().catch(() => {
// noop
});
expect(execSpy).toHaveBeenCalledWith(`docker`, ['info']);
expect(execSpy).toHaveBeenCalledTimes(1);
const callfunc = execSpy.mock.calls[0];
if (callfunc && callfunc[1]) {
// we don't want to check env opt
callfunc[1].env = undefined;
}
expect(callfunc).toEqual([['info']]);
});
});

View File

@ -19,8 +19,8 @@ import * as semver from 'semver';
import {Buildx} from '../buildx/buildx';
import {Builder} from '../buildx/builder';
import {Docker} from '../docker/docker';
import {Config} from './config';
import {Exec} from '../exec';
import {BuilderInfo, NodeInfo} from '../types/buildx/builder';
@ -51,13 +51,13 @@ export class BuildKit {
private async getVersionWithinImage(nodeName: string): Promise<string> {
core.debug(`BuildKit.getVersionWithinImage nodeName: ${nodeName}`);
return Exec.getExecOutput(`docker`, ['inspect', '--format', '{{.Config.Image}}', `${Buildx.containerNamePrefix}${nodeName}`], {
return Docker.getExecOutput(['inspect', '--format', '{{.Config.Image}}', `${Buildx.containerNamePrefix}${nodeName}`], {
ignoreReturnCode: true,
silent: true
}).then(bkitimage => {
if (bkitimage.exitCode == 0 && bkitimage.stdout.length > 0) {
core.debug(`BuildKit.getVersionWithinImage image: ${bkitimage.stdout.trim()}`);
return Exec.getExecOutput(`docker`, ['run', '--rm', bkitimage.stdout.trim(), '--version'], {
return Docker.getExecOutput(['run', '--rm', bkitimage.stdout.trim(), '--version'], {
ignoreReturnCode: true,
silent: true
}).then(bkitversion => {

View File

@ -137,7 +137,11 @@ export class History {
]
core.info(`[command]docker ${dockerRunArgs.join(' ')}`);
dockerRunProc = spawn('docker', dockerRunArgs, {
stdio: ['pipe', 'pipe', 'inherit']
stdio: ['pipe', 'pipe', 'inherit'],
env: {
...process.env,
DOCKER_CONTENT_TRUST: 'false'
}
});
fs.createReadStream(buildxOutFifoPath).pipe(dockerRunProc.stdin);
dockerRunProc.stdout.pipe(fs.createWriteStream(buildxInFifoPath));

View File

@ -18,6 +18,7 @@ import fs from 'fs';
import os from 'os';
import path from 'path';
import * as core from '@actions/core';
import {ExecOptions, ExecOutput} from '@actions/exec';
import * as io from '@actions/io';
import {Context} from '../context';
@ -53,12 +54,36 @@ export class Docker {
});
}
public static async exec(args?: string[], options?: ExecOptions): Promise<number> {
return Exec.exec('docker', args, Docker.execOptions(options));
}
public static async getExecOutput(args?: string[], options?: ExecOptions): Promise<ExecOutput> {
return Exec.getExecOutput('docker', args, Docker.execOptions(options));
}
private static execOptions(options?: ExecOptions): ExecOptions {
if (!options) {
options = {};
}
if (!options.env) {
options.env = Object.assign({}, process.env, {
DOCKER_CONTENT_TRUST: 'false'
}) as {
[key: string]: string;
};
} else {
options.env.DOCKER_CONTENT_TRUST = 'false';
}
return options;
}
public static async context(name?: string): Promise<string> {
const args = ['context', 'inspect', '--format', '{{.Name}}'];
if (name) {
args.push(name);
}
return await Exec.getExecOutput(`docker`, args, {
return await Docker.getExecOutput(args, {
ignoreReturnCode: true,
silent: true
}).then(res => {
@ -74,7 +99,7 @@ export class Docker {
if (name) {
args.push(name);
}
return await Exec.getExecOutput(`docker`, args, {
return await Docker.getExecOutput(args, {
ignoreReturnCode: true,
silent: true
}).then(res => {
@ -86,11 +111,11 @@ export class Docker {
}
public static async printVersion(): Promise<void> {
await Exec.exec('docker', ['version']);
await Docker.exec(['version']);
}
public static async printInfo(): Promise<void> {
await Exec.exec('docker', ['info']);
await Docker.exec(['info']);
}
public static parseRepoTag(image: string): {repository: string; tag: string} {
@ -138,7 +163,7 @@ export class Docker {
cacheFoundPath = await imageCache.find();
if (cacheFoundPath) {
core.info(`Image found from cache in ${cacheFoundPath}`);
await Exec.getExecOutput(`docker`, ['load', '-i', cacheFoundPath], {
await Docker.getExecOutput(['load', '-i', cacheFoundPath], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
@ -149,7 +174,7 @@ export class Docker {
}
let pulled = true;
await Exec.getExecOutput(`docker`, ['pull', image], {
await Docker.getExecOutput(['pull', image], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
@ -165,7 +190,7 @@ export class Docker {
if (cache && pulled) {
const imageTarPath = path.join(Context.tmpDir(), `${Util.hash(image)}.tar`);
await Exec.getExecOutput(`docker`, ['save', '-o', imageTarPath, image], {
await Docker.getExecOutput(['save', '-o', imageTarPath, image], {
ignoreReturnCode: true
}).then(async res => {
if (res.stderr.length > 0 && res.exitCode != 0) {

View File

@ -28,6 +28,7 @@ import * as io from '@actions/io';
import * as tc from '@actions/tool-cache';
import {Context} from '../context';
import {Docker} from './docker';
import {Exec} from '../exec';
import {Util} from '../util';
import {limaYamlData, dockerServiceLogsPs1, setupDockerWinPs1} from './assets';
@ -219,8 +220,8 @@ export class Install {
});
await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});
return dockerHost;
@ -309,8 +310,8 @@ EOF`,
});
await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});
return dockerHost;
@ -352,8 +353,8 @@ EOF`,
});
await core.group('Create Docker context', async () => {
await Exec.exec('docker', ['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Exec.exec('docker', ['context', 'use', this.contextName]);
await Docker.exec(['context', 'create', this.contextName, '--docker', `host=${dockerHost}`]);
await Docker.exec(['context', 'use', this.contextName]);
});
return dockerHost;
@ -395,7 +396,7 @@ EOF`,
await Exec.exec('limactl', ['delete', '--tty=false', this.limaInstanceName, '--force']);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
await core.group(`Cleaning up runDir`, async () => {
await Exec.exec('sudo', ['rm', '-rf', this.runDir]);
@ -411,7 +412,7 @@ EOF`,
await Util.sleep(5);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
await core.group(`Cleaning up runDir`, async () => {
await Exec.exec('sudo', ['rm', '-rf', this.runDir], {
@ -427,7 +428,7 @@ EOF`,
await Exec.exec(logCmd.command, logCmd.args);
});
await core.group('Removing Docker context', async () => {
await Exec.exec('docker', ['context', 'rm', '-f', this.contextName]);
await Docker.exec(['context', 'rm', '-f', this.contextName]);
});
}