Before this change, if BUILDKIT_HOST was set to an invalid value that
resulted in the connection of the grpc client to the server to fail,
then deadlock occured waiting for the `eventsCh` to be closed.
This happened because the call to the buildkit client's Build method
returned an error before the provided callback was executed, which is
where the `eventsCh` gets closed.
This change places the creation of `eventsCh` inside the Build callback,
which avoids the increment of the WaitGroup and thus the deadlock in
this error path.
Signed-off-by: Erik Sipsma <erik@sipsma.dev>
Add an --experimental-platform flag to the do command to allow
overriding the default auto-detected build platform until we find the
time to think about the definitive multi-platform builds UX
Signed-off-by: Marcos Lilljedahl <marcosnils@gmail.com>
Resolve#1551 and #1020.
We are never returning the result of solved operations so Buildkit could not
cache the layer.
This commit implements a simple system to forward operations' result to the
main build to cache it.
Signed-off-by: Vasek - Tom C <tom.chauveau@epitech.eu>
- Refactored to keep every transformation of built-in types (e.g. FS,
Secret, etc) to/from CUE in the same place (plancontext)
- dagger.#Service and dagger.#Secret are now following the new FS-like format
(e.g. `_service: id: string`)
- Backward compatibility
- dagger.#Stream is now an alias for dagger.#Service
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- Implement dagger.#FS support
- Migrate `context.imports` to dagger.#FS
- Backward compat: dagger.#FS can be passed in lieu of a
dagger.#Artifact
- For instance, an import (`dagger.#FS`) can be passed to the current
`yarn.#Package` implementation
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This change helps the transition between `dagger input` and `#Plan.context`.
In summary, the codebase now relies on a *context* for execution with mapping to *IDs*.
In the future, *context* will come from a `#Plan.context`.
In the meantime, a bridge converts `dagger input` to a plan context. This allows both *old* and *new* style configurations to co-exist with the same underlying engine.
- Implement `plancontext`. Context holds the execution context for a plan. Currently this includes the platform, local directories, secrets and services (e.g. unix/npipe).
- Contextual data can be registered at any point. In the future, this will be done by `#Plan.context`
- Migrated the `dagger input` codebase to register inputs in a `plancontext`
- Migrated low-level types/operations to the *Context ID* pattern.
- `dagger.#Stream` now only includes an `id` (instead of `unix` path)
- `dagger.#Secret` still includes only an ID, but now it's based off `plancontext`
- `op.#Local` now only includes an `id` (instead of `path`, `include`, `exclude`.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Before, secret was a plain text string, but it could lead to security issue
so we are now handling secrets as `dagger.#Secret` or string.
I've add a new struct SecretStore that expose the inputStore to easily
retrieve secret value.
Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
Restructured the compile logic to happen on the CLI instead of the
BuildKit frontend.
- Avoid uploading the entire workspace to BuildKit on every compilation
- Let the CUE loader scan the files instead of going through the
BuildKit filesystem gRPC APIs.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Previously, there was a data race condition error when `op
.#PushContainer` was called. It was because of the `Export` func
in `solver.go` that create a sub build pipeline and forward his
events to the main events channel (that catch all events that we log).
To fix it, channel are now split between build pipeline and
centralize into the old output channel (`ch`).
Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
- Add support for buildkit cache export/import
- Enable GHA cache for universe test (using buildkit v0.9 GHA support)
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- This PR adds a new mount type: `docker.sock` (in addition to `cache`
and `tmp`)
- It's then able to mount the LOCAL (as in, from the machine running
dagger) docker socket inside the container by pretending to be an SSH
Agent (hijacking the SSH agent forwarding support of buildkit)
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- Secrets are never exposed in plaintext in the Cue tree. `dagger query`
won't dump secrets anymore, Cue errors won't contain them either.
- BuildKit-native secrets support through a new `mount` type. This
ensures secrets will never be part of containerd layers, buildkit
cache and generally speaking will never be saved to disk in plaintext.
- Updated netlify as an example
- Added tests
- Changed the Cue definition of a secret to:
```
@dagger(secret)
id: string
}
```
This is to ensure both that setting the wrong input type on a secret
(e.g. `dagger input text`) will fail, and attempting to misuse the
secret (e.g. interpolating, passing as an env variable, etc) will also
fail properly.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
