Merge pull request #341 from crazy-max/docker-context-tls

create docker context if default one has TLS data loaded
This commit is contained in:
CrazyMax 2024-07-29 15:34:28 +02:00 committed by GitHub
commit 3d68780484
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 50 additions and 5 deletions

@ -52,7 +52,7 @@ inputs:
description: 'Cleanup temp files and remove builder at the end of a job' description: 'Cleanup temp files and remove builder at the end of a job'
default: 'true' default: 'true'
required: false required: false
# deprecated inputs # TODO: remove deprecated config and config-inline inputs
config: config:
description: 'BuildKit daemon config file' description: 'BuildKit daemon config file'
deprecationMessage: 'Use buildkitd-config instead' deprecationMessage: 'Use buildkitd-config instead'

6
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

@ -1,5 +1,6 @@
import * as fs from 'fs'; import * as fs from 'fs';
import * as yaml from 'js-yaml'; import * as yaml from 'js-yaml';
import * as uuid from 'uuid';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit'; import * as actionsToolkit from '@docker/actions-toolkit';
@ -68,6 +69,33 @@ actionsToolkit.run(
fs.mkdirSync(Buildx.certsDir, {recursive: true}); fs.mkdirSync(Buildx.certsDir, {recursive: true});
stateHelper.setCertsDir(Buildx.certsDir); stateHelper.setCertsDir(Buildx.certsDir);
// if the default context has TLS data loaded and endpoint is not set, then
// we create a temporary docker context only if driver is docker-container
// https://github.com/docker/buildx/blob/b96ad59f64d40873e4959336d294b648bb3937fe/builder/builder.go#L489
// https://github.com/docker/setup-buildx-action/issues/105
if (!standalone && inputs.driver == 'docker-container' && (await Docker.context()) == 'default' && inputs.endpoint.length == 0) {
const contextInfo = await Docker.contextInspect('default');
core.debug(`context info: ${JSON.stringify(contextInfo, undefined, 2)}`);
const hasTLSData = Object.keys(contextInfo.Endpoints).length > 0 && Object.values(contextInfo.Endpoints)[0].TLSData;
const hasTLSMaterial = Object.keys(contextInfo.TLSMaterial).length > 0 && Object.values(contextInfo.TLSMaterial)[0].length > 0;
if (hasTLSData || hasTLSMaterial) {
const tmpDockerContext = `buildx-${uuid.v4()}`;
await core.group(`Creating temp docker context (TLS data loaded in default one)`, async () => {
await Docker.getExecOutput(['context', 'create', tmpDockerContext], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.warning(`cannot create docker context ${tmpDockerContext}: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
} else {
core.info(`Setting builder endpoint to ${tmpDockerContext} context`);
inputs.endpoint = tmpDockerContext;
stateHelper.setTmpDockerContext(tmpDockerContext);
}
});
});
}
}
if (inputs.driver !== 'docker') { if (inputs.driver !== 'docker') {
await core.group(`Creating a new builder instance`, async () => { await core.group(`Creating a new builder instance`, async () => {
const certsDriverOpts = Buildx.resolveCertsDriverOpts(inputs.driver, inputs.endpoint, { const certsDriverOpts = Buildx.resolveCertsDriverOpts(inputs.driver, inputs.endpoint, {
@ -214,6 +242,18 @@ actionsToolkit.run(
}); });
} }
if (stateHelper.tmpDockerContext) {
await core.group(`Removing temp docker context`, async () => {
await Exec.getExecOutput('docker', ['context', 'rm', '-f', stateHelper.tmpDockerContext], {
ignoreReturnCode: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.warning(`${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
}
});
});
}
if (stateHelper.certsDir.length > 0 && fs.existsSync(stateHelper.certsDir)) { if (stateHelper.certsDir.length > 0 && fs.existsSync(stateHelper.certsDir)) {
await core.group(`Cleaning up certificates`, async () => { await core.group(`Cleaning up certificates`, async () => {
fs.rmSync(stateHelper.certsDir, {recursive: true}); fs.rmSync(stateHelper.certsDir, {recursive: true});

@ -6,6 +6,7 @@ export const builderName = process.env['STATE_builderName'] || '';
export const builderDriver = process.env['STATE_builderDriver'] || ''; export const builderDriver = process.env['STATE_builderDriver'] || '';
export const containerName = process.env['STATE_containerName'] || ''; export const containerName = process.env['STATE_containerName'] || '';
export const certsDir = process.env['STATE_certsDir'] || ''; export const certsDir = process.env['STATE_certsDir'] || '';
export const tmpDockerContext = process.env['STATE_tmpDockerContext'] || '';
export const cleanup = /true/i.test(process.env['STATE_cleanup'] || ''); export const cleanup = /true/i.test(process.env['STATE_cleanup'] || '');
export function setDebug(debug: string) { export function setDebug(debug: string) {
@ -32,6 +33,10 @@ export function setCertsDir(certsDir: string) {
core.saveState('certsDir', certsDir); core.saveState('certsDir', certsDir);
} }
export function setTmpDockerContext(tmpDockerContext: string) {
core.saveState('tmpDockerContext', tmpDockerContext);
}
export function setCleanup(cleanup: boolean) { export function setCleanup(cleanup: boolean) {
core.saveState('cleanup', cleanup); core.saveState('cleanup', cleanup);
} }