diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6dc12b3d..b40f1cf3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -39,6 +39,12 @@ jobs:
with:
go-version: "~1.22"
+ - name: Download Go modules
+ run: go mod download
+
+ - name: Lint
+ run: make -j lint
+
- name: Test
run: make test
docs:
@@ -51,8 +57,8 @@ jobs:
with:
go-version: "~1.22"
- - name: Generate docs
- run: make docs
+ - name: Generate env vars docs
+ run: make docs/env-variables.md
- name: Check for unstaged files
run: git diff --exit-code
@@ -93,18 +99,18 @@ jobs:
- name: Build
if: github.event_name == 'pull_request'
run: |
- VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
- BASE=ghcr.io/coder/envbuilder-preview
+ ./scripts/build.sh \
+ --arch=amd64
./scripts/build.sh \
- --arch=amd64 \
- --base=$BASE \
- --tag=$VERSION
+ --arch=arm64
+
+ ./scripts/build.sh \
+ --arch=arm
- name: Build and Push
if: github.ref == 'refs/heads/main'
run: |
- VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
BASE=ghcr.io/coder/envbuilder-preview
./scripts/build.sh \
@@ -112,5 +118,4 @@ jobs:
--arch=arm64 \
--arch=arm \
--base=$BASE \
- --tag=$VERSION \
--push
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3f03b2fd..6c83f1e0 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -19,7 +19,12 @@ jobs:
name: Build and publish
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
+
+ # Workaround for actions/checkout#1467
+ - name: Fetch tags
+ run: |
+ git fetch --tags --depth 1 --force
- name: Echo Go Cache Paths
id: go-cache-paths
@@ -44,11 +49,18 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- - name: Build and Push
+ - name: Get version
+ id: get-version
+ env:
+ ENVBUILDER_RELEASE: "t"
run: |
- VERSION=$(./scripts/version.sh)
- BASE=ghcr.io/coder/envbuilder
+ echo "ENVBUILDER_VERSION=$(./scripts/version.sh)" >> $GITHUB_OUTPUT
+ - name: Build and Push
+ env:
+ VERSION: "${{ steps.get-version.outputs.ENVBUILDER_VERSION }}"
+ BASE: "ghcr.io/coder/envbuilder"
+ run: |
./scripts/build.sh \
--arch=amd64 \
--arch=arm64 \
diff --git a/Makefile b/Makefile
index 42fd1db4..14ed5182 100644
--- a/Makefile
+++ b/Makefile
@@ -4,24 +4,42 @@ PWD=$(shell pwd)
GO_SRC_FILES := $(shell find . -type f -name '*.go' -not -name '*_test.go')
GO_TEST_FILES := $(shell find . -type f -not -name '*.go' -name '*_test.go')
GOLDEN_FILES := $(shell find . -type f -name '*.golden')
+SHELL_SRC_FILES := $(shell find . -type f -name '*.sh')
+GOLANGCI_LINT_VERSION := v1.59.1
fmt: $(shell find . -type f -name '*.go')
go run mvdan.cc/gofumpt@v0.6.0 -l -w .
+.PHONY: lint
+lint: lint/go lint/shellcheck
+
+.PHONY: lint/go
+lint/go: $(GO_SRC_FILES)
+ go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+ golangci-lint run --timeout=10m
+
+.PHONY: lint/shellcheck
+lint/shellcheck: $(SHELL_SRC_FILES)
+ echo "--- shellcheck"
+ shellcheck --external-sources $(SHELL_SRC_FILES)
+
develop:
./scripts/develop.sh
build: scripts/envbuilder-$(GOARCH)
./scripts/build.sh
+.PHONY: gen
+gen: docs/env-variables.md update-golden-files
+
.PHONY: update-golden-files
update-golden-files: .gen-golden
.gen-golden: $(GOLDEN_FILES) $(GO_SRC_FILES) $(GO_TEST_FILES)
- go test . -update
+ go test ./options -update
@touch "$@"
-docs: options.go
+docs/env-variables.md: options/options.go options/options_test.go
go run ./scripts/docsgen/main.go
.PHONY: test
@@ -49,7 +67,7 @@ test-registry-container: .registry-cache
# Pulls images referenced in integration tests and pushes them to the local cache.
.PHONY: test-images-push
-test-images-push: .registry-cache/docker/registry/v2/repositories/envbuilder-test-alpine .registry-cache/docker/registry/v2/repositories/envbuilder-test-ubuntu .registry-cache/docker/registry/v2/repositories/envbuilder-test-codercom-code-server
+test-images-push: .registry-cache/docker/registry/v2/repositories/envbuilder-test-alpine .registry-cache/docker/registry/v2/repositories/envbuilder-test-ubuntu .registry-cache/docker/registry/v2/repositories/envbuilder-test-codercom-code-server .registry-cache/docker/registry/v2/repositories/envbuilder-test-blob-unknown
.PHONY: test-images-pull
test-images-pull:
@@ -59,6 +77,7 @@ test-images-pull:
docker tag ubuntu:latest localhost:5000/envbuilder-test-ubuntu:latest
docker pull codercom/code-server:latest
docker tag codercom/code-server:latest localhost:5000/envbuilder-test-codercom-code-server:latest
+ docker build -t localhost:5000/envbuilder-test-blob-unknown:latest -f integration/testdata/blob-unknown/Dockerfile integration/testdata/blob-unknown
.registry-cache:
mkdir -p .registry-cache && chmod -R ag+w .registry-cache
@@ -70,4 +89,7 @@ test-images-pull:
docker push localhost:5000/envbuilder-test-ubuntu:latest
.registry-cache/docker/registry/v2/repositories/envbuilder-test-codercom-code-server:
- docker push localhost:5000/envbuilder-test-codercom-code-server:latest
\ No newline at end of file
+ docker push localhost:5000/envbuilder-test-codercom-code-server:latest
+
+.registry-cache/docker/registry/v2/repositories/envbuilder-test-blob-unknown:
+ docker push localhost:5000/envbuilder-test-blob-unknown:latest
diff --git a/README.md b/README.md
index aa5c5e64..09dfebbb 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
-# envbuilder
+
+
-[](https://discord.gg/coder)
-[](https://github.com/coder/envbuilder/pkgs/container/envbuilder)
-[](https://pkg.go.dev/github.com/coder/envbuilder)
-[](./LICENSE)
+# Envbuilder
Build development environments from a Dockerfile on Docker, Kubernetes, and OpenShift. Allow developers to modify their environment in a tight feedback loop.
@@ -11,33 +13,24 @@ Build development environments from a Dockerfile on Docker, Kubernetes, and Open
- Cache image layers with registries for speedy builds
- Runs on Kubernetes, Docker, and OpenShift
-
+## Getting Started
-## Quickstart
+The easiest way to get started is by running the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container.
-The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container.
-
-> `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory.
+> **Note**: The `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory if needed.
```bash
-docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \
- -e ENVBUILDER_INIT_SCRIPT=bash \
+docker run -it --rm
+ -v /tmp/envbuilder:/workspaces
+ -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer
+ -e ENVBUILDER_INIT_SCRIPT=bash
ghcr.io/coder/envbuilder
```
Edit `.devcontainer/Dockerfile` to add `htop`:
```bash
-$ vim .devcontainer/Dockerfile
+vim .devcontainer/Dockerfile
```
```diff
@@ -45,249 +38,32 @@ $ vim .devcontainer/Dockerfile
+ RUN apt-get install vim sudo htop -y
```
-Exit the container, and re-run the `docker run` command... after the build completes, `htop` should exist in the container! 🥳
-
-> [!NOTE]
-> Envbuilder performs destructive filesystem operations! To guard against accidental data
-> loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value.
-> If you need to bypass this behavior for any reason, you can bypass this safety check by setting
-> `ENVBUILDER_FORCE_SAFE=true`.
-
-### Git Branch Selection
-
-Choose a branch using `ENVBUILDER_GIT_URL` with a _ref/heads_ reference. For instance:
-
-```
-ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch
-```
-
-## Container Registry Authentication
-
-envbuilder uses Kaniko to build containers. You should [follow their instructions](https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries) to create an authentication configuration.
-
-After you have a configuration that resembles the following:
-
-```json
-{
- "auths": {
- "https://index.docker.io/v1/": {
- "auth": "base64-encoded-username-and-password"
- }
- }
-}
-```
-
-`base64` encode the JSON and provide it to envbuilder as the `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable.
-
-Alternatively, if running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and
-pass it into the pod as a volume mount. This example will work for all registries.
-
-```shell
-# Artifactory example
-kubectl create secret docker-registry regcred \
- --docker-server=my-artifactory.jfrog.io \
- --docker-username=read-only \
- --docker-password=secret-pass \
- --docker-email=me@example.com \
- -n coder
-```
-
-```hcl
-resource "kubernetes_deployment" "example" {
- metadata {
- namespace = coder
- }
- spec {
- spec {
- container {
- # Define the volumeMount with the pull credentials
- volume_mount {
- name = "docker-config-volume"
- mount_path = "/envbuilder/config.json"
- sub_path = ".dockerconfigjson"
- }
- }
- # Define the volume which maps to the pull credentials
- volume {
- name = "docker-config-volume"
- secret {
- secret_name = "regcred"
- }
- }
- }
- }
-}
-```
-
-### Docker Hub
-
-Authenticate with `docker login` to generate `~/.docker/config.json`. Encode this file using the `base64` command:
-
-```bash
-$ base64 -w0 ~/.docker/config.json
-ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
-```
-
-Provide the encoded JSON config to envbuilder:
-
-```env
-ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
-```
-
-### Docker-in-Docker
-
-See [here](./docs/docker.md) for instructions on running Docker containers inside
-environments built by Envbuilder.
-
-## Git Authentication
-
-Two methods of authentication are supported:
-
-### HTTP Authentication
-
-If `ENVBUILDER_GIT_URL` starts with `http://` or `https://`, envbuilder will
-authenticate with `ENVBUILDER_GIT_USERNAME` and `ENVBUILDER_GIT_PASSWORD`, if set.
-
-For access token-based authentication, follow the following schema (if empty, there's no need to provide the field):
-
-| Provider | `ENVBUILDER_GIT_USERNAME` | `ENVBUILDER_GIT_PASSWORD` |
-| ------------ | ------------------------- | ------------------------- |
-| GitHub | [access-token] | |
-| GitLab | oauth2 | [access-token] |
-| BitBucket | x-token-auth | [access-token] |
-| Azure DevOps | [access-token] | |
-
-If using envbuilder inside of [Coder](https://github.com/coder/coder), you can use the `coder_external_auth` Terraform resource to automatically provide this token on workspace creation:
-
-```hcl
-data "coder_external_auth" "github" {
- id = "github"
-}
-
-resource "docker_container" "dev" {
- env = [
- ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token,
- ]
-}
-```
-
-### SSH Authentication
-
-If `ENVBUILDER_GIT_URL` does not start with `http://` or `https://`,
-envbuilder will assume SSH authentication. You have the following options:
-
-1. Public/Private key authentication: set `ENVBUILDER_GIT_SSH_KEY_PATH` to the path of an
- SSH private key mounted inside the container. Envbuilder will use this SSH
- key to authenticate. Example:
-
- ```bash
- docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
- -e ENVBUILDER_INIT_SCRIPT=bash \
- -e ENVBUILDER_GIT_SSH_KEY_PATH=/.ssh/id_rsa \
- -v /home/user/id_rsa:/.ssh/id_rsa \
- ghcr.io/coder/envbuilder
- ```
-
-1. Agent-based authentication: set `SSH_AUTH_SOCK` and mount in your agent socket, for example:
-
- ```bash
- docker run -it --rm \
- -v /tmp/envbuilder:/workspaces \
- -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
- -e ENVBUILDER_INIT_SCRIPT=bash \
- -e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \
- -v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \
- ghcr.io/coder/envbuilder
- ```
-
-> Note: by default, envbuilder will accept and log all host keys. If you need
-> strict host key checking, set `SSH_KNOWN_HOSTS` and mount in a `known_hosts`
-> file.
-
-
-## Layer Caching
-
-Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable.
-
-```bash
-CACHE_REPO=ghcr.io/coder/repo-cache
-```
-
-To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`:
-
-```bash
-docker run -it --rm \
- -v /tmp/envbuilder-cache:/cache \
- -e ENVBUILDER_LAYER_CACHE_DIR=/cache
- ...
-```
+Exit the container and re-run the `docker run` command. After the build completes, `htop` should be available in the container! 🥳
-Each layer is stored in the registry as a separate image. The image tag is the hash of the layer's contents. The image digest is the hash of the image tag. The image digest is used to pull the layer from the registry.
+To explore more examples, tips, and advanced usage, check out the following guides:
-The performance improvement of builds depends on the complexity of your
-Dockerfile. For
-[`coder/coder`](https://github.com/coder/coder/blob/main/.devcontainer/Dockerfile),
-uncached builds take 36m while cached builds take 40s (~98% improvement).
-
-## Pushing the built image
-
-Set `ENVBUILDER_PUSH_IMAGE=1` to push the entire image to the cache repo
-in addition to individual layers. `ENVBUILDER_CACHE_REPO` **must** be set in
-order for this to work.
-
-> **Note:** this option forces Envbuilder to perform a "reproducible" build.
-> This will force timestamps for all newly added files to be set to the start of the UNIX epoch.
-
-## Probe Layer Cache
-
-To check for the presence of a pre-built image, set
-`ENVBUILDER_GET_CACHED_IMAGE=1`. Instead of building the image, this will
-perform a "dry-run" build of the image, consulting `ENVBUILDER_CACHE_REPO` for
-each layer.
-
-If any layer is found not to be present in the cache repo, envbuilder
-will exit with an error. Otherwise, the image will be emitted in the log output prefixed with the string
-`ENVBUILDER_CACHED_IMAGE=...`.
-
-## Image Caching
-
-When the base container is large, it can take a long time to pull the image from the registry. You can pre-pull the image into a read-only volume and mount it into the container to speed up builds.
-
-```bash
-# Pull your base image from the registry to a local directory.
-docker run --rm \
- -v /tmp/kaniko-cache:/cache \
- gcr.io/kaniko-project/warmer:latest \
- --cache-dir=/cache \
- --image=
-
-# Run envbuilder with the local image cache.
-docker run -it --rm \
- -v /tmp/kaniko-cache:/image-cache:ro \
- -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache
-```
-
-In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
-
-A sample script to pre-fetch a number of images can be viewed [here](./examples/kaniko-cache-warmer.sh). This can be run, for example, as a cron job to periodically fetch the latest versions of a number of base images.
+- [Using Local Files](./docs/using-local-files.md)
+- [Usage with Coder](./docs/usage-with-coder.md)
+- [Container Registry Authentication](./docs/container-registry-auth.md)
+- [Git Authentication](./docs/git-auth.md)
+- [Caching](./docs/caching.md)
+- [Custom Certificates & Proxies](./docs/proxy.md)
+- [Users](./docs/users.md)
## Setup Script
The `ENVBUILDER_SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process.
-> [!NOTE]
-> `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`).
+> **Note**: `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`).
Write the following to `$ENVBUILDER_ENV` to shape the container's init process:
-- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g.`root`).
+- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g., `root`).
- `ENVBUILDER_INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`).
-- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g. `-c 'sleep infinity'`).
+- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g., `-c 'sleep infinity'`).
```bash
-# init.sh - change the init if systemd exists
+# init.sh - Change the init if systemd exists
if command -v systemd >/dev/null; then
echo "Hey 👋 $TARGET_USER"
echo ENVBUILDER_INIT_COMMAND=systemd >> $ENVBUILDER_ENV
@@ -295,44 +71,34 @@ else
echo ENVBUILDER_INIT_COMMAND=bash >> $ENVBUILDER_ENV
fi
-# run envbuilder with the setup script
-docker run -it --rm \
- -v ./:/some-dir \
- -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh \
+# Run envbuilder with the setup script
+docker run -it --rm
+ -v ./:/some-dir
+ -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh
...
```
-## Custom Certificates
-
-- [`ENVBUILDER_SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate.
-- [`ENVBUILDER_SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files.
-- `ENVBUILDER_SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start.
+## Environment Variables
-## Unsupported features
+You can see all the supported environment variables in [this document](./docs/env-variables.md).
### Development Containers
-The table keeps track of features we would love to implement. Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you want Envbuilder to support it.
+[This document](./docs/devcontainer-spec-support.md) keeps track of what parts of the Dev Container specification Envbuilder currently supports.
-| Name | Description | Known issues |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
-| Volume mounts | Volumes are used to persist data and share directories between the host and container. | [#220](https://github.com/coder/envbuilder/issues/220) |
-| Port forwarding | Port forwarding allows exposing container ports to the host, making services accessible. | [#48](https://github.com/coder/envbuilder/issues/48) |
-| Script init & Entrypoint | `init` adds a tiny init process to the container and `entrypoint` sets a script to run at container startup. | [#221](https://github.com/coder/envbuilder/issues/221) |
-| Customizations | Product specific properties, for instance: _VS Code_ `settings` and `extensions`. | [#43](https://github.com/coder/envbuilder/issues/43) |
-| Composefile | Define multiple containers and services for more complex development environments. | [#236](https://github.com/coder/envbuilder/issues/236) |
+Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you'd like Envbuilder to support a particular feature.
### Devfile
-> [Devfiles](https://devfile.io/) automate and simplify development process by adopting the existing devfiles that are available in the [public community registry](https://registry.devfile.io/viewer).
+> [Devfiles](https://devfile.io/) automate and simplify development by adopting existing devfiles available in the [public community registry](https://registry.devfile.io/viewer).
Issue: [#113](https://github.com/coder/envbuilder/issues/113)
-# Local Development
+## Contributing
Building `envbuilder` currently **requires** a Linux system.
-On MacOS or Windows systems, we recommend either using a VM or the provided `.devcontainer` for development.
+On macOS or Windows systems, we recommend using a VM or the provided `.devcontainer` for development.
**Additional Requirements:**
@@ -342,50 +108,8 @@ On MacOS or Windows systems, we recommend either using a VM or the provided `.de
**Makefile targets:**
-- `build`: builds and tags `envbuilder:latest` for your current architecture.
-- `develop`: runs `envbuilder:latest` against a sample Git repository.
-- `test`: run tests.
-- `test-registry`: stands up a local registry for caching images used in tests.
-
-
-
-## Environment Variables
-
-| Flag | Environment variable | Default | Description |
-| - | - | - | - |
-| `--setup-script` | `ENVBUILDER_SETUP_SCRIPT` | | The script to run before the init script. It runs as the root user regardless of the user specified in the devcontainer.json file. SetupScript is ran as the root user prior to the init script. It is used to configure envbuilder dynamically during the runtime. e.g. specifying whether to start systemd or tiny init for PID 1. |
-| `--init-script` | `ENVBUILDER_INIT_SCRIPT` | | The script to run to initialize the workspace. Default: `sleep infinity`. |
-| `--init-command` | `ENVBUILDER_INIT_COMMAND` | | The command to run to initialize the workspace. Default: `/bin/sh`. |
-| `--init-args` | `ENVBUILDER_INIT_ARGS` | | The arguments to pass to the init command. They are split according to /bin/sh rules with https://github.com/kballard/go-shellquote. |
-| `--cache-repo` | `ENVBUILDER_CACHE_REPO` | | The name of the container registry to push the cache image to. If this is empty, the cache will not be pushed. |
-| `--base-image-cache-dir` | `ENVBUILDER_BASE_IMAGE_CACHE_DIR` | | The path to a directory where the base image can be found. This should be a read-only directory solely mounted for the purpose of caching the base image. |
-| `--layer-cache-dir` | `ENVBUILDER_LAYER_CACHE_DIR` | | The path to a directory where built layers will be stored. This spawns an in-memory registry to serve the layers from. |
-| `--devcontainer-dir` | `ENVBUILDER_DEVCONTAINER_DIR` | | The path to the folder containing the devcontainer.json file that will be used to build the workspace and can either be an absolute path or a path relative to the workspace folder. If not provided, defaults to `.devcontainer`. |
-| `--devcontainer-json-path` | `ENVBUILDER_DEVCONTAINER_JSON_PATH` | | The path to a devcontainer.json file that is either an absolute path or a path relative to DevcontainerDir. This can be used in cases where one wants to substitute an edited devcontainer.json file for the one that exists in the repo. |
-| `--dockerfile-path` | `ENVBUILDER_DOCKERFILE_PATH` | | The relative path to the Dockerfile that will be used to build the workspace. This is an alternative to using a devcontainer that some might find simpler. |
-| `--build-context-path` | `ENVBUILDER_BUILD_CONTEXT_PATH` | | Can be specified when a DockerfilePath is specified outside the base WorkspaceFolder. This path MUST be relative to the WorkspaceFolder path into which the repo is cloned. |
-| `--cache-ttl-days` | `ENVBUILDER_CACHE_TTL_DAYS` | | The number of days to use cached layers before expiring them. Defaults to 7 days. |
-| `--docker-config-base64` | `ENVBUILDER_DOCKER_CONFIG_BASE64` | | The base64 encoded Docker config file that will be used to pull images from private container registries. |
-| `--fallback-image` | `ENVBUILDER_FALLBACK_IMAGE` | | Specifies an alternative image to use when neither an image is declared in the devcontainer.json file nor a Dockerfile is present. If there's a build failure (from a faulty Dockerfile) or a misconfiguration, this image will be the substitute. Set ExitOnBuildFailure to true to halt the container if the build faces an issue. |
-| `--exit-on-build-failure` | `ENVBUILDER_EXIT_ON_BUILD_FAILURE` | | Terminates the container upon a build failure. This is handy when preferring the FALLBACK_IMAGE in cases where no devcontainer.json or image is provided. However, it ensures that the container stops if the build process encounters an error. |
-| `--force-safe` | `ENVBUILDER_FORCE_SAFE` | | Ignores any filesystem safety checks. This could cause serious harm to your system! This is used in cases where bypass is needed to unblock customers. |
-| `--insecure` | `ENVBUILDER_INSECURE` | | Bypass TLS verification when cloning and pulling from container registries. |
-| `--ignore-paths` | `ENVBUILDER_IGNORE_PATHS` | | The comma separated list of paths to ignore when building the workspace. |
-| `--skip-rebuild` | `ENVBUILDER_SKIP_REBUILD` | | Skip building if the MagicFile exists. This is used to skip building when a container is restarting. e.g. docker stop -> docker start This value can always be set to true - even if the container is being started for the first time. |
-| `--git-url` | `ENVBUILDER_GIT_URL` | | The URL of a Git repository containing a Devcontainer or Docker image to clone. This is optional. |
-| `--git-clone-depth` | `ENVBUILDER_GIT_CLONE_DEPTH` | | The depth to use when cloning the Git repository. |
-| `--git-clone-single-branch` | `ENVBUILDER_GIT_CLONE_SINGLE_BRANCH` | | Clone only a single branch of the Git repository. |
-| `--git-username` | `ENVBUILDER_GIT_USERNAME` | | The username to use for Git authentication. This is optional. |
-| `--git-password` | `ENVBUILDER_GIT_PASSWORD` | | The password to use for Git authentication. This is optional. |
-| `--git-ssh-private-key-path` | `ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH` | | Path to an SSH private key to be used for Git authentication. |
-| `--git-http-proxy-url` | `ENVBUILDER_GIT_HTTP_PROXY_URL` | | The URL for the HTTP proxy. This is optional. |
-| `--workspace-folder` | `ENVBUILDER_WORKSPACE_FOLDER` | | The path to the workspace folder that will be built. This is optional. |
-| `--ssl-cert-base64` | `ENVBUILDER_SSL_CERT_BASE64` | | The content of an SSL cert file. This is useful for self-signed certificates. |
-| `--export-env-file` | `ENVBUILDER_EXPORT_ENV_FILE` | | Optional file path to a .env file where envbuilder will dump environment variables from devcontainer.json and the built container image. |
-| `--post-start-script-path` | `ENVBUILDER_POST_START_SCRIPT_PATH` | | The path to a script that will be created by envbuilder based on the postStartCommand in devcontainer.json, if any is specified (otherwise the script is not created). If this is set, the specified InitCommand should check for the presence of this script and execute it after successful startup. |
-| `--coder-agent-url` | `CODER_AGENT_URL` | | URL of the Coder deployment. If CODER_AGENT_TOKEN is also set, logs from envbuilder will be forwarded here and will be visible in the workspace build logs. |
-| `--coder-agent-token` | `CODER_AGENT_TOKEN` | | Authentication token for a Coder agent. If this is set, then CODER_AGENT_URL must also be set. |
-| `--coder-agent-subsystem` | `CODER_AGENT_SUBSYSTEM` | | Coder agent subsystems to report when forwarding logs. The envbuilder subsystem is always included. |
-| `--push-image` | `ENVBUILDER_PUSH_IMAGE` | | Push the built image to a remote registry. This option forces a reproducible build. |
-| `--get-cached-image` | `ENVBUILDER_GET_CACHED_IMAGE` | | Print the digest of the cached image, if available. Exits with an error if not found. |
-
+- `build`: Builds and tags `envbuilder:latest` for your current architecture.
+- `develop`: Runs `envbuilder:latest` against a sample Git repository.
+- `test`: Runs tests.
+- `test-registry`: Stands up a local registry for caching images used in tests.
+- `docs/env-variables.md`: Updated the [environment variables documentation](./docs/env-variables.md).
diff --git a/buildinfo/version.go b/buildinfo/version.go
new file mode 100644
index 00000000..86f35348
--- /dev/null
+++ b/buildinfo/version.go
@@ -0,0 +1,71 @@
+package buildinfo
+
+import (
+ "fmt"
+ "runtime/debug"
+ "sync"
+
+ "golang.org/x/mod/semver"
+)
+
+const (
+ noVersion = "v0.0.0"
+ develPreRelease = "devel"
+)
+
+var (
+ buildInfo *debug.BuildInfo
+ buildInfoValid bool
+ readBuildInfo sync.Once
+
+ version string
+ readVersion sync.Once
+
+ // Injected with ldflags at build time
+ tag string
+)
+
+func revision() (string, bool) {
+ return find("vcs.revision")
+}
+
+func find(key string) (string, bool) {
+ readBuildInfo.Do(func() {
+ buildInfo, buildInfoValid = debug.ReadBuildInfo()
+ })
+ if !buildInfoValid {
+ panic("could not read build info")
+ }
+ for _, setting := range buildInfo.Settings {
+ if setting.Key != key {
+ continue
+ }
+ return setting.Value, true
+ }
+ return "", false
+}
+
+// Version returns the semantic version of the build.
+// Use golang.org/x/mod/semver to compare versions.
+func Version() string {
+ readVersion.Do(func() {
+ revision, valid := revision()
+ if valid {
+ revision = "+" + revision[:7]
+ }
+ if tag == "" {
+ // This occurs when the tag hasn't been injected,
+ // like when using "go run".
+ // -+
+ version = fmt.Sprintf("%s-%s%s", noVersion, develPreRelease, revision)
+ return
+ }
+ version = "v" + tag
+ // The tag must be prefixed with "v" otherwise the
+ // semver library will return an empty string.
+ if semver.Build(version) == "" {
+ version += revision
+ }
+ })
+ return version
+}
diff --git a/cmd/envbuilder/main.go b/cmd/envbuilder/main.go
index aa3b3ec4..91cde8a3 100644
--- a/cmd/envbuilder/main.go
+++ b/cmd/envbuilder/main.go
@@ -1,20 +1,18 @@
package main
import (
- "context"
- "crypto/tls"
"errors"
"fmt"
- "net/http"
"net/url"
"os"
"slices"
"strings"
- "time"
- "cdr.dev/slog"
+ "github.com/coder/envbuilder/options"
+
+ "github.com/coder/coder/v2/codersdk"
"github.com/coder/envbuilder"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/coder/serpent"
// *Never* remove this. Certificates are not bundled as part
@@ -27,64 +25,77 @@ func main() {
cmd := envbuilderCmd()
err := cmd.Invoke().WithOS().Run()
if err != nil {
- fmt.Fprintf(os.Stderr, "error: %v", err)
+ _, _ = fmt.Fprintf(os.Stderr, "error: %v", err)
os.Exit(1)
}
}
func envbuilderCmd() serpent.Command {
- var options envbuilder.Options
+ var o options.Options
cmd := serpent.Command{
Use: "envbuilder",
- Options: options.CLI(),
+ Options: o.CLI(),
Handler: func(inv *serpent.Invocation) error {
- var sendLogs func(ctx context.Context, log ...notcodersdk.Log) error
- if options.CoderAgentToken != "" {
- if options.CoderAgentURL == "" {
+ o.SetDefaults()
+ var preExecs []func()
+ preExec := func() {
+ for _, fn := range preExecs {
+ fn()
+ }
+ preExecs = nil
+ }
+ defer preExec() // Ensure cleanup in case of error.
+
+ o.Logger = log.New(os.Stderr, o.Verbose)
+ if o.CoderAgentURL != "" {
+ if o.CoderAgentToken == "" {
return errors.New("CODER_AGENT_URL must be set if CODER_AGENT_TOKEN is set")
}
- u, err := url.Parse(options.CoderAgentURL)
+ u, err := url.Parse(o.CoderAgentURL)
if err != nil {
return fmt.Errorf("unable to parse CODER_AGENT_URL as URL: %w", err)
}
- client := notcodersdk.New(u)
- client.SetSessionToken(options.CoderAgentToken)
- client.HTTPClient = &http.Client{
- Transport: &http.Transport{
- TLSClientConfig: &tls.Config{
- InsecureSkipVerify: options.Insecure,
- },
- },
+ coderLog, closeLogs, err := log.Coder(inv.Context(), u, o.CoderAgentToken)
+ if err == nil {
+ o.Logger = log.Wrap(o.Logger, coderLog)
+ preExecs = append(preExecs, func() {
+ closeLogs()
+ })
+ // This adds the envbuilder subsystem.
+ // If telemetry is enabled in a Coder deployment,
+ // this will be reported and help us understand
+ // envbuilder usage.
+ if !slices.Contains(o.CoderAgentSubsystem, string(codersdk.AgentSubsystemEnvbuilder)) {
+ o.CoderAgentSubsystem = append(o.CoderAgentSubsystem, string(codersdk.AgentSubsystemEnvbuilder))
+ _ = os.Setenv("CODER_AGENT_SUBSYSTEM", strings.Join(o.CoderAgentSubsystem, ","))
+ }
+ } else {
+ // Failure to log to Coder should cause a fatal error.
+ o.Logger(log.LevelError, "unable to send logs to Coder: %s", err.Error())
}
- var flushAndClose func(ctx context.Context) error
- sendLogs, flushAndClose = notcodersdk.LogsSender(notcodersdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{})
- defer flushAndClose(inv.Context())
+ }
- // This adds the envbuilder subsystem.
- // If telemetry is enabled in a Coder deployment,
- // this will be reported and help us understand
- // envbuilder usage.
- if !slices.Contains(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder)) {
- options.CoderAgentSubsystem = append(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder))
- os.Setenv("CODER_AGENT_SUBSYSTEM", strings.Join(options.CoderAgentSubsystem, ","))
- }
+ if o.GitSSHPrivateKeyPath != "" && o.GitSSHPrivateKeyBase64 != "" {
+ return errors.New("cannot have both GIT_SSH_PRIVATE_KEY_PATH and GIT_SSH_PRIVATE_KEY_BASE64 set")
}
- options.Logger = func(level notcodersdk.LogLevel, format string, args ...interface{}) {
- output := fmt.Sprintf(format, args...)
- fmt.Fprintln(inv.Stderr, output)
- if sendLogs != nil {
- sendLogs(inv.Context(), notcodersdk.Log{
- CreatedAt: time.Now(),
- Output: output,
- Level: level,
- })
+ if o.GetCachedImage {
+ img, err := envbuilder.RunCacheProbe(inv.Context(), o)
+ if err != nil {
+ o.Logger(log.LevelError, "error: %s", err)
+ return err
+ }
+ digest, err := img.Digest()
+ if err != nil {
+ return fmt.Errorf("get cached image digest: %w", err)
}
+ _, _ = fmt.Fprintf(inv.Stdout, "ENVBUILDER_CACHED_IMAGE=%s@%s\n", o.CacheRepo, digest.String())
+ return nil
}
- err := envbuilder.Run(inv.Context(), options)
+ err := envbuilder.Run(inv.Context(), o, preExec)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "error: %s", err)
+ o.Logger(log.LevelError, "error: %s", err)
}
return err
},
diff --git a/cmd/envbuilder/main_test.go b/cmd/envbuilder/main_test.go
deleted file mode 100644
index ed1e0377..00000000
--- a/cmd/envbuilder/main_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package main
-
-import (
- "context"
- "encoding/json"
- "net/http"
- "net/http/httptest"
- "path/filepath"
- "testing"
- "time"
-
- "cdr.dev/slog/sloggers/slogtest"
- "github.com/coder/envbuilder/internal/notcodersdk"
- "github.com/coder/serpent"
- "github.com/google/uuid"
- "github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/require"
-)
-
-func Test_sendLogs(t *testing.T) {
- ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
- defer cancel()
- // Random token for testing log fowarding
- agentToken := uuid.NewString()
-
- // Server to read logs posted by envbuilder. Matched to backlog limit.
- logCh := make(chan notcodersdk.Log, 100)
- logs := make([]notcodersdk.Log, 0)
- go func() {
- for {
- select {
- case <-ctx.Done():
- return
- case log, ok := <-logCh:
- if !ok {
- return
- }
- logs = append(logs, log)
- }
- }
- }()
- logSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if !assert.Equal(t, http.MethodPatch, r.Method) {
- w.WriteHeader(http.StatusMethodNotAllowed)
- return
- }
- assert.Equal(t, agentToken, r.Header.Get(notcodersdk.SessionTokenHeader))
- var res notcodersdk.PatchLogs
- if !assert.NoError(t, json.NewDecoder(r.Body).Decode(&res)) {
- w.WriteHeader(http.StatusInternalServerError)
- return
- }
- if !assert.Equal(t, notcodersdk.ExternalLogSourceID, res.LogSourceID) {
- w.WriteHeader(http.StatusInternalServerError)
- return
- }
- for _, log := range res.Logs {
- logCh <- log
- }
- w.WriteHeader(http.StatusOK)
- }))
-
- // Make an empty working directory
- tmpDir := t.TempDir()
- t.Setenv("ENVBUILDER_DEVCONTAINER_DIR", tmpDir)
- t.Setenv("ENVBUILDER_DOCKERFILE_DIR", filepath.Join(tmpDir, "Dockerfile"))
- t.Setenv("ENVBUILDER_WORKSPACE_FOLDER", tmpDir)
- t.Setenv("CODER_AGENT_TOKEN", agentToken)
- t.Setenv("CODER_AGENT_URL", logSrv.URL)
-
- testLogger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true})
- cmd := envbuilderCmd()
- inv := &serpent.Invocation{
- Command: &cmd,
- Args: []string{},
- Logger: testLogger,
- Environ: serpent.Environ{},
- }
-
- err := inv.WithOS().Run()
- require.ErrorContains(t, err, "no such file or directory")
- require.NotEmpty(t, logs)
- require.Contains(t, logs[len(logs)-1].Output, "no such file or directory")
-}
diff --git a/devcontainer/devcontainer.go b/devcontainer/devcontainer.go
index 7ac8d26d..0bf7cc35 100644
--- a/devcontainer/devcontainer.go
+++ b/devcontainer/devcontainer.go
@@ -15,6 +15,8 @@ import (
"github.com/go-git/go-billy/v5"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/v1/remote"
+ "github.com/moby/buildkit/frontend/dockerfile/instructions"
+ "github.com/moby/buildkit/frontend/dockerfile/parser"
"github.com/moby/buildkit/frontend/dockerfile/shell"
"github.com/tailscale/hujson"
)
@@ -202,16 +204,9 @@ func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir string,
// We should make a best-effort attempt to find the user.
// Features must be executed as root, so we need to swap back
// to the running user afterwards.
- params.User = UserFromDockerfile(params.DockerfileContent)
- }
- if params.User == "" {
- imageRef, err := ImageFromDockerfile(params.DockerfileContent)
+ params.User, err = UserFromDockerfile(params.DockerfileContent)
if err != nil {
- return nil, fmt.Errorf("parse image from dockerfile: %w", err)
- }
- params.User, err = UserFromImage(imageRef)
- if err != nil {
- return nil, fmt.Errorf("get user from image: %w", err)
+ return nil, fmt.Errorf("user from dockerfile: %w", err)
}
}
remoteUser := s.RemoteUser
@@ -313,17 +308,82 @@ func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir
// UserFromDockerfile inspects the contents of a provided Dockerfile
// and returns the user that will be used to run the container.
-func UserFromDockerfile(dockerfileContent string) string {
- lines := strings.Split(dockerfileContent, "\n")
- // Iterate over lines in reverse
- for i := len(lines) - 1; i >= 0; i-- {
- line := lines[i]
- if !strings.HasPrefix(line, "USER ") {
+func UserFromDockerfile(dockerfileContent string) (user string, err error) {
+ res, err := parser.Parse(strings.NewReader(dockerfileContent))
+ if err != nil {
+ return "", fmt.Errorf("parse dockerfile: %w", err)
+ }
+
+ // Parse stages and user commands to determine the relevant user
+ // from the final stage.
+ var (
+ stages []*instructions.Stage
+ stageNames = make(map[string]*instructions.Stage)
+ stageUser = make(map[*instructions.Stage]*instructions.UserCommand)
+ currentStage *instructions.Stage
+ )
+ for _, child := range res.AST.Children {
+ inst, err := instructions.ParseInstruction(child)
+ if err != nil {
+ return "", fmt.Errorf("parse instruction: %w", err)
+ }
+
+ switch i := inst.(type) {
+ case *instructions.Stage:
+ stages = append(stages, i)
+ if i.Name != "" {
+ stageNames[i.Name] = i
+ }
+ currentStage = i
+ case *instructions.UserCommand:
+ if currentStage == nil {
+ continue
+ }
+ stageUser[currentStage] = i
+ }
+ }
+
+ // Iterate over stages in bottom-up order to find the user,
+ // skipping any stages not referenced by the final stage.
+ lookupStage := stages[len(stages)-1]
+ for i := len(stages) - 1; i >= 0; i-- {
+ stage := stages[i]
+ if stage != lookupStage {
continue
}
- return strings.TrimSpace(strings.TrimPrefix(line, "USER "))
+
+ if user, ok := stageUser[stage]; ok {
+ return user.User, nil
+ }
+
+ // If we reach the scratch stage, we can't determine the user.
+ if stage.BaseName == "scratch" {
+ return "", nil
+ }
+
+ // Check if this FROM references another stage.
+ if stage.BaseName != "" {
+ var ok bool
+ lookupStage, ok = stageNames[stage.BaseName]
+ if ok {
+ continue
+ }
+ }
+
+ // If we can't find a user command, try to find the user from
+ // the image.
+ ref, err := name.ParseReference(strings.TrimSpace(stage.BaseName))
+ if err != nil {
+ return "", fmt.Errorf("parse image ref %q: %w", stage.BaseName, err)
+ }
+ user, err := UserFromImage(ref)
+ if err != nil {
+ return "", fmt.Errorf("user from image %s: %w", ref.Name(), err)
+ }
+ return user, nil
}
- return ""
+
+ return "", nil
}
// ImageFromDockerfile inspects the contents of a provided Dockerfile
@@ -340,11 +400,11 @@ func ImageFromDockerfile(dockerfileContent string) (name.Reference, error) {
arg = strings.TrimSpace(arg)
if strings.Contains(arg, "=") {
parts := strings.SplitN(arg, "=", 2)
- key, err := lexer.ProcessWord(parts[0], args)
+ key, _, err := lexer.ProcessWord(parts[0], shell.EnvsFromSlice(args))
if err != nil {
return nil, fmt.Errorf("processing %q: %w", line, err)
}
- val, err := lexer.ProcessWord(parts[1], args)
+ val, _, err := lexer.ProcessWord(parts[1], shell.EnvsFromSlice(args))
if err != nil {
return nil, fmt.Errorf("processing %q: %w", line, err)
}
@@ -361,7 +421,7 @@ func ImageFromDockerfile(dockerfileContent string) (name.Reference, error) {
if imageRef == "" {
return nil, fmt.Errorf("no FROM directive found")
}
- imageRef, err := lexer.ProcessWord(imageRef, args)
+ imageRef, _, err := lexer.ProcessWord(imageRef, shell.EnvsFromSlice(args))
if err != nil {
return nil, fmt.Errorf("processing %q: %w", imageRef, err)
}
diff --git a/devcontainer/devcontainer_test.go b/devcontainer/devcontainer_test.go
index c18c6b73..4a475682 100644
--- a/devcontainer/devcontainer_test.go
+++ b/devcontainer/devcontainer_test.go
@@ -22,7 +22,7 @@ import (
"github.com/stretchr/testify/require"
)
-const magicDir = "/.envbuilder"
+const workingDir = "/.envbuilder"
func stubLookupEnv(string) (string, bool) {
return "", false
@@ -98,7 +98,7 @@ func TestCompileWithFeatures(t *testing.T) {
featureTwoDir := fmt.Sprintf("/.envbuilder/features/two-%x", featureTwoMD5[:4])
t.Run("WithoutBuildContexts", func(t *testing.T) {
- params, err := dc.Compile(fs, "", magicDir, "", "", false, stubLookupEnv)
+ params, err := dc.Compile(fs, "", workingDir, "", "", false, stubLookupEnv)
require.NoError(t, err)
require.Equal(t, `FROM localhost:5000/envbuilder-test-codercom-code-server:latest
@@ -116,7 +116,7 @@ USER 1000`, params.DockerfileContent)
})
t.Run("WithBuildContexts", func(t *testing.T) {
- params, err := dc.Compile(fs, "", magicDir, "", "", true, stubLookupEnv)
+ params, err := dc.Compile(fs, "", workingDir, "", "", true, stubLookupEnv)
require.NoError(t, err)
registryHost := strings.TrimPrefix(registry, "http://")
@@ -155,10 +155,10 @@ func TestCompileDevContainer(t *testing.T) {
dc := &devcontainer.Spec{
Image: "localhost:5000/envbuilder-test-ubuntu:latest",
}
- params, err := dc.Compile(fs, "", magicDir, "", "", false, stubLookupEnv)
+ params, err := dc.Compile(fs, "", workingDir, "", "", false, stubLookupEnv)
require.NoError(t, err)
- require.Equal(t, filepath.Join(magicDir, "Dockerfile"), params.DockerfilePath)
- require.Equal(t, magicDir, params.BuildContext)
+ require.Equal(t, filepath.Join(workingDir, "Dockerfile"), params.DockerfilePath)
+ require.Equal(t, workingDir, params.BuildContext)
})
t.Run("WithBuild", func(t *testing.T) {
t.Parallel()
@@ -181,7 +181,7 @@ func TestCompileDevContainer(t *testing.T) {
_, err = io.WriteString(file, "FROM localhost:5000/envbuilder-test-ubuntu:latest")
require.NoError(t, err)
_ = file.Close()
- params, err := dc.Compile(fs, dcDir, magicDir, "", "/var/workspace", false, stubLookupEnv)
+ params, err := dc.Compile(fs, dcDir, workingDir, "", "/var/workspace", false, stubLookupEnv)
require.NoError(t, err)
require.Equal(t, "ARG1=value1", params.BuildArgs[0])
require.Equal(t, "ARG2=workspace", params.BuildArgs[1])
@@ -190,12 +190,6 @@ func TestCompileDevContainer(t *testing.T) {
})
}
-func TestUserFromDockerfile(t *testing.T) {
- t.Parallel()
- user := devcontainer.UserFromDockerfile("FROM ubuntu\nUSER kyle")
- require.Equal(t, "kyle", user)
-}
-
func TestImageFromDockerfile(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
@@ -224,27 +218,156 @@ func TestImageFromDockerfile(t *testing.T) {
}
}
-func TestUserFromImage(t *testing.T) {
+func TestUserFrom(t *testing.T) {
t.Parallel()
- registry := registrytest.New(t)
- image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
- Config: v1.Config{
- User: "example",
- },
- }})
- require.NoError(t, err)
- parsed, err := url.Parse(registry)
- require.NoError(t, err)
- parsed.Path = "coder/test:latest"
- ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
- require.NoError(t, err)
- err = remote.Write(ref, image)
- require.NoError(t, err)
+ t.Run("Image", func(t *testing.T) {
+ t.Parallel()
+ registry := registrytest.New(t)
+ image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
+ Config: v1.Config{
+ User: "example",
+ },
+ }})
+ require.NoError(t, err)
- user, err := devcontainer.UserFromImage(ref)
- require.NoError(t, err)
- require.Equal(t, "example", user)
+ parsed, err := url.Parse(registry)
+ require.NoError(t, err)
+ parsed.Path = "coder/test:latest"
+ ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
+ require.NoError(t, err)
+ err = remote.Write(ref, image)
+ require.NoError(t, err)
+
+ user, err := devcontainer.UserFromImage(ref)
+ require.NoError(t, err)
+ require.Equal(t, "example", user)
+ })
+
+ t.Run("Dockerfile", func(t *testing.T) {
+ t.Parallel()
+ tests := []struct {
+ name string
+ content string
+ user string
+ }{
+ {
+ name: "Empty",
+ content: "FROM scratch",
+ user: "",
+ },
+ {
+ name: "User",
+ content: "FROM scratch\nUSER kyle",
+ user: "kyle",
+ },
+ {
+ name: "Env with default",
+ content: "FROM scratch\nENV MYUSER=maf\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ {
+ name: "Env var with default",
+ content: "FROM scratch\nUSER ${MYUSER:-maf}",
+ user: "${MYUSER:-maf}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ {
+ name: "Arg",
+ content: "FROM scratch\nARG MYUSER\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "" or populated but the current implementation doesn't support this.
+ },
+ {
+ name: "Arg with default",
+ content: "FROM scratch\nARG MYUSER=maf\nUSER ${MYUSER}",
+ user: "${MYUSER}", // This should be "maf" but the current implementation doesn't support this.
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+ user, err := devcontainer.UserFromDockerfile(tt.content)
+ require.NoError(t, err)
+ require.Equal(t, tt.user, user)
+ })
+ }
+ })
+
+ t.Run("Multi-stage", func(t *testing.T) {
+ t.Parallel()
+
+ registry := registrytest.New(t)
+ for tag, user := range map[string]string{
+ "one": "maf",
+ "two": "fam",
+ } {
+ image, err := partial.UncompressedToImage(emptyImage{configFile: &v1.ConfigFile{
+ Config: v1.Config{
+ User: user,
+ },
+ }})
+ require.NoError(t, err)
+ parsed, err := url.Parse(registry)
+ require.NoError(t, err)
+ parsed.Path = "coder/test:" + tag
+ ref, err := name.ParseReference(strings.TrimPrefix(parsed.String(), "http://"))
+ fmt.Println(ref)
+ require.NoError(t, err)
+ err = remote.Write(ref, image)
+ require.NoError(t, err)
+ }
+
+ tests := []struct {
+ name string
+ images map[string]string
+ content string
+ user string
+ }{
+ {
+ name: "Single",
+ content: "FROM coder/test:one",
+ user: "maf",
+ },
+ {
+ name: "Multi",
+ content: "FROM ubuntu AS u\nFROM coder/test:two",
+ user: "fam",
+ },
+ {
+ name: "Multi-2",
+ content: "FROM coder/test:two AS two\nUSER maffam\nFROM coder/test:one AS one",
+ user: "maf",
+ },
+ {
+ name: "Multi-3",
+ content: "FROM coder/test:two AS two\nFROM coder/test:one AS one\nUSER fammaf",
+ user: "fammaf",
+ },
+ {
+ name: "Multi-4",
+ content: `FROM ubuntu AS a
+USER root
+RUN useradd --create-home pickme
+USER pickme
+FROM a AS other
+USER root
+RUN useradd --create-home notme
+USER notme
+FROM a`,
+ user: "pickme",
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+
+ content := strings.ReplaceAll(tt.content, "coder/test", strings.TrimPrefix(registry, "http://")+"/coder/test")
+
+ user, err := devcontainer.UserFromDockerfile(content)
+ require.NoError(t, err)
+ require.Equal(t, tt.user, user)
+ })
+ }
+ })
}
type emptyImage struct {
diff --git a/docs/build-secrets.md b/docs/build-secrets.md
new file mode 100644
index 00000000..00c38c7c
--- /dev/null
+++ b/docs/build-secrets.md
@@ -0,0 +1,165 @@
+# Build Secrets
+
+Envbuilder supports [build secrets](https://docs.docker.com/reference/dockerfile/#run---mounttypesecret). Build secrets are useful when you need to use sensitive information during the image build process and:
+* the secrets should not be present in the built image.
+* the secrets should not be accessible in the container after its build has concluded.
+
+If your Dockerfile contains directives of the form `RUN --mount=type=secret,...`, Envbuilder will attempt to mount build secrets as specified in the directive. Unlike the `docker build` command, Envbuilder does not support the `--secret` flag. Instead, Envbuilder collects build secrets from the `ENVBUILDER_BUILD_SECRETS` environment variable. These build secrets will not be present in any cached layers or images that are pushed to an image repository. Nor will they be available at run time.
+
+## Example
+
+To illustrate build secrets in Envbuilder, let's build, push and run a container locally. These concepts will transfer to Kubernetes or other containerised environments. Note that this example is for illustrative purposes only and is not fit for production use. Production considerations are discussed in the next section.
+
+First, start a local docker registry, so that we can push and inspect the built image:
+```bash
+docker run --rm -d -p 5000:5000 --name envbuilder-registry registry:2
+```
+
+Then, prepare the files to build our container.
+```bash
+mkdir test-build-secrets
+cd test-build-secrets
+cat << EOF > Dockerfile
+FROM alpine:latest
+
+RUN --mount=type=secret,id=TEST_BUILD_SECRET_A,env=TEST_BUILD_SECRET_A echo -n \$TEST_BUILD_SECRET_A | sha256sum > /foo_secret_hash.txt
+RUN --mount=type=secret,id=TEST_BUILD_SECRET_B,dst=/tmp/bar.secret cat /tmp/bar.secret | sha256sum > /bar_secret_hash.txt
+EOF
+cat << EOF > devcontainer.json
+{
+ "build": {
+ "dockerfile": "Dockerfile"
+ }
+}
+EOF
+echo 'runtime-secret-a' > runtime-secret.txt
+```
+
+The Dockerfile requires two build secrets: `TEST_BUILD_SECRET_A` and `TEST_BUILD_SECRET_B`. Their values are arbitrarily set to `secret-foo` and `secret-bar` by the command below. Building the container image writes the checksums for these secrets to disk. This illustrates that the secrets can be used in the build to enact side effects without exposing the secrets themselves.
+
+Execute the build using this command:
+```bash
+docker run -it --rm \
+ -e ENVBUILDER_BUILD_SECRETS='TEST_BUILD_SECRET_A=secret-foo,TEST_BUILD_SECRET_B=secret-bar' \
+ -e ENVBUILDER_INIT_SCRIPT='/bin/sh' \
+ -e ENVBUILDER_CACHE_REPO=$(docker inspect envbuilder-registry | jq -r '.[].NetworkSettings.IPAddress'):5000/test-container \
+ -e ENVBUILDER_PUSH_IMAGE=1 \
+ -v $PWD:/workspaces/empty \
+ -v $PWD/runtime-secret.txt:/runtime-secret.txt \
+ ghcr.io/coder/envbuilder:latest
+```
+
+This will result in a shell session inside the built container.
+You can now verify three things:
+
+Firstly, the secrets provided to build are not available once the container is running. They are no longer on disk, nor are they in the process environment, or in `/proc/self/environ`:
+```bash
+cat /proc/self/environ | tr '\0' '\n'
+printenv
+```
+Expected output:
+```bash
+/workspaces/empty # cat /proc/self/environ | tr '\0' '\n'
+HOSTNAME=c0b0ee3d5564
+SHLVL=2
+HOME=/root
+TERM=xterm
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+DEVCONTAINER_CONFIG=/workspaces/empty/devcontainer.json
+ENVBUILDER=true
+TS_DEBUG_TRIM_WIREGUARD=false
+PWD=/workspaces/empty
+DEVCONTAINER=true
+/workspaces/empty # printenv
+HOSTNAME=c0b0ee3d5564
+SHLVL=2
+HOME=/root
+TERM=xterm
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+DEVCONTAINER_CONFIG=/workspaces/empty/devcontainer.json
+ENVBUILDER=true
+TS_DEBUG_TRIM_WIREGUARD=false
+PWD=/workspaces/empty
+DEVCONTAINER=true
+/workspaces/empty #
+```
+
+Secondly, the secrets were still useful during the build. The following commands show that the secrets had side effects inside the build, without remaining in the image:
+```bash
+echo -n "secret-foo" | sha256sum
+cat /foo_secret_hash.txt
+echo -n "secret-bar" | sha256sum
+cat /bar_secret_hash.txt
+```
+
+Notice that the first two checksums match and that the last two checksums match. Expected output:
+```
+/workspaces/empty # echo -n "secret-foo" | sha256sum
+9a888f08a057159d2ea8fb69d38c9a25e367d7ca3128035b7f6dee2ca988c3d8 -
+/workspaces/empty # cat /foo_secret_hash.txt
+9a888f08a057159d2ea8fb69d38c9a25e367d7ca3128035b7f6dee2ca988c3d8 -
+/workspaces/empty # echo -n "secret-bar" | sha256sum
+fb1c9d1220e429b30c60d028b882f735b5af72d7b5496d9202737fe9f1d38289 -
+/workspaces/empty # cat /bar_secret_hash.txt
+fb1c9d1220e429b30c60d028b882f735b5af72d7b5496d9202737fe9f1d38289 -
+/workspaces/empty #
+```
+
+Thirdly, the runtime secret that was mounted as a volume is still mounted into the container and accessible. This is why volumes are inappropriate analogues to native docker build secrets. However, notice further down that this runtime secret volume's contents are not present in the built image. It is therefore safe to mount a volume into envbuilder for use during runtime without fear that it will be present in the image that envbuilder builds.
+
+Finally, exit the container:
+```bash
+exit
+```
+
+### Verifying that images are secret free
+To verify that the built image doesn't contain build secrets, run the following:
+
+```bash
+docker pull localhost:5000/test-container:latest
+docker save -o test-container.tar localhost:5000/test-container
+mkdir -p test-container
+tar -xf test-container.tar -C test-container/
+cd test-container
+# Scan image layers for secrets:
+find . -type f | xargs tar -xOf 2>/dev/null | strings | grep -rn "secret-foo"
+find . -type f | xargs tar -xOf 2>/dev/null | strings | grep -rn "secret-bar"
+find . -type f | xargs tar -xOf 2>/dev/null | strings | grep -rn "runtime-secret"
+# Scan image manifests for secrets:
+find . -type f | xargs -n1 grep -rnI 'secret-foo'
+find . -type f | xargs -n1 grep -rnI 'secret-bar'
+find . -type f | xargs -n1 grep -rnI 'runtime-secret'
+cd ../
+```
+
+The output of all find/grep commands should be empty.
+To verify that it scans correctly, replace "secret-foo" with "envbuilder" and rerun the commands. It should find strings related to Envbuilder that are not secrets.
+
+### Cleanup
+
+Having verified that no secrets were included in the image, we can now delete the artifacts that we saved to disk and remove the containers.
+```bash
+cd ../
+rm -r test-build-secrets
+docker stop envbuilder-registry
+```
+
+## Security and Production Use
+The example above ignores various security concerns for the sake of simple illustration. To use build secrets securely, consider these factors:
+
+### Build Secret Purpose and Management
+Build secrets are meant for use cases where the secret should not be accessible from the built image, nor from the running container. If you need the secret at runtime, use a volume instead. Volumes that are mounted into a container will not be included in the final image, but still be available at runtime.
+
+Build secrets are only protected if they are not copied or moved from their location as designated in the `RUN` directive. If a build secret is used, care should be taken to ensure that it is not copied or otherwise persisted into an image layer beyond the control of Envbuilder.
+
+### Who should be able to access build secrets, when and where?
+Anyone with sufficient access to attach directly to the container (eg. using `kubectl`), will be able to read build secrets if they attach to the container before it has concluded its build. Anyone with sufficient access to the platform that hosts the Envbuilder container will also be able to read these build secrets from where the platform stores them. This is true for other build systems, and containerised software in general.
+
+The secure way to use build secrets with Envbuilder is to deny users access to the platform that hosts Envbuilder. Only grant access to the Envbuilder container once it has concluded its build, using a trusted non-platform channel like ssh or the coder agent running inside the container. Once control has been handed to such a runtime container process, Envbuilder will have cleared all secrets that it set from the container.
+
+If secrets should be accessible at runtime, do not use build secrets. Rather, mount the secret data using a volume or environment variable. Envbuilder will not include mounted volumes in the image that it pushes to any cache repositories, but they will still be available to users that connect to the container.
+
+### Container Management beyond Envbuilder's control
+Container orchestration systems mount certain artifacts into containers for various reasons. It is possible that some of these might grant indirect access to build secrets. Consider kubernetes. It will mount a service account token into running containers. Depending on the access granted to this service account token, it may be possible to read build secrets and other sensitive data using the kubernetes API. This should not be possible by default, but Envbuilder cannot provide such a guarantee.
+
+When building a system that uses Envbuilder, ensure that your platform does not expose unintended secret information to the container.
\ No newline at end of file
diff --git a/docs/caching.md b/docs/caching.md
new file mode 100644
index 00000000..5963083e
--- /dev/null
+++ b/docs/caching.md
@@ -0,0 +1,65 @@
+# Layer Caching
+
+Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable.
+
+```bash
+ENVBUILDER_CACHE_REPO=ghcr.io/coder/repo-cache
+```
+
+To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`:
+
+```bash
+docker run -it --rm \
+ -v /tmp/envbuilder-cache:/cache \
+ -e ENVBUILDER_LAYER_CACHE_DIR=/cache
+ ...
+```
+
+Each layer is stored in the registry as a separate image. The image tag is the hash of the layer's contents. The image digest is the hash of the image tag. The image digest is used to pull the layer from the registry.
+
+The performance improvement of builds depends on the complexity of your
+Dockerfile. For
+[`coder/coder`](https://github.com/coder/coder/blob/main/dogfood/contents/Dockerfile),
+uncached builds take 36m while cached builds take 40s (~98% improvement).
+
+# Pushing the built image
+
+Set `ENVBUILDER_PUSH_IMAGE=1` to push the entire image to the cache repo
+in addition to individual layers. `ENVBUILDER_CACHE_REPO` **must** be set in
+order for this to work.
+
+> **Note:** this option forces Envbuilder to perform a "reproducible" build.
+> This will force timestamps for all newly added files to be set to the start of the UNIX epoch.
+
+# Probe Layer Cache
+
+To check for the presence of a pre-built image, set
+`ENVBUILDER_GET_CACHED_IMAGE=1`. Instead of building the image, this will
+perform a "dry-run" build of the image, consulting `ENVBUILDER_CACHE_REPO` for
+each layer.
+
+If any layer is found not to be present in the cache repo, envbuilder
+will exit with an error. Otherwise, the image will be emitted in the log output prefixed with the string
+`ENVBUILDER_CACHED_IMAGE=...`.
+
+# Image Caching
+
+When the base container is large, it can take a long time to pull the image from the registry. You can pre-pull the image into a read-only volume and mount it into the container to speed up builds.
+
+```bash
+# Pull your base image from the registry to a local directory.
+docker run --rm \
+ -v /tmp/kaniko-cache:/cache \
+ gcr.io/kaniko-project/warmer:latest \
+ --cache-dir=/cache \
+ --image=
+
+# Run envbuilder with the local image cache.
+docker run -it --rm \
+ -v /tmp/kaniko-cache:/image-cache:ro \
+ -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache
+```
+
+In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).
+
+A sample script to pre-fetch a number of images can be viewed [here](./examples/kaniko-cache-warmer.sh). This can be run, for example, as a cron job to periodically fetch the latest versions of a number of base images.
diff --git a/docs/container-registry-auth.md b/docs/container-registry-auth.md
new file mode 100644
index 00000000..f14a66d4
--- /dev/null
+++ b/docs/container-registry-auth.md
@@ -0,0 +1,87 @@
+# Container Registry Authentication
+
+envbuilder uses Kaniko to build containers. You should [follow their instructions](https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries) to create an authentication configuration.
+
+After you have a configuration that resembles the following:
+
+```json
+{
+ "auths": {
+ "https://index.docker.io/v1/": {
+ "auth": "base64-encoded-username-and-password"
+ }
+ }
+}
+```
+
+`base64` encode the JSON and provide it to envbuilder as the
+`ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable.
+
+Alternatively, the configuration file can be placed in `/.envbuilder/config.json`.
+The `DOCKER_CONFIG` environment variable can be used to define a custom path. The
+path must either be the path to a directory containing `config.json` or the full
+path to the JSON file itself.
+
+> [!NOTE] Providing the docker configuration through other means than the
+> `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable will leave the
+> configuration file in the container filesystem. This may be a security risk.
+
+When running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and
+pass it into the pod as a volume mount. This example will work for all registries.
+
+```shell
+# Artifactory example
+kubectl create secret docker-registry regcred \
+ --docker-server=my-artifactory.jfrog.io \
+ --docker-username=read-only \
+ --docker-password=secret-pass \
+ --docker-email=me@example.com \
+ -n coder
+```
+
+```hcl
+resource "kubernetes_deployment" "example" {
+ metadata {
+ namespace = coder
+ }
+ spec {
+ spec {
+ container {
+ # Define the volumeMount with the pull credentials
+ volume_mount {
+ name = "docker-config-volume"
+ mount_path = "/.envbuilder/config.json"
+ sub_path = ".dockerconfigjson"
+ }
+ }
+ # Define the volume which maps to the pull credentials
+ volume {
+ name = "docker-config-volume"
+ secret {
+ secret_name = "regcred"
+ }
+ }
+ }
+ }
+}
+```
+
+## Docker Hub
+
+Authenticate with `docker login` to generate `~/.docker/config.json`. Encode this file using the `base64` command:
+
+```bash
+$ base64 -w0 ~/.docker/config.json
+ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
+```
+
+Provide the encoded JSON config to envbuilder:
+
+```env
+ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo=
+```
+
+## Docker-in-Docker
+
+See [here](./docs/docker.md) for instructions on running Docker containers inside
+environments built by Envbuilder.
diff --git a/docs/devcontainer-spec-support.md b/docs/devcontainer-spec-support.md
new file mode 100644
index 00000000..dd8bf0ff
--- /dev/null
+++ b/docs/devcontainer-spec-support.md
@@ -0,0 +1,123 @@
+# Support for Dev Container Specification
+
+> Refer to the full Dev Container specification [here](https://containers.dev/implementors/json_reference/) for more information on the below options.
+
+The symbols in the first column indicate the support status:
+
+- 🟢 Fully supported.
+- 🟠 Partially supported.
+- 🔴 Not currently supported.
+
+The last column indicates any currently existing GitHub issue for tracking support for this feature.
+Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you'd like Envbuilder to support a particular feature.
+
+## General
+
+| Status | Name | Description | Known Issues |
+| ------ | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ |
+| 🔴 | `name` | Human-friendly name for the dev container. | - |
+| 🔴 | `forwardPorts` | Port forwarding allows exposing container ports to the host, making services accessible. | [#48](https://github.com/coder/envbuilder/issues/48) |
+| 🔴 | `portsAttributes` | Set port attributes for a `host:port`. | - |
+| 🔴 | `otherPortsAttributes` | Other options for ports not configured using `portsAttributes`. | - |
+| 🟢 | `containerEnv` | Environment variables to set inside the container. | - |
+| 🟢 | `remoteEnv` | Override environment variables for tools, but not the whole container. | - |
+| 🟢\* | `remoteUser` | Override the user for tools, but not the whole container. /devcontainer.json.
- devcontainerDir := filepath.Join(options.WorkspaceFolder, ".devcontainer")
+ // 3. Check every folder: `workspaceFolder`/.devcontainer//devcontainer.json.
+ devcontainerDir := filepath.Join(workspaceFolder, ".devcontainer")
fileInfos, err := options.Filesystem.ReadDir(devcontainerDir)
if err != nil {
@@ -1173,13 +1541,13 @@ func findDevcontainerJSON(options Options) (string, string, error) {
for _, fileInfo := range fileInfos {
if !fileInfo.IsDir() {
- options.Logger(notcodersdk.LogLevelDebug, `%s is a file`, fileInfo.Name())
+ options.Logger(log.LevelDebug, `%s is a file`, fileInfo.Name())
continue
}
location := filepath.Join(devcontainerDir, fileInfo.Name(), "devcontainer.json")
if _, err := options.Filesystem.Stat(location); err != nil {
- options.Logger(notcodersdk.LogLevelDebug, `stat %s failed: %s`, location, err.Error())
+ options.Logger(log.LevelDebug, `stat %s failed: %s`, location, err.Error())
continue
}
@@ -1191,41 +1559,339 @@ func findDevcontainerJSON(options Options) (string, string, error) {
// maybeDeleteFilesystem wraps util.DeleteFilesystem with a guard to hopefully stop
// folks from unwittingly deleting their entire root directory.
-func maybeDeleteFilesystem(log LoggerFunc, force bool) error {
+func maybeDeleteFilesystem(logger log.Func, force bool) error {
+ // We always expect the magic directory to be set to the default, signifying that
+ // the user is running envbuilder in a container.
+ // If this is set to anything else we should bail out to prevent accidental data loss.
+ // defaultWorkingDir := workingdir.WorkingDir("")
kanikoDir, ok := os.LookupEnv("KANIKO_DIR")
- if !ok || strings.TrimSpace(kanikoDir) != MagicDir {
- if force {
- bailoutSecs := 10
- log(notcodersdk.LogLevelWarn, "WARNING! BYPASSING SAFETY CHECK! THIS WILL DELETE YOUR ROOT FILESYSTEM!")
- log(notcodersdk.LogLevelWarn, "You have %d seconds to bail out!", bailoutSecs)
- for i := bailoutSecs; i > 0; i-- {
- log(notcodersdk.LogLevelWarn, "%d...", i)
- <-time.After(time.Second)
- }
- } else {
- log(notcodersdk.LogLevelError, "KANIKO_DIR is not set to %s. Bailing!\n", MagicDir)
- log(notcodersdk.LogLevelError, "To bypass this check, set FORCE_SAFE=true.")
+ if !ok || strings.TrimSpace(kanikoDir) != workingdir.Default.Path() {
+ if !force {
+ logger(log.LevelError, "KANIKO_DIR is not set to %s. Bailing!\n", workingdir.Default.Path())
+ logger(log.LevelError, "To bypass this check, set FORCE_SAFE=true.")
return errors.New("safety check failed")
}
+ bailoutSecs := 10
+ logger(log.LevelWarn, "WARNING! BYPASSING SAFETY CHECK! THIS WILL DELETE YOUR ROOT FILESYSTEM!")
+ logger(log.LevelWarn, "You have %d seconds to bail out!", bailoutSecs)
+ for i := bailoutSecs; i > 0; i-- {
+ logger(log.LevelWarn, "%d...", i)
+ <-time.After(time.Second)
+ }
}
return util.DeleteFilesystem()
}
-func copyFile(src, dst string) error {
- content, err := os.ReadFile(src)
+func fileExists(fs billy.Filesystem, path string) bool {
+ fi, err := fs.Stat(path)
+ return err == nil && !fi.IsDir()
+}
+
+func readFile(fs billy.Filesystem, name string) ([]byte, error) {
+ f, err := fs.Open(name)
+ if err != nil {
+ return nil, fmt.Errorf("open file: %w", err)
+ }
+ defer f.Close()
+
+ b, err := io.ReadAll(f)
+ if err != nil {
+ return nil, fmt.Errorf("read file: %w", err)
+ }
+ return b, nil
+}
+
+func copyFile(fs billy.Filesystem, src, dst string, mode fs.FileMode) error {
+ srcF, err := fs.Open(src)
+ if err != nil {
+ return fmt.Errorf("open src file: %w", err)
+ }
+ defer srcF.Close()
+
+ err = fs.MkdirAll(filepath.Dir(dst), mode)
+ if err != nil {
+ return fmt.Errorf("create destination dir failed: %w", err)
+ }
+
+ dstF, err := fs.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, mode)
+ if err != nil {
+ return fmt.Errorf("open dest file for writing: %w", err)
+ }
+ defer dstF.Close()
+
+ if _, err := io.Copy(dstF, srcF); err != nil {
+ return fmt.Errorf("copy failed: %w", err)
+ }
+ return nil
+}
+
+func writeFile(fs billy.Filesystem, name string, data []byte, perm fs.FileMode) error {
+ f, err := fs.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, perm)
+ if err != nil {
+ return fmt.Errorf("create file: %w", err)
+ }
+ _, err = f.Write(data)
+ if err != nil {
+ err = fmt.Errorf("write file: %w", err)
+ }
+ if err2 := f.Close(); err2 != nil && err == nil {
+ err = fmt.Errorf("close file: %w", err2)
+ }
+ return err
+}
+
+func writeMagicImageFile(fs billy.Filesystem, path string, v any) error {
+ file, err := fs.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+ if err != nil {
+ return fmt.Errorf("create magic image file: %w", err)
+ }
+ defer file.Close()
+
+ enc := json.NewEncoder(file)
+ enc.SetIndent("", " ")
+ if err := enc.Encode(v); err != nil {
+ return fmt.Errorf("encode magic image file: %w", err)
+ }
+
+ return nil
+}
+
+func parseMagicImageFile(fs billy.Filesystem, path string, v any) error {
+ file, err := fs.Open(path)
+ if err != nil {
+ return fmt.Errorf("open magic image file: %w", err)
+ }
+ defer file.Close()
+
+ dec := json.NewDecoder(file)
+ dec.DisallowUnknownFields()
+ if err := dec.Decode(v); err != nil {
+ return fmt.Errorf("decode magic image file: %w", err)
+ }
+
+ return nil
+}
+
+const (
+ dockerConfigFile = dockerconfig.ConfigFileName
+ dockerConfigEnvKey = dockerconfig.EnvOverrideConfigDir
+)
+
+// initDockerConfigOverride sets the DOCKER_CONFIG environment variable
+// to a path within the working directory. If a base64 encoded Docker
+// config is provided, it is written to the path/config.json and the
+// DOCKER_CONFIG environment variable is set to the path. If no base64
+// encoded Docker config is provided, the following paths are checked in
+// order:
+//
+// 1. $DOCKER_CONFIG/config.json
+// 2. $DOCKER_CONFIG
+// 3. /.envbuilder/config.json
+//
+// If a Docker config file is found, its path is set as DOCKER_CONFIG.
+func initDockerConfigOverride(bfs billy.Filesystem, logf log.Func, workingDir workingdir.WorkingDir, dockerConfigBase64 string) (func() error, error) {
+ // If dockerConfigBase64 is set, it will have priority over file
+ // detection.
+ var dockerConfigJSON []byte
+ var err error
+ if dockerConfigBase64 != "" {
+ logf(log.LevelInfo, "Using base64 encoded Docker config")
+
+ dockerConfigJSON, err = base64.StdEncoding.DecodeString(dockerConfigBase64)
+ if err != nil {
+ return nil, fmt.Errorf("decode docker config: %w", err)
+ }
+ }
+
+ oldDockerConfig := os.Getenv(dockerConfigEnvKey)
+ var oldDockerConfigFile string
+ if oldDockerConfig != "" {
+ oldDockerConfigFile = filepath.Join(oldDockerConfig, dockerConfigFile)
+ }
+ for _, path := range []string{
+ oldDockerConfigFile, // $DOCKER_CONFIG/config.json
+ oldDockerConfig, // $DOCKER_CONFIG
+ workingDir.Join(dockerConfigFile), // /.envbuilder/config.json
+ } {
+ if path == "" || !fileExists(bfs, path) {
+ continue
+ }
+
+ logf(log.LevelWarn, "Found Docker config at %s, this file will remain after the build", path)
+
+ if dockerConfigJSON == nil {
+ logf(log.LevelInfo, "Using Docker config at %s", path)
+
+ dockerConfigJSON, err = readFile(bfs, path)
+ if err != nil {
+ return nil, fmt.Errorf("read docker config: %w", err)
+ }
+ } else {
+ logf(log.LevelWarn, "Ignoring Docker config at %s, using base64 encoded Docker config instead", path)
+ }
+ break
+ }
+
+ if dockerConfigJSON == nil {
+ // No user-provided config available.
+ return func() error { return nil }, nil
+ }
+
+ dockerConfigJSON, err = hujson.Standardize(dockerConfigJSON)
+ if err != nil {
+ return nil, fmt.Errorf("humanize json for docker config: %w", err)
+ }
+
+ if err = logDockerAuthConfigs(logf, dockerConfigJSON); err != nil {
+ return nil, fmt.Errorf("log docker auth configs: %w", err)
+ }
+
+ // We're going to set the DOCKER_CONFIG environment variable to a
+ // path within the working directory so that Kaniko can pick it up.
+ // A user should not mount a file directly to this path as we will
+ // write to the file.
+ newDockerConfig := workingDir.Join(".docker")
+ newDockerConfigFile := filepath.Join(newDockerConfig, dockerConfigFile)
+ err = bfs.MkdirAll(newDockerConfig, 0o700)
+ if err != nil {
+ return nil, fmt.Errorf("create docker config dir: %w", err)
+ }
+
+ if fileExists(bfs, newDockerConfigFile) {
+ return nil, fmt.Errorf("unable to write Docker config file, file already exists: %s", newDockerConfigFile)
+ }
+
+ restoreEnv, err := setAndRestoreEnv(logf, dockerConfigEnvKey, newDockerConfig)
if err != nil {
- return xerrors.Errorf("read file failed: %w", err)
+ return nil, fmt.Errorf("set docker config override: %w", err)
}
- err = os.MkdirAll(filepath.Dir(dst), 0o755)
+ err = writeFile(bfs, newDockerConfigFile, dockerConfigJSON, 0o600)
if err != nil {
- return xerrors.Errorf("mkdir all failed: %w", err)
+ _ = restoreEnv() // Best effort.
+ return nil, fmt.Errorf("write docker config: %w", err)
}
+ logf(log.LevelInfo, "Wrote Docker config JSON to %s", newDockerConfigFile)
+
+ cleanupFile := onceErrFunc(func() error {
+ // Remove the Docker config secret file!
+ if err := bfs.Remove(newDockerConfigFile); err != nil {
+ logf(log.LevelError, "Failed to remove the Docker config secret file: %s", err)
+ return fmt.Errorf("remove docker config: %w", err)
+ }
+ return nil
+ })
+ return func() error { return errors.Join(cleanupFile(), restoreEnv()) }, nil
+}
- err = os.WriteFile(dst, content, 0o644)
+func logDockerAuthConfigs(logf log.Func, dockerConfigJSON []byte) error {
+ dc := new(DockerConfig)
+ err := dc.LoadFromReader(bytes.NewReader(dockerConfigJSON))
if err != nil {
- return xerrors.Errorf("write file failed: %w", err)
+ return fmt.Errorf("load docker config: %w", err)
+ }
+ for k := range dc.AuthConfigs {
+ logf(log.LevelInfo, "Docker config contains auth for registry %q", k)
}
return nil
}
+
+func setAndRestoreEnv(logf log.Func, key, value string) (restore func() error, err error) {
+ old := os.Getenv(key)
+ err = os.Setenv(key, value)
+ if err != nil {
+ logf(log.LevelError, "Failed to set %s: %s", key, err)
+ return nil, fmt.Errorf("set %s: %w", key, err)
+ }
+ logf(log.LevelInfo, "Set %s to %s", key, value)
+ return onceErrFunc(func() error {
+ if err := func() error {
+ if old == "" {
+ return os.Unsetenv(key)
+ }
+ return os.Setenv(key, old)
+ }(); err != nil {
+ return fmt.Errorf("restore %s: %w", key, err)
+ }
+ logf(log.LevelInfo, "Restored %s to %s", key, old)
+ return nil
+ }), nil
+}
+
+func onceErrFunc(f func() error) func() error {
+ var once sync.Once
+ return func() error {
+ var err error
+ once.Do(func() {
+ err = f()
+ })
+ return err
+ }
+}
+
+type writeLogger struct {
+ logf log.Func
+ level log.Level
+}
+
+func newWriteLogger(logf log.Func, level log.Level) io.Writer {
+ return writeLogger{logf: logf, level: level}
+}
+
+func (l writeLogger) Write(p []byte) (n int, err error) {
+ lines := bytes.Split(p, []byte("\n"))
+ for _, line := range lines {
+ l.logf(l.level, "%s", line)
+ }
+ return len(p), nil
+}
+
+// Allows quick testing of layer caching using a local directory!
+func serveLocalRegistry(ctx context.Context, logf log.Func, layerCacheDir string) (string, func(), error) {
+ noop := func() {}
+ if layerCacheDir == "" {
+ return "", noop, nil
+ }
+ cfg := &configuration.Configuration{
+ Storage: configuration.Storage{
+ "filesystem": configuration.Parameters{
+ "rootdirectory": layerCacheDir,
+ },
+ },
+ }
+ cfg.Log.Level = "error"
+
+ // Spawn an in-memory registry to cache built layers...
+ registry := handlers.NewApp(ctx, cfg)
+
+ listener, err := net.Listen("tcp", "127.0.0.1:0")
+ if err != nil {
+ return "", nil, fmt.Errorf("start listener for in-memory registry: %w", err)
+ }
+ tcpAddr, ok := listener.Addr().(*net.TCPAddr)
+ if !ok {
+ return "", noop, fmt.Errorf("listener addr was of wrong type: %T", listener.Addr())
+ }
+ srv := &http.Server{
+ Handler: registry,
+ }
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ err := srv.Serve(listener)
+ if err != nil && !errors.Is(err, http.ErrServerClosed) {
+ logf(log.LevelError, "Failed to serve registry: %s", err.Error())
+ }
+ }()
+ var closeOnce sync.Once
+ closer := func() {
+ closeOnce.Do(func() {
+ _ = srv.Close()
+ _ = listener.Close()
+ <-done
+ })
+ }
+ addr := fmt.Sprintf("localhost:%d/local/cache", tcpAddr.Port)
+ return addr, closer, nil
+}
diff --git a/envbuilder_internal_test.go b/envbuilder_internal_test.go
index 6ca5fc12..eb756071 100644
--- a/envbuilder_internal_test.go
+++ b/envbuilder_internal_test.go
@@ -3,6 +3,8 @@ package envbuilder
import (
"testing"
+ "github.com/coder/envbuilder/options"
+
"github.com/go-git/go-billy/v5/memfs"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -11,144 +13,169 @@ import (
func TestFindDevcontainerJSON(t *testing.T) {
t.Parallel()
- t.Run("empty filesystem", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
-
- // when
- _, _, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.Error(t, err)
- })
-
- t.Run("devcontainer.json is missing", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
-
- // when
- _, _, err = findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.Error(t, err)
- })
-
- t.Run("default configuration", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer", devcontainerDir)
- })
-
- t.Run("overridden .devcontainer directory", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/experimental-devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/experimental-devcontainer/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- DevcontainerDir: "experimental-devcontainer",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/experimental-devcontainer/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/experimental-devcontainer", devcontainerDir)
- })
-
- t.Run("overridden devcontainer.json path", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/experimental.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- DevcontainerJSONPath: "experimental.json",
+ defaultWorkspaceFolder := "/workspace"
+
+ for _, tt := range []struct {
+ name string
+ workspaceFolder string
+ }{
+ {
+ name: "Default",
+ workspaceFolder: defaultWorkspaceFolder,
+ },
+ {
+ name: "RepoMode",
+ workspaceFolder: "/.envbuilder/repo",
+ },
+ } {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+
+ t.Run("empty filesystem", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+
+ // when
+ _, _, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.Error(t, err)
+ })
+
+ t.Run("devcontainer.json is missing", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+
+ // when
+ _, _, err = findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.Error(t, err)
+ })
+
+ t.Run("default configuration", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer", devcontainerDir)
+ })
+
+ t.Run("overridden .devcontainer directory", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/experimental-devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/experimental-devcontainer/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ DevcontainerDir: "experimental-devcontainer",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/experimental-devcontainer/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/experimental-devcontainer", devcontainerDir)
+ })
+
+ t.Run("overridden devcontainer.json path", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/experimental.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ DevcontainerJSONPath: "experimental.json",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/experimental.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer", devcontainerDir)
+ })
+
+ t.Run("devcontainer.json in workspace root", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"", devcontainerDir)
+ })
+
+ t.Run("devcontainer.json in subfolder of .devcontainer", func(t *testing.T) {
+ t.Parallel()
+
+ // given
+ fs := memfs.New()
+ err := fs.MkdirAll(tt.workspaceFolder+"/.devcontainer/sample", 0o600)
+ require.NoError(t, err)
+ _, err = fs.Create(tt.workspaceFolder + "/.devcontainer/sample/devcontainer.json")
+ require.NoError(t, err)
+
+ // when
+ devcontainerPath, devcontainerDir, err := findDevcontainerJSON(tt.workspaceFolder, options.Options{
+ Filesystem: fs,
+ WorkspaceFolder: "/workspace",
+ })
+
+ // then
+ require.NoError(t, err)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/sample/devcontainer.json", devcontainerPath)
+ assert.Equal(t, tt.workspaceFolder+"/.devcontainer/sample", devcontainerDir)
+ })
})
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/experimental.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer", devcontainerDir)
- })
-
- t.Run("devcontainer.json in workspace root", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace", devcontainerDir)
- })
-
- t.Run("devcontainer.json in subfolder of .devcontainer", func(t *testing.T) {
- t.Parallel()
-
- // given
- fs := memfs.New()
- err := fs.MkdirAll("/workspace/.devcontainer/sample", 0o600)
- require.NoError(t, err)
- fs.Create("/workspace/.devcontainer/sample/devcontainer.json")
-
- // when
- devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{
- Filesystem: fs,
- WorkspaceFolder: "/workspace",
- })
-
- // then
- require.NoError(t, err)
- assert.Equal(t, "/workspace/.devcontainer/sample/devcontainer.json", devcontainerPath)
- assert.Equal(t, "/workspace/.devcontainer/sample", devcontainerDir)
- })
+ }
}
diff --git a/envbuilder_test.go b/envbuilder_test.go
deleted file mode 100644
index 6af599c9..00000000
--- a/envbuilder_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package envbuilder_test
-
-import (
- "testing"
-
- "github.com/coder/envbuilder"
- "github.com/stretchr/testify/require"
-)
-
-func TestDefaultWorkspaceFolder(t *testing.T) {
- t.Parallel()
-
- successTests := []struct {
- name string
- gitURL string
- expected string
- }{
- {
- name: "HTTP",
- gitURL: "https://github.com/coder/envbuilder.git",
- expected: "/workspaces/envbuilder",
- },
- {
- name: "SSH",
- gitURL: "git@github.com:coder/envbuilder.git",
- expected: "/workspaces/envbuilder",
- },
- {
- name: "username and password",
- gitURL: "https://username:password@github.com/coder/envbuilder.git",
- expected: "/workspaces/envbuilder",
- },
- {
- name: "fragment",
- gitURL: "https://github.com/coder/envbuilder.git#feature-branch",
- expected: "/workspaces/envbuilder",
- },
- {
- name: "empty",
- gitURL: "",
- expected: envbuilder.EmptyWorkspaceDir,
- },
- }
- for _, tt := range successTests {
- t.Run(tt.name, func(t *testing.T) {
- dir, err := envbuilder.DefaultWorkspaceFolder(tt.gitURL)
- require.NoError(t, err)
- require.Equal(t, tt.expected, dir)
- })
- }
-
- invalidTests := []struct {
- name string
- invalidURL string
- }{
- {
- name: "simple text",
- invalidURL: "not a valid URL",
- },
- {
- name: "website URL",
- invalidURL: "www.google.com",
- },
- }
- for _, tt := range invalidTests {
- t.Run(tt.name, func(t *testing.T) {
- dir, err := envbuilder.DefaultWorkspaceFolder(tt.invalidURL)
- require.NoError(t, err)
- require.Equal(t, envbuilder.EmptyWorkspaceDir, dir)
- })
- }
-}
diff --git a/examples/docker/02_dind/Dockerfile b/examples/docker/02_dind/Dockerfile
index 70a215b0..aa29519b 100644
--- a/examples/docker/02_dind/Dockerfile
+++ b/examples/docker/02_dind/Dockerfile
@@ -1,6 +1,23 @@
FROM ubuntu:noble
+
+# Install Docker using Docker's convenience script.
RUN apt-get update && \
- apt-get install -y curl apt-transport-https && \
- curl -fsSL https://get.docker.com/ | sh -s -
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+ apt-get install -y curl sudo apt-transport-https && \
+ curl -fsSL https://get.docker.com/ | sh -s -
+
+# The ubuntu:noble image includes a non-root user by default,
+# but it does not have sudo privileges. We need to set this up.
+# Note: we chown /var/run/docker.sock to the non-root user
+# in the onCreateCommand script. Ideally you would add the
+# non-root user to the docker group, but in this scenario
+# this is a 'single-user' environment. It also avoids us
+# having to run `newgrp docker`.
+RUN echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+# Switch to the non-root user.
+USER ubuntu
+
+ENTRYPOINT ["bash"]
diff --git a/examples/docker/02_dind/devcontainer.json b/examples/docker/02_dind/devcontainer.json
index 1933fd86..6649501c 100644
--- a/examples/docker/02_dind/devcontainer.json
+++ b/examples/docker/02_dind/devcontainer.json
@@ -1,5 +1,6 @@
{
"build": {
"dockerfile": "Dockerfile"
- }
-}
\ No newline at end of file
+ },
+ "onCreateCommand": "/on-create.sh"
+}
diff --git a/examples/docker/02_dind/entrypoint.sh b/examples/docker/02_dind/entrypoint.sh
deleted file mode 100755
index 38ac3318..00000000
--- a/examples/docker/02_dind/entrypoint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-nohup dockerd > /var/log/docker.log 2>&1 &
-
-exec bash --login
\ No newline at end of file
diff --git a/examples/docker/02_dind/on-create.sh b/examples/docker/02_dind/on-create.sh
new file mode 100755
index 00000000..8b369e23
--- /dev/null
+++ b/examples/docker/02_dind/on-create.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Start Docker in the background.
+sudo -u root /bin/sh -c 'nohup dockerd > /var/log/docker.log &'
+
+# Wait up to 10 seconds for Docker to start.
+for attempt in $(seq 1 10); do
+ if [[ $attempt -eq 10 ]]; then
+ echo "Failed to start Docker"
+ exit 1
+ fi
+ if [[ ! -e /var/run/docker.sock ]]; then
+ sleep 1
+ else
+ break
+ fi
+done
+
+# Change the owner of the Docker socket so that the non-root user can use it.
+sudo chown ubuntu:docker /var/run/docker.sock
diff --git a/examples/docker/03_dind_feature/Dockerfile b/examples/docker/03_dind_feature/Dockerfile
index 12f1c1a0..49c6646a 100644
--- a/examples/docker/03_dind_feature/Dockerfile
+++ b/examples/docker/03_dind_feature/Dockerfile
@@ -1,3 +1,22 @@
FROM ubuntu:noble
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+
+# Install some dependencies such as curl and sudo.
+# Also set up passwordless sudo for the ubuntu user.
+RUN apt-get update && \
+ DEBIAN_FRONTEND=noninteractive apt-get install -y \
+ curl \
+ sudo \
+ apt-transport-https && \
+ echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+# Switch to the non-root user.
+USER ubuntu
+
+# The devcontainer feature provides /usr/local/share/docker-init.sh
+# which will handle most of the steps of setting up Docker.
+# We can't put this in the entrypoint as it gets overridden, so
+# we call it in the on-create script.
+ENTRYPOINT ["bash"]
diff --git a/examples/docker/03_dind_feature/devcontainer.json b/examples/docker/03_dind_feature/devcontainer.json
index e1b5a18a..58616a6d 100644
--- a/examples/docker/03_dind_feature/devcontainer.json
+++ b/examples/docker/03_dind_feature/devcontainer.json
@@ -2,7 +2,8 @@
"build": {
"dockerfile": "Dockerfile"
},
+ "onCreateCommand": "/on-create.sh",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
}
-}
\ No newline at end of file
+}
diff --git a/examples/docker/03_dind_feature/entrypoint.sh b/examples/docker/03_dind_feature/entrypoint.sh
deleted file mode 100755
index d18fb7dd..00000000
--- a/examples/docker/03_dind_feature/entrypoint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-/usr/local/share/docker-init.sh
-
-exec bash --login
\ No newline at end of file
diff --git a/examples/docker/03_dind_feature/on-create.sh b/examples/docker/03_dind_feature/on-create.sh
new file mode 100755
index 00000000..96bef1ca
--- /dev/null
+++ b/examples/docker/03_dind_feature/on-create.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Known issue: Kaniko does not symlink /run => /var/run properly.
+# This results in /var/run/ being owned by root:root which interferes
+# with accessing the Docker socket even if the permissions are set
+# correctly. Workaround: symlink it manually
+sudo ln -s /run /var/run
+
+# Run the docker init script. This needs to be
+# run as root. It will take care of starting the
+# daemon and adding the ubuntu user to the docker
+# group.
+sudo /usr/local/share/docker-init.sh
+
+# Change the owner of the Docker socket so that the non-root user can use it.
+sudo chown ubuntu:docker /var/run/docker.sock
diff --git a/examples/docker/04_dind_rootless/Dockerfile b/examples/docker/04_dind_rootless/Dockerfile
index 5358ce60..2d88aa17 100644
--- a/examples/docker/04_dind_rootless/Dockerfile
+++ b/examples/docker/04_dind_rootless/Dockerfile
@@ -1,8 +1,11 @@
FROM ubuntu:noble
+
# Based on UID of ubuntu user in container.
ENV XDG_RUNTIME_DIR /run/user/1000
ENV DOCKER_HOST unix:///${XDG_RUNTIME_DIR}/docker.sock
+
# Setup as root
+USER root
RUN apt-get update && \
# Install prerequisites
apt-get install -y apt-transport-https curl iproute2 uidmap && \
@@ -19,6 +22,8 @@ USER ubuntu
RUN dockerd-rootless-setuptool.sh install && \
docker context use rootless && \
mkdir -p /home/ubuntu/.local/share/docker
-# Add our custom entrypoint
-ADD entrypoint.sh /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
+
+# Add our onCreateCommand script.
+ADD on-create.sh /on-create.sh
+
+ENTRYPOINT ["bash"]
\ No newline at end of file
diff --git a/examples/docker/04_dind_rootless/devcontainer.json b/examples/docker/04_dind_rootless/devcontainer.json
index 1933fd86..6649501c 100644
--- a/examples/docker/04_dind_rootless/devcontainer.json
+++ b/examples/docker/04_dind_rootless/devcontainer.json
@@ -1,5 +1,6 @@
{
"build": {
"dockerfile": "Dockerfile"
- }
-}
\ No newline at end of file
+ },
+ "onCreateCommand": "/on-create.sh"
+}
diff --git a/examples/docker/04_dind_rootless/entrypoint.sh b/examples/docker/04_dind_rootless/on-create.sh
similarity index 79%
rename from examples/docker/04_dind_rootless/entrypoint.sh
rename to examples/docker/04_dind_rootless/on-create.sh
index 6c8a6260..ba2fced5 100755
--- a/examples/docker/04_dind_rootless/entrypoint.sh
+++ b/examples/docker/04_dind_rootless/on-create.sh
@@ -3,6 +3,4 @@
set -euo pipefail
# Start the rootless docker daemon as a non-root user
-nohup rootlesskit --net=slirp4netns --mtu=1500 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run dockerd > "/tmp/dockerd-rootless.log" 2>&1 &
-
-exec bash --login
\ No newline at end of file
+nohup rootlesskit --net=slirp4netns --mtu=1500 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run dockerd >"/tmp/dockerd-rootless.log" 2>&1 &
diff --git a/git.go b/git/git.go
similarity index 57%
rename from git.go
rename to git/git.go
index 09984fb4..f37b9682 100644
--- a/git.go
+++ b/git/git.go
@@ -1,7 +1,8 @@
-package envbuilder
+package git
import (
"context"
+ "encoding/base64"
"errors"
"fmt"
"io"
@@ -9,8 +10,9 @@ import (
"os"
"strings"
+ "github.com/coder/envbuilder/options"
+
giturls "github.com/chainguard-dev/git-urls"
- "github.com/coder/envbuilder/internal/notcodersdk"
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing"
@@ -45,11 +47,12 @@ type CloneRepoOptions struct {
// be cloned again.
//
// The bool returned states whether the repository was cloned or not.
-func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
+func CloneRepo(ctx context.Context, logf func(string, ...any), opts CloneRepoOptions) (bool, error) {
parsed, err := giturls.Parse(opts.RepoURL)
if err != nil {
return false, fmt.Errorf("parse url %q: %w", opts.RepoURL, err)
}
+ logf("Parsed Git URL as %q", parsed.Redacted())
if parsed.Hostname() == "dev.azure.com" {
// Azure DevOps requires capabilities multi_ack / multi_ack_detailed,
// which are not fully implemented and by default are included in
@@ -71,6 +74,7 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
transport.UnsupportedCapabilities = []capability.Capability{
capability.ThinPack,
}
+ logf("Workaround for Azure DevOps: marking thin-pack as unsupported")
}
err = opts.Storage.MkdirAll(opts.Path, 0o755)
@@ -124,6 +128,41 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) {
return true, nil
}
+// ShallowCloneRepo will clone the repository at the given URL into the given path
+// with a depth of 1. If the destination folder exists and is not empty, the
+// clone will not be performed.
+//
+// The bool returned states whether the repository was cloned or not.
+func ShallowCloneRepo(ctx context.Context, logf func(string, ...any), opts CloneRepoOptions) error {
+ opts.Depth = 1
+ opts.SingleBranch = true
+
+ if opts.Path == "" {
+ return errors.New("path is required")
+ }
+
+ // Avoid clobbering the destination.
+ if _, err := opts.Storage.Stat(opts.Path); err == nil {
+ files, err := opts.Storage.ReadDir(opts.Path)
+ if err != nil {
+ return fmt.Errorf("read dir %q: %w", opts.Path, err)
+ }
+ if len(files) > 0 {
+ return fmt.Errorf("directory %q is not empty", opts.Path)
+ }
+ }
+
+ cloned, err := CloneRepo(ctx, logf, opts)
+ if err != nil {
+ return err
+ }
+ if !cloned {
+ return errors.New("repository already exists")
+ }
+
+ return nil
+}
+
// ReadPrivateKey attempts to read an SSH private key from path
// and returns an ssh.Signer.
func ReadPrivateKey(path string) (gossh.Signer, error) {
@@ -143,16 +182,32 @@ func ReadPrivateKey(path string) (gossh.Signer, error) {
return k, nil
}
+// DecodeBase64PrivateKey attempts to decode a base64 encoded private
+// key and returns an ssh.Signer
+func DecodeBase64PrivateKey(key string) (gossh.Signer, error) {
+ bs, err := base64.StdEncoding.DecodeString(key)
+ if err != nil {
+ return nil, fmt.Errorf("decode base64: %w", err)
+ }
+
+ k, err := gossh.ParsePrivateKey(bs)
+ if err != nil {
+ return nil, fmt.Errorf("parse private key: %w", err)
+ }
+
+ return k, nil
+}
+
// LogHostKeyCallback is a HostKeyCallback that just logs host keys
// and does nothing else.
-func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
+func LogHostKeyCallback(logger func(string, ...any)) gossh.HostKeyCallback {
return func(hostname string, remote net.Addr, key gossh.PublicKey) error {
var sb strings.Builder
_ = knownhosts.WriteKnownHost(&sb, hostname, remote, key)
// skeema/knownhosts uses a fake public key to determine the host key
// algorithms. Ignore this one.
if s := sb.String(); !strings.Contains(s, "fake-public-key ZmFrZSBwdWJsaWMga2V5") {
- log(notcodersdk.LogLevelInfo, "#1: 🔑 Got host key: %s", strings.TrimSpace(s))
+ logger("🔑 Got host key: %s", strings.TrimSpace(s))
}
return nil
}
@@ -166,6 +221,8 @@ func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
// | https?://host.tld/repo | Not Set | Set | HTTP Basic |
// | https?://host.tld/repo | Set | Not Set | HTTP Basic |
// | https?://host.tld/repo | Set | Set | HTTP Basic |
+// | file://path/to/repo | - | - | None |
+// | path/to/repo | - | - | None |
// | All other formats | - | - | SSH |
//
// For SSH authentication, the default username is "git" but will honour
@@ -177,27 +234,42 @@ func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback {
// If SSH_KNOWN_HOSTS is not set, the SSH auth method will be configured
// to accept and log all host keys. Otherwise, host key checking will be
// performed as usual.
-func SetupRepoAuth(options *Options) transport.AuthMethod {
+func SetupRepoAuth(logf func(string, ...any), options *options.Options) transport.AuthMethod {
if options.GitURL == "" {
- options.Logger(notcodersdk.LogLevelInfo, "#1: ❔ No Git URL supplied!")
+ logf("❔ No Git URL supplied!")
return nil
}
- if strings.HasPrefix(options.GitURL, "http://") || strings.HasPrefix(options.GitURL, "https://") {
+ parsedURL, err := giturls.Parse(options.GitURL)
+ if err != nil {
+ logf("❌ Failed to parse Git URL: %s", err.Error())
+ return nil
+ }
+
+ if parsedURL.Scheme == "http" || parsedURL.Scheme == "https" {
// Special case: no auth
if options.GitUsername == "" && options.GitPassword == "" {
- options.Logger(notcodersdk.LogLevelInfo, "#1: 👤 Using no authentication!")
+ logf("👤 Using no authentication!")
return nil
}
// Basic Auth
// NOTE: we previously inserted the credentials into the repo URL.
// This was removed in https://github.com/coder/envbuilder/pull/141
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔒 Using HTTP basic authentication!")
+ logf("🔒 Using HTTP basic authentication!")
return &githttp.BasicAuth{
Username: options.GitUsername,
Password: options.GitPassword,
}
}
+ if parsedURL.Scheme == "file" {
+ // go-git will try to fallback to using the `git` command for local
+ // filesystem clones. However, it's more likely than not that the
+ // `git` command is not present in the container image. Log a warning
+ // but continue. Also, no auth.
+ logf("🚧 Using local filesystem clone! This requires the git executable to be present!")
+ return nil
+ }
+
// Generally git clones over SSH use the 'git' user, but respect
// GIT_USERNAME if set.
if options.GitUsername == "" {
@@ -205,30 +277,41 @@ func SetupRepoAuth(options *Options) transport.AuthMethod {
}
// Assume SSH auth for all other formats.
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using SSH authentication!")
+ logf("🔑 Using SSH authentication!")
var signer ssh.Signer
if options.GitSSHPrivateKeyPath != "" {
s, err := ReadPrivateKey(options.GitSSHPrivateKeyPath)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error())
+ logf("❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error())
} else {
- options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using %s key!", s.PublicKey().Type())
+ logf("🔑 Using %s key!", s.PublicKey().Type())
+ signer = s
+ }
+ }
+
+ // If no path was provided, fall back to the environment variable
+ if options.GitSSHPrivateKeyBase64 != "" {
+ s, err := DecodeBase64PrivateKey(options.GitSSHPrivateKeyBase64)
+ if err != nil {
+ logf("❌ Failed to decode base 64 private key: %s", err.Error())
+ } else {
+ logf("🔑 Using %s key!", s.PublicKey().Type())
signer = s
}
}
// If no SSH key set, fall back to agent auth.
if signer == nil {
- options.Logger(notcodersdk.LogLevelError, "#1: 🔑 No SSH key found, falling back to agent!")
+ logf("🔑 No SSH key found, falling back to agent!")
auth, err := gitssh.NewSSHAgentAuth(options.GitUsername)
if err != nil {
- options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to connect to SSH agent: %s", err.Error())
+ logf("❌ Failed to connect to SSH agent: " + err.Error())
return nil // nothing else we can do
}
if os.Getenv("SSH_KNOWN_HOSTS") == "" {
- options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
- auth.HostKeyCallback = LogHostKeyCallback(options.Logger)
+ logf("🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
+ auth.HostKeyCallback = LogHostKeyCallback(logf)
}
return auth
}
@@ -246,8 +329,80 @@ func SetupRepoAuth(options *Options) transport.AuthMethod {
// Duplicated code due to Go's type system.
if os.Getenv("SSH_KNOWN_HOSTS") == "" {
- options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
- auth.HostKeyCallback = LogHostKeyCallback(options.Logger)
+ logf("🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!")
+ auth.HostKeyCallback = LogHostKeyCallback(logf)
}
return auth
}
+
+func CloneOptionsFromOptions(logf func(string, ...any), options options.Options) (CloneRepoOptions, error) {
+ caBundle, err := options.CABundle()
+ if err != nil {
+ return CloneRepoOptions{}, err
+ }
+
+ cloneOpts := CloneRepoOptions{
+ RepoURL: options.GitURL,
+ Path: options.WorkspaceFolder,
+ Storage: options.Filesystem,
+ Insecure: options.Insecure,
+ SingleBranch: options.GitCloneSingleBranch,
+ Depth: int(options.GitCloneDepth),
+ CABundle: caBundle,
+ }
+
+ cloneOpts.RepoAuth = SetupRepoAuth(logf, &options)
+ if options.GitHTTPProxyURL != "" {
+ cloneOpts.ProxyOptions = transport.ProxyOptions{
+ URL: options.GitHTTPProxyURL,
+ }
+ }
+
+ return cloneOpts, nil
+}
+
+type progressWriter struct {
+ io.WriteCloser
+ r io.ReadCloser
+ done chan struct{}
+}
+
+func (w *progressWriter) Close() error {
+ err := w.WriteCloser.Close()
+ <-w.done
+ err2 := w.r.Close()
+ if err != nil {
+ return err
+ }
+ return err2
+}
+
+func ProgressWriter(write func(line string, args ...any)) io.WriteCloser {
+ reader, writer := io.Pipe()
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ data := make([]byte, 4096)
+ for {
+ read, err := reader.Read(data)
+ if err != nil {
+ return
+ }
+ content := data[:read]
+ for _, line := range strings.Split(string(content), "\r") {
+ if line == "" {
+ continue
+ }
+ // Escape % signs so that they don't get interpreted as format specifiers
+ line = strings.Replace(line, "%", "%%", -1)
+ write(strings.TrimSpace(line))
+ }
+ }
+ }()
+
+ return &progressWriter{
+ WriteCloser: writer,
+ r: reader,
+ done: done,
+ }
+}
diff --git a/git_test.go b/git/git_test.go
similarity index 70%
rename from git_test.go
rename to git/git_test.go
index 35a1289c..0da5a163 100644
--- a/git_test.go
+++ b/git/git_test.go
@@ -1,8 +1,9 @@
-package envbuilder_test
+package git_test
import (
"context"
"crypto/ed25519"
+ "encoding/base64"
"fmt"
"io"
"net/http/httptest"
@@ -12,10 +13,11 @@ import (
"regexp"
"testing"
- "github.com/coder/envbuilder"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/git"
+ "github.com/coder/envbuilder/options"
"github.com/coder/envbuilder/testutil/gittest"
"github.com/coder/envbuilder/testutil/mwtest"
+
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
"github.com/go-git/go-billy/v5/osfs"
@@ -88,7 +90,7 @@ func TestCloneRepo(t *testing.T) {
clientFS := memfs.New()
// A repo already exists!
_ = gittest.NewRepo(t, clientFS)
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/",
RepoURL: srv.URL,
Storage: clientFS,
@@ -106,7 +108,7 @@ func TestCloneRepo(t *testing.T) {
srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: srv.URL,
Storage: clientFS,
@@ -143,7 +145,7 @@ func TestCloneRepo(t *testing.T) {
authURL.User = url.UserPassword(tc.username, tc.password)
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: authURL.String(),
Storage: clientFS,
@@ -166,6 +168,73 @@ func TestCloneRepo(t *testing.T) {
}
}
+func TestShallowCloneRepo(t *testing.T) {
+ t.Parallel()
+
+ t.Run("NotEmpty", func(t *testing.T) {
+ t.Parallel()
+ srvFS := memfs.New()
+ _ = gittest.NewRepo(t, srvFS,
+ gittest.Commit(t, "README.md", "Hello, world!", "Many wow!"),
+ gittest.Commit(t, "foo", "bar!", "Such commit!"),
+ gittest.Commit(t, "baz", "qux", "V nice!"),
+ )
+ authMW := mwtest.BasicAuthMW("test", "test")
+ srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+
+ clientFS := memfs.New()
+ // Not empty.
+ err := clientFS.MkdirAll("/repo", 0o500)
+ require.NoError(t, err)
+ f, err := clientFS.Create("/repo/not-empty")
+ require.NoError(t, err)
+ require.NoError(t, f.Close())
+
+ err = git.ShallowCloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
+ Path: "/repo",
+ RepoURL: srv.URL,
+ Storage: clientFS,
+ RepoAuth: &githttp.BasicAuth{
+ Username: "test",
+ Password: "test",
+ },
+ })
+ require.Error(t, err)
+ })
+ t.Run("OK", func(t *testing.T) {
+ // 2024/08/01 13:22:08 unsupported capability: shallow
+ // clone "http://127.0.0.1:41499": unexpected client error: unexpected requesting "http://127.0.0.1:41499/git-upload-pack" status code: 500
+ t.Skip("The gittest server doesn't support shallow cloning, skip for now...")
+
+ t.Parallel()
+ srvFS := memfs.New()
+ _ = gittest.NewRepo(t, srvFS,
+ gittest.Commit(t, "README.md", "Hello, world!", "Many wow!"),
+ gittest.Commit(t, "foo", "bar!", "Such commit!"),
+ gittest.Commit(t, "baz", "qux", "V nice!"),
+ )
+ authMW := mwtest.BasicAuthMW("test", "test")
+ srv := httptest.NewServer(authMW(gittest.NewServer(srvFS)))
+
+ clientFS := memfs.New()
+
+ err := git.ShallowCloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
+ Path: "/repo",
+ RepoURL: srv.URL,
+ Storage: clientFS,
+ RepoAuth: &githttp.BasicAuth{
+ Username: "test",
+ Password: "test",
+ },
+ })
+ require.NoError(t, err)
+ for _, path := range []string{"README.md", "foo", "baz"} {
+ _, err := clientFS.Stat(filepath.Join("/repo", path))
+ require.NoError(t, err)
+ }
+ })
+}
+
func TestCloneRepoSSH(t *testing.T) {
t.Parallel()
@@ -182,7 +251,7 @@ func TestCloneRepoSSH(t *testing.T) {
gitURL := tr.String()
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -214,7 +283,7 @@ func TestCloneRepoSSH(t *testing.T) {
clientFS := memfs.New()
anotherKey := randKeygen(t)
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -244,7 +313,7 @@ func TestCloneRepoSSH(t *testing.T) {
gitURL := tr.String()
clientFS := memfs.New()
- cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{
+ cloned, err := git.CloneRepo(context.Background(), t.Logf, git.CloneRepoOptions{
Path: "/workspace",
RepoURL: gitURL,
Storage: clientFS,
@@ -265,30 +334,26 @@ func TestCloneRepoSSH(t *testing.T) {
func TestSetupRepoAuth(t *testing.T) {
t.Setenv("SSH_AUTH_SOCK", "")
t.Run("Empty", func(t *testing.T) {
- opts := &envbuilder.Options{
- Logger: testLog(t),
- }
- auth := envbuilder.SetupRepoAuth(opts)
+ opts := &options.Options{}
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth)
})
t.Run("HTTP/NoAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "http://host.tld/repo",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth)
})
t.Run("HTTP/BasicAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "http://host.tld/repo",
GitUsername: "user",
GitPassword: "pass",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
ba, ok := auth.(*githttp.BasicAuth)
require.True(t, ok)
require.Equal(t, opts.GitUsername, ba.Username)
@@ -296,13 +361,12 @@ func TestSetupRepoAuth(t *testing.T) {
})
t.Run("HTTPS/BasicAuth", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "https://host.tld/repo",
GitUsername: "user",
GitPassword: "pass",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
ba, ok := auth.(*githttp.BasicAuth)
require.True(t, ok)
require.Equal(t, opts.GitUsername, ba.Username)
@@ -311,24 +375,22 @@ func TestSetupRepoAuth(t *testing.T) {
t.Run("SSH/WithScheme", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://host.tld/repo",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/NoScheme", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
@@ -336,37 +398,34 @@ func TestSetupRepoAuth(t *testing.T) {
t.Run("SSH/OtherScheme", func(t *testing.T) {
// Anything that is not https:// or http:// is treated as SSH.
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "git://git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/GitUsername", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "host.tld:12345/repo/path",
GitSSHPrivateKeyPath: kPath,
GitUsername: "user",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
_, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
})
t.Run("SSH/PrivateKey", func(t *testing.T) {
kPath := writeTestPrivateKey(t)
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://git@host.tld:repo/path",
GitSSHPrivateKeyPath: kPath,
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
pk, ok := auth.(*gitssh.PublicKeys)
require.True(t, ok)
require.NotNil(t, pk.Signer)
@@ -375,14 +434,53 @@ func TestSetupRepoAuth(t *testing.T) {
require.Equal(t, actualSigner, pk.Signer)
})
+ t.Run("SSH/Base64PrivateKey", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "ssh://git@host.tld:repo/path",
+ GitSSHPrivateKeyBase64: base64EncodeTestPrivateKey(),
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+
+ pk, ok := auth.(*gitssh.PublicKeys)
+ require.True(t, ok)
+ require.NotNil(t, pk.Signer)
+
+ actualSigner, err := gossh.ParsePrivateKey([]byte(testKey))
+ require.NoError(t, err)
+ require.Equal(t, actualSigner, pk.Signer)
+ })
+
t.Run("SSH/NoAuthMethods", func(t *testing.T) {
- opts := &envbuilder.Options{
+ opts := &options.Options{
GitURL: "ssh://git@host.tld:repo/path",
- Logger: testLog(t),
}
- auth := envbuilder.SetupRepoAuth(opts)
+ auth := git.SetupRepoAuth(t.Logf, opts)
require.Nil(t, auth) // TODO: actually test SSH_AUTH_SOCK
})
+
+ t.Run("NoHostname/RepoOnly", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
+
+ t.Run("NoHostname/Org/Repo", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "org/repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
+
+ t.Run("NoHostname/AbsolutePathish", func(t *testing.T) {
+ opts := &options.Options{
+ GitURL: "/org/repo",
+ }
+ auth := git.SetupRepoAuth(t.Logf, opts)
+ require.Nil(t, auth)
+ })
}
func mustRead(t *testing.T, fs billy.Filesystem, path string) string {
@@ -404,12 +502,6 @@ func randKeygen(t *testing.T) gossh.Signer {
return signer
}
-func testLog(t *testing.T) envbuilder.LoggerFunc {
- return func(_ notcodersdk.LogLevel, format string, args ...interface{}) {
- t.Logf(format, args...)
- }
-}
-
// nolint:gosec // Throw-away key for testing. DO NOT REUSE.
var testKey = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
@@ -427,3 +519,7 @@ func writeTestPrivateKey(t *testing.T) string {
require.NoError(t, os.WriteFile(kPath, []byte(testKey), 0o600))
return kPath
}
+
+func base64EncodeTestPrivateKey() string {
+ return base64.StdEncoding.EncodeToString([]byte(testKey))
+}
diff --git a/go.mod b/go.mod
index c831fdfc..f1fe25d1 100644
--- a/go.mod
+++ b/go.mod
@@ -1,49 +1,54 @@
module github.com/coder/envbuilder
-go 1.22
-
-toolchain go1.22.3
+go 1.22.4
// There are a few options we need added to Kaniko!
// See: https://github.com/GoogleContainerTools/kaniko/compare/main...coder:kaniko:main
-replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15
+replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20241120132148-131d6094d781
+
+// Required to import codersdk due to gvisor dependency.
+replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374
require (
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6
github.com/GoogleContainerTools/kaniko v1.9.2
github.com/breml/rootcerts v0.2.10
github.com/chainguard-dev/git-urls v1.0.2
+ github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352
github.com/coder/retry v1.5.1
- github.com/coder/serpent v0.7.0
- github.com/containerd/containerd v1.7.15
+ github.com/coder/serpent v0.8.0
+ github.com/containerd/platforms v0.2.1
github.com/distribution/distribution/v3 v3.0.0-alpha.1
- github.com/docker/cli v26.1.0+incompatible
- github.com/docker/docker v26.1.0+incompatible
+ github.com/docker/cli v27.2.1+incompatible
+ github.com/docker/docker v27.3.1+incompatible
github.com/fatih/color v1.17.0
github.com/gliderlabs/ssh v0.3.7
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.12.0
- github.com/google/go-containerregistry v0.19.1
+ github.com/google/go-cmp v0.6.0
+ github.com/google/go-containerregistry v0.20.1
github.com/google/uuid v1.6.0
github.com/hashicorp/go-multierror v1.1.1
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/mattn/go-isatty v0.0.20
- github.com/moby/buildkit v0.13.1
+ github.com/moby/buildkit v0.16.0
github.com/otiai10/copy v1.14.0
- github.com/prometheus/procfs v0.15.0
+ github.com/prometheus/procfs v0.15.1
github.com/sirupsen/logrus v1.9.3
- github.com/skeema/knownhosts v1.2.2
+ github.com/skeema/knownhosts v1.3.0
github.com/stretchr/testify v1.9.0
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
go.uber.org/mock v0.4.0
- golang.org/x/crypto v0.24.0
- golang.org/x/sync v0.7.0
+ golang.org/x/crypto v0.29.0
+ golang.org/x/mod v0.21.0
+ golang.org/x/sync v0.9.0
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
)
require (
cloud.google.com/go/compute/metadata v0.3.0 // indirect
dario.cat/mergo v1.0.0 // indirect
+ filippo.io/edwards25519 v1.1.0 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
@@ -56,12 +61,23 @@ require (
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/Microsoft/go-winio v0.6.1 // indirect
- github.com/Microsoft/hcsshim v0.11.4 // indirect
- github.com/ProtonMail/go-crypto v1.0.0 // indirect
+ github.com/DataDog/appsec-internal-go v1.5.0 // indirect
+ github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 // indirect
+ github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
+ github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
+ github.com/DataDog/go-libddwaf/v2 v2.4.2 // indirect
+ github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
+ github.com/DataDog/gostackparse v0.7.0 // indirect
+ github.com/DataDog/sketches-go v1.4.2 // indirect
+ github.com/Microsoft/go-winio v0.6.2 // indirect
+ github.com/Microsoft/hcsshim v0.11.7 // indirect
+ github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
+ github.com/akutz/memconn v0.1.0 // indirect
+ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 // indirect
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
- github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
+ github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+ github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
@@ -72,6 +88,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
@@ -79,122 +96,204 @@ require (
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
+ github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/charmbracelet/lipgloss v0.8.0 // indirect
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
- github.com/cilium/ebpf v0.12.3 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 // indirect
+ github.com/coder/quartz v0.1.0 // indirect
+ github.com/coder/terraform-provider-coder v0.23.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
- github.com/containerd/cgroups/v3 v3.0.2 // indirect
+ github.com/containerd/containerd v1.7.21 // indirect
+ github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/continuity v0.4.3 // indirect
+ github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
- github.com/containerd/ttrpc v1.2.3 // indirect
- github.com/containerd/typeurl/v2 v2.1.1 // indirect
- github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+ github.com/containerd/ttrpc v1.2.5 // indirect
+ github.com/containerd/typeurl/v2 v2.2.0 // indirect
+ github.com/coreos/go-iptables v0.6.0 // indirect
+ github.com/coreos/go-oidc/v3 v3.10.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
- github.com/docker/docker-credential-helpers v0.8.1 // indirect
+ github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
+ github.com/dustin/go-humanize v1.0.1 // indirect
github.com/ePirat/docker-credential-gitlabci v1.0.0 // indirect
+ github.com/ebitengine/purego v0.6.0-alpha.5 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/frankban/quicktest v1.14.6 // indirect
+ github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+ github.com/go-chi/chi/v5 v5.0.10 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+ github.com/go-jose/go-jose/v4 v4.0.1 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
+ github.com/go-ole/go-ole v1.2.6 // indirect
github.com/godbus/dbus/v5 v5.1.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+ github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
- github.com/google/go-cmp v0.6.0 // indirect
+ github.com/google/btree v1.1.2 // indirect
+ github.com/google/nftables v0.2.0 // indirect
+ github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
github.com/gorilla/handlers v1.5.1 // indirect
github.com/gorilla/mux v1.8.1 // indirect
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
+ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
+ github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-memdb v1.3.2 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
+ github.com/hashicorp/go-version v1.7.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
- github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
+ github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+ github.com/hashicorp/hcl/v2 v2.21.0 // indirect
+ github.com/hashicorp/logutils v1.0.0 // indirect
+ github.com/hashicorp/terraform-plugin-go v0.12.0 // indirect
+ github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect
+ github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 // indirect
+ github.com/hashicorp/yamux v0.1.1 // indirect
+ github.com/hdevalence/ed25519consensus v0.1.0 // indirect
+ github.com/illarion/gonotify v1.0.1 // indirect
+ github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
- github.com/karrick/godirwalk v1.16.1 // indirect
+ github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect
+ github.com/jsimonetti/rtnetlink v1.3.5 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
- github.com/klauspost/compress v1.17.4 // indirect
+ github.com/klauspost/compress v1.17.9 // indirect
+ github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
+ github.com/mdlayher/genetlink v1.3.2 // indirect
+ github.com/mdlayher/netlink v1.7.2 // indirect
+ github.com/mdlayher/sdnotify v1.0.0 // indirect
+ github.com/mdlayher/socket v0.5.0 // indirect
+ github.com/miekg/dns v1.1.55 // indirect
github.com/minio/highwayhash v1.0.2 // indirect
+ github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
+ github.com/mitchellh/go-ps v1.0.0 // indirect
+ github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+ github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c // indirect
+ github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83 // indirect
github.com/moby/sys/mount v0.3.3 // indirect
- github.com/moby/sys/mountinfo v0.7.1 // indirect
+ github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
- github.com/moby/sys/signal v0.7.0 // indirect
+ github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/symlink v0.2.0 // indirect
- github.com/moby/sys/user v0.1.0 // indirect
+ github.com/moby/sys/user v0.3.0 // indirect
+ github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/muesli/reflow v0.3.0 // indirect
github.com/muesli/termenv v0.15.2 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
- github.com/opencontainers/runtime-spec v1.1.0 // indirect
+ github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
+ github.com/outcaste-io/ristretto v0.2.3 // indirect
+ github.com/philhofer/fwd v1.1.2 // indirect
+ github.com/pierrec/lz4/v4 v4.1.18 // indirect
github.com/pion/transport/v2 v2.0.0 // indirect
github.com/pion/udp v0.1.4 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.18.0 // indirect
- github.com/prometheus/client_model v0.5.0 // indirect
- github.com/prometheus/common v0.46.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.0 // indirect
+ github.com/prometheus/common v0.48.0 // indirect
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
github.com/redis/go-redis/v9 v9.1.0 // indirect
+ github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
+ github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
+ github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+ github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
+ github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d // indirect
+ github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e // indirect
+ github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
+ github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 // indirect
+ github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 // indirect
+ github.com/tcnksm/go-httpstat v0.2.0 // indirect
+ github.com/tinylib/msgp v1.1.8 // indirect
+ github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 // indirect
+ github.com/twpayne/go-vfs/v5 v5.0.4 // indirect
+ github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a // indirect
+ github.com/valyala/fasthttp v1.55.0 // indirect
github.com/vbatts/tar-split v0.11.5 // indirect
+ github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
+ github.com/vishvananda/netns v0.0.4 // indirect
+ github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+ github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
+ github.com/vmihailenco/tagparser v0.1.2 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
+ github.com/zclconf/go-cty v1.14.4 // indirect
+ github.com/zeebo/errs v1.3.0 // indirect
go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
+ go.nhat.io/otelsql v0.13.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/otel v1.24.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.24.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.24.0 // indirect
go.opentelemetry.io/otel/trace v1.24.0 // indirect
- go.uber.org/goleak v1.3.0 // indirect
+ go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+ go.uber.org/atomic v1.11.0 // indirect
+ go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
+ go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 // indirect
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
- golang.org/x/mod v0.17.0 // indirect
- golang.org/x/net v0.25.0 // indirect
- golang.org/x/oauth2 v0.19.0 // indirect
- golang.org/x/sys v0.21.0 // indirect
- golang.org/x/term v0.21.0 // indirect
- golang.org/x/text v0.16.0 // indirect
+ golang.org/x/net v0.26.0 // indirect
+ golang.org/x/oauth2 v0.20.0 // indirect
+ golang.org/x/sys v0.27.0 // indirect
+ golang.org/x/term v0.26.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
- google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
- google.golang.org/grpc v1.63.2 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ golang.org/x/tools v0.22.0 // indirect
+ golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+ golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
+ google.golang.org/appengine v1.6.8 // indirect
+ google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
+ google.golang.org/grpc v1.64.1 // indirect
+ google.golang.org/protobuf v1.34.1 // indirect
+ gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
+ gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc // indirect
+ inet.af/peercred v0.0.0-20210906144145-0893ea02156a // indirect
+ nhooyr.io/websocket v1.8.7 // indirect
+ storj.io/drpc v0.0.33 // indirect
+ tailscale.com v1.46.1 // indirect
)
diff --git a/go.sum b/go.sum
index ee16941c..10106a44 100644
--- a/go.sum
+++ b/go.sum
@@ -1,15 +1,19 @@
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 h1:KHblWIE/KHOwQ6lEbMZt6YpcGve2FEZ1sDtrW1Am5UI=
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6/go.mod h1:NaoTA7KwopCrnaSb0JXTC0PTp/O/Y83Lndnq0OEV3ZQ=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/logging v1.9.0 h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw=
cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE=
-cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg=
-cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
+cloud.google.com/go/longrunning v0.5.6 h1:xAe8+0YaWoCKr9t1+aWe+OeQgN/iJK1fEgZSXmjuEaE=
+cloud.google.com/go/longrunning v0.5.6/go.mod h1:vUaDrWYOMKRuhiv6JBnn49YxCPz2Ayn9GqyjaBT8/mA=
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/mkcert v1.4.4 h1:8eVbbwfVlaqUM7OwuftKc2nuYOoTDQWqsoXmzoXZdbc=
+filippo.io/mkcert v1.4.4/go.mod h1:VyvOchVuAye3BoUsPUOOofKygVwLV2KQMVFJNRq+1dA=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
@@ -42,23 +46,53 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
+github.com/DataDog/appsec-internal-go v1.5.0 h1:8kS5zSx5T49uZ8dZTdT19QVAvC/B8ByyZdhQKYQWHno=
+github.com/DataDog/appsec-internal-go v1.5.0/go.mod h1:pEp8gjfNLtEOmz+iZqC8bXhu0h4k7NUsW/qiQb34k1U=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 h1:bUMSNsw1iofWiju9yc1f+kBd33E3hMJtq9GuU602Iy8=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0/go.mod h1:HzySONXnAgSmIQfL6gOv9hWprKJkx8CicuXuUbmgWfo=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 h1:5nE6N3JSs2IG3xzMthNFhXfOaXlrsdgqmJ73lndFf8c=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp0Bey4MrrJyiV2tVxxJb6BmLomPvN1RgAvjGaQ=
+github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
+github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
+github.com/DataDog/go-libddwaf/v2 v2.4.2 h1:ilquGKUmN9/Ty0sIxiEyznVRxP3hKfmH15Y1SMq5gjA=
+github.com/DataDog/go-libddwaf/v2 v2.4.2/go.mod h1:gsCdoijYQfj8ce/T2bEDNPZFIYnmHluAgVDpuQOWMZE=
+github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
+github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
+github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
+github.com/DataDog/gostackparse v0.7.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/DataDog/sketches-go v1.4.2 h1:gppNudE9d19cQ98RYABOetxIhpTCl4m7CnbRZjvVA/o=
+github.com/DataDog/sketches-go v1.4.2/go.mod h1:xJIXldczJyyjnbDop7ZZcLxJdV3+7Kra7H1KMgpgkLk=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
-github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
-github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
-github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
+github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A=
+github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
+github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I=
+github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
+github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
+github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
-github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
+github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
@@ -79,6 +113,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 h1:iT1/grX+znbCNKzF3nd54/5Zq6CYNnR5ZEHWnuWqULM=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3/go.mod h1:loBAHYxz7JyucJvq4xuW9vunu8iCzjNYfSrQg2QEczA=
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
@@ -95,6 +131,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bool64/shared v0.1.5 h1:fp3eUhBsrSjNCQPcSdQqZxxh9bBwrYiZ+zOKFkM0/2E=
+github.com/bool64/shared v0.1.5/go.mod h1:081yz68YC9jeFB3+Bbmno2RFWvGKv1lPKkMP6MHJlPs=
github.com/breml/rootcerts v0.2.10 h1:UGVZ193UTSUASpGtg6pbDwzOd7XQP+at0Ssg1/2E4h8=
github.com/breml/rootcerts v0.2.10/go.mod h1:24FDtzYMpqIeYC7QzaE8VPRQaFZU5TIUDlyk8qwjD88=
github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
@@ -102,68 +140,90 @@ github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0=
github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk=
+github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ=
github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o=
github.com/charmbracelet/lipgloss v0.8.0 h1:IS00fk4XAHcf8uZKc3eHeMUTCxUH6NkaTrdyCQk84RU=
github.com/charmbracelet/lipgloss v0.8.0/go.mod h1:p4eYUZZJ/0oXTuCQKFF8mqyKCz0ja6y+7DniDDw5KKU=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM=
github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4=
github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15 h1:Rne2frxrqtLEQ/v4f/wS550Yp/WXLCRFzDuxg8b9woM=
-github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15/go.mod h1:YMK7BlxerzLlMwihGxNWUaFoN9LXCij4P+w/8/fNlcM=
+github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOcqqCaASj/nu65TRYEFcTt8qRQfHZXX0=
+github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo=
+github.com/coder/kaniko v0.0.0-20241120132148-131d6094d781 h1:/4SMdrjLQL1BseLSnMd9nYQSI+E63CXcyFGC7ZHHj8I=
+github.com/coder/kaniko v0.0.0-20241120132148-131d6094d781/go.mod h1:3rM/KOQ4LgF8mE+O1P6pLDa/E57mzxIxNdUOMKi1qpg=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
+github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=
+github.com/coder/quartz v0.1.0/go.mod h1:vsiCc+AHViMKH2CQpGIpFgdHIEQsxwm8yCscqKmzbRA=
github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc=
github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY=
-github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0=
-github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA=
+github.com/coder/serpent v0.8.0 h1:6OR+k6fekhSeEDmwwzBgnSjaa7FfGGrMlc3GoAEH9dg=
+github.com/coder/serpent v0.8.0/go.mod h1:cZFW6/fP+kE9nd/oRkEHJpG6sXCtQ+AX7WMMEHv0Y3Q=
+github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374 h1:a5Eg7D5e2oAc0tN56ee4yxtiTo76ztpRlk6geljaZp8=
+github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374/go.mod h1:rp6BIJxCp127/hvvDWNkHC9MxAlKvQfoOtBr8s5sCqo=
+github.com/coder/terraform-provider-coder v0.23.0 h1:DuNLWxhnGlXyG0g+OCAZRI6xd8+bJjIEnE4F3hYgA4E=
+github.com/coder/terraform-provider-coder v0.23.0/go.mod h1:wMun9UZ9HT2CzF6qPPBup1odzBpVUc0/xSFoXgdI3tk=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
-github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes=
-github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY=
+github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA=
+github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g=
+github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
+github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
+github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
-github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0=
-github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM=
-github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
-github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
+github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
+github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
+github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
+github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
+github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
+github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
-github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
+github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
@@ -172,14 +232,14 @@ github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiU
github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlPXifX/UQ3Y=
-github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.2.1+incompatible h1:U5BPtiD0viUzjGAjV1p0MGB8eVA3L3cbIrnyWmSJI70=
+github.com/docker/cli v27.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM=
-github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
-github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI=
+github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
+github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@@ -188,8 +248,13 @@ github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQ
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/ePirat/docker-credential-gitlabci v1.0.0 h1:YRkUSvkON6rT88vtscClAmPEYWhtltGEAuRVYtz1/+Y=
github.com/ePirat/docker-credential-gitlabci v1.0.0/go.mod h1:Ptmh+D0lzBQtgb6+QHjXl9HqOn3T1P8fKUHldiSQQGA=
+github.com/ebitengine/purego v0.6.0-alpha.5 h1:EYID3JOAdmQ4SNZYJHu9V6IqOeRQDBYxqKAg9PyoHFY=
+github.com/ebitengine/purego v0.6.0-alpha.5/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -198,6 +263,7 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -205,9 +271,22 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
+github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
+github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
+github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
@@ -216,6 +295,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -224,7 +305,32 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
+github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
+github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -234,18 +340,26 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/mock v1.7.0-rc.1 h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=
+github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@@ -257,6 +371,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
+github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -267,9 +383,16 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=
-github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
+github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0=
+github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/nftables v0.2.0 h1:PbJwaBmbVLzpeldoeUKGkE2RjstrjPKMl6oLrfEJ6/8=
+github.com/google/nftables v0.2.0/go.mod h1:Beg6V6zZ3oEn0JuiUQ4wqwuyqqzasOltcoXPtgLbFp4=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -277,11 +400,22 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
+github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -289,28 +423,69 @@ github.com/hashicorp/go-memdb v1.3.2 h1:RBKHOsnSszpU6vxq80LzC2BaQjuuvoyaQbkLTf7V
github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
+github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
-github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
-github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk=
+github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA=
+github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14=
+github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
+github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go=
+github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8=
+github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec=
+github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
+github.com/hashicorp/terraform-plugin-go v0.12.0 h1:6wW9mT1dSs0Xq4LR6HXj1heQ5ovr5GxXNJwkErZzpJw=
+github.com/hashicorp/terraform-plugin-go v0.12.0/go.mod h1:kwhmaWHNDvT1B3QiSJdAtrB/D4RaKSY/v3r2BuoWK4M=
+github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs=
+github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 h1:+KxZULPsbjpAVoP0WNj/8aVW6EqpcX5JcUcQ5wl7Da4=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0/go.mod h1:DwGJG3KNxIPluVk6hexvDfYR/MS/eKGpiztJoT3Bbbw=
+github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg=
+github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI=
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/hdevalence/ed25519consensus v0.1.0 h1:jtBwzzcHuTmFrQN6xQZn6CQEO/V9f7HsjsjeEZ6auqU=
+github.com/hdevalence/ed25519consensus v0.1.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
+github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02 h1:AgcIVYPa6XJnU3phs104wLj8l5GEththEw6+F79YsIY=
+github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
+github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
+github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE=
+github.com/illarion/gonotify v1.0.1 h1:F1d+0Fgbq/sDWjj/r66ekjDG+IDeecQKUFH4wNwsoio=
+github.com/illarion/gonotify v1.0.1/go.mod h1:zt5pmDofZpU1f8aqlK0+95eQhoEAn/d4G4B/FjVW4jE=
+github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA=
+github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
+github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
+github.com/jsimonetti/rtnetlink v1.3.5 h1:hVlNQNRlLDGZz31gBPicsG7Q53rnlsz1l1Ix/9XlpVA=
+github.com/jsimonetti/rtnetlink v1.3.5/go.mod h1:0LFedyiTkebnd43tE4YAkWGIq9jQphow4CcwxaT2Y00=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
-github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -318,9 +493,14 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
+github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -329,10 +509,17 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -340,14 +527,34 @@ github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRC
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
+github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
+github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
+github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ3c=
+github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
+github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
+github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g=
github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
+github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
+github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
+github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
-github.com/moby/buildkit v0.13.1 h1:L8afOFhPq2RPJJSr/VyzbufwID7jquZVB7oFHbPRcPE=
-github.com/moby/buildkit v0.13.1/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c h1:cqn374mizHuIWj+OSJCajGr/phAmuMug9qIX3l9CflE=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/buildkit v0.16.0 h1:wOVBj1o5YNVad/txPQNXUXdelm7Hs/i0PUFjzbK0VKE=
+github.com/moby/buildkit v0.16.0/go.mod h1:Xqx/5GlrqE1yIRORk0NSCVDFpQAU1WjlT6KHYZdisIQ=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
@@ -359,22 +566,27 @@ github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83/go.mod h1:GvjR7mC
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
-github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
+github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
-github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
-github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
+github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0=
+github.com/moby/sys/signal v0.7.1/go.mod h1:Se1VGehYokAkrSQwL4tDzHvETwUZlnY7S5XtQ50mQp8=
github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc=
github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
-github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=
-github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU=
+github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
+github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
@@ -382,20 +594,37 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt
github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0A=
+github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM=
+github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
+github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0=
+github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
+github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
+github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
+github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
+github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
github.com/pion/transport/v2 v2.0.0 h1:bsMYyqHCbkvHwj+eNCFBuxtlKndKfyGI2vaQmM3fIE4=
github.com/pion/transport/v2 v2.0.0/go.mod h1:HS2MEBJTwD+1ZI2eSXSvHJx/HnzQqRy2/LXxt6eVMHc=
@@ -414,22 +643,22 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
-github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
+github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y=
-github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek=
-github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
@@ -437,21 +666,29 @@ github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnA
github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY=
github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
+github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
-github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -460,28 +697,96 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/swaggest/assertjson v1.9.0 h1:dKu0BfJkIxv/xe//mkCrK5yZbs79jL7OVf9Ija7o2xQ=
+github.com/swaggest/assertjson v1.9.0/go.mod h1:b+ZKX2VRiUjxfUIal0HDN85W0nHPAYUbYH5WkkSsFsU=
+github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d h1:K3j02b5j2Iw1xoggN9B2DIEkhWGheqFOeDkdJdBrJI8=
+github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d/go.mod h1:2P+hpOwd53e7JMX/L4f3VXkv1G+33ES6IWZSrkIeWNs=
+github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e h1:JyeJF/HuSwvxWtsR1c0oKX1lzaSH5Wh4aX+MgiStaGQ=
+github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e/go.mod h1:DjoeCULdP6vTJ/xY+nzzR9LaUHprkbZEpNidX0aqEEk=
+github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
+github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a/go.mod h1:DFSS3NAGHthKo1gTlmEcSBiZrRJXi28rLNd/1udP1c8=
+github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 h1:zrsUcqrG2uQSPhaUPjUQwozcRdDdSxxqhNgNZ3drZFk=
+github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0=
+github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 h1:zwsem4CaamMdC3tFoTpzrsUSMDPV0K6rhnQdF7kXekQ=
+github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
+github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0=
+github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8=
+github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
+github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
+github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 h1:7I5c2Ig/5FgqkYOh/N87NzoyI9U15qUPXhDD8uCupv8=
+github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4/go.mod h1:278M4p8WsNh3n4a1eqiFcV2FGk7wE5fwUpUom9mK9lE=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/twpayne/go-vfs/v5 v5.0.4 h1:/ne3h+rW7f5YOyOFguz+3ztfUwzOLR0Vts3y0mMAitg=
+github.com/twpayne/go-vfs/v5 v5.0.4/go.mod h1:zTPFJUbgsEMFNSWnWQlLq9wh4AN83edZzx3VXbxrS1w=
+github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a h1:BH1SOPEvehD2kVrndDnGJiUF0TrBpNs+iyYocu6h0og=
+github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
+github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.55.0 h1:Zkefzgt6a7+bVKHnu/YaYSOPfNYNisSVBo/unVCf8k8=
+github.com/valyala/fasthttp v1.55.0/go.mod h1:NkY9JtkrpPKmgwV3HTaS2HWaJss9RSIsRVfcxxoHiOM=
github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
+github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
+github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U=
+github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc=
+github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA=
+github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8=
+github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
+github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
+github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
+github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
+github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
go.etcd.io/etcd/raft/v3 v3.5.6 h1:tOmx6Ym6rn2GpZOrvTGJZciJHek6RnC3U/zNInzIN50=
go.etcd.io/etcd/raft/v3 v3.5.6/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0=
+go.nhat.io/otelsql v0.13.0 h1:L6obwZRxgFQqeSvo7jCemP659fu7pqsDHQNuZ3Ev1yI=
+go.nhat.io/otelsql v0.13.0/go.mod h1:HyYpqd7G9BK+9cPLydV+2JN/4J5D3wlX6+jDLTk52GE=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
@@ -490,23 +795,40 @@ go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.24.0 h1:JYE2HM7pZbOt5Jhk8ndWZTUWYOVift2cHjXVMkPdmdc=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.24.0/go.mod h1:yMb/8c6hVsnma0RpsBMNo0fEiQKeclawtgaIaOp2MLY=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.24.0 h1:s0PHtIkN+3xrbDOpt2M8OTG92cWqUESvzh2MxiR5xY8=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.24.0/go.mod h1:hZlFbDbRt++MMPCCfSJfmhkGIWnX1h3XjkfxZUjLrIA=
go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
+go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
+go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
+go.opentelemetry.io/otel/sdk/metric v1.24.0 h1:yyMQrPzF+k88/DbH7o4FMAs80puqd+9osbiBrJrz/w8=
+go.opentelemetry.io/otel/sdk/metric v1.24.0/go.mod h1:I6Y5FjH6rvEnTTAYQz3Mmv2kl6Ek5IIrmwTLqMrrOE0=
go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.3.1-0.20240429205332-517bace7cc29 h1:w0QrHuh0hhUZ++UTQaBM2DMdrWQghZ/UsUb+Wb1+8YE=
+go.uber.org/goleak v1.3.1-0.20240429205332-517bace7cc29/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H9rmp5nkDTAst8=
+go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
+go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 h1:X66ZEoMN2SuaoI/dfZVYobB6E5zjZyyHUMWlCA7MgGE=
+go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516/go.mod h1:TQvodOM+hJTioNQJilmLXu08JNb8i+ccq418+KWu1/Y=
+golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
+golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -515,11 +837,9 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
@@ -528,43 +848,47 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -572,43 +896,58 @@ golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -620,34 +959,42 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
+golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
+golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
-google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw=
+google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 h1:W5Xj/70xIA4x60O/IFyXivR5MGqblAb8R3w26pnD6No=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
-google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -660,10 +1007,14 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 h1:zXQo6iv+dKRrDBxMXjRXLSKN2lY9uM34XFI4nPyp0eA=
+gopkg.in/DataDog/dd-trace-go.v1 v1.64.0/go.mod h1:qzwVu8Qr8CqzQNw2oKEXRdD+fMnjYatjYMGE0tdCVG4=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -678,7 +1029,23 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc h1:DXLLFYv/k/xr0rWcwVEvWme1GR36Oc4kNMspg38JeiE=
+gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
+honnef.co/go/gotraceui v0.2.0 h1:dmNsfQ9Vl3GwbiVD7Z8d/osC6WtGGrasyrC2suc4ZIQ=
+honnef.co/go/gotraceui v0.2.0/go.mod h1:qHo4/W75cA3bX0QQoSvDjbJa4R8mAyyFjbWAj63XElc=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
+howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
+inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg=
+inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU=
+nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
+nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE=
+software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ=
+storj.io/drpc v0.0.33 h1:yCGZ26r66ZdMP0IcTYsj7WDAUIIjzXk6DJhbhvt9FHI=
+storj.io/drpc v0.0.33/go.mod h1:vR804UNzhBa49NOJ6HeLjd2H3MakC1j5Gv8bsOQT6N4=
diff --git a/init.sh b/init.sh
index 350a664a..a2990e0d 100644
--- a/init.sh
+++ b/init.sh
@@ -3,5 +3,5 @@
echo hey there
sleep 1
-echo INIT_COMMAND=/bin/sh >> $ENVBUILDER_ENV
-echo INIT_ARGS="-c /bin/bash" >> $ENVBUILDER_ENV
\ No newline at end of file
+echo INIT_COMMAND=/bin/sh >> "${ENVBUILDER_ENV}"
+echo INIT_ARGS="-c /bin/bash" >> "${ENVBUILDER_ENV}"
\ No newline at end of file
diff --git a/integration/integration_test.go b/integration/integration_test.go
index 1364e966..6e9d2383 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -4,6 +4,7 @@ import (
"bufio"
"bytes"
"context"
+ "crypto/ed25519"
"encoding/base64"
"encoding/json"
"encoding/pem"
@@ -17,17 +18,25 @@ import (
"os"
"os/exec"
"path/filepath"
+ "regexp"
+ "slices"
"strings"
"testing"
"time"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/envbuilder"
"github.com/coder/envbuilder/devcontainer/features"
+ "github.com/coder/envbuilder/internal/workingdir"
+ "github.com/coder/envbuilder/options"
"github.com/coder/envbuilder/testutil/gittest"
"github.com/coder/envbuilder/testutil/mwtest"
"github.com/coder/envbuilder/testutil/registrytest"
+ "github.com/go-git/go-billy/v5/osfs"
+ gossh "golang.org/x/crypto/ssh"
+
clitypes "github.com/docker/cli/cli/config/types"
- "github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/image"
@@ -35,10 +44,11 @@ import (
"github.com/docker/docker/api/types/volume"
"github.com/docker/docker/client"
"github.com/docker/docker/pkg/stdcopy"
- "github.com/go-git/go-billy/v5/memfs"
+ "github.com/google/go-cmp/cmp"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/registry"
+ v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/google/go-containerregistry/pkg/v1/remote/transport"
"github.com/google/uuid"
@@ -47,11 +57,113 @@ import (
)
const (
- testContainerLabel = "envbox-integration-test"
- testImageAlpine = "localhost:5000/envbuilder-test-alpine:latest"
- testImageUbuntu = "localhost:5000/envbuilder-test-ubuntu:latest"
+ testContainerLabel = "envbox-integration-test"
+ testImageAlpine = "localhost:5000/envbuilder-test-alpine:latest"
+ testImageUbuntu = "localhost:5000/envbuilder-test-ubuntu:latest"
+ testImageBlobUnknown = "localhost:5000/envbuilder-test-blob-unknown:latest"
+
+ // nolint:gosec // Throw-away key for testing. DO NOT REUSE.
+ testSSHKey = `-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBXOGgAge/EbcejqASqZa6s8PFXZle56DiGEt0VYnljuwAAAKgM05mUDNOZ
+lAAAAAtzc2gtZWQyNTUxOQAAACBXOGgAge/EbcejqASqZa6s8PFXZle56DiGEt0VYnljuw
+AAAEDCawwtjrM4AGYXD1G6uallnbsgMed4cfkFsQ+mLZtOkFc4aACB78Rtx6OoBKplrqzw
+8VdmV7noOIYS3RVieWO7AAAAHmNpYW5AY2RyLW1icC1mdmZmdzBuOHEwNXAuaG9tZQECAw
+QFBgc=
+-----END OPENSSH PRIVATE KEY-----`
)
+func TestLogs(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ logsDone := make(chan struct{})
+
+ logHandler := func(w http.ResponseWriter, r *http.Request) {
+ switch r.URL.Path {
+ case "/api/v2/buildinfo":
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ case "/api/v2/workspaceagents/me/logs":
+ w.WriteHeader(http.StatusOK)
+ tokHdr := r.Header.Get(codersdk.SessionTokenHeader)
+ assert.Equal(t, token, tokHdr)
+ var req agentsdk.PatchLogs
+ err := json.NewDecoder(r.Body).Decode(&req)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ for _, log := range req.Logs {
+ t.Logf("got log: %+v", log)
+ if strings.Contains(log.Output, "Running init command") {
+ close(logsDone)
+ return
+ }
+ }
+ return
+ default:
+ t.Errorf("unexpected request to %s", r.URL.Path)
+ w.WriteHeader(http.StatusNotFound)
+ return
+ }
+ }
+ logSrv := httptest.NewServer(http.HandlerFunc(logHandler))
+ defer logSrv.Close()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s`, testImageUbuntu),
+ },
+ })
+ ctrID, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ "CODER_AGENT_URL=" + logSrv.URL,
+ "CODER_AGENT_TOKEN=" + token,
+ "ENVBUILDER_SETUP_SCRIPT=/bin/sh -c 'echo MY${NO_MATCH_ENV}_SETUP_SCRIPT_OUT; echo MY${NO_MATCH_ENV}_SETUP_SCRIPT_ERR' 1>&2",
+ "ENVBUILDER_INIT_SCRIPT=env",
+ }})
+ require.NoError(t, err)
+ ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+ defer cancel()
+ select {
+ case <-ctx.Done():
+ t.Fatal("timed out waiting for logs")
+ case <-logsDone:
+ }
+
+ // Wait for the container to exit
+ client, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ require.Eventually(t, func() bool {
+ status, err := client.ContainerInspect(ctx, ctrID)
+ if !assert.NoError(t, err) {
+ return false
+ }
+ return !status.State.Running
+ }, 10*time.Second, time.Second, "container never exited")
+
+ // Check the expected log output
+ logReader, err := client.ContainerLogs(ctx, ctrID, container.LogsOptions{
+ ShowStdout: true,
+ ShowStderr: true,
+ })
+ require.NoError(t, err)
+ logBytes, err := io.ReadAll(logReader)
+ require.NoError(t, err)
+ logs := string(logBytes)
+ require.Contains(t, logs, "CODER_AGENT_SUBSYSTEM=envbuilder")
+ require.Contains(t, logs, "MY_SETUP_SCRIPT_OUT")
+ require.Contains(t, logs, "MY_SETUP_SCRIPT_ERR")
+}
+
func TestInitScriptInitCommand(t *testing.T) {
t.Parallel()
@@ -65,13 +177,13 @@ func TestInitScriptInitCommand(t *testing.T) {
w.WriteHeader(http.StatusOK)
}))
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
// Let's say /bin/sh is not available and we can only use /bin/ash
"Dockerfile": fmt.Sprintf("FROM %s\nRUN unlink /bin/sh", testImageAlpine),
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("INIT_SCRIPT", fmt.Sprintf(`wget -O - %q`, initSrv.URL)),
@@ -85,7 +197,7 @@ func TestInitScriptInitCommand(t *testing.T) {
}
require.NoError(t, ctx.Err(), "init script did not execute for prefixed env vars")
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
fmt.Sprintf(`INIT_SCRIPT=wget -O - %q`, initSrv.URL),
@@ -100,6 +212,72 @@ func TestInitScriptInitCommand(t *testing.T) {
require.NoError(t, ctx.Err(), "init script did not execute for legacy env vars")
}
+func TestDanglingBuildStage(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s as a
+RUN date > /root/date.txt`, testImageUbuntu),
+ },
+ })
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ }})
+ require.NoError(t, err)
+
+ output := execContainer(t, ctr, "cat /date.txt")
+ require.NotEmpty(t, strings.TrimSpace(output))
+}
+
+func TestUserFromMultistage(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ "Dockerfile": fmt.Sprintf(`FROM %s AS a
+USER root
+RUN useradd --create-home pickme
+USER pickme
+FROM a AS other
+USER root
+RUN useradd --create-home notme
+USER notme
+FROM a AS b`, testImageUbuntu),
+ },
+ })
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ }})
+ require.NoError(t, err)
+
+ // Check that envbuilder started command as user.
+ // Since envbuilder starts as root, probe for up to 10 seconds.
+ for i := 0; i < 10; i++ {
+ out := execContainer(t, ctr, "ps aux | awk '/^pickme * 1 / {print $1}' | sort -u")
+ got := strings.TrimSpace(out)
+ if got == "pickme" {
+ return
+ }
+ time.Sleep(time.Second)
+ }
+ require.Fail(t, "expected pid 1 to be running as pickme")
+}
+
func TestUidGid(t *testing.T) {
t.Parallel()
t.Run("MultiStage", func(t *testing.T) {
@@ -110,7 +288,7 @@ RUN mkdir -p /myapp/somedir \
&& touch /myapp/somedir/somefile \
&& chown 123:123 /myapp/somedir \
&& chown 321:321 /myapp/somedir/somefile
-
+
FROM %s
COPY --from=builder /myapp /myapp
RUN printf "%%s\n" \
@@ -124,12 +302,12 @@ RUN printf "%%s\n" \
/myapp/somedir/somefile \
> /tmp/got \
&& diff -u /tmp/got /tmp/expected`, testImageAlpine, testImageAlpine)
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": dockerFile,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -155,12 +333,12 @@ RUN mkdir -p /myapp/somedir \
/myapp/somedir/somefile \
> /tmp/got \
&& diff -u /tmp/got /tmp/expected`, testImageAlpine)
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": dockerFile,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -173,12 +351,12 @@ func TestForceSafe(t *testing.T) {
t.Run("Safe", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"KANIKO_DIR=/not/envbuilder",
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -189,12 +367,12 @@ func TestForceSafe(t *testing.T) {
// Careful with this one!
t.Run("Unsafe", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"KANIKO_DIR=/not/envbuilder",
envbuilderEnv("FORCE_SAFE", "true"),
@@ -206,14 +384,14 @@ func TestForceSafe(t *testing.T) {
func TestFailsGitAuth(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.ErrorContains(t, err, "authentication required")
@@ -221,14 +399,14 @@ func TestFailsGitAuth(t *testing.T) {
func TestSucceedsGitAuth(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("GIT_USERNAME", "kyle"),
@@ -239,20 +417,72 @@ func TestSucceedsGitAuth(t *testing.T) {
require.Contains(t, gitConfig, srv.URL)
}
+func TestGitSSHAuth(t *testing.T) {
+ t.Parallel()
+
+ base64Key := base64.StdEncoding.EncodeToString([]byte(testSSHKey))
+
+ t.Run("Base64/Success", func(t *testing.T) {
+ t.Parallel()
+
+ signer, err := gossh.ParsePrivateKey([]byte(testSSHKey))
+ require.NoError(t, err)
+ require.NotNil(t, signer)
+
+ tmpDir := t.TempDir()
+ srvFS := osfs.New(tmpDir, osfs.WithChrootOS())
+
+ _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "Dockerfile", "FROM "+testImageAlpine, "Initial commit"))
+ tr := gittest.NewServerSSH(t, srvFS, signer.PublicKey())
+
+ _, err = runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ envbuilderEnv("GIT_URL", tr.String()+"."),
+ envbuilderEnv("GIT_SSH_PRIVATE_KEY_BASE64", base64Key),
+ }})
+ // TODO: Ensure it actually clones but this does mean we have
+ // successfully authenticated.
+ require.ErrorContains(t, err, "repository not found")
+ })
+
+ t.Run("Base64/Failure", func(t *testing.T) {
+ t.Parallel()
+
+ _, randomKey, err := ed25519.GenerateKey(nil)
+ require.NoError(t, err)
+ signer, err := gossh.NewSignerFromKey(randomKey)
+ require.NoError(t, err)
+ require.NotNil(t, signer)
+
+ tmpDir := t.TempDir()
+ srvFS := osfs.New(tmpDir, osfs.WithChrootOS())
+
+ _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "Dockerfile", "FROM "+testImageAlpine, "Initial commit"))
+ tr := gittest.NewServerSSH(t, srvFS, signer.PublicKey())
+
+ _, err = runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ envbuilderEnv("GIT_URL", tr.String()+"."),
+ envbuilderEnv("GIT_SSH_PRIVATE_KEY_BASE64", base64Key),
+ }})
+ require.ErrorContains(t, err, "handshake failed")
+ })
+}
+
func TestSucceedsGitAuthInURL(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- username: "kyle",
- password: "testing",
+ Username: "kyle",
+ Password: "testing",
})
u, err := url.Parse(srv.URL)
require.NoError(t, err)
u.User = url.UserPassword("kyle", "testing")
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", u.String()),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -306,8 +536,8 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
require.NoError(t, err)
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -330,7 +560,7 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
".devcontainer/feature3/install.sh": "echo $GRAPE > /test3output",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -345,36 +575,154 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) {
require.Equal(t, "hello from test 3!", strings.TrimSpace(test3Output))
}
-func TestBuildFromDockerfile(t *testing.T) {
- // Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- "Dockerfile": "FROM " + testImageAlpine,
+func TestBuildFromDockerfileAndConfig(t *testing.T) {
+ t.Parallel()
+
+ type configFile struct {
+ name string
+ data string
+ }
+ type testCase struct {
+ name string
+ env []string
+ configFile configFile
+ configBase64 string
+ validate func(t *testing.T, tc testCase, ctrID, logs string)
+ }
+
+ validateDockerConfig := func(t *testing.T, tc testCase, ctrID, logs string) {
+ t.Helper()
+
+ // Ensure that the config matches the expected value, base64 is
+ // always prioritized over a file.
+ got := execContainer(t, ctrID, "cat /docker_config_json")
+ got = strings.TrimSpace(got)
+ want := tc.configBase64
+ if want == "" {
+ want = tc.configFile.data
+ }
+ if want != "" {
+ require.Contains(t, logs, "Set DOCKER_CONFIG to /.envbuilder/.docker")
+ require.Equal(t, want, got)
+ }
+
+ // Ensure that a warning message is printed if config secrets
+ // will remain in the container after build.
+ warningMessage := "this file will remain after the build"
+ if tc.configFile.name != "" {
+ require.Contains(t, logs, warningMessage)
+ } else {
+ require.NotContains(t, logs, warningMessage)
+ }
+ }
+
+ configJSONContainerPath := workingdir.Default.Join(".docker", "config.json")
+ defaultConfigJSON := `{"experimental": "enabled"}`
+
+ tests := []testCase{
+ {
+ name: "Plain",
+ validate: func(t *testing.T, tc testCase, ctrID, logs string) {
+ output := execContainer(t, ctrID, "echo hello")
+ require.Equal(t, "hello", strings.TrimSpace(output))
+ },
},
- })
- ctr, err := runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
- envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString([]byte(`{"experimental": "enabled"}`))),
- }})
- require.NoError(t, err)
+ {
+ name: "ConfigBase64",
+ configBase64: defaultConfigJSON,
+ validate: validateDockerConfig,
+ },
+ {
+ name: "BindConfigToKnownLocation",
+ configFile: configFile{"/.envbuilder/config.json", defaultConfigJSON},
+ validate: validateDockerConfig,
+ },
+ {
+ name: "BindConfigToPath",
+ env: []string{"DOCKER_CONFIG=/secret"},
+ configFile: configFile{"/secret/config.json", defaultConfigJSON},
+ validate: validateDockerConfig,
+ },
+ {
+ name: "BindConfigToCustomFile",
+ env: []string{"DOCKER_CONFIG=/secret/my.json"},
+ configFile: configFile{"/secret/my.json", defaultConfigJSON},
+ validate: validateDockerConfig,
+ },
+ {
+ name: "ConfigBase64AndBindUsesBase64",
+ configFile: configFile{"/.envbuilder/config.json", `{"experimental": "disabled"}`},
+ configBase64: defaultConfigJSON,
+ validate: validateDockerConfig,
+ },
+ {
+ name: "ConfigBase64AndCustomConfigPath",
+ env: []string{"DOCKER_CONFIG=/secret"},
+ configBase64: defaultConfigJSON,
+ validate: validateDockerConfig,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a Dockerfile is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": fmt.Sprintf(`
+ FROM %[1]s
+ RUN if [ -f %[2]q ]; then cat %[2]q > /docker_config_json; fi
+ `, testImageAlpine, configJSONContainerPath),
+ },
+ })
- output := execContainer(t, ctr, "echo hello")
- require.Equal(t, "hello", strings.TrimSpace(output))
+ logbuf := new(bytes.Buffer)
+ opts := runOpts{
+ env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ },
+ logbuf: logbuf,
+ }
- // Verify that the Docker configuration secret file is removed
- output = execContainer(t, ctr, "stat "+filepath.Join(envbuilder.MagicDir, "config.json"))
- require.Contains(t, output, "No such file or directory")
+ if tt.configFile.name != "" {
+ dir := t.TempDir()
+ configFile := filepath.Join(dir, filepath.Base(tt.configFile.name))
+ err := os.WriteFile(configFile, []byte(tt.configFile.data), 0o600)
+ require.NoError(t, err, "failed to write config")
+
+ opts.privileged = true
+ opts.binds = []string{fmt.Sprintf("%s:%s:rw", configFile, tt.configFile.name)}
+ }
+ if tt.configBase64 != "" {
+ enc := base64.StdEncoding.EncodeToString([]byte(tt.configBase64))
+ tt.env = append(tt.env, envbuilderEnv("DOCKER_CONFIG_BASE64", enc))
+ }
+
+ opts.env = append(opts.env, tt.env...)
+
+ ctrID, err := runEnvbuilder(t, opts)
+ require.NoError(t, err)
+
+ tt.validate(t, tt, ctrID, logbuf.String())
+
+ // Always verify that the Docker configuration secret file is removed.
+ output := execContainer(t, ctrID, "stat "+configJSONContainerPath)
+ require.Contains(t, output, "No such file or directory")
+ })
+ }
}
func TestBuildPrintBuildOutput(t *testing.T) {
+ t.Parallel()
+
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine + "\nRUN echo hello",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -396,9 +744,11 @@ func TestBuildPrintBuildOutput(t *testing.T) {
}
func TestBuildIgnoreVarRunSecrets(t *testing.T) {
+ t.Parallel()
+
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
@@ -408,7 +758,9 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
require.NoError(t, err)
t.Run("ReadWrite", func(t *testing.T) {
- ctr, err := runEnvbuilder(t, options{
+ t.Parallel()
+
+ ctr, err := runEnvbuilder(t, runOpts{
env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -422,7 +774,9 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
})
t.Run("ReadOnly", func(t *testing.T) {
- ctr, err := runEnvbuilder(t, options{
+ t.Parallel()
+
+ ctr, err := runEnvbuilder(t, runOpts{
env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
@@ -437,13 +791,15 @@ func TestBuildIgnoreVarRunSecrets(t *testing.T) {
}
func TestBuildWithSetupScript(t *testing.T) {
+ t.Parallel()
+
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SETUP_SCRIPT", "echo \"INIT_ARGS=-c 'echo hi > /wow && sleep infinity'\" >> $ENVBUILDER_ENV"),
@@ -458,8 +814,8 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/custom/devcontainer.json": `{
"name": "Test",
"build": {
@@ -469,7 +825,7 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) {
".devcontainer/custom/Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DEVCONTAINER_DIR", ".devcontainer/custom"),
}})
@@ -479,12 +835,34 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) {
require.Equal(t, "hello", strings.TrimSpace(output))
}
+func TestBuildFromCustomWorkspaceBaseDir(t *testing.T) {
+ t.Parallel()
+
+ // Ensures that a Git repository with a devcontainer.json is cloned and built.
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": "FROM " + testImageUbuntu,
+ },
+ })
+ ctr, err := runEnvbuilder(t, runOpts{
+ env: []string{
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ envbuilderEnv("WORKSPACE_BASE_DIR", "/foo"),
+ envbuilderEnv("GIT_URL", srv.URL),
+ },
+ })
+ require.NoError(t, err)
+
+ output := execContainer(t, ctr, "readlink /proc/1/cwd")
+ require.Contains(t, output, "/foo/")
+}
+
func TestBuildFromDevcontainerInSubfolder(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/subfolder/devcontainer.json": `{
"name": "Test",
"build": {
@@ -494,7 +872,7 @@ func TestBuildFromDevcontainerInSubfolder(t *testing.T) {
".devcontainer/subfolder/Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -507,8 +885,8 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"devcontainer.json": `{
"name": "Test",
"build": {
@@ -518,7 +896,7 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
"Dockerfile": "FROM " + testImageUbuntu,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.NoError(t, err)
@@ -528,13 +906,15 @@ func TestBuildFromDevcontainerInRoot(t *testing.T) {
}
func TestBuildCustomCertificates(t *testing.T) {
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ t.Parallel()
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
- tls: true,
+ TLS: true,
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SSL_CERT_BASE64", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
@@ -549,13 +929,15 @@ func TestBuildCustomCertificates(t *testing.T) {
}
func TestBuildStopStartCached(t *testing.T) {
+ t.Parallel()
+
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + testImageAlpine,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("SKIP_REBUILD", "true"),
@@ -586,7 +968,7 @@ func TestCloneFailsFallback(t *testing.T) {
t.Parallel()
t.Run("BadRepo", func(t *testing.T) {
t.Parallel()
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", "bad-value"),
}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
@@ -598,12 +980,12 @@ func TestBuildFailsFallback(t *testing.T) {
t.Run("BadDockerfile", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "bad syntax",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -613,13 +995,13 @@ func TestBuildFailsFallback(t *testing.T) {
t.Run("FailsBuild", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": `FROM ` + testImageAlpine + `
RUN exit 1`,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -628,24 +1010,24 @@ RUN exit 1`,
t.Run("BadDevcontainer", func(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": "not json",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
})
t.Run("NoImageOrDockerfile", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": "{}",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("FALLBACK_IMAGE", testImageAlpine),
}})
@@ -658,12 +1040,12 @@ RUN exit 1`,
func TestExitBuildOnFailure(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "bad syntax",
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("FALLBACK_IMAGE", testImageAlpine),
@@ -677,8 +1059,8 @@ func TestContainerEnv(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -697,30 +1079,32 @@ func TestContainerEnv(t *testing.T) {
".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("EXPORT_ENV_FILE", "/env"),
}})
require.NoError(t, err)
output := execContainer(t, ctr, "cat /env")
- require.Contains(t, strings.TrimSpace(output),
- `DEVCONTAINER=true
+ want := `DEVCONTAINER=true
DEVCONTAINER_CONFIG=/workspaces/empty/.devcontainer/devcontainer.json
ENVBUILDER=true
FROM_CONTAINER_ENV=bar
FROM_DOCKERFILE=foo
FROM_REMOTE_ENV=baz
PATH=/usr/local/bin:/bin:/go/bin:/opt
-REMOTE_BAR=bar`)
+REMOTE_BAR=bar`
+ if diff := cmp.Diff(want, strings.TrimSpace(output)); diff != "" {
+ require.Failf(t, "env mismatch", "diff (-want +got):\n%s", diff)
+ }
}
func TestUnsetOptionsEnv(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -730,7 +1114,7 @@ func TestUnsetOptionsEnv(t *testing.T) {
".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
"GIT_URL", srv.URL,
envbuilderEnv("GIT_PASSWORD", "supersecret"),
@@ -741,13 +1125,13 @@ func TestUnsetOptionsEnv(t *testing.T) {
require.NoError(t, err)
output := execContainer(t, ctr, "cat /root/env.txt")
- var os envbuilder.Options
+ var os options.Options
for _, s := range strings.Split(strings.TrimSpace(output), "\n") {
for _, o := range os.CLI() {
if strings.HasPrefix(s, o.Env) {
assert.Fail(t, "environment variable should be stripped when running init script", s)
}
- optWithoutPrefix := strings.TrimPrefix(o.Env, envbuilder.WithEnvPrefix(""))
+ optWithoutPrefix := strings.TrimPrefix(o.Env, options.WithEnvPrefix(""))
if strings.HasPrefix(s, optWithoutPrefix) {
assert.Fail(t, "environment variable should be stripped when running init script", s)
}
@@ -755,48 +1139,145 @@ func TestUnsetOptionsEnv(t *testing.T) {
}
}
-func TestLifecycleScripts(t *testing.T) {
+func TestBuildSecrets(t *testing.T) {
t.Parallel()
- // Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ buildSecretVal := "foo"
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
"dockerfile": "Dockerfile"
},
- "onCreateCommand": "echo create > /tmp/out",
- "updateContentCommand": ["sh", "-c", "echo update >> /tmp/out"],
- "postCreateCommand": "(echo -n postCreate. ; id -un) >> /tmp/out",
- "postStartCommand": {
- "parallel1": "echo parallel1 > /tmp/parallel1",
- "parallel2": ["sh", "-c", "echo parallel2 > /tmp/parallel2"]
- }
}`,
- ".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nUSER nobody",
+ ".devcontainer/Dockerfile": "FROM " + testImageAlpine +
+ // Test whether build secrets are written to the default location
+ "\nRUN --mount=type=secret,id=FOO cat /run/secrets/FOO > /foo_from_file" +
+ // Test whether:
+ // * build secrets are written to env
+ // * build secrets are written to a custom target
+ // * build secrets are both written to env and target if both are specified
+ "\nRUN --mount=type=secret,id=FOO,env=FOO,target=/etc/foo echo $FOO > /foo_from_env && cat /etc/foo > /foo_from_custom_target" +
+ // Test what happens when you specify the same secret twice
+ "\nRUN --mount=type=secret,id=FOO,target=/etc/duplicate_foo --mount=type=secret,id=FOO,target=/etc/duplicate_foo cat /etc/duplicate_foo > /duplicate_foo_from_custom_target",
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("GIT_PASSWORD", "supersecret"),
+ envbuilderEnv("BUILD_SECRETS", fmt.Sprintf("FOO=%s", buildSecretVal)),
}})
require.NoError(t, err)
- output := execContainer(t, ctr, "cat /tmp/out /tmp/parallel1 /tmp/parallel2")
- require.Equal(t,
- `create
-update
-postCreate.nobody
-parallel1
-parallel2`, strings.TrimSpace(output))
+ output := execContainer(t, ctr, "cat /foo_from_file")
+ assert.Equal(t, buildSecretVal, strings.TrimSpace(output))
+
+ output = execContainer(t, ctr, "cat /foo_from_env")
+ assert.Equal(t, buildSecretVal, strings.TrimSpace(output))
+
+ output = execContainer(t, ctr, "cat /foo_from_custom_target")
+ assert.Equal(t, buildSecretVal, strings.TrimSpace(output))
+
+ output = execContainer(t, ctr, "cat /duplicate_foo_from_custom_target")
+ assert.Equal(t, buildSecretVal, strings.TrimSpace(output))
+}
+
+func TestLifecycleScripts(t *testing.T) {
+ t.Parallel()
+
+ for _, tt := range []struct {
+ name string
+ files map[string]string
+ outputCmd string
+ expectOutput string
+ }{
+ {
+ name: "build",
+ files: map[string]string{
+ ".devcontainer/devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ "onCreateCommand": "echo create > /tmp/out",
+ "updateContentCommand": ["sh", "-c", "echo update >> /tmp/out"],
+ "postCreateCommand": "(echo -n postCreate. ; id -un) >> /tmp/out",
+ "postStartCommand": {
+ "parallel1": "echo parallel1 > /tmp/parallel1",
+ "parallel2": ["sh", "-c", "echo parallel2 > /tmp/parallel2"]
+ }
+ }`,
+ ".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nUSER nobody",
+ },
+ outputCmd: "cat /tmp/out /tmp/parallel1 /tmp/parallel2",
+ expectOutput: "create\nupdate\npostCreate.nobody\nparallel1\nparallel2",
+ },
+ {
+ name: "image",
+ files: map[string]string{
+ ".devcontainer/devcontainer.json": fmt.Sprintf(`{
+ "name": "Test",
+ "image": %q,
+ "containerUser": "nobody",
+ "onCreateCommand": "echo create > /tmp/out",
+ "updateContentCommand": ["sh", "-c", "echo update >> /tmp/out"],
+ "postCreateCommand": "(echo -n postCreate. ; id -un) >> /tmp/out",
+ "postStartCommand": {
+ "parallel1": "echo parallel1 > /tmp/parallel1",
+ "parallel2": ["sh", "-c", "echo parallel2 > /tmp/parallel2"]
+ }
+ }`, testImageAlpine),
+ },
+ outputCmd: "cat /tmp/out /tmp/parallel1 /tmp/parallel2",
+ expectOutput: "create\nupdate\npostCreate.nobody\nparallel1\nparallel2",
+ },
+ {
+ name: "label",
+ files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+ LABEL devcontainer.metadata='[{ \
+ "onCreateCommand": "echo create > /tmp/out", \
+ "updateContentCommand": ["sh", "-c", "echo update >> /tmp/out"], \
+ "postCreateCommand": "(echo -n postCreate. ; id -un) >> /tmp/out", \
+ "postStartCommand": { \
+ "parallel1": "echo parallel1 > /tmp/parallel1", \
+ "parallel2": ["sh", "-c", "echo parallel2 > /tmp/parallel2"] \
+ } \
+ }]'
+ USER nobody`, testImageAlpine),
+ },
+ outputCmd: "cat /tmp/out /tmp/parallel1 /tmp/parallel2",
+ expectOutput: "create\nupdate\npostCreate.nobody\nparallel1\nparallel2",
+ },
+ } {
+ tt := tt
+ t.Run(tt.name, func(t *testing.T) {
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: tt.files,
+ })
+ env := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ }
+ if _, ok := tt.files[".devcontainer/devcontainer.json"]; !ok {
+ env = append(env, envbuilderEnv("DOCKERFILE_PATH", ".devcontainer/Dockerfile"))
+ }
+ ctr, err := runEnvbuilder(t, runOpts{env: env})
+ require.NoError(t, err, "failed to run envbuilder")
+ output := execContainer(t, ctr, tt.outputCmd)
+ require.Equal(t, tt.expectOutput, strings.TrimSpace(output))
+ })
+ }
}
func TestPostStartScript(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -816,7 +1297,7 @@ RUN chmod +x /bin/init.sh
USER nobody`,
},
})
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("POST_START_SCRIPT_PATH", "/tmp/post-start.sh"),
envbuilderEnv("INIT_COMMAND", "/bin/init.sh"),
@@ -845,12 +1326,12 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
@@ -864,8 +1345,8 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
@@ -879,7 +1360,7 @@ func TestPrivateRegistry(t *testing.T) {
})
require.NoError(t, err)
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)),
@@ -896,8 +1377,8 @@ func TestPrivateRegistry(t *testing.T) {
})
// Ensures that a Git repository with a Dockerfile is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
"Dockerfile": "FROM " + image,
},
})
@@ -911,7 +1392,7 @@ func TestPrivateRegistry(t *testing.T) {
})
require.NoError(t, err)
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)),
@@ -968,7 +1449,9 @@ func setupPassthroughRegistry(t *testing.T, image string, opts *setupPassthrough
}
func TestNoMethodFails(t *testing.T) {
- _, err := runEnvbuilder(t, options{env: []string{}})
+ t.Parallel()
+
+ _, err := runEnvbuilder(t, runOpts{env: []string{}})
require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error())
}
@@ -1039,10 +1522,12 @@ COPY %s .`, testImageAlpine, inclFile)
tc := tc
t.Run(tc.name, func(t *testing.T) {
- srv := createGitServer(t, gitServerOptions{
- files: tc.files,
+ t.Parallel()
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: tc.files,
})
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("DOCKERFILE_PATH", tc.dockerfilePath),
envbuilderEnv("BUILD_CONTEXT_PATH", tc.buildContextPath),
@@ -1063,9 +1548,15 @@ func TestPushImage(t *testing.T) {
t.Run("CacheWithoutPush", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1084,18 +1575,18 @@ func TestPushImage(t *testing.T) {
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
}})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
+ // When: we run envbuilder with no PUSH_IMAGE set
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
}})
@@ -1105,21 +1596,31 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref)
require.ErrorContains(t, err, "MANIFEST_UNKNOWN", "expected image to not be present before build + push")
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should not succeed, as
+ // the envbuilder binary is not present in the pushed image.
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
}})
- require.NoError(t, err)
+ require.ErrorContains(t, err, "uncached COPY command is not supported in cache probe mode")
})
t.Run("CacheAndPush", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1137,102 +1638,283 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("VERBOSE", "1"),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
- }})
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
+ defer cli.Close()
- // Then: the image should be pushed
- img, err := remote.Image(ref)
- require.NoError(t, err, "expected image to be present after build + push")
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
- // Then: the image should have its directives replaced with those required
- // to run envbuilder automatically
- configFile, err := img.ConfigFile()
- require.NoError(t, err, "expected image to return a config file")
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
- assert.Equal(t, "root", configFile.Config.User, "user must be root")
- assert.Equal(t, "/", configFile.Config.WorkingDir, "workdir must be /")
- if assert.Len(t, configFile.Config.Entrypoint, 1) {
- assert.Equal(t, "/.envbuilder/bin/envbuilder", configFile.Config.Entrypoint[0], "incorrect entrypoint")
- }
+ // Then: the envbuilder binary exists in the image!
+ out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
+ require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
+ out = execContainer(t, ctr.ID, "cat /root/date.txt")
+ require.NotEmpty(t, strings.TrimSpace(out))
+ })
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- ctrID, err := runEnvbuilder(t, options{env: []string{
+ t.Run("CacheAndPushDevcontainerOnly", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/devcontainer.json": fmt.Sprintf(`{"image": %q}`, testImageAlpine),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.NoError(t, err)
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached COPY command")
+ // Then: it should fail to build the image and nothing should be pushed
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
- // Then: the cached image ref should be emitted in the container logs
- ctx, cancel := context.WithCancel(context.Background())
- t.Cleanup(cancel)
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
defer cli.Close()
- logs, err := cli.ContainerLogs(ctx, ctrID, container.LogsOptions{
- ShowStdout: true,
- ShowStderr: true,
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Then: the envbuilder binary exists in the image!
+ out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
+ require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
+ require.NotEmpty(t, strings.TrimSpace(out))
+ })
+
+ t.Run("CompareBuiltAndCachedImageEnvironment", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ wantSpecificOutput := []string{
+ "containeruser",
+ "FROM_CONTAINER=container",
+ "FROM_CONTAINER_ENV=containerEnv",
+ "FROM_REMOTE_ENV=remoteEnv",
+ "CONTAINER_OVERRIDE_C=containerEnv",
+ "CONTAINER_OVERRIDE_CR=remoteEnv",
+ "CONTAINER_OVERRIDE_R=remoteEnv",
+ }
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`
+ FROM %s
+ ENV FROM_CONTAINER=container
+ ENV CONTAINER_OVERRIDE_C=container
+ ENV CONTAINER_OVERRIDE_CR=container
+ ENV CONTAINER_OVERRIDE_R=container
+ RUN adduser -D containeruser
+ RUN adduser -D remoteuser
+ USER root
+ `, testImageAlpine),
+ ".devcontainer/devcontainer.json": `
+ {
+ "dockerFile": "Dockerfile",
+ "containerUser": "containeruser",
+ "containerEnv": {
+ "FROM_CONTAINER_ENV": "containerEnv",
+ "CONTAINER_OVERRIDE_C": "containerEnv",
+ "CONTAINER_OVERRIDE_CR": "containerEnv",
+ },
+ "remoteUser": "remoteuser",
+ "remoteEnv": {
+ "FROM_REMOTE_ENV": "remoteEnv",
+ "CONTAINER_OVERRIDE_CR": "remoteEnv",
+ "CONTAINER_OVERRIDE_R": "remoteEnv",
+ },
+ "onCreateCommand": "echo onCreateCommand",
+ "postCreateCommand": "echo postCreateCommand",
+ }
+ `,
+ },
})
- require.NoError(t, err)
- defer logs.Close()
- logBytes, err := io.ReadAll(logs)
- require.NoError(t, err)
- require.Regexp(t, `ENVBUILDER_CACHED_IMAGE=(\S+)`, string(logBytes))
- // When: we pull the image we just built
- rc, err := cli.ImagePull(ctx, ref.String(), image.PullOptions{})
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
require.NoError(t, err)
- t.Cleanup(func() { _ = rc.Close() })
- _, err = io.ReadAll(rc)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("INIT_SCRIPT", "echo '[start]' && whoami && env && echo '[end]'"),
+ envbuilderEnv("INIT_COMMAND", "/bin/ash"),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ ctrID, err := runEnvbuilder(t, runOpts{env: append(opts, envbuilderEnv("PUSH_IMAGE", "1"))})
+ require.NoError(t, err, "envbuilder push image failed")
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
+ defer cli.Close()
+
+ var started bool
+ var wantOutput, gotOutput []string
+ logs, _ := streamContainerLogs(t, cli, ctrID)
+ for {
+ log := <-logs
+ if log == "[start]" {
+ started = true
+ continue
+ }
+ if log == "[end]" {
+ break
+ }
+ if started {
+ wantOutput = append(wantOutput, log)
+ }
+ }
+ started = false
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
// When: we run the image we just built
- ctr, err := cli.ContainerCreate(ctx, &container.Config{
- Image: ref.String(),
- Entrypoint: []string{"sleep", "infinity"},
- Labels: map[string]string{
- testContainerLabel: "true",
+ ctrID, err = runEnvbuilder(t, runOpts{
+ image: cachedRef.String(),
+ env: opts,
+ })
+ require.NoError(t, err, "envbuilder run cached image failed")
+
+ logs, _ = streamContainerLogs(t, cli, ctrID)
+ for {
+ log := <-logs
+ if log == "[start]" {
+ started = true
+ continue
+ }
+ if log == "[end]" {
+ break
+ }
+ if started {
+ gotOutput = append(gotOutput, log)
+ }
+ }
+
+ slices.Sort(wantOutput)
+ slices.Sort(gotOutput)
+ if diff := cmp.Diff(wantOutput, gotOutput); diff != "" {
+ t.Fatalf("unexpected output (-want +got):\n%s", diff)
+ }
+
+ for _, want := range wantSpecificOutput {
+ assert.Contains(t, gotOutput, want, "expected specific output %q to be present", want)
+ }
+ })
+
+ t.Run("CacheAndPushWithNoChangeLayers", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": fmt.Sprintf(`
+FROM %[1]s
+RUN touch /foo
+RUN echo "Hi, please don't put me in a layer (I guess you won't listen to me...)"
+RUN touch /bar
+`, testImageAlpine),
},
- }, nil, nil, nil, "")
- require.NoError(t, err)
- t.Cleanup(func() {
- _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
- RemoveVolumes: true,
- Force: true,
- })
})
- err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{})
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
// Then: the envbuilder binary exists in the image!
out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help")
require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out))
- out = execContainer(t, ctr.ID, "cat /root/date.txt")
require.NotEmpty(t, strings.TrimSpace(out))
})
t.Run("CacheAndPushAuth", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1243,18 +1925,18 @@ func TestPushImage(t *testing.T) {
})
// Given: an empty registry
- opts := setupInMemoryRegistryOpts{
+ authOpts := setupInMemoryRegistryOpts{
Username: "testing",
Password: "testing",
}
- remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password})
- testReg := setupInMemoryRegistry(t, opts)
+ remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: authOpts.Username, Password: authOpts.Password})
+ testReg := setupInMemoryRegistry(t, authOpts)
testRepo := testReg + "/test"
regAuthJSON, err := json.Marshal(envbuilder.DockerConfig{
AuthConfigs: map[string]clitypes.AuthConfig{
testRepo: {
- Username: opts.Username,
- Password: opts.Password,
+ Username: authOpts.Username,
+ Password: authOpts.Password,
},
},
})
@@ -1264,46 +1946,47 @@ func TestPushImage(t *testing.T) {
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
- envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
- }})
- require.NoError(t, err)
+ _ = pushImage(t, ref, remoteAuthOpt, opts...)
// Then: the image should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.NoError(t, err, "expected image to be present after build + push")
// Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)),
- }})
+ )})
require.NoError(t, err)
})
t.Run("CacheAndPushAuthFail", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1314,35 +1997,37 @@ func TestPushImage(t *testing.T) {
})
// Given: an empty registry
- opts := setupInMemoryRegistryOpts{
+ authOpts := setupInMemoryRegistryOpts{
Username: "testing",
Password: "testing",
}
- remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password})
- testReg := setupInMemoryRegistry(t, opts)
+ remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: authOpts.Username, Password: authOpts.Password})
+ testReg := setupInMemoryRegistry(t, authOpts)
testRepo := testReg + "/test"
ref, err := name.ParseReference(testRepo + ":latest")
require.NoError(t, err)
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("GET_CACHED_IMAGE", "1"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref, remoteAuthOpt)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with PUSH_IMAGE set
- _, err = runEnvbuilder(t, options{env: []string{
- envbuilderEnv("GIT_URL", srv.URL),
- envbuilderEnv("CACHE_REPO", testRepo),
+ // When: we run envbuilder with PUSH_IMAGE and EXIT_ON_PUSH_FAILURE set
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
envbuilderEnv("PUSH_IMAGE", "1"),
- }})
+ envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
+ )})
// Then: it should fail with an Unauthorized error
require.ErrorContains(t, err, "401 Unauthorized", "expected unauthorized error using no auth when cache repo requires it")
@@ -1352,22 +2037,29 @@ func TestPushImage(t *testing.T) {
})
t.Run("CacheAndPushMultistage", func(t *testing.T) {
- // Currently fails with:
- // /home/coder/src/coder/envbuilder/integration/integration_test.go:1417: "error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory"
- // /home/coder/src/coder/envbuilder/integration/integration_test.go:1156:
- // Error Trace: /home/coder/src/coder/envbuilder/integration/integration_test.go:1156
- // Error: Received unexpected error:
- // error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory
- // Test: TestPushImage/CacheAndPushMultistage
- t.Skip("TODO: https://github.com/coder/envbuilder/issues/230")
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- "Dockerfile": fmt.Sprintf(`FROM %s AS a
-RUN date --utc > /root/date.txt
-FROM %s as b
-COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ "Dockerfile": fmt.Sprintf(`
+FROM %[1]s AS prebuild
+RUN mkdir /the-past /the-future \
+ && echo "hello from the past" > /the-past/hello.txt \
+ && cd /the-past \
+ && ln -s hello.txt hello.link \
+ && echo "hello from the future" > /the-future/hello.txt
+
+FROM %[1]s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+COPY --from=prebuild /the-past /the-past
+COPY --from=prebuild /the-future/hello.txt /the-future/hello.txt
+`, testImageAlpine),
},
})
@@ -1379,50 +2071,134 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
- // When: we run envbuilder with GET_CACHED_IMAGE
- _, err = runEnvbuilder(t, options{env: []string{
+ opts := []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
- }})
- require.ErrorContains(t, err, "error probing build cache: uncached command")
+ }
+
+ // When: we run envbuilder with GET_CACHED_IMAGE
+ _, err = runEnvbuilder(t, runOpts{env: append(opts,
+ envbuilderEnv("GET_CACHED_IMAGE", "1"),
+ )})
+ require.ErrorContains(t, err, "error probing build cache: uncached RUN command")
// Then: it should fail to build the image and nothing should be pushed
_, err = remote.Image(ref)
require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
// When: we run envbuilder with PUSH_IMAGE set
- ctrID, err := runEnvbuilder(t, options{env: []string{
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Then: The files from the prebuild stage are present.
+ out := execContainer(t, ctr.ID, "/bin/sh -c 'cat /the-past/hello.txt /the-future/hello.txt; readlink -f /the-past/hello.link'")
+ require.Equal(t, "hello from the past\nhello from the future\n/the-past/hello.txt", strings.TrimSpace(out))
+ })
+
+ t.Run("MultistgeCacheMissAfterChange", func(t *testing.T) {
+ t.Parallel()
+ dockerfilePrebuildContents := fmt.Sprintf(`
+FROM %[1]s AS prebuild
+RUN mkdir /the-past /the-future \
+ && echo "hello from the past" > /the-past/hello.txt \
+ && cd /the-past \
+ && ln -s hello.txt hello.link \
+ && echo "hello from the future" > /the-future/hello.txt
+
+# Workaround for https://github.com/coder/envbuilder/issues/231
+FROM %[1]s
+`, testImageAlpine)
+
+ dockerfileContents := fmt.Sprintf(`
+FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+COPY --from=prebuild /the-past /the-past
+COPY --from=prebuild /the-future/hello.txt /the-future/hello.txt
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt
+`, testImageAlpine)
+
+ newServer := func(dockerfile string) *httptest.Server {
+ return gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{"Dockerfile": dockerfile},
+ })
+ }
+ srv := newServer(dockerfilePrebuildContents + dockerfileContents)
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil,
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
- envbuilderEnv("PUSH_IMAGE", "1"),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ )
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ _, err = runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
}})
require.NoError(t, err)
- // Then: The file copied from stage a should be present
- out := execContainer(t, ctrID, "cat /date.txt")
- require.NotEmpty(t, out)
- // Then: the image should be pushed
- _, err = remote.Image(ref)
- require.NoError(t, err, "expected image to be present after build + push")
+ // When: we change the Dockerfile
+ srv.Close()
+ dockerfilePrebuildContents = strings.Replace(dockerfilePrebuildContents, "hello from the future", "hello from the future, but different", 1)
+ srv = newServer(dockerfilePrebuildContents)
- // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
- _, err = runEnvbuilder(t, options{env: []string{
+ // When: we rebuild the prebuild stage so that the cache is created
+ _ = pushImage(t, ref, nil,
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ )
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should still fail
+ // on the second stage because the first stage file has changed.
+ srv.Close()
+ srv = newServer(dockerfilePrebuildContents + dockerfileContents)
+ _, err = runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", testRepo),
envbuilderEnv("GET_CACHED_IMAGE", "1"),
envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"),
+ envbuilderEnv("VERBOSE", "1"),
}})
- require.NoError(t, err)
+ require.ErrorContains(t, err, "error probing build cache: uncached COPY command")
})
t.Run("PushImageRequiresCache", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1433,7 +2209,7 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
})
// When: we run envbuilder with PUSH_IMAGE set but no cache repo set
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("PUSH_IMAGE", "1"),
}})
@@ -1443,12 +2219,18 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
require.ErrorContains(t, err, "--cache-repo must be set when using --push-image")
})
- t.Run("PushErr", func(t *testing.T) {
+ t.Run("PushErr/ExitOnPushFail", func(t *testing.T) {
t.Parallel()
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
- ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine),
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1463,23 +2245,207 @@ COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine),
notRegURL := strings.TrimPrefix(notRegSrv.URL, "http://") + "/test"
// When: we run envbuilder with PUSH_IMAGE set
- _, err := runEnvbuilder(t, options{env: []string{
+ _, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
envbuilderEnv("CACHE_REPO", notRegURL),
envbuilderEnv("PUSH_IMAGE", "1"),
+ envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
}})
// Then: envbuilder should fail with a descriptive error
require.ErrorContains(t, err, "failed to push to destination")
})
+
+ t.Run("PushErr/NoExitOnPushFail", func(t *testing.T) {
+ t.Parallel()
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
+ ".devcontainer/devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ },
+ })
+
+ // Given: registry is not set up (in this case, not a registry)
+ notRegSrv := httptest.NewServer(http.NotFoundHandler())
+ notRegURL := strings.TrimPrefix(notRegSrv.URL, "http://") + "/test"
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _, err := runEnvbuilder(t, runOpts{env: []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", notRegURL),
+ envbuilderEnv("PUSH_IMAGE", "1"),
+ envbuilderEnv("EXIT_ON_PUSH_FAILURE", "0"),
+ }})
+
+ // Then: envbuilder should not fail
+ require.NoError(t, err)
+ })
+
+ t.Run("CacheAndPushDevcontainerFeatures", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ // NOTE(mafredri): We can't cache the feature in our local
+ // registry because the image media type is incompatible.
+ ".devcontainer/devcontainer.json": fmt.Sprintf(`
+{
+ "image": %q,
+ "features": {
+ "ghcr.io/devcontainers/feature-starter/color:1": {
+ "favorite": "green"
+ }
+ }
+}
+`, testImageUbuntu),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Check that the feature is present in the image.
+ out := execContainer(t, ctr.ID, "/usr/local/bin/color")
+ require.Contains(t, strings.TrimSpace(out), "my favorite color is green")
+ })
+
+ t.Run("CacheAndPushUser", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ t.Cleanup(cancel)
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+RUN useradd -m -s /bin/bash devalot
+USER devalot
+`, testImageUbuntu),
+ },
+ })
+
+ // Given: an empty registry
+ testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{})
+ testRepo := testReg + "/test"
+ ref, err := name.ParseReference(testRepo + ":latest")
+ require.NoError(t, err)
+ _, err = remote.Image(ref)
+ require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
+
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", testRepo),
+ }
+
+ // When: we run envbuilder with PUSH_IMAGE set
+ _ = pushImage(t, ref, nil, opts...)
+
+ cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
+ require.NoError(t, err)
+ defer cli.Close()
+
+ // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed
+ cachedRef := getCachedImage(ctx, t, cli, opts...)
+
+ // When: we run the image we just built
+ ctr := startContainerFromRef(ctx, t, cli, cachedRef)
+
+ // Check that envbuilder started command as user.
+ // Since envbuilder starts as root, probe for up to 10 seconds.
+ for i := 0; i < 10; i++ {
+ out := execContainer(t, ctr.ID, "ps aux | awk '/^devalot * 1 / {print $1}' | sort -u")
+ got := strings.TrimSpace(out)
+ if got == "devalot" {
+ return
+ }
+ time.Sleep(time.Second)
+ }
+ require.Fail(t, "expected pid 1 to be running as devalot")
+ })
+
+ t.Run("PushDuplicateLayersNoBlobUnknown", func(t *testing.T) {
+ t.Parallel()
+
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
+ ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+RUN echo "hi i r empty"
+RUN echo "who u"
+`, testImageBlobUnknown),
+ ".devcontainer/devcontainer.json": `{
+ "name": "Test",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ }`,
+ },
+ })
+
+ // NOTE(mafredri): The in-memory registry doesn't catch this error so we
+ // have to use registry:2.
+ ref, err := name.ParseReference(fmt.Sprintf("localhost:5000/test-blob-unknown-%s", uuid.NewString()))
+ require.NoError(t, err)
+ opts := []string{
+ envbuilderEnv("GIT_URL", srv.URL),
+ envbuilderEnv("CACHE_REPO", ref.String()),
+ envbuilderEnv("VERBOSE", "1"),
+ }
+
+ _ = pushImage(t, ref, nil, opts...)
+ })
}
func TestChownHomedir(t *testing.T) {
t.Parallel()
// Ensures that a Git repository with a devcontainer.json is cloned and built.
- srv := createGitServer(t, gitServerOptions{
- files: map[string]string{
+ srv := gittest.CreateGitServer(t, gittest.Options{
+ Files: map[string]string{
".devcontainer/devcontainer.json": `{
"name": "Test",
"build": {
@@ -1499,7 +2465,7 @@ USER test
// Run envbuilder with a Docker volume mounted to homedir
volName := fmt.Sprintf("%s%d-home", t.Name(), time.Now().Unix())
- ctr, err := runEnvbuilder(t, options{env: []string{
+ ctr, err := runEnvbuilder(t, runOpts{env: []string{
envbuilderEnv("GIT_URL", srv.URL),
}, volumes: map[string]string{volName: "/home/test"}})
require.NoError(t, err)
@@ -1551,33 +2517,6 @@ func TestMain(m *testing.M) {
m.Run()
}
-type gitServerOptions struct {
- files map[string]string
- username string
- password string
- authMW func(http.Handler) http.Handler
- tls bool
-}
-
-// createGitServer creates a git repository with an in-memory filesystem
-// and serves it over HTTP using a httptest.Server.
-func createGitServer(t *testing.T, opts gitServerOptions) *httptest.Server {
- t.Helper()
- if opts.authMW == nil {
- opts.authMW = mwtest.BasicAuthMW(opts.username, opts.password)
- }
- commits := make([]gittest.CommitFunc, 0)
- for path, content := range opts.files {
- commits = append(commits, gittest.Commit(t, path, content, "my test commit"))
- }
- fs := memfs.New()
- _ = gittest.NewRepo(t, fs, commits...)
- if opts.tls {
- return httptest.NewTLSServer(opts.authMW(gittest.NewServer(fs)))
- }
- return httptest.NewServer(opts.authMW(gittest.NewServer(fs)))
-}
-
func checkTestRegistry() {
resp, err := http.Get("http://localhost:5000/v2/_catalog")
if err != nil {
@@ -1612,21 +2551,118 @@ func cleanOldEnvbuilders() {
panic(err)
}
for _, ctr := range ctrs {
- cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
+ if err := cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
Force: true,
- })
+ }); err != nil {
+ _, _ = fmt.Fprintf(os.Stderr, "failed to remove old test container: %s\n", err.Error())
+ }
+ }
+}
+
+func pushImage(t *testing.T, ref name.Reference, remoteOpt remote.Option, env ...string) v1.Image {
+ t.Helper()
+
+ var remoteOpts []remote.Option
+ if remoteOpt != nil {
+ remoteOpts = append(remoteOpts, remoteOpt)
+ }
+ opts := runOpts{
+ env: append(env,
+ envbuilderEnv("PUSH_IMAGE", "1"),
+ envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
+ ),
+ }
+ _, err := runEnvbuilder(t, opts)
+ require.NoError(t, err, "envbuilder push image failed")
+
+ img, err := remote.Image(ref, remoteOpts...)
+ require.NoError(t, err, "expected image to be present after build + push")
+
+ // The image should have its directives replaced with those required
+ // to run envbuilder automatically
+ configFile, err := img.ConfigFile()
+ require.NoError(t, err, "expected image to return a config file")
+
+ assert.Equal(t, "root", configFile.Config.User, "user must be root")
+ assert.Equal(t, "/", configFile.Config.WorkingDir, "workdir must be /")
+ if assert.Len(t, configFile.Config.Entrypoint, 1) {
+ assert.Equal(t, "/.envbuilder/bin/envbuilder", configFile.Config.Entrypoint[0], "incorrect entrypoint")
}
+
+ require.False(t, t.Failed(), "pushImage failed")
+
+ return img
+}
+
+func getCachedImage(ctx context.Context, t *testing.T, cli *client.Client, env ...string) name.Reference {
+ ctrID, err := runEnvbuilder(t, runOpts{env: append(env, envbuilderEnv("GET_CACHED_IMAGE", "1"))})
+ require.NoError(t, err)
+
+ logs, err := cli.ContainerLogs(ctx, ctrID, container.LogsOptions{
+ ShowStdout: true,
+ ShowStderr: true,
+ })
+ require.NoError(t, err)
+ defer logs.Close()
+ logBytes, err := io.ReadAll(logs)
+ require.NoError(t, err)
+
+ re := regexp.MustCompile(`ENVBUILDER_CACHED_IMAGE=(\S+)`)
+ matches := re.FindStringSubmatch(string(logBytes))
+ require.Len(t, matches, 2, "envbuilder cached image not found")
+ ref, err := name.ParseReference(matches[1])
+ require.NoError(t, err, "failed to parse cached image reference")
+ return ref
+}
+
+func startContainerFromRef(ctx context.Context, t *testing.T, cli *client.Client, ref name.Reference) container.CreateResponse {
+ t.Helper()
+
+ // Ensure that we can pull the image.
+ rc, err := cli.ImagePull(ctx, ref.String(), image.PullOptions{})
+ require.NoError(t, err)
+ t.Cleanup(func() { _ = rc.Close() })
+ _, err = io.Copy(io.Discard, rc)
+ require.NoError(t, err)
+
+ // Start the container.
+ ctr, err := cli.ContainerCreate(ctx, &container.Config{
+ Image: ref.String(),
+ Labels: map[string]string{
+ testContainerLabel: "true",
+ },
+ }, nil, nil, nil, "")
+ require.NoError(t, err)
+
+ t.Cleanup(func() {
+ // Start a new context to ensure that the container is removed.
+ ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+ defer cancel()
+
+ _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
+ RemoveVolumes: true,
+ Force: true,
+ })
+ })
+
+ err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{})
+ require.NoError(t, err)
+
+ return ctr
}
-type options struct {
- binds []string
- env []string
- volumes map[string]string
+type runOpts struct {
+ image string
+ privileged bool // Required for remounting.
+ binds []string
+ env []string
+ volumes map[string]string
+ logbuf *bytes.Buffer
}
// runEnvbuilder starts the envbuilder container with the given environment
// variables and returns the container ID.
-func runEnvbuilder(t *testing.T, options options) (string, error) {
+func runEnvbuilder(t *testing.T, opts runOpts) (string, error) {
t.Helper()
ctx := context.Background()
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
@@ -1635,7 +2671,7 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
cli.Close()
})
mounts := make([]mount.Mount, 0)
- for volName, volPath := range options.volumes {
+ for volName, volPath := range opts.volumes {
mounts = append(mounts, mount.Mount{
Type: mount.TypeVolume,
Source: volName,
@@ -1649,17 +2685,32 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
_ = cli.VolumeRemove(ctx, volName, true)
})
}
+ img := "envbuilder:latest"
+ if opts.image != "" {
+ // Pull the image first so we can start it afterwards.
+ rc, err := cli.ImagePull(ctx, opts.image, image.PullOptions{})
+ require.NoError(t, err, "failed to pull image")
+ t.Cleanup(func() { _ = rc.Close() })
+ _, err = io.Copy(io.Discard, rc)
+ require.NoError(t, err, "failed to read image pull response")
+ img = opts.image
+ }
+ hostConfig := &container.HostConfig{
+ NetworkMode: container.NetworkMode("host"),
+ Binds: opts.binds,
+ Mounts: mounts,
+ }
+ if opts.privileged {
+ hostConfig.CapAdd = append(hostConfig.CapAdd, "SYS_ADMIN")
+ hostConfig.Privileged = true
+ }
ctr, err := cli.ContainerCreate(ctx, &container.Config{
- Image: "envbuilder:latest",
- Env: options.env,
+ Image: img,
+ Env: opts.env,
Labels: map[string]string{
testContainerLabel: "true",
},
- }, &container.HostConfig{
- NetworkMode: container.NetworkMode("host"),
- Binds: options.binds,
- Mounts: mounts,
- }, nil, nil, "")
+ }, hostConfig, nil, nil, "")
require.NoError(t, err)
t.Cleanup(func() {
_ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{
@@ -1673,7 +2724,10 @@ func runEnvbuilder(t *testing.T, options options) (string, error) {
logChan, errChan := streamContainerLogs(t, cli, ctr.ID)
go func() {
for log := range logChan {
- if strings.HasPrefix(log, "=== Running the init command") {
+ if opts.logbuf != nil {
+ opts.logbuf.WriteString(log + "\n")
+ }
+ if strings.HasPrefix(log, "=== Running init command") {
errChan <- nil
return
}
@@ -1690,14 +2744,14 @@ func execContainer(t *testing.T, containerID, command string) string {
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
defer cli.Close()
- execConfig := types.ExecConfig{
+ execConfig := container.ExecOptions{
AttachStdout: true,
AttachStderr: true,
Cmd: []string{"/bin/sh", "-c", command},
}
execID, err := cli.ContainerExecCreate(ctx, containerID, execConfig)
require.NoError(t, err)
- resp, err := cli.ContainerExecAttach(ctx, execID.ID, types.ExecStartCheck{})
+ resp, err := cli.ContainerExecAttach(ctx, execID.ID, container.ExecAttachOptions{})
require.NoError(t, err)
defer resp.Close()
var buf bytes.Buffer
@@ -1746,5 +2800,5 @@ func streamContainerLogs(t *testing.T, cli *client.Client, containerID string) (
}
func envbuilderEnv(env string, value string) string {
- return fmt.Sprintf("%s=%s", envbuilder.WithEnvPrefix(env), value)
+ return fmt.Sprintf("%s=%s", options.WithEnvPrefix(env), value)
}
diff --git a/integration/testdata/blob-unknown/Dockerfile b/integration/testdata/blob-unknown/Dockerfile
new file mode 100644
index 00000000..fffcc574
--- /dev/null
+++ b/integration/testdata/blob-unknown/Dockerfile
@@ -0,0 +1,7 @@
+FROM alpine:latest
+
+# This will produce an empty layer via Docker. It will allow us to test for a
+# conflicting empty layer produced by Kaniko. This is to check against the
+# BLOB_UNKNOWN error when trying to upload the built image to a registry and
+# Kaniko having overwritten this blob with its own.
+WORKDIR /home
diff --git a/internal/chmodfs/chmodfs.go b/internal/chmodfs/chmodfs.go
new file mode 100644
index 00000000..1242417a
--- /dev/null
+++ b/internal/chmodfs/chmodfs.go
@@ -0,0 +1,21 @@
+package chmodfs
+
+import (
+ "os"
+
+ "github.com/go-git/go-billy/v5"
+)
+
+func New(fs billy.Filesystem) billy.Filesystem {
+ return &osfsWithChmod{
+ Filesystem: fs,
+ }
+}
+
+type osfsWithChmod struct {
+ billy.Filesystem
+}
+
+func (fs *osfsWithChmod) Chmod(name string, mode os.FileMode) error {
+ return os.Chmod(name, mode)
+}
diff --git a/internal/ebutil/libs.go b/internal/ebutil/libs.go
new file mode 100644
index 00000000..58206c0c
--- /dev/null
+++ b/internal/ebutil/libs.go
@@ -0,0 +1,86 @@
+package ebutil
+
+import (
+ "errors"
+ "fmt"
+ "os"
+ "path/filepath"
+)
+
+// Container runtimes like NVIDIA mount individual libraries into the container
+// (e.g. `.so.`) and create symlinks for them
+// (e.g. `.so.1`). This code helps with finding the right library
+// directory for the target Linux distribution as well as locating the symlinks.
+//
+// Please see [#143 (comment)] for further details.
+//
+// [#143 (comment)]: https://github.com/coder/envbuilder/issues/143#issuecomment-2192405828
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L29
+const usrLibDir = "/usr/lib64"
+
+const debianVersionFile = "/etc/debian_version"
+
+// libraryDirectoryPath returns the library directory. It returns a multiarch
+// directory if the distribution is Debian or a derivative.
+//
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/nvc_container.c#L152-L165
+func libraryDirectoryPath(m mounter) (string, error) {
+ // Debian and its derivatives use a multiarch directory scheme.
+ if _, err := m.Stat(debianVersionFile); err != nil && !errors.Is(err, os.ErrNotExist) {
+ return "", fmt.Errorf("check if debian: %w", err)
+ } else if err == nil {
+ return usrLibMultiarchDir, nil
+ }
+
+ return usrLibDir, nil
+}
+
+// libraryDirectorySymlinks returns a mapping of each library (basename) with a
+// list of their symlinks (basename). Libraries with no symlinks do not appear
+// in the mapping.
+func libraryDirectorySymlinks(m mounter, libDir string) (map[string][]string, error) {
+ des, err := m.ReadDir(libDir)
+ if err != nil {
+ return nil, fmt.Errorf("read directory %s: %w", libDir, err)
+ }
+
+ libsSymlinks := make(map[string][]string)
+ for _, de := range des {
+ if de.IsDir() {
+ continue
+ }
+
+ if de.Type()&os.ModeSymlink != os.ModeSymlink {
+ // Not a symlink. Skip.
+ continue
+ }
+
+ symlink := filepath.Join(libDir, de.Name())
+ path, err := m.EvalSymlinks(symlink)
+ if err != nil {
+ return nil, fmt.Errorf("eval symlink %s: %w", symlink, err)
+ }
+
+ path = filepath.Base(path)
+ if _, ok := libsSymlinks[path]; !ok {
+ libsSymlinks[path] = make([]string, 0, 1)
+ }
+
+ libsSymlinks[path] = append(libsSymlinks[path], de.Name())
+ }
+
+ return libsSymlinks, nil
+}
+
+// moveLibSymlinks moves a list of symlinks from source to destination directory.
+func moveLibSymlinks(m mounter, symlinks []string, srcDir, destDir string) error {
+ for _, l := range symlinks {
+ oldpath := filepath.Join(srcDir, l)
+ newpath := filepath.Join(destDir, l)
+ if err := m.Rename(oldpath, newpath); err != nil {
+ return fmt.Errorf("move symlink %s => %s: %w", oldpath, newpath, err)
+ }
+ }
+ return nil
+}
diff --git a/internal/ebutil/libs_amd64.go b/internal/ebutil/libs_amd64.go
new file mode 100644
index 00000000..b3f8230b
--- /dev/null
+++ b/internal/ebutil/libs_amd64.go
@@ -0,0 +1,7 @@
+//go:build amd64
+
+package ebutil
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L36
+
+const usrLibMultiarchDir = "/usr/lib/x86_64-linux-gnu"
diff --git a/internal/ebutil/libs_arm.go b/internal/ebutil/libs_arm.go
new file mode 100644
index 00000000..f73e3c44
--- /dev/null
+++ b/internal/ebutil/libs_arm.go
@@ -0,0 +1,7 @@
+//go:build arm
+
+package ebutil
+
+// This constant is for 64-bit systems. 32-bit ARM is not supported.
+// If ever it becomes supported, it should be handled with a `usrLib32MultiarchDir` constant.
+const usrLibMultiarchDir = "/var/empty"
diff --git a/internal/ebutil/libs_arm64.go b/internal/ebutil/libs_arm64.go
new file mode 100644
index 00000000..c76fb834
--- /dev/null
+++ b/internal/ebutil/libs_arm64.go
@@ -0,0 +1,7 @@
+//go:build arm64
+
+package ebutil
+
+// Based on https://github.com/NVIDIA/libnvidia-container/blob/v1.15.0/src/common.h#L52
+
+const usrLibMultiarchDir = "/usr/lib/aarch64-linux-gnu"
diff --git a/internal/ebutil/mock_mounter_test.go b/internal/ebutil/mock_mounter_test.go
index 7445376a..4e664f4c 100644
--- a/internal/ebutil/mock_mounter_test.go
+++ b/internal/ebutil/mock_mounter_test.go
@@ -42,6 +42,21 @@ func (m *Mockmounter) EXPECT() *MockmounterMockRecorder {
return m.recorder
}
+// EvalSymlinks mocks base method.
+func (m *Mockmounter) EvalSymlinks(arg0 string) (string, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "EvalSymlinks", arg0)
+ ret0, _ := ret[0].(string)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// EvalSymlinks indicates an expected call of EvalSymlinks.
+func (mr *MockmounterMockRecorder) EvalSymlinks(arg0 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EvalSymlinks", reflect.TypeOf((*Mockmounter)(nil).EvalSymlinks), arg0)
+}
+
// GetMounts mocks base method.
func (m *Mockmounter) GetMounts() ([]*procfs.MountInfo, error) {
m.ctrl.T.Helper()
@@ -100,6 +115,35 @@ func (mr *MockmounterMockRecorder) OpenFile(arg0, arg1, arg2 any) *gomock.Call {
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenFile", reflect.TypeOf((*Mockmounter)(nil).OpenFile), arg0, arg1, arg2)
}
+// ReadDir mocks base method.
+func (m *Mockmounter) ReadDir(arg0 string) ([]os.DirEntry, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "ReadDir", arg0)
+ ret0, _ := ret[0].([]os.DirEntry)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// ReadDir indicates an expected call of ReadDir.
+func (mr *MockmounterMockRecorder) ReadDir(arg0 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReadDir", reflect.TypeOf((*Mockmounter)(nil).ReadDir), arg0)
+}
+
+// Rename mocks base method.
+func (m *Mockmounter) Rename(arg0, arg1 string) error {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "Rename", arg0, arg1)
+ ret0, _ := ret[0].(error)
+ return ret0
+}
+
+// Rename indicates an expected call of Rename.
+func (mr *MockmounterMockRecorder) Rename(arg0, arg1 any) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Rename", reflect.TypeOf((*Mockmounter)(nil).Rename), arg0, arg1)
+}
+
// Stat mocks base method.
func (m *Mockmounter) Stat(arg0 string) (os.FileInfo, error) {
m.ctrl.T.Helper()
diff --git a/internal/ebutil/remount.go b/internal/ebutil/remount.go
index f4a2b416..c6c6e6ed 100644
--- a/internal/ebutil/remount.go
+++ b/internal/ebutil/remount.go
@@ -1,6 +1,7 @@
package ebutil
import (
+ "errors"
"fmt"
"os"
"path/filepath"
@@ -8,7 +9,7 @@ import (
"sync"
"syscall"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/hashicorp/go-multierror"
"github.com/prometheus/procfs"
)
@@ -33,17 +34,27 @@ import (
// to restore the original mount points. If an error is encountered while attempting to perform
// the operation, calling the returned function will make a best-effort attempt to restore
// the original state.
-func TempRemount(logf func(notcodersdk.LogLevel, string, ...any), dest string, ignorePrefixes ...string) (restore func() error, err error,
+func TempRemount(logf log.Func, dest string, ignorePrefixes ...string) (restore func() error, err error,
) {
return tempRemount(&realMounter{}, logf, dest, ignorePrefixes...)
}
-func tempRemount(m mounter, logf func(notcodersdk.LogLevel, string, ...any), base string, ignorePrefixes ...string) (restore func() error, err error) {
+func tempRemount(m mounter, logf log.Func, base string, ignorePrefixes ...string) (restore func() error, err error) {
mountInfos, err := m.GetMounts()
if err != nil {
return func() error { return nil }, fmt.Errorf("get mounts: %w", err)
}
+ libDir, err := libraryDirectoryPath(m)
+ if err != nil {
+ return func() error { return nil }, fmt.Errorf("get lib directory: %w", err)
+ }
+
+ libsSymlinks, err := libraryDirectorySymlinks(m, libDir)
+ if err != nil && !errors.Is(err, os.ErrNotExist) {
+ return func() error { return nil }, fmt.Errorf("read lib symlinks: %w", err)
+ }
+
// temp move of all ro mounts
mounts := map[string]string{}
var restoreOnce sync.Once
@@ -51,8 +62,19 @@ func tempRemount(m mounter, logf func(notcodersdk.LogLevel, string, ...any), bas
// closer to attempt to restore original mount points
restore = func() error {
restoreOnce.Do(func() {
+ if len(mounts) == 0 {
+ return
+ }
+
+ newLibDir, err := libraryDirectoryPath(m)
+ if err != nil {
+ merr = multierror.Append(merr, fmt.Errorf("get new lib directory: %w", err))
+ return
+ }
+
for orig, moved := range mounts {
- if err := remount(m, moved, orig); err != nil {
+ logf(log.LevelDebug, "restore mount %s", orig)
+ if err := remount(m, moved, orig, newLibDir, libsSymlinks); err != nil {
merr = multierror.Append(merr, fmt.Errorf("restore mount: %w", err))
}
}
@@ -64,20 +86,21 @@ outer:
for _, mountInfo := range mountInfos {
// TODO: do this for all mounts
if _, ok := mountInfo.Options["ro"]; !ok {
- logf(notcodersdk.LogLevelTrace, "skip rw mount %s", mountInfo.MountPoint)
+ logf(log.LevelDebug, "skip rw mount %s", mountInfo.MountPoint)
continue
}
for _, prefix := range ignorePrefixes {
if strings.HasPrefix(mountInfo.MountPoint, prefix) {
- logf(notcodersdk.LogLevelTrace, "skip mount %s under ignored prefix %s", mountInfo.MountPoint, prefix)
+ logf(log.LevelDebug, "skip mount %s under ignored prefix %s", mountInfo.MountPoint, prefix)
continue outer
}
}
src := mountInfo.MountPoint
dest := filepath.Join(base, src)
- if err := remount(m, src, dest); err != nil {
+ logf(log.LevelDebug, "temp remount %s", src)
+ if err := remount(m, src, dest, libDir, libsSymlinks); err != nil {
return restore, fmt.Errorf("temp remount: %w", err)
}
@@ -87,30 +110,48 @@ outer:
return restore, nil
}
-func remount(m mounter, src, dest string) error {
+func remount(m mounter, src, dest, libDir string, libsSymlinks map[string][]string) error {
stat, err := m.Stat(src)
if err != nil {
return fmt.Errorf("stat %s: %w", src, err)
}
+
var destDir string
if stat.IsDir() {
destDir = dest
} else {
destDir = filepath.Dir(dest)
+ if destDir == usrLibDir || destDir == usrLibMultiarchDir {
+ // Restore mount to libDir
+ destDir = libDir
+ dest = filepath.Join(destDir, stat.Name())
+ }
}
+
if err := m.MkdirAll(destDir, 0o750); err != nil {
return fmt.Errorf("ensure path: %w", err)
}
+
if !stat.IsDir() {
f, err := m.OpenFile(dest, os.O_CREATE, 0o640)
if err != nil {
return fmt.Errorf("ensure file path: %w", err)
}
- defer f.Close()
+ // This ensure the file is created, it will not be used. It can be closed immediately.
+ f.Close()
+
+ if symlinks, ok := libsSymlinks[stat.Name()]; ok {
+ srcDir := filepath.Dir(src)
+ if err := moveLibSymlinks(m, symlinks, srcDir, destDir); err != nil {
+ return err
+ }
+ }
}
+
if err := m.Mount(src, dest, "bind", syscall.MS_BIND, ""); err != nil {
return fmt.Errorf("bind mount %s => %s: %w", src, dest, err)
}
+
if err := m.Unmount(src, 0); err != nil {
return fmt.Errorf("unmount orig src %s: %w", src, err)
}
@@ -131,6 +172,12 @@ type mounter interface {
Mount(string, string, string, uintptr, string) error
// Unmount wraps syscall.Unmount
Unmount(string, int) error
+ // ReadDir wraps os.ReadDir
+ ReadDir(string) ([]os.DirEntry, error)
+ // EvalSymlinks wraps filepath.EvalSymlinks
+ EvalSymlinks(string) (string, error)
+ // Rename wraps os.Rename
+ Rename(string, string) error
}
// realMounter implements mounter and actually does the thing.
@@ -161,3 +208,15 @@ func (m *realMounter) OpenFile(name string, flag int, perm os.FileMode) (*os.Fil
func (m *realMounter) Stat(path string) (os.FileInfo, error) {
return os.Stat(path)
}
+
+func (m *realMounter) ReadDir(name string) ([]os.DirEntry, error) {
+ return os.ReadDir(name)
+}
+
+func (m *realMounter) EvalSymlinks(path string) (string, error) {
+ return filepath.EvalSymlinks(path)
+}
+
+func (m *realMounter) Rename(oldpath, newpath string) error {
+ return os.Rename(oldpath, newpath)
+}
diff --git a/internal/ebutil/remount_internal_test.go b/internal/ebutil/remount_internal_test.go
index 41036177..8ff0440d 100644
--- a/internal/ebutil/remount_internal_test.go
+++ b/internal/ebutil/remount_internal_test.go
@@ -2,12 +2,13 @@ package ebutil
import (
"os"
+ "runtime"
"strings"
"syscall"
"testing"
time "time"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/mock/gomock"
@@ -15,6 +16,12 @@ import (
"github.com/prometheus/procfs"
)
+var expectedLibMultiarchDir = map[string]string{
+ "amd64": "/usr/lib/x86_64-linux-gnu",
+ "arm": "/var/empty",
+ "arm64": "/usr/lib/aarch64-linux-gnu",
+}
+
func Test_tempRemount(t *testing.T) {
t.Parallel()
@@ -26,11 +33,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(nil)
@@ -51,12 +61,15 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
mm.EXPECT().Mount("/usr/bin/utility", "/.test/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/usr/bin/utility", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
mm.EXPECT().MkdirAll("/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().OpenFile("/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
mm.EXPECT().Mount("/.test/usr/bin/utility", "/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
@@ -70,6 +83,202 @@ func Test_tempRemount(t *testing.T) {
_ = remount()
})
+ t.Run("OKLib", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("/usr/lib64/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", "/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibDebian", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, nil)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll(expectedLibMultiarchDir[runtime.GOARCH], os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibFromDebianToNotDebian", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, nil)
+ mm.EXPECT().ReadDir(expectedLibMultiarchDir[runtime.GOARCH]).Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks(expectedLibMultiarchDir[runtime.GOARCH]+"/lib-other.so").Return(expectedLibMultiarchDir[runtime.GOARCH]+"/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test"+expectedLibMultiarchDir[runtime.GOARCH], os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so", "/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so").Return(nil)
+ mm.EXPECT().Mount(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount(expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so", "/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test"+expectedLibMultiarchDir[runtime.GOARCH]+"/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
+ t.Run("OKLibNoSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ }, nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/.test/usr/lib64/lib.so.1", "/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/.test/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.NoError(t, err)
+ // sync.Once should handle multiple remount calls
+ _ = remount()
+ })
+
t.Run("IgnorePrefixes", func(t *testing.T) {
t.Parallel()
@@ -78,6 +287,8 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
remount, err := tempRemount(mm, fakeLog(t), "/.test", "/var/lib")
require.NoError(t, err)
@@ -97,6 +308,39 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrStatDebianVersion", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
+ t.Run("ErrReadLibDir", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
t.Run("ErrMkdirAll", func(t *testing.T) {
t.Parallel()
@@ -105,7 +349,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError)
remount, err := tempRemount(mm, fakeLog(t), "/.test")
@@ -114,6 +360,69 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrOpenFile", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
+ t.Run("ErrMoveSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.ErrorContains(t, err, assert.AnError.Error())
+ err = remount()
+ require.NoError(t, err)
+ })
+
t.Run("ErrMountBind", func(t *testing.T) {
t.Parallel()
@@ -122,7 +431,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError)
@@ -140,7 +451,9 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(assert.AnError)
@@ -151,6 +464,28 @@ func Test_tempRemount(t *testing.T) {
require.NoError(t, err)
})
+ t.Run("ErrRemountStatDebianVersion", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
+ mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
t.Run("ErrRemountMkdirAll", func(t *testing.T) {
t.Parallel()
@@ -159,11 +494,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError)
remount, err := tempRemount(mm, fakeLog(t), "/.test")
@@ -172,6 +510,82 @@ func Test_tempRemount(t *testing.T) {
require.ErrorContains(t, err, assert.AnError.Error())
})
+ t.Run("ErrRemountOpenFile", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Mount("/usr/bin/utility", "/.test/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/bin/utility", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{name: "modules", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/bin", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(nil, assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
+ t.Run("ErrRemountMoveSymlink", func(t *testing.T) {
+ t.Parallel()
+
+ ctrl := gomock.NewController(t)
+ mm := NewMockmounter(ctrl)
+ mounts := fakeMounts("/home", "/usr/lib64/lib.so.1:ro", "/proc", "/sys")
+
+ mm.EXPECT().GetMounts().Return(mounts, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return([]os.DirEntry{
+ &fakeDirEntry{
+ name: "lib.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib.so.1",
+ },
+ &fakeDirEntry{
+ name: "lib-other.so",
+ mode: os.ModeSymlink,
+ },
+ &fakeDirEntry{
+ name: "lib-other.so.1",
+ },
+ &fakeDirEntry{
+ name: "something.d",
+ isDir: true,
+ mode: os.ModeDir,
+ },
+ }, nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib.so").Return("/usr/lib64/lib.so.1", nil)
+ mm.EXPECT().EvalSymlinks("/usr/lib64/lib-other.so").Return("/usr/lib64/lib-other.so.1", nil)
+ mm.EXPECT().Stat("/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/.test/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/.test/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/usr/lib64/lib.so", "/.test/usr/lib64/lib.so").Return(nil)
+ mm.EXPECT().Mount("/usr/lib64/lib.so.1", "/.test/usr/lib64/lib.so.1", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
+ mm.EXPECT().Unmount("/usr/lib64/lib.so.1", 0).Times(1).Return(nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/usr/lib64/lib.so.1").Return(&fakeFileInfo{name: "lib.so.1", isDir: false}, nil)
+ mm.EXPECT().MkdirAll("/usr/lib64", os.FileMode(0o750)).Times(1).Return(nil)
+ mm.EXPECT().OpenFile("/usr/lib64/lib.so.1", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil)
+ mm.EXPECT().Rename("/.test/usr/lib64/lib.so", "/usr/lib64/lib.so").Return(assert.AnError)
+
+ remount, err := tempRemount(mm, fakeLog(t), "/.test")
+ require.NoError(t, err)
+ err = remount()
+ require.ErrorContains(t, err, assert.AnError.Error())
+ })
+
t.Run("ErrRemountMountBind", func(t *testing.T) {
t.Parallel()
@@ -180,11 +594,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError)
@@ -202,11 +619,14 @@ func Test_tempRemount(t *testing.T) {
mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys")
mm.EXPECT().GetMounts().Return(mounts, nil)
- mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().ReadDir("/usr/lib64").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil)
- mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil)
+ mm.EXPECT().Stat("/etc/debian_version").Return(nil, os.ErrNotExist)
+ mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{name: "modules", isDir: true}, nil)
mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil)
mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil)
mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(assert.AnError)
@@ -233,18 +653,19 @@ func fakeMounts(mounts ...string) []*procfs.MountInfo {
return m
}
-func fakeLog(t *testing.T) func(notcodersdk.LogLevel, string, ...any) {
+func fakeLog(t *testing.T) func(log.Level, string, ...any) {
t.Helper()
- return func(_ notcodersdk.LogLevel, s string, a ...any) {
+ return func(_ log.Level, s string, a ...any) {
t.Logf(s, a...)
}
}
type fakeFileInfo struct {
+ name string
isDir bool
}
-func (fi *fakeFileInfo) Name() string { return "" }
+func (fi *fakeFileInfo) Name() string { return fi.name }
func (fi *fakeFileInfo) Size() int64 { return 0 }
func (fi *fakeFileInfo) Mode() os.FileMode { return 0 }
func (fi *fakeFileInfo) ModTime() time.Time { return time.Time{} }
@@ -252,3 +673,16 @@ func (fi *fakeFileInfo) IsDir() bool { return fi.isDir }
func (fi *fakeFileInfo) Sys() any { return nil }
var _ os.FileInfo = &fakeFileInfo{}
+
+type fakeDirEntry struct {
+ name string
+ isDir bool
+ mode os.FileMode
+}
+
+func (de *fakeDirEntry) Name() string { return de.name }
+func (de *fakeDirEntry) IsDir() bool { return de.isDir }
+func (de *fakeDirEntry) Type() os.FileMode { return de.mode }
+func (de *fakeDirEntry) Info() (os.FileInfo, error) { return nil, nil }
+
+var _ os.DirEntry = &fakeDirEntry{}
diff --git a/internal/notcodersdk/agentclient.go b/internal/notcodersdk/agentclient.go
deleted file mode 100644
index e65bc4cc..00000000
--- a/internal/notcodersdk/agentclient.go
+++ /dev/null
@@ -1,430 +0,0 @@
-package notcodersdk
-
-import (
- "bytes"
- "context"
- "encoding/json"
- "errors"
- "fmt"
- "io"
- "mime"
- "net/http"
- "net/http/httputil"
- "net/url"
- "strings"
- "sync"
- "time"
-
- "github.com/google/uuid"
- "golang.org/x/xerrors"
-)
-
-const (
- SessionTokenHeader = "Coder-Session-Token"
-)
-
-type AgentSubsystem string
-
-const (
- AgentSubsystemEnvbuilder AgentSubsystem = "envbuilder"
-)
-
-// ExternalLogSourceID is the statically-defined ID of a log-source that
-// appears as "External" in the dashboard.
-//
-// This is to support legacy API-consumers that do not create their own
-// log-source. This should be removed in the future.
-var ExternalLogSourceID = uuid.MustParse("3b579bf4-1ed8-4b99-87a8-e9a1e3410410")
-
-type LogLevel string
-
-const (
- LogLevelTrace LogLevel = "trace"
- LogLevelDebug LogLevel = "debug"
- LogLevelInfo LogLevel = "info"
- LogLevelWarn LogLevel = "warn"
- LogLevelError LogLevel = "error"
-)
-
-type Log struct {
- CreatedAt time.Time `json:"created_at"`
- Output string `json:"output"`
- Level LogLevel `json:"level"`
-}
-
-type PatchLogs struct {
- LogSourceID uuid.UUID `json:"log_source_id"`
- Logs []Log `json:"logs"`
-}
-
-// New returns a client that is used to interact with the
-// Coder API from a workspace agent.
-func New(serverURL *url.URL) *Client {
- return &Client{
- URL: serverURL,
- HTTPClient: &http.Client{},
- }
-}
-
-// Client wraps `notcodersdk.Client` with specific functions
-// scoped to a workspace agent.
-type Client struct {
- // mu protects the fields sessionToken, logger, and logBodies. These
- // need to be safe for concurrent access.
- mu sync.RWMutex
- sessionToken string
- logBodies bool
-
- HTTPClient *http.Client
- URL *url.URL
-
- // SessionTokenHeader is an optional custom header to use for setting tokens. By
- // default 'Coder-Session-Token' is used.
- SessionTokenHeader string
-
- // PlainLogger may be set to log HTTP traffic in a human-readable form.
- // It uses the LogBodies option.
- PlainLogger io.Writer
-}
-
-// SessionToken returns the currently set token for the client.
-func (c *Client) SessionToken() string {
- c.mu.RLock()
- defer c.mu.RUnlock()
- return c.sessionToken
-}
-
-// SetSessionToken returns the currently set token for the client.
-func (c *Client) SetSessionToken(token string) {
- c.mu.Lock()
- defer c.mu.Unlock()
- c.sessionToken = token
-}
-
-// PatchLogs writes log messages to the agent startup script.
-// Log messages are limited to 1MB in total.
-//
-// Deprecated: use the DRPCAgentClient.BatchCreateLogs instead
-func (c *Client) PatchLogs(ctx context.Context, req PatchLogs) error {
- res, err := c.Request(ctx, http.MethodPatch, "/api/v2/workspaceagents/me/logs", req)
- if err != nil {
- return err
- }
- defer res.Body.Close()
- if res.StatusCode != http.StatusOK {
- return ReadBodyAsError(res)
- }
- return nil
-}
-
-// RequestOption is a function that can be used to modify an http.Request.
-type RequestOption func(*http.Request)
-
-// Request performs a HTTP request with the body provided. The caller is
-// responsible for closing the response body.
-func (c *Client) Request(ctx context.Context, method, path string, body interface{}, opts ...RequestOption) (*http.Response, error) {
- serverURL, err := c.URL.Parse(path)
- if err != nil {
- return nil, xerrors.Errorf("parse url: %w", err)
- }
-
- var r io.Reader
- if body != nil {
- switch data := body.(type) {
- case io.Reader:
- r = data
- case []byte:
- r = bytes.NewReader(data)
- default:
- // Assume JSON in all other cases.
- buf := bytes.NewBuffer(nil)
- enc := json.NewEncoder(buf)
- enc.SetEscapeHTML(false)
- err = enc.Encode(body)
- if err != nil {
- return nil, xerrors.Errorf("encode body: %w", err)
- }
- r = buf
- }
- }
-
- // Copy the request body so we can log it.
- var reqBody []byte
- c.mu.RLock()
- logBodies := c.logBodies
- c.mu.RUnlock()
- if r != nil && logBodies {
- reqBody, err = io.ReadAll(r)
- if err != nil {
- return nil, xerrors.Errorf("read request body: %w", err)
- }
- r = bytes.NewReader(reqBody)
- }
-
- req, err := http.NewRequestWithContext(ctx, method, serverURL.String(), r)
- if err != nil {
- return nil, xerrors.Errorf("create request: %w", err)
- }
-
- tokenHeader := c.SessionTokenHeader
- if tokenHeader == "" {
- tokenHeader = SessionTokenHeader
- }
- req.Header.Set(tokenHeader, c.SessionToken())
-
- if r != nil {
- req.Header.Set("Content-Type", "application/json")
- }
- for _, opt := range opts {
- opt(req)
- }
-
- resp, err := c.HTTPClient.Do(req)
-
- // We log after sending the request because the HTTP Transport may modify
- // the request within Do, e.g. by adding headers.
- if resp != nil && c.PlainLogger != nil {
- out, err := httputil.DumpRequest(resp.Request, logBodies)
- if err != nil {
- return nil, xerrors.Errorf("dump request: %w", err)
- }
- out = prefixLines([]byte("http --> "), out)
- _, _ = c.PlainLogger.Write(out)
- }
-
- if err != nil {
- return nil, err
- }
-
- if c.PlainLogger != nil {
- out, err := httputil.DumpResponse(resp, logBodies)
- if err != nil {
- return nil, xerrors.Errorf("dump response: %w", err)
- }
- out = prefixLines([]byte("http <-- "), out)
- _, _ = c.PlainLogger.Write(out)
- }
-
- // Copy the response body so we can log it if it's a loggable mime type.
- var respBody []byte
- if resp.Body != nil && logBodies {
- mimeType := parseMimeType(resp.Header.Get("Content-Type"))
- if _, ok := loggableMimeTypes[mimeType]; ok {
- respBody, err = io.ReadAll(resp.Body)
- if err != nil {
- return nil, xerrors.Errorf("copy response body for logs: %w", err)
- }
- err = resp.Body.Close()
- if err != nil {
- return nil, xerrors.Errorf("close response body: %w", err)
- }
- resp.Body = io.NopCloser(bytes.NewReader(respBody))
- }
- }
-
- return resp, err
-}
-
-func parseMimeType(contentType string) string {
- mimeType, _, err := mime.ParseMediaType(contentType)
- if err != nil {
- mimeType = strings.TrimSpace(strings.Split(contentType, ";")[0])
- }
-
- return mimeType
-}
-
-// loggableMimeTypes is a list of MIME types that are safe to log
-// the output of. This is useful for debugging or testing.
-var loggableMimeTypes = map[string]struct{}{
- "application/json": {},
- "text/plain": {},
- // lots of webserver error pages are HTML
- "text/html": {},
-}
-
-func prefixLines(prefix, s []byte) []byte {
- ss := bytes.NewBuffer(make([]byte, 0, len(s)*2))
- for _, line := range bytes.Split(s, []byte("\n")) {
- _, _ = ss.Write(prefix)
- _, _ = ss.Write(line)
- _ = ss.WriteByte('\n')
- }
- return ss.Bytes()
-}
-
-// ReadBodyAsError reads the response as a codersdk.Response, and
-// wraps it in a codersdk.Error type for easy marshaling.
-//
-// This will always return an error, so only call it if the response failed
-// your expectations. Usually via status code checking.
-// nolint:staticcheck
-func ReadBodyAsError(res *http.Response) error {
- if res == nil {
- return xerrors.Errorf("no body returned")
- }
- defer res.Body.Close()
-
- var requestMethod, requestURL string
- if res.Request != nil {
- requestMethod = res.Request.Method
- if res.Request.URL != nil {
- requestURL = res.Request.URL.String()
- }
- }
-
- var helpMessage string
- if res.StatusCode == http.StatusUnauthorized {
- // 401 means the user is not logged in
- // 403 would mean that the user is not authorized
- helpMessage = "Try logging in using 'coder login'."
- }
-
- resp, err := io.ReadAll(res.Body)
- if err != nil {
- return xerrors.Errorf("read body: %w", err)
- }
-
- if mimeErr := ExpectJSONMime(res); mimeErr != nil {
- if len(resp) > 2048 {
- resp = append(resp[:2048], []byte("...")...)
- }
- if len(resp) == 0 {
- resp = []byte("no response body")
- }
- return &Error{
- statusCode: res.StatusCode,
- method: requestMethod,
- url: requestURL,
- Response: Response{
- Message: mimeErr.Error(),
- Detail: string(resp),
- },
- Helper: helpMessage,
- }
- }
-
- var m Response
- err = json.NewDecoder(bytes.NewBuffer(resp)).Decode(&m)
- if err != nil {
- if errors.Is(err, io.EOF) {
- return &Error{
- statusCode: res.StatusCode,
- Response: Response{
- Message: "empty response body",
- },
- Helper: helpMessage,
- }
- }
- return xerrors.Errorf("decode body: %w", err)
- }
- if m.Message == "" {
- if len(resp) > 1024 {
- resp = append(resp[:1024], []byte("...")...)
- }
- m.Message = fmt.Sprintf("unexpected status code %d, response has no message", res.StatusCode)
- m.Detail = string(resp)
- }
-
- return &Error{
- Response: m,
- statusCode: res.StatusCode,
- method: requestMethod,
- url: requestURL,
- Helper: helpMessage,
- }
-}
-
-// Response represents a generic HTTP response.
-type Response struct {
- // Message is an actionable message that depicts actions the request took.
- // These messages should be fully formed sentences with proper punctuation.
- // Examples:
- // - "A user has been created."
- // - "Failed to create a user."
- Message string `json:"message"`
- // Detail is a debug message that provides further insight into why the
- // action failed. This information can be technical and a regular golang
- // err.Error() text.
- // - "database: too many open connections"
- // - "stat: too many open files"
- Detail string `json:"detail,omitempty"`
- // Validations are form field-specific friendly error messages. They will be
- // shown on a form field in the UI. These can also be used to add additional
- // context if there is a set of errors in the primary 'Message'.
- Validations []ValidationError `json:"validations,omitempty"`
-}
-
-// ValidationError represents a scoped error to a user input.
-type ValidationError struct {
- Field string `json:"field" validate:"required"`
- Detail string `json:"detail" validate:"required"`
-}
-
-func (e ValidationError) Error() string {
- return fmt.Sprintf("field: %s detail: %s", e.Field, e.Detail)
-}
-
-var _ error = (*ValidationError)(nil)
-
-// Error represents an unaccepted or invalid request to the API.
-// @typescript-ignore Error
-type Error struct {
- Response
-
- statusCode int
- method string
- url string
-
- Helper string
-}
-
-func (e *Error) StatusCode() int {
- return e.statusCode
-}
-
-func (e *Error) Method() string {
- return e.method
-}
-
-func (e *Error) URL() string {
- return e.url
-}
-
-func (e *Error) Friendly() string {
- var sb strings.Builder
- _, _ = fmt.Fprintf(&sb, "%s. %s", strings.TrimSuffix(e.Message, "."), e.Helper)
- for _, err := range e.Validations {
- _, _ = fmt.Fprintf(&sb, "\n- %s: %s", err.Field, err.Detail)
- }
- return sb.String()
-}
-
-func (e *Error) Error() string {
- var builder strings.Builder
- if e.method != "" && e.url != "" {
- _, _ = fmt.Fprintf(&builder, "%v %v: ", e.method, e.url)
- }
- _, _ = fmt.Fprintf(&builder, "unexpected status code %d: %s", e.statusCode, e.Message)
- if e.Helper != "" {
- _, _ = fmt.Fprintf(&builder, ": %s", e.Helper)
- }
- if e.Detail != "" {
- _, _ = fmt.Fprintf(&builder, "\n\tError: %s", e.Detail)
- }
- for _, err := range e.Validations {
- _, _ = fmt.Fprintf(&builder, "\n\t%s: %s", err.Field, err.Detail)
- }
- return builder.String()
-}
-
-// ExpectJSONMime is a helper function that will assert the content type
-// of the response is application/json.
-func ExpectJSONMime(res *http.Response) error {
- contentType := res.Header.Get("Content-Type")
- mimeType := parseMimeType(contentType)
- if mimeType != "application/json" {
- return xerrors.Errorf("unexpected non-JSON response %q", contentType)
- }
- return nil
-}
diff --git a/internal/notcodersdk/doc.go b/internal/notcodersdk/doc.go
deleted file mode 100644
index cfa92db6..00000000
--- a/internal/notcodersdk/doc.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Package notcodersdk contains manually-vendored code from
-// github.com/coder/coder/v2/codersdk.
-//
-// This code is currently required for sending workspace build logs to
-// coder. It was manually vendored to avoid dependency issues.
-//
-// If the direct integration is moved outside of envbuilder,
-// this package can safely be removed.
-// See the below issues for context:
-// - https://github.com/coder/envbuilder/issues/178
-// - https://github.com/coder/coder/issues/11342
-// - https://github.com/coder/envbuilder/issues/193
-package notcodersdk
diff --git a/internal/notcodersdk/logs.go b/internal/notcodersdk/logs.go
deleted file mode 100644
index 6ca4aca8..00000000
--- a/internal/notcodersdk/logs.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package notcodersdk
-
-import (
- "context"
- "errors"
- "net/http"
- "time"
-
- "github.com/google/uuid"
- "golang.org/x/xerrors"
-
- "cdr.dev/slog"
- "github.com/coder/retry"
-)
-
-type logsSenderOptions struct {
- flushTimeout time.Duration
-}
-
-// LogsSender will send agent startup logs to the server. Calls to
-// sendLog are non-blocking and will return an error if flushAndClose
-// has been called. Calling sendLog concurrently is not supported. If
-// the context passed to flushAndClose is canceled, any remaining logs
-// will be discarded.
-//
-// Deprecated: Use NewLogSender instead, based on the v2 Agent API.
-func LogsSender(sourceID uuid.UUID, patchLogs func(ctx context.Context, req PatchLogs) error, logger slog.Logger, opts ...func(*logsSenderOptions)) (sendLog func(ctx context.Context, log ...Log) error, flushAndClose func(context.Context) error) {
- o := logsSenderOptions{
- flushTimeout: 250 * time.Millisecond,
- }
- for _, opt := range opts {
- opt(&o)
- }
-
- // The main context is used to close the sender goroutine and cancel
- // any outbound requests to the API. The shutdown context is used to
- // signal the sender goroutine to flush logs and then exit.
- ctx, cancel := context.WithCancel(context.Background())
- shutdownCtx, shutdown := context.WithCancel(ctx)
-
- // Synchronous sender, there can only be one outbound send at a time.
- sendDone := make(chan struct{})
- send := make(chan []Log, 1)
- go func() {
- // Set flushTimeout and backlogLimit so that logs are uploaded
- // once every 250ms or when 100 logs have been added to the
- // backlog, whichever comes first.
- backlogLimit := 100
-
- flush := time.NewTicker(o.flushTimeout)
-
- var backlog []Log
- defer func() {
- flush.Stop()
- if len(backlog) > 0 {
- logger.Warn(ctx, "startup logs sender exiting early, discarding logs", slog.F("discarded_logs_count", len(backlog)))
- }
- logger.Debug(ctx, "startup logs sender exited")
- close(sendDone)
- }()
-
- done := false
- for {
- flushed := false
- select {
- case <-ctx.Done():
- return
- case <-shutdownCtx.Done():
- done = true
-
- // Check queued logs before flushing.
- select {
- case logs := <-send:
- backlog = append(backlog, logs...)
- default:
- }
- case <-flush.C:
- flushed = true
- case logs := <-send:
- backlog = append(backlog, logs...)
- flushed = len(backlog) >= backlogLimit
- }
-
- if (done || flushed) && len(backlog) > 0 {
- flush.Stop() // Lower the chance of a double flush.
-
- // Retry uploading logs until successful or a specific
- // error occurs. Note that we use the main context here,
- // meaning these requests won't be interrupted by
- // shutdown.
- var err error
- for r := retry.New(time.Second, 5*time.Second); r.Wait(ctx); {
- err = patchLogs(ctx, PatchLogs{
- Logs: backlog,
- LogSourceID: sourceID,
- })
- if err == nil {
- break
- }
-
- if errors.Is(err, context.Canceled) {
- break
- }
- // This error is expected to be codersdk.Error, but it has
- // private fields so we can't fake it in tests.
- var statusErr interface{ StatusCode() int }
- if errors.As(err, &statusErr) {
- if statusErr.StatusCode() == http.StatusRequestEntityTooLarge {
- logger.Warn(ctx, "startup logs too large, discarding logs", slog.F("discarded_logs_count", len(backlog)), slog.Error(err))
- err = nil
- break
- }
- }
- logger.Error(ctx, "startup logs sender failed to upload logs, retrying later", slog.F("logs_count", len(backlog)), slog.Error(err))
- }
- if err != nil {
- return
- }
- backlog = nil
-
- // Anchor flush to the last log upload.
- flush.Reset(o.flushTimeout)
- }
- if done {
- return
- }
- }
- }()
-
- var queue []Log
- sendLog = func(callCtx context.Context, log ...Log) error {
- select {
- case <-shutdownCtx.Done():
- return xerrors.Errorf("closed: %w", shutdownCtx.Err())
- case <-callCtx.Done():
- return callCtx.Err()
- case queue = <-send:
- // Recheck to give priority to context cancellation.
- select {
- case <-shutdownCtx.Done():
- return xerrors.Errorf("closed: %w", shutdownCtx.Err())
- case <-callCtx.Done():
- return callCtx.Err()
- default:
- }
- // Queue has not been captured by sender yet, re-use.
- default:
- }
-
- queue = append(queue, log...)
- send <- queue // Non-blocking.
- queue = nil
-
- return nil
- }
- flushAndClose = func(callCtx context.Context) error {
- defer cancel()
- shutdown()
- select {
- case <-sendDone:
- return nil
- case <-callCtx.Done():
- cancel()
- <-sendDone
- return callCtx.Err()
- }
- }
- return sendLog, flushAndClose
-}
diff --git a/internal/workingdir/workingdir.go b/internal/workingdir/workingdir.go
new file mode 100644
index 00000000..5df05234
--- /dev/null
+++ b/internal/workingdir/workingdir.go
@@ -0,0 +1,83 @@
+package workingdir
+
+import (
+ "fmt"
+ "path/filepath"
+)
+
+const (
+ // defaultWorkingDirBase is the default working location for envbuilder.
+ // This is a special directory that must not be modified by the user
+ // or images. This is intentionally unexported.
+ defaultWorkingDirBase = "/.envbuilder"
+
+ // TempDir is a directory inside the build context inside which
+ // we place files referenced by MagicDirectives.
+ TempDir = ".envbuilder.tmp"
+)
+
+var (
+ // Default is the default working directory for Envbuilder.
+ // This defaults to /.envbuilder. It should only be used when Envbuilder
+ // is known to be running as root inside a container.
+ Default WorkingDir
+ // Directives are directives automatically appended to Dockerfiles
+ // when pushing the image. These directives allow the built image to be
+ // 're-used'.
+ Directives = fmt.Sprintf(`
+COPY --chmod=0755 %[1]s/envbuilder %[2]s/bin/envbuilder
+COPY --chmod=0644 %[1]s/image %[2]s/image
+USER root
+WORKDIR /
+ENTRYPOINT ["%[2]s/bin/envbuilder"]
+`, TempDir, defaultWorkingDirBase)
+)
+
+// WorkingDir is a working directory for envbuilder. It
+// will also be present in images built by envbuilder.
+type WorkingDir struct {
+ base string
+}
+
+// At returns a WorkingDir rooted at filepath.Join(paths...)
+func At(paths ...string) WorkingDir {
+ if len(paths) == 0 {
+ return WorkingDir{}
+ }
+ return WorkingDir{base: filepath.Join(paths...)}
+}
+
+// Join returns the result of filepath.Join([m.Path, paths...]).
+func (m WorkingDir) Join(paths ...string) string {
+ return filepath.Join(append([]string{m.Path()}, paths...)...)
+}
+
+// String returns the string representation of the WorkingDir.
+func (m WorkingDir) Path() string {
+ // Instead of the zero value, use defaultWorkingDir.
+ if m.base == "" {
+ return defaultWorkingDirBase
+ }
+ return m.base
+}
+
+// Built is a file that is created in the workspace
+// when envbuilder has already been run. This is used
+// to skip building when a container is restarting.
+// e.g. docker stop -> docker start
+func (m WorkingDir) Built() string {
+ return m.Join("built")
+}
+
+// Image is a file that is created in the image when
+// envbuilder has already been run. This is used to skip
+// the destructive initial build step when 'resuming' envbuilder
+// from a previously built image.
+func (m WorkingDir) Image() string {
+ return m.Join("image")
+}
+
+// Features is a directory that contains feature files.
+func (m WorkingDir) Features() string {
+ return m.Join("features")
+}
diff --git a/internal/workingdir/workingdir_internal_test.go b/internal/workingdir/workingdir_internal_test.go
new file mode 100644
index 00000000..5e1dfc01
--- /dev/null
+++ b/internal/workingdir/workingdir_internal_test.go
@@ -0,0 +1,38 @@
+package workingdir
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func Test_WorkingDir(t *testing.T) {
+ t.Parallel()
+
+ t.Run("Default", func(t *testing.T) {
+ t.Parallel()
+ require.Equal(t, defaultWorkingDirBase+"/foo", Default.Join("foo"))
+ require.Equal(t, defaultWorkingDirBase, Default.Path())
+ require.Equal(t, defaultWorkingDirBase+"/built", Default.Built())
+ require.Equal(t, defaultWorkingDirBase+"/image", Default.Image())
+ })
+
+ t.Run("ZeroValue", func(t *testing.T) {
+ t.Parallel()
+ var md WorkingDir
+ require.Equal(t, defaultWorkingDirBase+"/foo", md.Join("foo"))
+ require.Equal(t, defaultWorkingDirBase, md.Path())
+ require.Equal(t, defaultWorkingDirBase+"/built", md.Built())
+ require.Equal(t, defaultWorkingDirBase+"/image", md.Image())
+ })
+
+ t.Run("At", func(t *testing.T) {
+ t.Parallel()
+ tmpDir := t.TempDir()
+ md := At(tmpDir)
+ require.Equal(t, tmpDir+"/foo", md.Join("foo"))
+ require.Equal(t, tmpDir, md.Path())
+ require.Equal(t, tmpDir+"/built", md.Built())
+ require.Equal(t, tmpDir+"/image", md.Image())
+ })
+}
diff --git a/log.go b/log.go
deleted file mode 100644
index ad476c1d..00000000
--- a/log.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package envbuilder
-
-import (
- "io"
-
- "github.com/sirupsen/logrus"
-)
-
-// HijackLogrus hijacks the logrus logger and calls the callback for each log entry.
-// This is an abuse of logrus, the package that Kaniko uses, but it exposes
-// no other way to obtain the log entries.
-func HijackLogrus(callback func(entry *logrus.Entry)) {
- logrus.StandardLogger().SetOutput(io.Discard)
- logrus.StandardLogger().SetFormatter(&logrusFormatter{
- callback: callback,
- empty: []byte{},
- })
-}
-
-type logrusFormatter struct {
- callback func(entry *logrus.Entry)
- empty []byte
-}
-
-func (f *logrusFormatter) Format(entry *logrus.Entry) ([]byte, error) {
- f.callback(entry)
- return f.empty, nil
-}
diff --git a/log/coder.go b/log/coder.go
new file mode 100644
index 00000000..d31092d5
--- /dev/null
+++ b/log/coder.go
@@ -0,0 +1,184 @@
+package log
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "net/url"
+ "os"
+ "sync"
+ "time"
+
+ "cdr.dev/slog"
+ "cdr.dev/slog/sloggers/sloghuman"
+ "github.com/coder/coder/v2/agent/proto"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
+ "github.com/coder/retry"
+ "github.com/google/uuid"
+ "golang.org/x/mod/semver"
+)
+
+var (
+ // We set a relatively high connection timeout for the initial connection.
+ // There is an unfortunate race between the envbuilder container starting and the
+ // associated provisioner job completing.
+ rpcConnectTimeout = 30 * time.Second
+ logSendGracePeriod = 10 * time.Second
+ minAgentAPIV2 = "v2.9"
+)
+
+// Coder establishes a connection to the Coder instance located at coderURL and
+// authenticates using token. It then establishes a dRPC connection to the Agent
+// API and begins sending logs. If the version of Coder does not support the
+// Agent API, it will fall back to using the PatchLogs endpoint. The closer is
+// used to close the logger and to wait at most logSendGracePeriod for logs to
+// be sent. Cancelling the context will close the logs immediately without
+// waiting for logs to be sent.
+func Coder(ctx context.Context, coderURL *url.URL, token string) (logger Func, closer func(), err error) {
+ // To troubleshoot issues, we need some way of logging.
+ metaLogger := slog.Make(sloghuman.Sink(os.Stderr))
+ defer metaLogger.Sync()
+ client := initClient(coderURL, token)
+ bi, err := client.SDK.BuildInfo(ctx)
+ if err != nil {
+ return nil, nil, fmt.Errorf("get coder build version: %w", err)
+ }
+ if semver.Compare(semver.MajorMinor(bi.Version), minAgentAPIV2) < 0 {
+ metaLogger.Warn(ctx, "Detected Coder version incompatible with AgentAPI v2, falling back to deprecated API", slog.F("coder_version", bi.Version))
+ logger, closer = sendLogsV1(ctx, client, metaLogger.Named("send_logs_v1"))
+ return logger, closer, nil
+ }
+
+ // Create a new context so we can ensure the connection is torn down.
+ ctx, cancel := context.WithCancel(ctx)
+ defer func() {
+ if err != nil {
+ cancel()
+ }
+ }()
+ // Note that ctx passed to initRPC will be inherited by the
+ // underlying connection, nothing we can do about that here.
+ dac, err := initRPC(ctx, client, metaLogger.Named("init_rpc"))
+ if err != nil {
+ // Logged externally
+ return nil, nil, fmt.Errorf("init coder rpc client: %w", err)
+ }
+ ls := agentsdk.NewLogSender(metaLogger.Named("coder_log_sender"))
+ metaLogger.Warn(ctx, "Sending logs via AgentAPI v2", slog.F("coder_version", bi.Version))
+ logger, loggerCloser := sendLogsV2(ctx, dac, ls, metaLogger.Named("send_logs_v2"))
+ var closeOnce sync.Once
+ closer = func() {
+ loggerCloser()
+
+ closeOnce.Do(func() {
+ // Typically cancel would be after Close, but we want to be
+ // sure there's nothing that might block on Close.
+ cancel()
+ _ = dac.DRPCConn().Close()
+ })
+ }
+ return logger, closer, nil
+}
+
+type coderLogSender interface {
+ Enqueue(uuid.UUID, ...agentsdk.Log)
+ SendLoop(context.Context, agentsdk.LogDest) error
+ Flush(uuid.UUID)
+ WaitUntilEmpty(context.Context) error
+}
+
+func initClient(coderURL *url.URL, token string) *agentsdk.Client {
+ client := agentsdk.New(coderURL)
+ client.SetSessionToken(token)
+ return client
+}
+
+func initRPC(ctx context.Context, client *agentsdk.Client, l slog.Logger) (proto.DRPCAgentClient20, error) {
+ var c proto.DRPCAgentClient20
+ var err error
+ retryCtx, retryCancel := context.WithTimeout(ctx, rpcConnectTimeout)
+ defer retryCancel()
+ attempts := 0
+ for r := retry.New(100*time.Millisecond, time.Second); r.Wait(retryCtx); {
+ attempts++
+ // Maximize compatibility.
+ c, err = client.ConnectRPC20(ctx)
+ if err != nil {
+ l.Debug(ctx, "Failed to connect to Coder", slog.F("error", err), slog.F("attempt", attempts))
+ continue
+ }
+ break
+ }
+ if c == nil {
+ return nil, err
+ }
+ return proto.NewDRPCAgentClient(c.DRPCConn()), nil
+}
+
+// sendLogsV1 uses the PatchLogs endpoint to send logs.
+// This is deprecated, but required for backward compatibility with older versions of Coder.
+func sendLogsV1(ctx context.Context, client *agentsdk.Client, l slog.Logger) (logger Func, closer func()) {
+ // nolint: staticcheck // required for backwards compatibility
+ sendLog, flushAndClose := agentsdk.LogsSender(agentsdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{})
+ var mu sync.Mutex
+ return func(lvl Level, msg string, args ...any) {
+ log := agentsdk.Log{
+ CreatedAt: time.Now(),
+ Output: fmt.Sprintf(msg, args...),
+ Level: codersdk.LogLevel(lvl),
+ }
+ mu.Lock()
+ defer mu.Unlock()
+ if err := sendLog(ctx, log); err != nil {
+ l.Warn(ctx, "failed to send logs to Coder", slog.Error(err))
+ }
+ }, func() {
+ ctx, cancel := context.WithTimeout(ctx, logSendGracePeriod)
+ defer cancel()
+ if err := flushAndClose(ctx); err != nil {
+ l.Warn(ctx, "failed to flush logs", slog.Error(err))
+ }
+ }
+}
+
+// sendLogsV2 uses the v2 agent API to send logs. Only compatibile with coder versions >= 2.9.
+func sendLogsV2(ctx context.Context, dest agentsdk.LogDest, ls coderLogSender, l slog.Logger) (logger Func, closer func()) {
+ sendCtx, sendCancel := context.WithCancel(ctx)
+ done := make(chan struct{})
+ uid := uuid.New()
+ go func() {
+ defer close(done)
+ if err := ls.SendLoop(sendCtx, dest); err != nil {
+ if !errors.Is(err, context.Canceled) {
+ l.Warn(ctx, "failed to send logs to Coder", slog.Error(err))
+ }
+ }
+ }()
+
+ var closeOnce sync.Once
+ return func(l Level, msg string, args ...any) {
+ ls.Enqueue(uid, agentsdk.Log{
+ CreatedAt: time.Now(),
+ Output: fmt.Sprintf(msg, args...),
+ Level: codersdk.LogLevel(l),
+ })
+ }, func() {
+ closeOnce.Do(func() {
+ // Trigger a flush and wait for logs to be sent.
+ ls.Flush(uid)
+ ctx, cancel := context.WithTimeout(ctx, logSendGracePeriod)
+ defer cancel()
+ err := ls.WaitUntilEmpty(ctx)
+ if err != nil {
+ l.Warn(ctx, "log sender did not empty", slog.Error(err))
+ }
+
+ // Stop the send loop.
+ sendCancel()
+ })
+
+ // Wait for the send loop to finish.
+ <-done
+ }
+}
diff --git a/log/coder_internal_test.go b/log/coder_internal_test.go
new file mode 100644
index 00000000..8b8bb632
--- /dev/null
+++ b/log/coder_internal_test.go
@@ -0,0 +1,367 @@
+package log
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "math/rand"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+ "sync"
+ "testing"
+ "time"
+
+ "cdr.dev/slog/sloggers/slogtest"
+ "github.com/coder/coder/v2/agent/proto"
+ "github.com/coder/coder/v2/codersdk"
+ "github.com/coder/coder/v2/codersdk/agentsdk"
+ "github.com/google/uuid"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func TestCoder(t *testing.T) {
+ t.Parallel()
+
+ t.Run("V1/OK", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ gotLogs := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(gotLogs) })
+ tokHdr := r.Header.Get(codersdk.SessionTokenHeader)
+ assert.Equal(t, token, tokHdr)
+ req, ok := decodeV1Logs(t, w, r)
+ if !ok {
+ return
+ }
+ if assert.Len(t, req.Logs, 1) {
+ assert.Equal(t, "hello world", req.Logs[0].Output)
+ assert.Equal(t, codersdk.LogLevelInfo, req.Logs[0].Level)
+ }
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ logger, _ := newCoderLogger(ctx, t, srv.URL, token)
+ logger(LevelInfo, "hello %s", "world")
+ <-gotLogs
+ })
+
+ t.Run("V1/Close", func(t *testing.T) {
+ t.Parallel()
+
+ var got []agentsdk.Log
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ req, ok := decodeV1Logs(t, w, r)
+ if !ok {
+ return
+ }
+ got = append(got, req.Logs...)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ logger, closer := newCoderLogger(ctx, t, srv.URL, uuid.NewString())
+ logger(LevelInfo, "1")
+ logger(LevelInfo, "2")
+ closer()
+ logger(LevelInfo, "3")
+ require.Len(t, got, 2)
+ assert.Equal(t, "1", got[0].Output)
+ assert.Equal(t, "2", got[1].Output)
+ })
+
+ t.Run("V1/ErrUnauthorized", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ authFailed := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.8.9"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(authFailed) })
+ w.WriteHeader(http.StatusUnauthorized)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ log, _, err := Coder(ctx, u, token)
+ require.NoError(t, err)
+ // defer closeLog()
+ log(LevelInfo, "hello %s", "world")
+ <-authFailed
+ })
+
+ t.Run("V1/ErrNotCoder", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerCalled := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ defer closeOnce.Do(func() { close(handlerCalled) })
+ _, _ = fmt.Fprintf(w, `hello world`)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "get coder build version")
+ require.ErrorContains(t, err, "unexpected non-JSON response")
+ <-handlerCalled
+ })
+
+ // In this test, we just fake out the DRPC server.
+ t.Run("V2/OK", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ld := &fakeLogDest{t: t}
+ ls := agentsdk.NewLogSender(slogtest.Make(t, nil))
+ logFunc, logsDone := sendLogsV2(ctx, ld, ls, slogtest.Make(t, nil))
+ defer logsDone()
+
+ // Send some logs
+ for i := 0; i < 10; i++ {
+ logFunc(LevelInfo, "info log %d", i+1)
+ }
+
+ // Cancel and wait for flush
+ cancel()
+ t.Logf("cancelled")
+ logsDone()
+
+ require.Len(t, ld.logs, 10)
+ })
+
+ // In this test, we just fake out the DRPC server.
+ t.Run("V2/Close", func(t *testing.T) {
+ t.Parallel()
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+
+ ld := &fakeLogDest{t: t}
+ ls := agentsdk.NewLogSender(slogtest.Make(t, nil))
+ logger, closer := sendLogsV2(ctx, ld, ls, slogtest.Make(t, nil))
+ defer closer()
+
+ logger(LevelInfo, "1")
+ logger(LevelInfo, "2")
+ closer()
+ logger(LevelInfo, "3")
+
+ require.Len(t, ld.logs, 2)
+ })
+
+ // In this test, we validate that a 401 error on the initial connect
+ // results in a retry. When envbuilder initially attempts to connect
+ // using the Coder agent token, the workspace build may not yet have
+ // completed.
+ t.Run("V2/Retry", func(t *testing.T) {
+ t.Parallel()
+ ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+ defer cancel()
+
+ token := uuid.NewString()
+ done := make(chan struct{})
+ handlerSend := make(chan int)
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ t.Logf("test handler: %s", r.URL.Path)
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ code := <-handlerSend
+ t.Logf("test handler response: %d", code)
+ w.WriteHeader(code)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ var connectError error
+ go func() {
+ defer close(handlerSend)
+ defer close(done)
+ _, _, connectError = Coder(ctx, u, token)
+ }()
+
+ // Initial: unauthorized
+ handlerSend <- http.StatusUnauthorized
+ // 2nd try: still unauthorized
+ handlerSend <- http.StatusUnauthorized
+ // 3rd try: authorized
+ handlerSend <- http.StatusOK
+
+ cancel()
+
+ <-done
+ require.ErrorContains(t, connectError, "failed to WebSocket dial")
+ require.ErrorIs(t, connectError, context.Canceled)
+ })
+}
+
+//nolint:paralleltest // We need to replace a global timeout.
+func TestCoderRPCTimeout(t *testing.T) {
+ // This timeout is picked with the current subtests in mind, it
+ // should not be changed without good reason.
+ testReplaceTimeout(t, &rpcConnectTimeout, 500*time.Millisecond)
+
+ // In this test, we just stand up an endpoint that does not
+ // do dRPC. We'll try to connect, fail to websocket upgrade
+ // and eventually give up after rpcConnectTimeout.
+ t.Run("V2/Err", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerDone := make(chan struct{})
+ handlerWait := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(handlerDone) })
+ <-handlerWait
+ w.WriteHeader(http.StatusOK)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), rpcConnectTimeout/2)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "failed to WebSocket dial")
+ require.ErrorIs(t, err, context.DeadlineExceeded)
+ close(handlerWait)
+ <-handlerDone
+ })
+
+ t.Run("V2/Timeout", func(t *testing.T) {
+ t.Parallel()
+
+ token := uuid.NewString()
+ handlerDone := make(chan struct{})
+ handlerWait := make(chan struct{})
+ var closeOnce sync.Once
+ handler := func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/api/v2/buildinfo" {
+ w.Header().Set("Content-Type", "application/json")
+ _, _ = w.Write([]byte(`{"version": "v2.9.0"}`))
+ return
+ }
+ defer closeOnce.Do(func() { close(handlerDone) })
+ <-handlerWait
+ w.WriteHeader(http.StatusOK)
+ }
+ srv := httptest.NewServer(http.HandlerFunc(handler))
+ defer srv.Close()
+
+ ctx, cancel := context.WithTimeout(context.Background(), rpcConnectTimeout*2)
+ defer cancel()
+ u, err := url.Parse(srv.URL)
+ require.NoError(t, err)
+ _, _, err = Coder(ctx, u, token)
+ require.ErrorContains(t, err, "failed to WebSocket dial")
+ require.ErrorIs(t, err, context.DeadlineExceeded)
+ close(handlerWait)
+ <-handlerDone
+ })
+}
+
+func decodeV1Logs(t *testing.T, w http.ResponseWriter, r *http.Request) (agentsdk.PatchLogs, bool) {
+ t.Helper()
+ var req agentsdk.PatchLogs
+ err := json.NewDecoder(r.Body).Decode(&req)
+ if !assert.NoError(t, err) {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return req, false
+ }
+ return req, true
+}
+
+func newCoderLogger(ctx context.Context, t *testing.T, us string, token string) (Func, func()) {
+ t.Helper()
+ u, err := url.Parse(us)
+ require.NoError(t, err)
+ logger, closer, err := Coder(ctx, u, token)
+ require.NoError(t, err)
+ t.Cleanup(closer)
+ return logger, closer
+}
+
+type fakeLogDest struct {
+ t testing.TB
+ logs []*proto.Log
+}
+
+func (d *fakeLogDest) BatchCreateLogs(ctx context.Context, request *proto.BatchCreateLogsRequest) (*proto.BatchCreateLogsResponse, error) {
+ d.t.Logf("got %d logs, ", len(request.Logs))
+ d.logs = append(d.logs, request.Logs...)
+ return &proto.BatchCreateLogsResponse{}, nil
+}
+
+func testReplaceTimeout(t *testing.T, v *time.Duration, d time.Duration) {
+ t.Helper()
+ if isParallel(t) {
+ t.Fatal("cannot replace timeout in parallel test")
+ }
+ old := *v
+ *v = d
+ t.Cleanup(func() { *v = old })
+}
+
+func isParallel(t *testing.T) (ret bool) {
+ t.Helper()
+ // This is a hack to determine if the test is running in parallel
+ // via property of t.Setenv.
+ defer func() {
+ if r := recover(); r != nil {
+ ret = true
+ }
+ }()
+ // Random variable name to avoid collisions.
+ t.Setenv(fmt.Sprintf("__TEST_CHECK_IS_PARALLEL_%d", rand.Int()), "1")
+ return false
+}
diff --git a/log/log.go b/log/log.go
new file mode 100644
index 00000000..8519d6b0
--- /dev/null
+++ b/log/log.go
@@ -0,0 +1,76 @@
+package log
+
+import (
+ "bufio"
+ "fmt"
+ "io"
+ "strings"
+
+ "github.com/coder/coder/v2/codersdk"
+)
+
+type Func func(l Level, msg string, args ...any)
+
+type Level string
+
+// Below constants are the same as their codersdk equivalents.
+const (
+ LevelTrace = Level(codersdk.LogLevelTrace)
+ LevelDebug = Level(codersdk.LogLevelDebug)
+ LevelInfo = Level(codersdk.LogLevelInfo)
+ LevelWarn = Level(codersdk.LogLevelWarn)
+ LevelError = Level(codersdk.LogLevelError)
+)
+
+// New logs to the provided io.Writer.
+func New(w io.Writer, verbose bool) Func {
+ return func(l Level, msg string, args ...any) {
+ if !verbose {
+ switch l {
+ case LevelDebug, LevelTrace:
+ return
+ }
+ }
+ _, _ = fmt.Fprintf(w, msg, args...)
+ if !strings.HasSuffix(msg, "\n") {
+ _, _ = fmt.Fprintf(w, "\n")
+ }
+ }
+}
+
+// Wrap wraps the provided LogFuncs into a single Func.
+func Wrap(fs ...Func) Func {
+ return func(l Level, msg string, args ...any) {
+ for _, f := range fs {
+ f(l, msg, args...)
+ }
+ }
+}
+
+// Writer returns an io.Writer that logs all writes in a separate goroutine.
+// It is the responsibility of the caller to call the returned
+// function to stop the goroutine.
+func Writer(logf Func) (io.Writer, func()) {
+ pipeReader, pipeWriter := io.Pipe()
+ doneCh := make(chan struct{})
+ go func() {
+ defer pipeWriter.Close()
+ defer pipeReader.Close()
+ scanner := bufio.NewScanner(pipeReader)
+ for {
+ select {
+ case <-doneCh:
+ return
+ default:
+ if !scanner.Scan() {
+ return
+ }
+ logf(LevelInfo, "%s", scanner.Text())
+ }
+ }
+ }()
+ closer := func() {
+ close(doneCh)
+ }
+ return pipeWriter, closer
+}
diff --git a/log/log_test.go b/log/log_test.go
new file mode 100644
index 00000000..adeff7b1
--- /dev/null
+++ b/log/log_test.go
@@ -0,0 +1,29 @@
+package log_test
+
+import (
+ "strings"
+ "testing"
+
+ "github.com/coder/envbuilder/log"
+ "github.com/stretchr/testify/require"
+)
+
+func Test_Verbose(t *testing.T) {
+ t.Parallel()
+
+ t.Run("true", func(t *testing.T) {
+ var sb strings.Builder
+ l := log.New(&sb, true)
+ l(log.LevelDebug, "hello")
+ l(log.LevelInfo, "world")
+ require.Equal(t, "hello\nworld\n", sb.String())
+ })
+
+ t.Run("false", func(t *testing.T) {
+ var sb strings.Builder
+ l := log.New(&sb, false)
+ l(log.LevelDebug, "hello")
+ l(log.LevelInfo, "world")
+ require.Equal(t, "world\n", sb.String())
+ })
+}
diff --git a/log/logrus.go b/log/logrus.go
new file mode 100644
index 00000000..3d70b114
--- /dev/null
+++ b/log/logrus.go
@@ -0,0 +1,61 @@
+package log
+
+import (
+ "io"
+
+ "github.com/sirupsen/logrus"
+)
+
+// HijackLogrus hijacks the logrus logger and calls the callback for each log entry.
+// This is an abuse of logrus, the package that Kaniko uses, but it exposes
+// no other way to obtain the log entries.
+func HijackLogrus(lvl Level, callback func(entry *logrus.Entry)) {
+ logrus.StandardLogger().SetOutput(io.Discard)
+ logrus.StandardLogger().SetLevel(ToLogrus(lvl))
+ logrus.StandardLogger().SetFormatter(&logrusFormatter{
+ callback: callback,
+ empty: []byte{},
+ })
+}
+
+type logrusFormatter struct {
+ callback func(entry *logrus.Entry)
+ empty []byte
+}
+
+func (f *logrusFormatter) Format(entry *logrus.Entry) ([]byte, error) {
+ f.callback(entry)
+ return f.empty, nil
+}
+
+func ToLogrus(lvl Level) logrus.Level {
+ switch lvl {
+ case LevelTrace:
+ return logrus.TraceLevel
+ case LevelDebug:
+ return logrus.DebugLevel
+ case LevelInfo:
+ return logrus.InfoLevel
+ case LevelWarn:
+ return logrus.WarnLevel
+ case LevelError:
+ return logrus.ErrorLevel
+ default:
+ return logrus.InfoLevel
+ }
+}
+
+func FromLogrus(lvl logrus.Level) Level {
+ switch lvl {
+ case logrus.TraceLevel:
+ return LevelTrace
+ case logrus.DebugLevel:
+ return LevelDebug
+ case logrus.InfoLevel:
+ return LevelInfo
+ case logrus.WarnLevel:
+ return LevelWarn
+ default: // Error, Fatal, Panic
+ return LevelError
+ }
+}
diff --git a/log/logrus_test.go b/log/logrus_test.go
new file mode 100644
index 00000000..7b606696
--- /dev/null
+++ b/log/logrus_test.go
@@ -0,0 +1,110 @@
+package log_test
+
+import (
+ "context"
+ "testing"
+ "time"
+
+ "github.com/coder/envbuilder/log"
+ "github.com/sirupsen/logrus"
+ "github.com/stretchr/testify/require"
+)
+
+func TestHijackLogrus_Info(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelInfo, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ logrus.Debug("Debugging!")
+ // We should receive the below.
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Testing!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Warning!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func TestHijackLogrus_Debug(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelDebug, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ // We should receive the below.
+ logrus.Debug("Debugging!")
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Debugging!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Testing!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Warning!", rcvCtx(ctx, t, messages).Message)
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func TestHijackLogrus_Error(t *testing.T) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+ t.Cleanup(cancel)
+ messages := make(chan *logrus.Entry)
+
+ logf := func(entry *logrus.Entry) {
+ t.Logf("got msg level: %s msg: %q", entry.Level, entry.Message)
+ messages <- entry
+ }
+
+ log.HijackLogrus(log.LevelError, logf)
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ // The following should be filtered out.
+ logrus.Trace("Tracing!")
+ logrus.Debug("Debugging!")
+ logrus.Info("Testing!")
+ logrus.Warn("Warning!")
+ // We should receive the below.
+ logrus.Error("Error!")
+ }()
+
+ require.Equal(t, "Error!", rcvCtx(ctx, t, messages).Message)
+ <-done
+}
+
+func rcvCtx[T any](ctx context.Context, t *testing.T, ch <-chan T) (v T) {
+ t.Helper()
+ select {
+ case <-ctx.Done():
+ t.Fatal("timeout")
+ case v = <-ch:
+ }
+ return v
+}
diff --git a/log_test.go b/log_test.go
deleted file mode 100644
index 63d5e6cd..00000000
--- a/log_test.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package envbuilder_test
-
-import (
- "testing"
-
- "github.com/coder/envbuilder"
- "github.com/sirupsen/logrus"
- "github.com/stretchr/testify/require"
-)
-
-func TestHijackLogrus(t *testing.T) {
- messages := make(chan *logrus.Entry, 1)
- envbuilder.HijackLogrus(func(entry *logrus.Entry) {
- messages <- entry
- })
- logrus.Infof("Testing!")
- message := <-messages
- require.Equal(t, "Testing!", message.Message)
-}
diff --git a/options/defaults.go b/options/defaults.go
new file mode 100644
index 00000000..ee2543f7
--- /dev/null
+++ b/options/defaults.go
@@ -0,0 +1,74 @@
+package options
+
+import (
+ "fmt"
+ "path"
+ "strings"
+
+ "github.com/go-git/go-billy/v5/osfs"
+
+ giturls "github.com/chainguard-dev/git-urls"
+ "github.com/coder/envbuilder/internal/chmodfs"
+ "github.com/coder/envbuilder/internal/workingdir"
+)
+
+// DefaultWorkspaceFolder returns the default workspace folder
+// for a given repository URL.
+func DefaultWorkspaceFolder(workspacesFolder, repoURL string) string {
+ // emptyWorkspaceDir is the path to a workspace that has
+ // nothing going on... it's empty!
+ emptyWorkspaceDir := workspacesFolder + "/empty"
+
+ if repoURL == "" {
+ return emptyWorkspaceDir
+ }
+ parsed, err := giturls.Parse(repoURL)
+ if err != nil {
+ return emptyWorkspaceDir
+ }
+ repo := path.Base(parsed.Path)
+ // Giturls parsing never actually fails since ParseLocal never
+ // errors and places the entire URL in the Path field. This check
+ // ensures it's at least a Unix path containing forwardslash.
+ if repo == repoURL || repo == "/" || repo == "." || repo == "" {
+ return emptyWorkspaceDir
+ }
+ repo = strings.TrimSuffix(repo, ".git")
+ return fmt.Sprintf("%s/%s", workspacesFolder, repo)
+}
+
+func (o *Options) SetDefaults() {
+ // Temporarily removed these from the default settings to prevent conflicts
+ // between current and legacy environment variables that add default values.
+ // Once the legacy environment variables are phased out, this can be
+ // reinstated to the previous default values.
+ if len(o.IgnorePaths) == 0 {
+ o.IgnorePaths = []string{
+ "/var/run",
+ // KinD adds these paths to pods, so ignore them by default.
+ "/product_uuid", "/product_name",
+ }
+ }
+ if o.InitScript == "" {
+ o.InitScript = "sleep infinity"
+ }
+ if o.InitCommand == "" {
+ o.InitCommand = "/bin/sh"
+ }
+
+ if o.Filesystem == nil {
+ o.Filesystem = chmodfs.New(osfs.New("/"))
+ }
+ if o.WorkspaceBaseDir == "" {
+ o.WorkspaceBaseDir = "/workspaces"
+ }
+ if o.WorkspaceFolder == "" {
+ o.WorkspaceFolder = DefaultWorkspaceFolder(o.WorkspaceBaseDir, o.GitURL)
+ }
+ if o.BinaryPath == "" {
+ o.BinaryPath = "/.envbuilder/bin/envbuilder"
+ }
+ if o.WorkingDirBase == "" {
+ o.WorkingDirBase = workingdir.Default.Path()
+ }
+}
diff --git a/options/defaults_test.go b/options/defaults_test.go
new file mode 100644
index 00000000..91dac3bd
--- /dev/null
+++ b/options/defaults_test.go
@@ -0,0 +1,179 @@
+package options_test
+
+import (
+ "testing"
+
+ "github.com/coder/envbuilder/internal/chmodfs"
+ "github.com/go-git/go-billy/v5/osfs"
+
+ "github.com/stretchr/testify/assert"
+
+ "github.com/coder/envbuilder/options"
+ "github.com/stretchr/testify/require"
+)
+
+func TestDefaultWorkspaceFolder(t *testing.T) {
+ t.Parallel()
+
+ successTests := []struct {
+ name string
+ baseDir string
+ gitURL string
+ expected string
+ }{
+ {
+ name: "HTTP",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder.git",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "SSH",
+ baseDir: "/workspaces",
+ gitURL: "git@github.com:coder/envbuilder.git",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "username and password",
+ baseDir: "/workspaces",
+ gitURL: "https://username:password@github.com/coder/envbuilder.git",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "trailing",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder.git/",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "trailing-x2",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder.git//",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "no .git",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "trailing no .git",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder/",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "fragment",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder.git#feature-branch",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "fragment-trailing",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder.git/#refs/heads/feature-branch",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "fragment-trailing no .git",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/envbuilder/#refs/heads/feature-branch",
+ expected: "/workspaces/envbuilder",
+ },
+ {
+ name: "space",
+ baseDir: "/workspaces",
+ gitURL: "https://github.com/coder/env%20builder.git",
+ expected: "/workspaces/env builder",
+ },
+ {
+ name: "Unix path",
+ baseDir: "/workspaces",
+ gitURL: "/repo",
+ expected: "/workspaces/repo",
+ },
+ {
+ name: "Unix subpath",
+ baseDir: "/workspaces",
+ gitURL: "/path/to/repo",
+ expected: "/workspaces/repo",
+ },
+ {
+ name: "empty",
+ baseDir: "/workspaces",
+ gitURL: "",
+ expected: "/workspaces/empty",
+ },
+ {
+ name: "non default workspaces folder",
+ baseDir: "/foo",
+ gitURL: "https://github.com/coder/envbuilder.git",
+ expected: "/foo/envbuilder",
+ },
+ {
+ name: "non default workspaces folder empty git URL",
+ baseDir: "/foo",
+ gitURL: "",
+ expected: "/foo/empty",
+ },
+ }
+ for _, tt := range successTests {
+ t.Run(tt.name, func(t *testing.T) {
+ dir := options.DefaultWorkspaceFolder(tt.baseDir, tt.gitURL)
+ require.Equal(t, tt.expected, dir)
+ })
+ }
+
+ invalidTests := []struct {
+ name string
+ invalidURL string
+ }{
+ {
+ name: "simple text",
+ invalidURL: "not a valid URL",
+ },
+ {
+ name: "website URL",
+ invalidURL: "www.google.com",
+ },
+ {
+ name: "Unix root",
+ invalidURL: "/",
+ },
+ {
+ name: "Path consists entirely of slash",
+ invalidURL: "//",
+ },
+ {
+ name: "Git URL with no path",
+ invalidURL: "http://127.0.0.1:41073",
+ },
+ }
+ for _, tt := range invalidTests {
+ t.Run(tt.name, func(t *testing.T) {
+ dir := options.DefaultWorkspaceFolder("/workspaces", tt.invalidURL)
+ require.Equal(t, "/workspaces/empty", dir)
+ })
+ }
+}
+
+func TestOptions_SetDefaults(t *testing.T) {
+ t.Parallel()
+
+ expected := options.Options{
+ InitScript: "sleep infinity",
+ InitCommand: "/bin/sh",
+ IgnorePaths: []string{"/var/run", "/product_uuid", "/product_name"},
+ Filesystem: chmodfs.New(osfs.New("/")),
+ GitURL: "",
+ WorkspaceBaseDir: "/workspaces",
+ WorkspaceFolder: "/workspaces/empty",
+ WorkingDirBase: "/.envbuilder",
+ BinaryPath: "/.envbuilder/bin/envbuilder",
+ }
+
+ var actual options.Options
+ actual.SetDefaults()
+ assert.Equal(t, expected, actual)
+}
diff --git a/options.go b/options/options.go
similarity index 77%
rename from options.go
rename to options/options.go
index 2913fdea..c2b6efe6 100644
--- a/options.go
+++ b/options/options.go
@@ -1,15 +1,17 @@
-package envbuilder
+package options
import (
+ "crypto/x509"
+ "encoding/base64"
+ "fmt"
+ "os"
"strings"
- "github.com/coder/envbuilder/internal/notcodersdk"
+ "github.com/coder/envbuilder/log"
"github.com/coder/serpent"
"github.com/go-git/go-billy/v5"
)
-type LoggerFunc func(level notcodersdk.LogLevel, format string, args ...interface{})
-
// Options contains the configuration for the envbuilder.
type Options struct {
// SetupScript is the script to run before the init script. It runs as the
@@ -76,6 +78,10 @@ type Options struct {
// devcontainer.json or image is provided. However, it ensures that the
// container stops if the build process encounters an error.
ExitOnBuildFailure bool
+ // ExitOnPushFailure terminates the container upon a push failure. This is
+ // useful if failure to push the built image should abort execution
+ // and result in an error.
+ ExitOnPushFailure bool
// ForceSafe ignores any filesystem safety checks. This could cause serious
// harm to your system! This is used in cases where bypass is needed to
// unblock customers.
@@ -86,6 +92,9 @@ type Options struct {
// IgnorePaths is the comma separated list of paths to ignore when building
// the workspace.
IgnorePaths []string
+ // BuildSecrets is the list of secret environment variables to use when
+ // building the image.
+ BuildSecrets []string
// SkipRebuild skips building if the MagicFile exists. This is used to skip
// building when a container is restarting. e.g. docker stop -> docker start
// This value can always be set to true - even if the container is being
@@ -106,10 +115,17 @@ type Options struct {
// GitSSHPrivateKeyPath is the path to an SSH private key to be used for
// Git authentication.
GitSSHPrivateKeyPath string
+ // GitSSHPrivateKeyBase64 is the content of an SSH private key to be used
+ // for Git authentication.
+ GitSSHPrivateKeyBase64 string
// GitHTTPProxyURL is the URL for the HTTP proxy. This is optional.
GitHTTPProxyURL string
+ // WorkspaceBaseDir is the path under which workspaces will be placed when
+ // workspace folder option is not given.
+ WorkspaceBaseDir string
// WorkspaceFolder is the path to the workspace folder that will be built.
- // This is optional.
+ // This is optional. Defaults to `[workspace base dir]/[name]` where name is
+ // the name of the repository or "empty".
WorkspaceFolder string
// SSLCertBase64 is the content of an SSL cert file. This is useful for
// self-signed certificates.
@@ -125,7 +141,9 @@ type Options struct {
// execute it after successful startup.
PostStartScriptPath string
// Logger is the logger to use for all operations.
- Logger LoggerFunc
+ Logger log.Func
+ // Verbose controls whether to send verbose logs.
+ Verbose bool
// Filesystem is the filesystem to use for all operations. Defaults to the
// host filesystem.
Filesystem billy.Filesystem
@@ -145,6 +163,23 @@ type Options struct {
// GetCachedImage is a flag to determine if the cached image is available,
// and if it is, to return it.
GetCachedImage bool
+
+ // RemoteRepoBuildMode uses the remote repository as the source of truth
+ // when building the image. Enabling this option ignores user changes to
+ // local files and they will not be reflected in the image. This can be
+ // used to improving cache utilization when multiple users are building
+ // working on the same repository.
+ RemoteRepoBuildMode bool
+
+ // BinaryPath is the path to the local envbuilder binary when
+ // attempting to probe the build cache. This is only relevant when
+ // GetCachedImage is true.
+ BinaryPath string
+
+ // WorkingDirBase is the path to the directory where all envbuilder files should be
+ // stored. By default, this is set to `/.envbuilder`. This is intentionally
+ // excluded from the CLI options.
+ WorkingDirBase string
}
const envPrefix = "ENVBUILDER_"
@@ -253,7 +288,9 @@ func (o *Options) CLI() serpent.OptionSet {
Env: WithEnvPrefix("DOCKER_CONFIG_BASE64"),
Value: serpent.StringOf(&o.DockerConfigBase64),
Description: "The base64 encoded Docker config file that " +
- "will be used to pull images from private container registries.",
+ "will be used to pull images from private container registries. " +
+ "When this is set, Docker configuration set via the DOCKER_CONFIG " +
+ "environment variable is ignored.",
},
{
Flag: "fallback-image",
@@ -275,6 +312,14 @@ func (o *Options) CLI() serpent.OptionSet {
"no devcontainer.json or image is provided. However, it ensures " +
"that the container stops if the build process encounters an error.",
},
+ {
+ Flag: "exit-on-push-failure",
+ Env: WithEnvPrefix("EXIT_ON_PUSH_FAILURE"),
+ Value: serpent.BoolOf(&o.ExitOnPushFailure),
+ Description: "ExitOnPushFailure terminates the container upon a push failure. " +
+ "This is useful if failure to push the built image should abort execution " +
+ "and result in an error.",
+ },
{
Flag: "force-safe",
Env: WithEnvPrefix("FORCE_SAFE"),
@@ -297,6 +342,12 @@ func (o *Options) CLI() serpent.OptionSet {
Description: "The comma separated list of paths to ignore when " +
"building the workspace.",
},
+ {
+ Flag: "build-secrets",
+ Env: WithEnvPrefix("BUILD_SECRETS"),
+ Value: serpent.StringArrayOf(&o.BuildSecrets),
+ Description: "The list of secret environment variables to use " + "when building the image.",
+ },
{
Flag: "skip-rebuild",
Env: WithEnvPrefix("SKIP_REBUILD"),
@@ -337,10 +388,18 @@ func (o *Options) CLI() serpent.OptionSet {
Description: "The password to use for Git authentication. This is optional.",
},
{
- Flag: "git-ssh-private-key-path",
- Env: WithEnvPrefix("GIT_SSH_PRIVATE_KEY_PATH"),
- Value: serpent.StringOf(&o.GitSSHPrivateKeyPath),
- Description: "Path to an SSH private key to be used for Git authentication.",
+ Flag: "git-ssh-private-key-path",
+ Env: WithEnvPrefix("GIT_SSH_PRIVATE_KEY_PATH"),
+ Value: serpent.StringOf(&o.GitSSHPrivateKeyPath),
+ Description: "Path to an SSH private key to be used for Git authentication." +
+ " If this is set, then GIT_SSH_PRIVATE_KEY_BASE64 cannot be set.",
+ },
+ {
+ Flag: "git-ssh-private-key-base64",
+ Env: WithEnvPrefix("GIT_SSH_PRIVATE_KEY_BASE64"),
+ Value: serpent.StringOf(&o.GitSSHPrivateKeyBase64),
+ Description: "Base64 encoded SSH private key to be used for Git authentication." +
+ " If this is set, then GIT_SSH_PRIVATE_KEY_PATH cannot be set.",
},
{
Flag: "git-http-proxy-url",
@@ -348,12 +407,21 @@ func (o *Options) CLI() serpent.OptionSet {
Value: serpent.StringOf(&o.GitHTTPProxyURL),
Description: "The URL for the HTTP proxy. This is optional.",
},
+ {
+ Flag: "workspace-base-dir",
+ Env: WithEnvPrefix("WORKSPACE_BASE_DIR"),
+ Value: serpent.StringOf(&o.WorkspaceBaseDir),
+ Default: "/workspaces",
+ Description: "The path under which workspaces will be placed when " +
+ "workspace folder option is not given.",
+ },
{
Flag: "workspace-folder",
Env: WithEnvPrefix("WORKSPACE_FOLDER"),
Value: serpent.StringOf(&o.WorkspaceFolder),
- Description: "The path to the workspace folder that will " +
- "be built. This is optional.",
+ Description: "The path to the workspace folder that will be built. " +
+ "This is optional. Defaults to `[workspace base dir]/[name]` where " +
+ "name is the name of the repository or `empty`.",
},
{
Flag: "ssl-cert-base64",
@@ -416,6 +484,30 @@ func (o *Options) CLI() serpent.OptionSet {
Description: "Print the digest of the cached image, if available. " +
"Exits with an error if not found.",
},
+ {
+ Flag: "binary-path",
+ Env: WithEnvPrefix("BINARY_PATH"),
+ Value: serpent.StringOf(&o.BinaryPath),
+ Hidden: true,
+ Description: "Specify the path to an Envbuilder binary for use when probing the build cache.",
+ },
+ {
+ Flag: "remote-repo-build-mode",
+ Env: WithEnvPrefix("REMOTE_REPO_BUILD_MODE"),
+ Value: serpent.BoolOf(&o.RemoteRepoBuildMode),
+ Default: "false",
+ Description: "Use the remote repository as the source of truth " +
+ "when building the image. Enabling this option ignores user changes " +
+ "to local files and they will not be reflected in the image. This can " +
+ "be used to improving cache utilization when multiple users are building " +
+ "working on the same repository.",
+ },
+ {
+ Flag: "verbose",
+ Env: WithEnvPrefix("VERBOSE"),
+ Value: serpent.BoolOf(&o.Verbose),
+ Description: "Enable verbose logging.",
+ },
}
// Add options without the prefix for backward compatibility. These options
@@ -457,6 +549,9 @@ func (o *Options) Markdown() string {
_, _ = sb.WriteString("| - | - | - | - |\n")
for _, opt := range cliOptions {
+ if opt.Hidden {
+ continue
+ }
d := opt.Default
if d != "" {
d = "`" + d + "`"
@@ -475,6 +570,26 @@ func (o *Options) Markdown() string {
return sb.String()
}
+func (o *Options) CABundle() ([]byte, error) {
+ if o.SSLCertBase64 == "" {
+ return nil, nil
+ }
+
+ certPool, err := x509.SystemCertPool()
+ if err != nil {
+ return nil, fmt.Errorf("get global system cert pool: %w", err)
+ }
+ data, err := base64.StdEncoding.DecodeString(o.SSLCertBase64)
+ if err != nil {
+ return nil, fmt.Errorf("base64 decode ssl cert: %w", err)
+ }
+ ok := certPool.AppendCertsFromPEM(data)
+ if !ok {
+ return nil, fmt.Errorf("failed to append the ssl cert to the global pool: %s", data)
+ }
+ return data, nil
+}
+
func skipDeprecatedOptions(options []serpent.Option) []serpent.Option {
var activeOptions []serpent.Option
@@ -487,3 +602,26 @@ func skipDeprecatedOptions(options []serpent.Option) []serpent.Option {
return activeOptions
}
+
+// UnsetEnv unsets all environment variables that are used
+// to configure the options.
+func UnsetEnv() {
+ var o Options
+ for _, opt := range o.CLI() {
+ if opt.Env == "" {
+ continue
+ }
+ // Do not strip options that do not have the magic prefix!
+ // For example, CODER_AGENT_URL, CODER_AGENT_TOKEN, CODER_AGENT_SUBSYSTEM.
+ if !strings.HasPrefix(opt.Env, envPrefix) {
+ continue
+ }
+ // Strip both with and without prefix.
+ _ = os.Unsetenv(opt.Env)
+ _ = os.Unsetenv(strings.TrimPrefix(opt.Env, envPrefix))
+ }
+
+ // Unset the Kaniko environment variable which we set it in the
+ // Dockerfile to ensure correct behavior during building.
+ _ = os.Unsetenv("KANIKO_DIR")
+}
diff --git a/options_test.go b/options/options_test.go
similarity index 88%
rename from options_test.go
rename to options/options_test.go
index e32af9e6..bf7a216c 100644
--- a/options_test.go
+++ b/options/options_test.go
@@ -1,4 +1,4 @@
-package envbuilder_test
+package options_test
import (
"bytes"
@@ -6,7 +6,8 @@ import (
"os"
"testing"
- "github.com/coder/envbuilder"
+ "github.com/coder/envbuilder/options"
+
"github.com/coder/serpent"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -16,50 +17,50 @@ import (
func TestEnvOptionParsing(t *testing.T) {
t.Run("string", func(t *testing.T) {
const val = "setup.sh"
- t.Setenv(envbuilder.WithEnvPrefix("SETUP_SCRIPT"), val)
+ t.Setenv(options.WithEnvPrefix("SETUP_SCRIPT"), val)
o := runCLI()
require.Equal(t, o.SetupScript, val)
})
t.Run("int", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("CACHE_TTL_DAYS"), "7")
+ t.Setenv(options.WithEnvPrefix("CACHE_TTL_DAYS"), "7")
o := runCLI()
require.Equal(t, o.CacheTTLDays, int64(7))
})
t.Run("string array", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("IGNORE_PATHS"), "/var,/temp")
+ t.Setenv(options.WithEnvPrefix("IGNORE_PATHS"), "/var,/temp")
o := runCLI()
require.Equal(t, o.IgnorePaths, []string{"/var", "/temp"})
})
t.Run("bool", func(t *testing.T) {
t.Run("lowercase", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "true")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "false")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "true")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "false")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("uppercase", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "TRUE")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "FALSE")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "TRUE")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "FALSE")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("numeric", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "1")
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "0")
+ t.Setenv(options.WithEnvPrefix("SKIP_REBUILD"), "1")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "0")
o := runCLI()
require.True(t, o.SkipRebuild)
require.False(t, o.GitCloneSingleBranch)
})
t.Run("empty", func(t *testing.T) {
- t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "")
+ t.Setenv(options.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "")
o := runCLI()
require.False(t, o.GitCloneSingleBranch)
})
@@ -142,7 +143,7 @@ var updateCLIOutputGoldenFiles = flag.Bool("update", false, "update options CLI
// TestCLIOutput tests that the default CLI output is as expected.
func TestCLIOutput(t *testing.T) {
- var o envbuilder.Options
+ var o options.Options
cmd := serpent.Command{
Use: "envbuilder",
Options: o.CLI(),
@@ -171,8 +172,8 @@ func TestCLIOutput(t *testing.T) {
}
}
-func runCLI() envbuilder.Options {
- var o envbuilder.Options
+func runCLI() options.Options {
+ var o options.Options
cmd := serpent.Command{
Options: o.CLI(),
Handler: func(inv *serpent.Invocation) error {
diff --git a/testdata/options.golden b/options/testdata/options.golden
similarity index 81%
rename from testdata/options.golden
rename to options/testdata/options.golden
index 73e68540..6a8145ad 100644
--- a/testdata/options.golden
+++ b/options/testdata/options.golden
@@ -12,6 +12,10 @@ OPTIONS:
WorkspaceFolder. This path MUST be relative to the WorkspaceFolder
path into which the repo is cloned.
+ --build-secrets string-array, $ENVBUILDER_BUILD_SECRETS
+ The list of secret environment variables to use when building the
+ image.
+
--cache-repo string, $ENVBUILDER_CACHE_REPO
The name of the container registry to push the cache image to. If this
is empty, the cache will not be pushed.
@@ -47,7 +51,9 @@ OPTIONS:
--docker-config-base64 string, $ENVBUILDER_DOCKER_CONFIG_BASE64
The base64 encoded Docker config file that will be used to pull images
- from private container registries.
+ from private container registries. When this is set, Docker
+ configuration set via the DOCKER_CONFIG environment variable is
+ ignored.
--dockerfile-path string, $ENVBUILDER_DOCKERFILE_PATH
The relative path to the Dockerfile that will be used to build the
@@ -60,6 +66,11 @@ OPTIONS:
image is provided. However, it ensures that the container stops if the
build process encounters an error.
+ --exit-on-push-failure bool, $ENVBUILDER_EXIT_ON_PUSH_FAILURE
+ ExitOnPushFailure terminates the container upon a push failure. This
+ is useful if failure to push the built image should abort execution
+ and result in an error.
+
--export-env-file string, $ENVBUILDER_EXPORT_ENV_FILE
Optional file path to a .env file where envbuilder will dump
environment variables from devcontainer.json and the built container
@@ -94,8 +105,13 @@ OPTIONS:
--git-password string, $ENVBUILDER_GIT_PASSWORD
The password to use for Git authentication. This is optional.
+ --git-ssh-private-key-base64 string, $ENVBUILDER_GIT_SSH_PRIVATE_KEY_BASE64
+ Base64 encoded SSH private key to be used for Git authentication. If
+ this is set, then GIT_SSH_PRIVATE_KEY_PATH cannot be set.
+
--git-ssh-private-key-path string, $ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH
- Path to an SSH private key to be used for Git authentication.
+ Path to an SSH private key to be used for Git authentication. If this
+ is set, then GIT_SSH_PRIVATE_KEY_BASE64 cannot be set.
--git-url string, $ENVBUILDER_GIT_URL
The URL of a Git repository containing a Devcontainer or Docker image
@@ -138,6 +154,13 @@ OPTIONS:
Push the built image to a remote registry. This option forces a
reproducible build.
+ --remote-repo-build-mode bool, $ENVBUILDER_REMOTE_REPO_BUILD_MODE (default: false)
+ Use the remote repository as the source of truth when building the
+ image. Enabling this option ignores user changes to local files and
+ they will not be reflected in the image. This can be used to improving
+ cache utilization when multiple users are building working on the same
+ repository.
+
--setup-script string, $ENVBUILDER_SETUP_SCRIPT
The script to run before the init script. It runs as the root user
regardless of the user specified in the devcontainer.json file.
@@ -155,6 +178,15 @@ OPTIONS:
The content of an SSL cert file. This is useful for self-signed
certificates.
+ --verbose bool, $ENVBUILDER_VERBOSE
+ Enable verbose logging.
+
+ --workspace-base-dir string, $ENVBUILDER_WORKSPACE_BASE_DIR (default: /workspaces)
+ The path under which workspaces will be placed when workspace folder
+ option is not given.
+
--workspace-folder string, $ENVBUILDER_WORKSPACE_FOLDER
The path to the workspace folder that will be built. This is optional.
+ Defaults to `[workspace base dir]/[name]` where name is the name of
+ the repository or `empty`.
diff --git a/scripts/Dockerfile b/scripts/Dockerfile
index b8198a1d..a8ba6941 100644
--- a/scripts/Dockerfile
+++ b/scripts/Dockerfile
@@ -3,8 +3,6 @@ ARG TARGETARCH
COPY envbuilder-${TARGETARCH} /.envbuilder/bin/envbuilder
-ENV KANIKO_DIR /.envbuilder
-# Kaniko looks for the Docker config at $DOCKER_CONFIG/config.json
-ENV DOCKER_CONFIG /.envbuilder
+ENV KANIKO_DIR=/.envbuilder
ENTRYPOINT ["/.envbuilder/bin/envbuilder"]
diff --git a/scripts/build.sh b/scripts/build.sh
index 2fac5e04..40545199 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,12 +1,12 @@
#!/usr/bin/env bash
-cd $(dirname "${BASH_SOURCE[0]}")
+cd "$(dirname "${BASH_SOURCE[0]}")"
set -euo pipefail
archs=()
push=false
base="envbuilder"
-tag="latest"
+tag=""
for arg in "$@"; do
if [[ $arg == --arch=* ]]; then
@@ -30,6 +30,10 @@ if [ ${#archs[@]} -eq 0 ]; then
archs=( "$current" )
fi
+if [[ -z "${tag}" ]]; then
+ tag=$(./version.sh)
+fi
+
# We have to use docker buildx to tag multiple images with
# platforms tragically, so we have to create a builder.
BUILDER_NAME="envbuilder"
@@ -46,15 +50,17 @@ fi
# Ensure the builder is bootstrapped and ready to use
docker buildx inspect --bootstrap &> /dev/null
+ldflags=(-X "'github.com/coder/envbuilder/buildinfo.tag=$tag'")
+
for arch in "${archs[@]}"; do
echo "Building for $arch..."
- GOARCH=$arch CGO_ENABLED=0 go build -o ./envbuilder-$arch ../cmd/envbuilder &
+ GOARCH=$arch CGO_ENABLED=0 go build -ldflags="${ldflags[*]}" -o "./envbuilder-${arch}" ../cmd/envbuilder &
done
wait
args=()
for arch in "${archs[@]}"; do
- args+=( --platform linux/$arch )
+ args+=( --platform "linux/${arch}" )
done
if [ "$push" = true ]; then
args+=( --push )
@@ -62,10 +68,12 @@ else
args+=( --load )
fi
-docker buildx build --builder $BUILDER_NAME "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile .
+# coerce semver build tags into something docker won't complain about
+tag="${tag//\+/-}"
+docker buildx build --builder $BUILDER_NAME "${args[@]}" -t "${base}:${tag}" -t "${base}:latest" -f Dockerfile .
# Check if archs contains the current. If so, then output a message!
-if [[ -z "${CI:-}" ]] && [[ " ${archs[@]} " =~ " ${current} " ]]; then
- docker tag $base:$tag envbuilder:latest
- echo "Tagged $current as envbuilder:latest!"
+if [[ -z "${CI:-}" ]] && [[ " ${archs[*]} " =~ ${current} ]]; then
+ docker tag "${base}:${tag}" envbuilder:latest
+ echo "Tagged $current as ${base}:${tag} ${base}:latest!"
fi
diff --git a/scripts/develop.sh b/scripts/develop.sh
index 8336eca7..c209c8aa 100755
--- a/scripts/develop.sh
+++ b/scripts/develop.sh
@@ -1,11 +1,11 @@
#!/usr/bin/env bash
-cd $(dirname "${BASH_SOURCE[0]}")
+cd "$(dirname "${BASH_SOURCE[0]}")"
set -euxo pipefail
-./build.sh
+./build.sh || exit 1
docker run --rm -it \
- -e GIT_URL=https://github.com/denoland/deno \
- -e INIT_SCRIPT="bash" \
+ -e ENVBUILDER_GIT_URL=https://github.com/denoland/deno \
+ -e ENVBUILDER_INIT_SCRIPT="bash" \
envbuilder:latest
diff --git a/scripts/diagram-dark.png b/scripts/diagram-dark.png
new file mode 100644
index 00000000..50476628
Binary files /dev/null and b/scripts/diagram-dark.png differ
diff --git a/scripts/diagram-dark.svg b/scripts/diagram-dark.svg
index 3cf09ba2..d3044acb 100644
--- a/scripts/diagram-dark.svg
+++ b/scripts/diagram-dark.svg
@@ -1,10 +1,10 @@
-Create Workspace Code Edit Dockerfile Restart Workspace
-Create Workspace Code Edit Dockerfile Restart Workspace
+ Create Workspace Code Edit Dockerfile Restart Workspace
-Create Workspace Code Edit Dockerfile Restart Workspace
+ 
+ 
- 
-