diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b0a1ae82..857d45e6 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "envbuilder", - "image": "mcr.microsoft.com/devcontainers/go:1.21", + "image": "mcr.microsoft.com/devcontainers/go:1.22", "features": { "ghcr.io/devcontainers/features/docker-in-docker": {} } diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..6b4433d3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +version: 2 +updates: + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + time: "06:00" + timezone: "America/Chicago" + commit-message: + prefix: "chore" + labels: ["dependencies"] + ignore: + # Ignore patch updates for all dependencies + - dependency-name: "*" + update-types: + - version-update:semver-patch diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 86603f2e..6dc12b3d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,7 +2,11 @@ name: ci on: push: + branches: + - main pull_request: + branches: + - main workflow_dispatch: permissions: @@ -11,11 +15,12 @@ permissions: contents: read deployments: none issues: none - packages: none pull-requests: none repository-projects: none security-events: none statuses: none + # Necessary to push docker images to ghcr.io. + packages: write # Cancel in-progress runs for pull requests when developers push # additional changes @@ -28,24 +33,84 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - name: Echo Go Cache Paths - id: go-cache-paths - run: | - echo "GOCACHE=$(go env GOCACHE)" >> ${{ runner.os == 'Windows' && '$env:' || '$' }}GITHUB_OUTPUT - echo "GOMODCACHE=$(go env GOMODCACHE)" >> ${{ runner.os == 'Windows' && '$env:' || '$' }}GITHUB_OUTPUT + - uses: actions/setup-go@v5 + with: + go-version: "~1.22" + + - name: Test + run: make test + docs: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 - - name: Go Build Cache - uses: actions/cache@v3 + - uses: actions/setup-go@v5 with: - path: ${{ steps.go-cache-paths.outputs.GOCACHE }} - key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }} + go-version: "~1.22" - # Install Go! - - uses: actions/setup-go@v3 + - name: Generate docs + run: make docs + + - name: Check for unstaged files + run: git diff --exit-code + fmt: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 with: - go-version: "~1.21" + go-version: "~1.22" - - name: Test - run: go test ./... + - name: Check format + run: ./scripts/check_fmt.sh + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + # Needed to get older tags + fetch-depth: 0 + + - uses: actions/setup-go@v5 + with: + go-version: "~1.22" + + - name: Login to GitHub Container Registry + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # do not push images for pull requests + - name: Build + if: github.event_name == 'pull_request' + run: | + VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD) + BASE=ghcr.io/coder/envbuilder-preview + + ./scripts/build.sh \ + --arch=amd64 \ + --base=$BASE \ + --tag=$VERSION + + - name: Build and Push + if: github.ref == 'refs/heads/main' + run: | + VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD) + BASE=ghcr.io/coder/envbuilder-preview + + ./scripts/build.sh \ + --arch=amd64 \ + --arch=arm64 \ + --arch=arm \ + --base=$BASE \ + --tag=$VERSION \ + --push diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 770a0094..3f03b2fd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: - uses: actions/setup-go@v3 with: - go-version: "~1.21" + go-version: "~1.22" - name: Docker Login uses: docker/login-action@v2 diff --git a/.gitignore b/.gitignore index 001aeac3..d2cf2655 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ scripts/envbuilder-* +.registry-cache +**/.gen-golden diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..42fd1db4 --- /dev/null +++ b/Makefile @@ -0,0 +1,73 @@ +GOARCH := $(shell go env GOARCH) +PWD=$(shell pwd) + +GO_SRC_FILES := $(shell find . -type f -name '*.go' -not -name '*_test.go') +GO_TEST_FILES := $(shell find . -type f -not -name '*.go' -name '*_test.go') +GOLDEN_FILES := $(shell find . -type f -name '*.golden') + +fmt: $(shell find . -type f -name '*.go') + go run mvdan.cc/gofumpt@v0.6.0 -l -w . + +develop: + ./scripts/develop.sh + +build: scripts/envbuilder-$(GOARCH) + ./scripts/build.sh + +.PHONY: update-golden-files +update-golden-files: .gen-golden + +.gen-golden: $(GOLDEN_FILES) $(GO_SRC_FILES) $(GO_TEST_FILES) + go test . -update + @touch "$@" + +docs: options.go + go run ./scripts/docsgen/main.go + +.PHONY: test +test: test-registry + go test -count=1 ./... + +test-race: + go test -race -count=3 ./... + +.PHONY: update-kaniko-fork +update-kaniko-fork: + go mod edit -replace github.com/GoogleContainerTools/kaniko=github.com/coder/kaniko@main + go mod tidy + +# Starts a local Docker registry on port 5000 with a local disk cache. +.PHONY: test-registry +test-registry: test-registry-container test-images-pull test-images-push + +.PHONY: test-registry-container +test-registry-container: .registry-cache + if ! curl -fsSL http://localhost:5000/v2/_catalog > /dev/null 2>&1; then \ + docker rm -f envbuilder-registry && \ + docker run -d -p 5000:5000 --name envbuilder-registry --volume $(PWD)/.registry-cache:/var/lib/registry registry:2; \ + fi + +# Pulls images referenced in integration tests and pushes them to the local cache. +.PHONY: test-images-push +test-images-push: .registry-cache/docker/registry/v2/repositories/envbuilder-test-alpine .registry-cache/docker/registry/v2/repositories/envbuilder-test-ubuntu .registry-cache/docker/registry/v2/repositories/envbuilder-test-codercom-code-server + +.PHONY: test-images-pull +test-images-pull: + docker pull alpine:latest + docker tag alpine:latest localhost:5000/envbuilder-test-alpine:latest + docker pull ubuntu:latest + docker tag ubuntu:latest localhost:5000/envbuilder-test-ubuntu:latest + docker pull codercom/code-server:latest + docker tag codercom/code-server:latest localhost:5000/envbuilder-test-codercom-code-server:latest + +.registry-cache: + mkdir -p .registry-cache && chmod -R ag+w .registry-cache + +.registry-cache/docker/registry/v2/repositories/envbuilder-test-alpine: + docker push localhost:5000/envbuilder-test-alpine:latest + +.registry-cache/docker/registry/v2/repositories/envbuilder-test-ubuntu: + docker push localhost:5000/envbuilder-test-ubuntu:latest + +.registry-cache/docker/registry/v2/repositories/envbuilder-test-codercom-code-server: + docker push localhost:5000/envbuilder-test-codercom-code-server:latest \ No newline at end of file diff --git a/README.md b/README.md index 6f4de667..aa5c5e64 100644 --- a/README.md +++ b/README.md @@ -22,15 +22,15 @@ Build development environments from a Dockerfile on Docker, Kubernetes, and Open ## Quickstart -The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$INIT_SCRIPT` in the freshly built container. +The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container. -> `/tmp/envbuilder` is used to persist data between commands for the purpose of this demo. You can change it to any directory you want. +> `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory. ```bash docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ - -e GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \ - -e INIT_SCRIPT=bash \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \ + -e ENVBUILDER_INIT_SCRIPT=bash \ ghcr.io/coder/envbuilder ``` @@ -47,6 +47,20 @@ $ vim .devcontainer/Dockerfile Exit the container, and re-run the `docker run` command... after the build completes, `htop` should exist in the container! 🥳 +> [!NOTE] +> Envbuilder performs destructive filesystem operations! To guard against accidental data +> loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value. +> If you need to bypass this behavior for any reason, you can bypass this safety check by setting +> `ENVBUILDER_FORCE_SAFE=true`. + +### Git Branch Selection + +Choose a branch using `ENVBUILDER_GIT_URL` with a _ref/heads_ reference. For instance: + +``` +ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch +``` + ## Container Registry Authentication envbuilder uses Kaniko to build containers. You should [follow their instructions](https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries) to create an authentication configuration. @@ -63,7 +77,7 @@ After you have a configuration that resembles the following: } ``` -`base64` encode the JSON and provide it to envbuilder as the `DOCKER_CONFIG_BASE64` environment variable. +`base64` encode the JSON and provide it to envbuilder as the `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable. Alternatively, if running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and pass it into the pod as a volume mount. This example will work for all registries. @@ -85,7 +99,7 @@ resource "kubernetes_deployment" "example" { } spec { spec { - container { + container { # Define the volumeMount with the pull credentials volume_mount { name = "docker-config-volume" @@ -117,21 +131,31 @@ ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjog Provide the encoded JSON config to envbuilder: ```env -DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo= +ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo= ``` +### Docker-in-Docker + +See [here](./docs/docker.md) for instructions on running Docker containers inside +environments built by Envbuilder. + ## Git Authentication -`GIT_USERNAME` and `GIT_PASSWORD` are environment variables to provide Git authentication for private repositories. +Two methods of authentication are supported: + +### HTTP Authentication + +If `ENVBUILDER_GIT_URL` starts with `http://` or `https://`, envbuilder will +authenticate with `ENVBUILDER_GIT_USERNAME` and `ENVBUILDER_GIT_PASSWORD`, if set. For access token-based authentication, follow the following schema (if empty, there's no need to provide the field): -| Provider | `GIT_USERNAME` | `GIT_PASSWORD` | -| ------------ | -------------- | -------------- | -| GitHub | [access-token] | | -| GitLab | oauth2 | [access-token] | -| BitBucket | x-token-auth | [access-token] | -| Azure DevOps | [access-token] | | +| Provider | `ENVBUILDER_GIT_USERNAME` | `ENVBUILDER_GIT_PASSWORD` | +| ------------ | ------------------------- | ------------------------- | +| GitHub | [access-token] | | +| GitLab | oauth2 | [access-token] | +| BitBucket | x-token-auth | [access-token] | +| Azure DevOps | [access-token] | | If using envbuilder inside of [Coder](https://github.com/coder/coder), you can use the `coder_external_auth` Terraform resource to automatically provide this token on workspace creation: @@ -142,31 +166,90 @@ data "coder_external_auth" "github" { resource "docker_container" "dev" { env = [ - GIT_USERNAME = data.coder_external_auth.github.access_token, + ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token, ] } ``` +### SSH Authentication + +If `ENVBUILDER_GIT_URL` does not start with `http://` or `https://`, +envbuilder will assume SSH authentication. You have the following options: + +1. Public/Private key authentication: set `ENVBUILDER_GIT_SSH_KEY_PATH` to the path of an + SSH private key mounted inside the container. Envbuilder will use this SSH + key to authenticate. Example: + + ```bash + docker run -it --rm \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \ + -e ENVBUILDER_INIT_SCRIPT=bash \ + -e ENVBUILDER_GIT_SSH_KEY_PATH=/.ssh/id_rsa \ + -v /home/user/id_rsa:/.ssh/id_rsa \ + ghcr.io/coder/envbuilder + ``` + +1. Agent-based authentication: set `SSH_AUTH_SOCK` and mount in your agent socket, for example: + + ```bash + docker run -it --rm \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \ + -e ENVBUILDER_INIT_SCRIPT=bash \ + -e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \ + -v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \ + ghcr.io/coder/envbuilder + ``` + +> Note: by default, envbuilder will accept and log all host keys. If you need +> strict host key checking, set `SSH_KNOWN_HOSTS` and mount in a `known_hosts` +> file. + + ## Layer Caching -Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `CACHE_REPO` environment variable. +Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable. ```bash CACHE_REPO=ghcr.io/coder/repo-cache ``` -To experiment without setting up a registry, use `LAYER_CACHE_DIR`: +To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`: ```bash docker run -it --rm \ -v /tmp/envbuilder-cache:/cache \ - -e LAYER_CACHE_DIR=/cache + -e ENVBUILDER_LAYER_CACHE_DIR=/cache ... ``` Each layer is stored in the registry as a separate image. The image tag is the hash of the layer's contents. The image digest is the hash of the image tag. The image digest is used to pull the layer from the registry. -The performance improvement of builds depends on the complexity of your Dockerfile. For [`coder/coder`](https://github.com/coder/coder/blob/main/.devcontainer/Dockerfile), uncached builds take 36m while cached builds take 40s (~98% improvement). +The performance improvement of builds depends on the complexity of your +Dockerfile. For +[`coder/coder`](https://github.com/coder/coder/blob/main/.devcontainer/Dockerfile), +uncached builds take 36m while cached builds take 40s (~98% improvement). + +## Pushing the built image + +Set `ENVBUILDER_PUSH_IMAGE=1` to push the entire image to the cache repo +in addition to individual layers. `ENVBUILDER_CACHE_REPO` **must** be set in +order for this to work. + +> **Note:** this option forces Envbuilder to perform a "reproducible" build. +> This will force timestamps for all newly added files to be set to the start of the UNIX epoch. + +## Probe Layer Cache + +To check for the presence of a pre-built image, set +`ENVBUILDER_GET_CACHED_IMAGE=1`. Instead of building the image, this will +perform a "dry-run" build of the image, consulting `ENVBUILDER_CACHE_REPO` for +each layer. + +If any layer is found not to be present in the cache repo, envbuilder +will exit with an error. Otherwise, the image will be emitted in the log output prefixed with the string +`ENVBUILDER_CACHED_IMAGE=...`. ## Image Caching @@ -183,42 +266,126 @@ docker run --rm \ # Run envbuilder with the local image cache. docker run -it --rm \ -v /tmp/kaniko-cache:/image-cache:ro \ - -e BASE_IMAGE_CACHE_DIR=/image-cache + -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache ``` In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). +A sample script to pre-fetch a number of images can be viewed [here](./examples/kaniko-cache-warmer.sh). This can be run, for example, as a cron job to periodically fetch the latest versions of a number of base images. + ## Setup Script -The `SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process. +The `ENVBUILDER_SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process. -> **Note** -> `TARGET_USER` is passed to the setup script to specify who will execute `INIT_COMMAND` (e.g., `code`). +> [!NOTE] +> `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`). Write the following to `$ENVBUILDER_ENV` to shape the container's init process: -- `TARGET_USER`: Identifies the `INIT_COMMAND` executor (e.g.`root`). -- `INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`). -- `INIT_ARGS`: Arguments provided to `INIT_COMMAND` (e.g. `-c 'sleep infinity'`). +- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g.`root`). +- `ENVBUILDER_INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`). +- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g. `-c 'sleep infinity'`). ```bash # init.sh - change the init if systemd exists if command -v systemd >/dev/null; then echo "Hey 👋 $TARGET_USER" - echo INIT_COMMAND=systemd >> $ENVBUILDER_ENV + echo ENVBUILDER_INIT_COMMAND=systemd >> $ENVBUILDER_ENV else - echo INIT_COMMAND=bash >> $ENVBUILDER_ENV + echo ENVBUILDER_INIT_COMMAND=bash >> $ENVBUILDER_ENV fi # run envbuilder with the setup script docker run -it --rm \ -v ./:/some-dir \ - -e SETUP_SCRIPT=/some-dir/init.sh \ + -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh \ ... ``` ## Custom Certificates -- [`SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate. -- [`SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files. -- `SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start. +- [`ENVBUILDER_SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate. +- [`ENVBUILDER_SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files. +- `ENVBUILDER_SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start. + +## Unsupported features + +### Development Containers + +The table keeps track of features we would love to implement. Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you want Envbuilder to support it. + +| Name | Description | Known issues | +| ------------------------ | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ | +| Volume mounts | Volumes are used to persist data and share directories between the host and container. | [#220](https://github.com/coder/envbuilder/issues/220) | +| Port forwarding | Port forwarding allows exposing container ports to the host, making services accessible. | [#48](https://github.com/coder/envbuilder/issues/48) | +| Script init & Entrypoint | `init` adds a tiny init process to the container and `entrypoint` sets a script to run at container startup. | [#221](https://github.com/coder/envbuilder/issues/221) | +| Customizations | Product specific properties, for instance: _VS Code_ `settings` and `extensions`. | [#43](https://github.com/coder/envbuilder/issues/43) | +| Composefile | Define multiple containers and services for more complex development environments. | [#236](https://github.com/coder/envbuilder/issues/236) | + +### Devfile + +> [Devfiles](https://devfile.io/) automate and simplify development process by adopting the existing devfiles that are available in the [public community registry](https://registry.devfile.io/viewer). + +Issue: [#113](https://github.com/coder/envbuilder/issues/113) + +# Local Development + +Building `envbuilder` currently **requires** a Linux system. + +On MacOS or Windows systems, we recommend either using a VM or the provided `.devcontainer` for development. + +**Additional Requirements:** + +- `go 1.22` +- `make` +- Docker daemon (for running tests) + +**Makefile targets:** + +- `build`: builds and tags `envbuilder:latest` for your current architecture. +- `develop`: runs `envbuilder:latest` against a sample Git repository. +- `test`: run tests. +- `test-registry`: stands up a local registry for caching images used in tests. + + + +## Environment Variables + +| Flag | Environment variable | Default | Description | +| - | - | - | - | +| `--setup-script` | `ENVBUILDER_SETUP_SCRIPT` | | The script to run before the init script. It runs as the root user regardless of the user specified in the devcontainer.json file. SetupScript is ran as the root user prior to the init script. It is used to configure envbuilder dynamically during the runtime. e.g. specifying whether to start systemd or tiny init for PID 1. | +| `--init-script` | `ENVBUILDER_INIT_SCRIPT` | | The script to run to initialize the workspace. Default: `sleep infinity`. | +| `--init-command` | `ENVBUILDER_INIT_COMMAND` | | The command to run to initialize the workspace. Default: `/bin/sh`. | +| `--init-args` | `ENVBUILDER_INIT_ARGS` | | The arguments to pass to the init command. They are split according to /bin/sh rules with https://github.com/kballard/go-shellquote. | +| `--cache-repo` | `ENVBUILDER_CACHE_REPO` | | The name of the container registry to push the cache image to. If this is empty, the cache will not be pushed. | +| `--base-image-cache-dir` | `ENVBUILDER_BASE_IMAGE_CACHE_DIR` | | The path to a directory where the base image can be found. This should be a read-only directory solely mounted for the purpose of caching the base image. | +| `--layer-cache-dir` | `ENVBUILDER_LAYER_CACHE_DIR` | | The path to a directory where built layers will be stored. This spawns an in-memory registry to serve the layers from. | +| `--devcontainer-dir` | `ENVBUILDER_DEVCONTAINER_DIR` | | The path to the folder containing the devcontainer.json file that will be used to build the workspace and can either be an absolute path or a path relative to the workspace folder. If not provided, defaults to `.devcontainer`. | +| `--devcontainer-json-path` | `ENVBUILDER_DEVCONTAINER_JSON_PATH` | | The path to a devcontainer.json file that is either an absolute path or a path relative to DevcontainerDir. This can be used in cases where one wants to substitute an edited devcontainer.json file for the one that exists in the repo. | +| `--dockerfile-path` | `ENVBUILDER_DOCKERFILE_PATH` | | The relative path to the Dockerfile that will be used to build the workspace. This is an alternative to using a devcontainer that some might find simpler. | +| `--build-context-path` | `ENVBUILDER_BUILD_CONTEXT_PATH` | | Can be specified when a DockerfilePath is specified outside the base WorkspaceFolder. This path MUST be relative to the WorkspaceFolder path into which the repo is cloned. | +| `--cache-ttl-days` | `ENVBUILDER_CACHE_TTL_DAYS` | | The number of days to use cached layers before expiring them. Defaults to 7 days. | +| `--docker-config-base64` | `ENVBUILDER_DOCKER_CONFIG_BASE64` | | The base64 encoded Docker config file that will be used to pull images from private container registries. | +| `--fallback-image` | `ENVBUILDER_FALLBACK_IMAGE` | | Specifies an alternative image to use when neither an image is declared in the devcontainer.json file nor a Dockerfile is present. If there's a build failure (from a faulty Dockerfile) or a misconfiguration, this image will be the substitute. Set ExitOnBuildFailure to true to halt the container if the build faces an issue. | +| `--exit-on-build-failure` | `ENVBUILDER_EXIT_ON_BUILD_FAILURE` | | Terminates the container upon a build failure. This is handy when preferring the FALLBACK_IMAGE in cases where no devcontainer.json or image is provided. However, it ensures that the container stops if the build process encounters an error. | +| `--force-safe` | `ENVBUILDER_FORCE_SAFE` | | Ignores any filesystem safety checks. This could cause serious harm to your system! This is used in cases where bypass is needed to unblock customers. | +| `--insecure` | `ENVBUILDER_INSECURE` | | Bypass TLS verification when cloning and pulling from container registries. | +| `--ignore-paths` | `ENVBUILDER_IGNORE_PATHS` | | The comma separated list of paths to ignore when building the workspace. | +| `--skip-rebuild` | `ENVBUILDER_SKIP_REBUILD` | | Skip building if the MagicFile exists. This is used to skip building when a container is restarting. e.g. docker stop -> docker start This value can always be set to true - even if the container is being started for the first time. | +| `--git-url` | `ENVBUILDER_GIT_URL` | | The URL of a Git repository containing a Devcontainer or Docker image to clone. This is optional. | +| `--git-clone-depth` | `ENVBUILDER_GIT_CLONE_DEPTH` | | The depth to use when cloning the Git repository. | +| `--git-clone-single-branch` | `ENVBUILDER_GIT_CLONE_SINGLE_BRANCH` | | Clone only a single branch of the Git repository. | +| `--git-username` | `ENVBUILDER_GIT_USERNAME` | | The username to use for Git authentication. This is optional. | +| `--git-password` | `ENVBUILDER_GIT_PASSWORD` | | The password to use for Git authentication. This is optional. | +| `--git-ssh-private-key-path` | `ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH` | | Path to an SSH private key to be used for Git authentication. | +| `--git-http-proxy-url` | `ENVBUILDER_GIT_HTTP_PROXY_URL` | | The URL for the HTTP proxy. This is optional. | +| `--workspace-folder` | `ENVBUILDER_WORKSPACE_FOLDER` | | The path to the workspace folder that will be built. This is optional. | +| `--ssl-cert-base64` | `ENVBUILDER_SSL_CERT_BASE64` | | The content of an SSL cert file. This is useful for self-signed certificates. | +| `--export-env-file` | `ENVBUILDER_EXPORT_ENV_FILE` | | Optional file path to a .env file where envbuilder will dump environment variables from devcontainer.json and the built container image. | +| `--post-start-script-path` | `ENVBUILDER_POST_START_SCRIPT_PATH` | | The path to a script that will be created by envbuilder based on the postStartCommand in devcontainer.json, if any is specified (otherwise the script is not created). If this is set, the specified InitCommand should check for the presence of this script and execute it after successful startup. | +| `--coder-agent-url` | `CODER_AGENT_URL` | | URL of the Coder deployment. If CODER_AGENT_TOKEN is also set, logs from envbuilder will be forwarded here and will be visible in the workspace build logs. | +| `--coder-agent-token` | `CODER_AGENT_TOKEN` | | Authentication token for a Coder agent. If this is set, then CODER_AGENT_URL must also be set. | +| `--coder-agent-subsystem` | `CODER_AGENT_SUBSYSTEM` | | Coder agent subsystems to report when forwarding logs. The envbuilder subsystem is always included. | +| `--push-image` | `ENVBUILDER_PUSH_IMAGE` | | Push the built image to a remote registry. This option forces a reproducible build. | +| `--get-cached-image` | `ENVBUILDER_GET_CACHED_IMAGE` | | Print the digest of the cached image, if available. Exits with an error if not found. | + diff --git a/cmd/envbuilder/main.go b/cmd/envbuilder/main.go index 7e18be2d..aa3b3ec4 100644 --- a/cmd/envbuilder/main.go +++ b/cmd/envbuilder/main.go @@ -8,13 +8,14 @@ import ( "net/http" "net/url" "os" + "slices" + "strings" "time" "cdr.dev/slog" - "github.com/coder/coder/v2/codersdk" - "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/envbuilder" - "github.com/spf13/cobra" + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/coder/serpent" // *Never* remove this. Certificates are not bundled as part // of the container, so this is necessary for all connections @@ -23,29 +24,32 @@ import ( ) func main() { - root := &cobra.Command{ - Use: "envbuilder", - // Hide usage because we don't want to show the - // "envbuilder [command] --help" output on error. - SilenceUsage: true, - SilenceErrors: true, - RunE: func(cmd *cobra.Command, args []string) error { - options := envbuilder.OptionsFromEnv(os.LookupEnv) + cmd := envbuilderCmd() + err := cmd.Invoke().WithOS().Run() + if err != nil { + fmt.Fprintf(os.Stderr, "error: %v", err) + os.Exit(1) + } +} - var sendLogs func(ctx context.Context, log ...agentsdk.Log) error - agentURL := os.Getenv("CODER_AGENT_URL") - agentToken := os.Getenv("CODER_AGENT_TOKEN") - if agentToken != "" { - if agentURL == "" { +func envbuilderCmd() serpent.Command { + var options envbuilder.Options + cmd := serpent.Command{ + Use: "envbuilder", + Options: options.CLI(), + Handler: func(inv *serpent.Invocation) error { + var sendLogs func(ctx context.Context, log ...notcodersdk.Log) error + if options.CoderAgentToken != "" { + if options.CoderAgentURL == "" { return errors.New("CODER_AGENT_URL must be set if CODER_AGENT_TOKEN is set") } - parsed, err := url.Parse(agentURL) + u, err := url.Parse(options.CoderAgentURL) if err != nil { - return err + return fmt.Errorf("unable to parse CODER_AGENT_URL as URL: %w", err) } - client := agentsdk.New(parsed) - client.SetSessionToken(agentToken) - client.SDK.HTTPClient = &http.Client{ + client := notcodersdk.New(u) + client.SetSessionToken(options.CoderAgentToken) + client.HTTPClient = &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: options.Insecure, @@ -53,42 +57,37 @@ func main() { }, } var flushAndClose func(ctx context.Context) error - sendLogs, flushAndClose = agentsdk.LogsSender(agentsdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{}) - defer flushAndClose(cmd.Context()) + sendLogs, flushAndClose = notcodersdk.LogsSender(notcodersdk.ExternalLogSourceID, client.PatchLogs, slog.Logger{}) + defer flushAndClose(inv.Context()) // This adds the envbuilder subsystem. // If telemetry is enabled in a Coder deployment, // this will be reported and help us understand // envbuilder usage. - subsystems := os.Getenv("CODER_AGENT_SUBSYSTEM") - if subsystems != "" { - subsystems += "," + if !slices.Contains(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder)) { + options.CoderAgentSubsystem = append(options.CoderAgentSubsystem, string(notcodersdk.AgentSubsystemEnvbuilder)) + os.Setenv("CODER_AGENT_SUBSYSTEM", strings.Join(options.CoderAgentSubsystem, ",")) } - subsystems += string(codersdk.AgentSubsystemEnvbuilder) - os.Setenv("CODER_AGENT_SUBSYSTEM", subsystems) } - options.Logger = func(level codersdk.LogLevel, format string, args ...interface{}) { + options.Logger = func(level notcodersdk.LogLevel, format string, args ...interface{}) { output := fmt.Sprintf(format, args...) - fmt.Fprintln(cmd.ErrOrStderr(), output) + fmt.Fprintln(inv.Stderr, output) if sendLogs != nil { - sendLogs(cmd.Context(), agentsdk.Log{ + sendLogs(inv.Context(), notcodersdk.Log{ CreatedAt: time.Now(), Output: output, Level: level, }) } } - err := envbuilder.Run(cmd.Context(), options) + + err := envbuilder.Run(inv.Context(), options) if err != nil { - options.Logger(codersdk.LogLevelError, "error: %s", err) + options.Logger(notcodersdk.LogLevelError, "error: %s", err) } return err }, } - err := root.Execute() - if err != nil { - fmt.Fprintf(os.Stderr, "error: %v", err) - os.Exit(1) - } + return cmd } diff --git a/cmd/envbuilder/main_test.go b/cmd/envbuilder/main_test.go new file mode 100644 index 00000000..ed1e0377 --- /dev/null +++ b/cmd/envbuilder/main_test.go @@ -0,0 +1,84 @@ +package main + +import ( + "context" + "encoding/json" + "net/http" + "net/http/httptest" + "path/filepath" + "testing" + "time" + + "cdr.dev/slog/sloggers/slogtest" + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/coder/serpent" + "github.com/google/uuid" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_sendLogs(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + // Random token for testing log fowarding + agentToken := uuid.NewString() + + // Server to read logs posted by envbuilder. Matched to backlog limit. + logCh := make(chan notcodersdk.Log, 100) + logs := make([]notcodersdk.Log, 0) + go func() { + for { + select { + case <-ctx.Done(): + return + case log, ok := <-logCh: + if !ok { + return + } + logs = append(logs, log) + } + } + }() + logSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if !assert.Equal(t, http.MethodPatch, r.Method) { + w.WriteHeader(http.StatusMethodNotAllowed) + return + } + assert.Equal(t, agentToken, r.Header.Get(notcodersdk.SessionTokenHeader)) + var res notcodersdk.PatchLogs + if !assert.NoError(t, json.NewDecoder(r.Body).Decode(&res)) { + w.WriteHeader(http.StatusInternalServerError) + return + } + if !assert.Equal(t, notcodersdk.ExternalLogSourceID, res.LogSourceID) { + w.WriteHeader(http.StatusInternalServerError) + return + } + for _, log := range res.Logs { + logCh <- log + } + w.WriteHeader(http.StatusOK) + })) + + // Make an empty working directory + tmpDir := t.TempDir() + t.Setenv("ENVBUILDER_DEVCONTAINER_DIR", tmpDir) + t.Setenv("ENVBUILDER_DOCKERFILE_DIR", filepath.Join(tmpDir, "Dockerfile")) + t.Setenv("ENVBUILDER_WORKSPACE_FOLDER", tmpDir) + t.Setenv("CODER_AGENT_TOKEN", agentToken) + t.Setenv("CODER_AGENT_URL", logSrv.URL) + + testLogger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}) + cmd := envbuilderCmd() + inv := &serpent.Invocation{ + Command: &cmd, + Args: []string{}, + Logger: testLogger, + Environ: serpent.Environ{}, + } + + err := inv.WithOS().Run() + require.ErrorContains(t, err, "no such file or directory") + require.NotEmpty(t, logs) + require.Contains(t, logs[len(logs)-1].Output, "no such file or directory") +} diff --git a/devcontainer/devcontainer.go b/devcontainer/devcontainer.go index 6d94d0a6..7ac8d26d 100644 --- a/devcontainer/devcontainer.go +++ b/devcontainer/devcontainer.go @@ -65,6 +65,7 @@ type Compiled struct { DockerfilePath string DockerfileContent string BuildContext string + FeatureContexts map[string]string BuildArgs []string User string @@ -72,7 +73,7 @@ type Compiled struct { RemoteEnv map[string]string } -func SubstituteVars(s string, workspaceFolder string) string { +func SubstituteVars(s string, workspaceFolder string, lookupEnv func(string) (string, bool)) string { var buf string for { beforeOpen, afterOpen, ok := strings.Cut(s, "${") @@ -84,14 +85,14 @@ func SubstituteVars(s string, workspaceFolder string) string { return buf + s } - buf += beforeOpen + substitute(varExpr, workspaceFolder) + buf += beforeOpen + substitute(varExpr, workspaceFolder, lookupEnv) s = afterClose } } // Spec for variable substitutions: // https://containers.dev/implementors/json_reference/#variables-in-devcontainerjson -func substitute(varExpr string, workspaceFolder string) string { +func substitute(varExpr string, workspaceFolder string, lookupEnv func(string) (string, bool)) string { parts := strings.Split(varExpr, ":") if len(parts) == 1 { switch varExpr { @@ -100,12 +101,16 @@ func substitute(varExpr string, workspaceFolder string) string { case "localWorkspaceFolderBasename", "containerWorkspaceFolderBasename": return filepath.Base(workspaceFolder) default: - return os.Getenv(varExpr) + val, ok := lookupEnv(varExpr) + if ok { + return val + } + return "" } } switch parts[0] { case "env", "localEnv", "containerEnv": - if val, ok := os.LookupEnv(parts[1]); ok { + if val, ok := lookupEnv(parts[1]); ok { return val } if len(parts) == 3 { @@ -130,7 +135,7 @@ func (s Spec) HasDockerfile() bool { // devcontainerDir is the path to the directory where the devcontainer.json file // is located. scratchDir is the path to the directory where the Dockerfile will // be written to if one doesn't exist. -func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir, fallbackDockerfile, workspaceFolder string) (*Compiled, error) { +func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir string, fallbackDockerfile, workspaceFolder string, useBuildContexts bool, lookupEnv func(string) (string, bool)) (*Compiled, error) { params := &Compiled{ User: s.ContainerUser, ContainerEnv: s.ContainerEnv, @@ -140,7 +145,7 @@ func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir, fallbac if s.Image != "" { // We just write the image to a file and return it. dockerfilePath := filepath.Join(scratchDir, "Dockerfile") - file, err := fs.OpenFile(dockerfilePath, os.O_CREATE|os.O_WRONLY, 0644) + file, err := fs.OpenFile(dockerfilePath, os.O_CREATE|os.O_WRONLY, 0o644) if err != nil { return nil, fmt.Errorf("open dockerfile: %w", err) } @@ -177,7 +182,7 @@ func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir, fallbac buildArgs := make([]string, 0) for _, key := range buildArgkeys { - val := SubstituteVars(s.Build.Args[key], workspaceFolder) + val := SubstituteVars(s.Build.Args[key], workspaceFolder, lookupEnv) buildArgs = append(buildArgs, key+"="+val) } params.BuildArgs = buildArgs @@ -213,25 +218,26 @@ func (s *Spec) Compile(fs billy.Filesystem, devcontainerDir, scratchDir, fallbac if remoteUser == "" { remoteUser = params.User } - params.DockerfileContent, err = s.compileFeatures(fs, devcontainerDir, scratchDir, params.User, remoteUser, params.DockerfileContent) + params.DockerfileContent, params.FeatureContexts, err = s.compileFeatures(fs, devcontainerDir, scratchDir, params.User, remoteUser, params.DockerfileContent, useBuildContexts) if err != nil { return nil, err } return params, nil } -func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir, containerUser, remoteUser, dockerfileContent string) (string, error) { +func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir string, containerUser, remoteUser, dockerfileContent string, useBuildContexts bool) (string, map[string]string, error) { // If there are no features, we don't need to do anything! if len(s.Features) == 0 { - return dockerfileContent, nil + return dockerfileContent, nil, nil } featuresDir := filepath.Join(scratchDir, "features") - err := fs.MkdirAll(featuresDir, 0644) + err := fs.MkdirAll(featuresDir, 0o644) if err != nil { - return "", fmt.Errorf("create features directory: %w", err) + return "", nil, fmt.Errorf("create features directory: %w", err) } featureDirectives := []string{} + featureContexts := make(map[string]string) // TODO: Respect the installation order outlined by the spec: // https://containers.dev/implementors/features/#installation-order @@ -243,17 +249,18 @@ func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir, // is deterministic which allows for caching. sort.Strings(featureOrder) + var lines []string for _, featureRefRaw := range featureOrder { var ( featureRef string ok bool ) if _, featureRef, ok = strings.Cut(featureRefRaw, "./"); !ok { - featureRefParsed, err := name.NewTag(featureRefRaw) + featureRefParsed, err := name.ParseReference(featureRefRaw) if err != nil { - return "", fmt.Errorf("parse feature ref %s: %w", featureRefRaw, err) + return "", nil, fmt.Errorf("parse feature ref %s: %w", featureRefRaw, err) } - featureRef = featureRefParsed.Repository.Name() + featureRef = featureRefParsed.Context().Name() } featureOpts := map[string]any{} @@ -275,29 +282,33 @@ func (s *Spec) compileFeatures(fs billy.Filesystem, devcontainerDir, scratchDir, featureSha := md5.Sum([]byte(featureRefRaw)) featureName := filepath.Base(featureRef) featureDir := filepath.Join(featuresDir, fmt.Sprintf("%s-%x", featureName, featureSha[:4])) - err = fs.MkdirAll(featureDir, 0644) - if err != nil { - return "", err + if err := fs.MkdirAll(featureDir, 0o644); err != nil { + return "", nil, err } spec, err := features.Extract(fs, devcontainerDir, featureDir, featureRefRaw) if err != nil { - return "", fmt.Errorf("extract feature %s: %w", featureRefRaw, err) + return "", nil, fmt.Errorf("extract feature %s: %w", featureRefRaw, err) } - directive, err := spec.Compile(containerUser, remoteUser, featureOpts) + fromDirective, directive, err := spec.Compile(featureRef, featureName, featureDir, containerUser, remoteUser, useBuildContexts, featureOpts) if err != nil { - return "", fmt.Errorf("compile feature %s: %w", featureRefRaw, err) + return "", nil, fmt.Errorf("compile feature %s: %w", featureRefRaw, err) } featureDirectives = append(featureDirectives, directive) + if useBuildContexts { + featureContexts[featureRef] = featureDir + lines = append(lines, fromDirective) + } } - lines := []string{"\nUSER root"} + lines = append(lines, dockerfileContent) + lines = append(lines, "\nUSER root") lines = append(lines, featureDirectives...) if remoteUser != "" { // TODO: We should warn that because we were unable to find the remote user, // we're going to run as root. lines = append(lines, fmt.Sprintf("USER %s", remoteUser)) } - return strings.Join(append([]string{dockerfileContent}, lines...), "\n"), err + return strings.Join(lines, "\n"), featureContexts, err } // UserFromDockerfile inspects the contents of a provided Dockerfile diff --git a/devcontainer/devcontainer_test.go b/devcontainer/devcontainer_test.go index ad369ff6..c18c6b73 100644 --- a/devcontainer/devcontainer_test.go +++ b/devcontainer/devcontainer_test.go @@ -10,10 +10,9 @@ import ( "strings" "testing" - "github.com/coder/envbuilder" "github.com/coder/envbuilder/devcontainer" "github.com/coder/envbuilder/devcontainer/features" - "github.com/coder/envbuilder/registrytest" + "github.com/coder/envbuilder/testutil/registrytest" "github.com/go-git/go-billy/v5/memfs" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" @@ -23,6 +22,12 @@ import ( "github.com/stretchr/testify/require" ) +const magicDir = "/.envbuilder" + +func stubLookupEnv(string) (string, bool) { + return "", false +} + func TestParse(t *testing.T) { t.Parallel() raw := `{ @@ -77,7 +82,7 @@ func TestCompileWithFeatures(t *testing.T) { "context": ".", }, // Comments here! - "image": "codercom/code-server:latest", + "image": "localhost:5000/envbuilder-test-codercom-code-server:latest", "features": { "` + featureOne + `": {}, "` + featureTwo + `": "potato" @@ -86,16 +91,17 @@ func TestCompileWithFeatures(t *testing.T) { dc, err := devcontainer.Parse([]byte(raw)) require.NoError(t, err) fs := memfs.New() - params, err := dc.Compile(fs, "", envbuilder.MagicDir, "", "") - require.NoError(t, err) - // We have to SHA because we get a different MD5 every time! featureOneMD5 := md5.Sum([]byte(featureOne)) featureOneDir := fmt.Sprintf("/.envbuilder/features/one-%x", featureOneMD5[:4]) featureTwoMD5 := md5.Sum([]byte(featureTwo)) featureTwoDir := fmt.Sprintf("/.envbuilder/features/two-%x", featureTwoMD5[:4]) - require.Equal(t, `FROM codercom/code-server:latest + t.Run("WithoutBuildContexts", func(t *testing.T) { + params, err := dc.Compile(fs, "", magicDir, "", "", false, stubLookupEnv) + require.NoError(t, err) + + require.Equal(t, `FROM localhost:5000/envbuilder-test-codercom-code-server:latest USER root # Rust tomato - Example description! @@ -107,6 +113,38 @@ WORKDIR `+featureTwoDir+` ENV POTATO=example RUN VERSION="potato" _CONTAINER_USER="1000" _REMOTE_USER="1000" ./install.sh USER 1000`, params.DockerfileContent) + }) + + t.Run("WithBuildContexts", func(t *testing.T) { + params, err := dc.Compile(fs, "", magicDir, "", "", true, stubLookupEnv) + require.NoError(t, err) + + registryHost := strings.TrimPrefix(registry, "http://") + + require.Equal(t, `FROM scratch AS envbuilder_feature_one +COPY --from=`+registryHost+`/coder/one / / + +FROM scratch AS envbuilder_feature_two +COPY --from=`+registryHost+`/coder/two / / + +FROM localhost:5000/envbuilder-test-codercom-code-server:latest + +USER root +# Rust tomato - Example description! +WORKDIR /.envbuilder/features/one +ENV TOMATO=example +RUN --mount=type=bind,from=envbuilder_feature_one,target=/.envbuilder/features/one,rw _CONTAINER_USER="1000" _REMOTE_USER="1000" ./install.sh +# Go potato - Example description! +WORKDIR /.envbuilder/features/two +ENV POTATO=example +RUN --mount=type=bind,from=envbuilder_feature_two,target=/.envbuilder/features/two,rw VERSION="potato" _CONTAINER_USER="1000" _REMOTE_USER="1000" ./install.sh +USER 1000`, params.DockerfileContent) + + require.Equal(t, map[string]string{ + registryHost + "/coder/one": featureOneDir, + registryHost + "/coder/two": featureTwoDir, + }, params.FeatureContexts) + }) } func TestCompileDevContainer(t *testing.T) { @@ -115,12 +153,12 @@ func TestCompileDevContainer(t *testing.T) { t.Parallel() fs := memfs.New() dc := &devcontainer.Spec{ - Image: "codercom/code-server:latest", + Image: "localhost:5000/envbuilder-test-ubuntu:latest", } - params, err := dc.Compile(fs, "", envbuilder.MagicDir, "", "") + params, err := dc.Compile(fs, "", magicDir, "", "", false, stubLookupEnv) require.NoError(t, err) - require.Equal(t, filepath.Join(envbuilder.MagicDir, "Dockerfile"), params.DockerfilePath) - require.Equal(t, envbuilder.MagicDir, params.BuildContext) + require.Equal(t, filepath.Join(magicDir, "Dockerfile"), params.DockerfilePath) + require.Equal(t, magicDir, params.BuildContext) }) t.Run("WithBuild", func(t *testing.T) { t.Parallel() @@ -136,14 +174,14 @@ func TestCompileDevContainer(t *testing.T) { }, } dcDir := "/workspaces/coder/.devcontainer" - err := fs.MkdirAll(dcDir, 0755) + err := fs.MkdirAll(dcDir, 0o755) require.NoError(t, err) - file, err := fs.OpenFile(filepath.Join(dcDir, "Dockerfile"), os.O_CREATE|os.O_WRONLY, 0644) + file, err := fs.OpenFile(filepath.Join(dcDir, "Dockerfile"), os.O_CREATE|os.O_WRONLY, 0o644) require.NoError(t, err) - _, err = io.WriteString(file, "FROM ubuntu") + _, err = io.WriteString(file, "FROM localhost:5000/envbuilder-test-ubuntu:latest") require.NoError(t, err) _ = file.Close() - params, err := dc.Compile(fs, dcDir, envbuilder.MagicDir, "", "/var/workspace") + params, err := dc.Compile(fs, dcDir, magicDir, "", "/var/workspace", false, stubLookupEnv) require.NoError(t, err) require.Equal(t, "ARG1=value1", params.BuildArgs[0]) require.Equal(t, "ARG2=workspace", params.BuildArgs[1]) diff --git a/devcontainer/features/features.go b/devcontainer/features/features.go index bc2d86d7..4775aad3 100644 --- a/devcontainer/features/features.go +++ b/devcontainer/features/features.go @@ -65,7 +65,7 @@ func extractFromImage(fs billy.Filesystem, directory, reference string) error { path := filepath.Join(directory, header.Name) switch header.Typeflag { case tar.TypeDir: - err = fs.MkdirAll(path, 0755) + err = fs.MkdirAll(path, 0o755) if err != nil { return fmt.Errorf("mkdir %s: %w", path, err) } @@ -126,7 +126,7 @@ func Extract(fs billy.Filesystem, devcontainerDir, directory, reference string) if ok { // For some reason the filesystem abstraction doesn't support chmod. // https://github.com/src-d/go-billy/issues/56 - err = chmodder.Chmod(installScriptPath, 0755) + err = chmodder.Chmod(installScriptPath, 0o755) } if err != nil { return nil, fmt.Errorf("chmod install.sh: %w", err) @@ -162,7 +162,6 @@ func Extract(fs billy.Filesystem, devcontainerDir, directory, reference string) return nil, errors.New(`devcontainer-feature.json: name is required`) } - spec.Directory = directory return spec, nil } @@ -188,16 +187,15 @@ type Spec struct { Keywords []string `json:"keywords"` Options map[string]Option `json:"options"` ContainerEnv map[string]string `json:"containerEnv"` - - Directory string `json:"-"` } // Extract unpacks the feature from the image and returns a set of lines // that should be appended to a Dockerfile to install the feature. -func (s *Spec) Compile(containerUser, remoteUser string, options map[string]any) (string, error) { +func (s *Spec) Compile(featureRef, featureName, featureDir, containerUser, remoteUser string, useBuildContexts bool, options map[string]any) (string, string, error) { // TODO not sure how we figure out _(REMOTE|CONTAINER)_USER_HOME // as per the feature spec. // See https://containers.dev/implementors/features/#user-env-var + var fromDirective string runDirective := []string{ "_CONTAINER_USER=" + strconv.Quote(containerUser), "_REMOTE_USER=" + strconv.Quote(remoteUser), @@ -213,13 +211,20 @@ func (s *Spec) Compile(containerUser, remoteUser string, options map[string]any) runDirective = append(runDirective, fmt.Sprintf(`%s=%q`, convertOptionNameToEnv(key), strValue)) } if len(options) > 0 { - return "", fmt.Errorf("unknown option: %v", options) + return "", "", fmt.Errorf("unknown option: %v", options) } // It's critical that the Dockerfile produced is deterministic, // regardless of map iteration order. sort.Strings(runDirective) // See https://containers.dev/implementors/features/#invoking-installsh - runDirective = append([]string{"RUN"}, runDirective...) + if useBuildContexts { + // Use a deterministic target directory to make the resulting Dockerfile cacheable + featureDir = "/.envbuilder/features/" + featureName + fromDirective = "FROM scratch AS envbuilder_feature_" + featureName + "\nCOPY --from=" + featureRef + " / /\n" + runDirective = append([]string{"RUN", "--mount=type=bind,from=envbuilder_feature_" + featureName + ",target=" + featureDir + ",rw"}, runDirective...) + } else { + runDirective = append([]string{"RUN"}, runDirective...) + } runDirective = append(runDirective, "./install.sh") comment := "" @@ -236,7 +241,7 @@ func (s *Spec) Compile(containerUser, remoteUser string, options map[string]any) if comment != "" { lines = append(lines, comment) } - lines = append(lines, "WORKDIR "+s.Directory) + lines = append(lines, "WORKDIR "+featureDir) envKeys := make([]string, 0, len(s.ContainerEnv)) for key := range s.ContainerEnv { envKeys = append(envKeys, key) @@ -249,7 +254,7 @@ func (s *Spec) Compile(containerUser, remoteUser string, options map[string]any) } lines = append(lines, strings.Join(runDirective, " ")) - return strings.Join(lines, "\n"), nil + return fromDirective, strings.Join(lines, "\n"), nil } var ( diff --git a/devcontainer/features/features_test.go b/devcontainer/features/features_test.go index d6b9db01..389193c6 100644 --- a/devcontainer/features/features_test.go +++ b/devcontainer/features/features_test.go @@ -5,7 +5,7 @@ import ( "testing" "github.com/coder/envbuilder/devcontainer/features" - "github.com/coder/envbuilder/registrytest" + "github.com/coder/envbuilder/testutil/registrytest" "github.com/go-git/go-billy/v5/memfs" "github.com/stretchr/testify/require" ) @@ -73,44 +73,48 @@ func TestCompile(t *testing.T) { t.Run("UnknownOption", func(t *testing.T) { t.Parallel() spec := &features.Spec{} - _, err := spec.Compile("containerUser", "remoteUser", map[string]any{ + _, _, err := spec.Compile("coder/test:latest", "test", "", "containerUser", "remoteUser", false, map[string]any{ "unknown": "value", }) require.ErrorContains(t, err, "unknown option") }) t.Run("Basic", func(t *testing.T) { t.Parallel() - spec := &features.Spec{ - Directory: "/", - } - directive, err := spec.Compile("containerUser", "remoteUser", nil) + spec := &features.Spec{} + _, directive, err := spec.Compile("coder/test:latest", "test", "/", "containerUser", "remoteUser", false, nil) require.NoError(t, err) require.Equal(t, "WORKDIR /\nRUN _CONTAINER_USER=\"containerUser\" _REMOTE_USER=\"remoteUser\" ./install.sh", strings.TrimSpace(directive)) }) t.Run("ContainerEnv", func(t *testing.T) { t.Parallel() spec := &features.Spec{ - Directory: "/", ContainerEnv: map[string]string{ "FOO": "bar", }, } - directive, err := spec.Compile("containerUser", "remoteUser", nil) + _, directive, err := spec.Compile("coder/test:latest", "test", "/", "containerUser", "remoteUser", false, nil) require.NoError(t, err) require.Equal(t, "WORKDIR /\nENV FOO=bar\nRUN _CONTAINER_USER=\"containerUser\" _REMOTE_USER=\"remoteUser\" ./install.sh", strings.TrimSpace(directive)) }) t.Run("OptionsEnv", func(t *testing.T) { t.Parallel() spec := &features.Spec{ - Directory: "/", Options: map[string]features.Option{ "foo": { Default: "bar", }, }, } - directive, err := spec.Compile("containerUser", "remoteUser", nil) + _, directive, err := spec.Compile("coder/test:latest", "test", "/", "containerUser", "remoteUser", false, nil) require.NoError(t, err) require.Equal(t, "WORKDIR /\nRUN FOO=\"bar\" _CONTAINER_USER=\"containerUser\" _REMOTE_USER=\"remoteUser\" ./install.sh", strings.TrimSpace(directive)) }) + t.Run("BuildContext", func(t *testing.T) { + t.Parallel() + spec := &features.Spec{} + fromDirective, runDirective, err := spec.Compile("coder/test:latest", "test", "/.envbuilder/feature/test-d8e8fc", "containerUser", "remoteUser", true, nil) + require.NoError(t, err) + require.Equal(t, "FROM scratch AS envbuilder_feature_test\nCOPY --from=coder/test:latest / /", strings.TrimSpace(fromDirective)) + require.Equal(t, "WORKDIR /.envbuilder/features/test\nRUN --mount=type=bind,from=envbuilder_feature_test,target=/.envbuilder/features/test,rw _CONTAINER_USER=\"containerUser\" _REMOTE_USER=\"remoteUser\" ./install.sh", strings.TrimSpace(runDirective)) + }) } diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 00000000..4ed032e3 --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,127 @@ +# Docker inside Envbuilder + +There are a number of approaches you can use to have access to a Docker daemon +from inside Envbuilder: + +## Docker Outside of Docker (DooD) + +**Security:** None +**Convenience:** High + +This approach re-uses the host Docker socket and passes it inside the container. +It is the simplest approach, but offers **no security** -- any process inside the +container that can connect to the Docker socket will have access to the +underlying host. +Only use it if you are the only person using the Docker socket (for example, if +you are experimenting on your own workstation). + +Example: + +```console +docker run -it --rm \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ + -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/01_dood \ + -e ENVBUILDER_INIT_SCRIPT=bash \ + -v /var/run/docker.sock:/var/run/docker.sock \ + ghcr.io/coder/envbuilder:latest +``` + + +## Docker-in-Docker (DinD) + +**Security:** Low +**Convenience:** High + +This approach entails running a Docker daemon inside the container. +This requires a privileged container to run, and therefore has a wide potential +attack surface. + +Example: + +> Note that due to a lack of init system, the Docker daemon +> needs to be started separately inside the container. In this example, we +> create a custom entrypoint to start the Docker daemon in the background and +> call this entrypoint via `ENVBUILDER_INIT_SCRIPT`. + +```console +docker run -it --rm \ + --privileged \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ + -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/02_dind \ + -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \ + ghcr.io/coder/envbuilder:latest +``` + +### DinD via Devcontainer Feature + +The above can also be accomplished using the [`docker-in-docker` Devcontainer +feature](https://github.com/devcontainers/features/tree/main/src/docker-in-docker). + +> Note: we still need the custom entrypoint to start the docker startup script. +> See https://github.com/devcontainers/features/blob/main/src/docker-in-docker/devcontainer-feature.json#L60 + +Example: + +```console +docker run -it --rm \ + --privileged \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ + -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/03_dind_feature \ + -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \ + ghcr.io/coder/envbuilder:latest +``` + +## Rootless DinD + +**Security:** Medium +**Convenience:** Medium + +This approach runs a Docker daemon in *rootless* mode. +While this still requires a privileged container, this allows you to restrict +usage of the `root` user inside the container, as the Docker daemon will be run +under a "fake" root user (via `rootlesskit`). The user inside the workspace can +then be a 'regular' user without root permissions. + +> Note: Once again, we use a custom entrypoint via `ENVBUILDER_INIT_SCRIPT` to +> start the Docker daemon via `rootlesskit`. + +Example: + +```console +docker run -it --rm \ + --privileged \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ + -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/04_dind_rootless \ + -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \ + ghcr.io/coder/envbuilder:latest +``` + +## Docker-in-Docker using Sysbox + +**Security:** High +**Convenience:** Low for infra admins, high for users + +This approach requires installing the [`sysbox-runc` container +runtime](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/install-package.md). +This is an alternative container runtime that provides additional benefits, +including transparently enabling Docker inside workspaces. Most notably, it +**does not require a privileged container**, so you can allow developers root +access inside their workspaces, if required. + +Example: +```console +docker run -it --rm \ + -v /tmp/envbuilder:/workspaces \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ + -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/02_dind \ + -e ENVBUILDER_INIT_SCRIPT=/entrypoint.sh \ + --runtime sysbox-runc \ + ghcr.io/coder/envbuilder:latest +``` + +For further information on Sysbox, please consult the [Sysbox +Documentation](https://github.com/nestybox/sysbox/blob/master/docs/user-guide/README.md). diff --git a/envbuilder.go b/envbuilder.go index 7607a3ee..5538ea9c 100644 --- a/envbuilder.go +++ b/envbuilder.go @@ -10,22 +10,20 @@ import ( "errors" "fmt" "io" + "io/fs" "maps" "net" "net/http" - "net/url" "os" "os/exec" "os/user" "path/filepath" - "reflect" "sort" "strconv" "strings" "syscall" "time" - dcontext "github.com/distribution/distribution/v3/context" "github.com/kballard/go-shellquote" "github.com/mattn/go-isatty" @@ -33,8 +31,10 @@ import ( "github.com/GoogleContainerTools/kaniko/pkg/creds" "github.com/GoogleContainerTools/kaniko/pkg/executor" "github.com/GoogleContainerTools/kaniko/pkg/util" - "github.com/coder/coder/v2/codersdk" + giturls "github.com/chainguard-dev/git-urls" "github.com/coder/envbuilder/devcontainer" + "github.com/coder/envbuilder/internal/ebutil" + "github.com/coder/envbuilder/internal/notcodersdk" "github.com/containerd/containerd/platforms" "github.com/distribution/distribution/v3/configuration" "github.com/distribution/distribution/v3/registry/handlers" @@ -44,7 +44,6 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/osfs" "github.com/go-git/go-git/v5/plumbing/transport" - githttp "github.com/go-git/go-git/v5/plumbing/transport/http" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/sirupsen/logrus" @@ -77,174 +76,29 @@ var ( MagicFile = filepath.Join(MagicDir, "built") ) -type Options struct { - // SetupScript is the script to run before the init script. - // It runs as the root user regardless of the user specified - // in the devcontainer.json file. - - // SetupScript is ran as the root user prior to the init script. - // It is used to configure envbuilder dynamically during the runtime. - // e.g. specifying whether to start `systemd` or `tiny init` for PID 1. - SetupScript string `env:"SETUP_SCRIPT"` - - // InitScript is the script to run to initialize the workspace. - InitScript string `env:"INIT_SCRIPT"` - - // InitCommand is the command to run to initialize the workspace. - InitCommand string `env:"INIT_COMMAND"` - - // InitArgs are the arguments to pass to the init command. - // They are split according to `/bin/sh` rules with - // https://github.com/kballard/go-shellquote - InitArgs string `env:"INIT_ARGS"` - - // CacheRepo is the name of the container registry - // to push the cache image to. If this is empty, the cache - // will not be pushed. - CacheRepo string `env:"CACHE_REPO"` - - // BaseImageCacheDir is the path to a directory where the base - // image can be found. This should be a read-only directory - // solely mounted for the purpose of caching the base image. - BaseImageCacheDir string `env:"BASE_IMAGE_CACHE_DIR"` - - // LayerCacheDir is the path to a directory where built layers - // will be stored. This spawns an in-memory registry to serve - // the layers from. - // - // It will override CacheRepo if both are specified. - LayerCacheDir string `env:"LAYER_CACHE_DIR"` - - // DevcontainerDir is a path to the folder containing - // the devcontainer.json file that will be used to build the - // workspace and can either be an absolute path or a path - // relative to the workspace folder. If not provided, defaults to - // `.devcontainer`. - DevcontainerDir string `env:"DEVCONTAINER_DIR"` - - // DevcontainerJSONPath is a path to a devcontainer.json file - // that is either an absolute path or a path relative to - // DevcontainerDir. This can be used in cases where one wants - // to substitute an edited devcontainer.json file for the one - // that exists in the repo. - DevcontainerJSONPath string `env:"DEVCONTAINER_JSON_PATH"` - - // DockerfilePath is a relative path to the Dockerfile that - // will be used to build the workspace. This is an alternative - // to using a devcontainer that some might find simpler. - DockerfilePath string `env:"DOCKERFILE_PATH"` - - // CacheTTLDays is the number of days to use cached layers before - // expiring them. Defaults to 7 days. - CacheTTLDays int `env:"CACHE_TTL_DAYS"` - - // DockerConfigBase64 is a base64 encoded Docker config - // file that will be used to pull images from private - // container registries. - DockerConfigBase64 string `env:"DOCKER_CONFIG_BASE64"` - - // FallbackImage specifies an alternative image to use when neither - // an image is declared in the devcontainer.json file nor a Dockerfile is present. - // If there's a build failure (from a faulty Dockerfile) or a misconfiguration, - // this image will be the substitute. - // Set `ExitOnBuildFailure` to true to halt the container if the build faces an issue. - FallbackImage string `env:"FALLBACK_IMAGE"` - - // ExitOnBuildFailure terminates the container upon a build failure. - // This is handy when preferring the `FALLBACK_IMAGE` in cases where - // no devcontainer.json or image is provided. However, it ensures - // that the container stops if the build process encounters an error. - ExitOnBuildFailure bool `env:"EXIT_ON_BUILD_FAILURE"` - - // ForceSafe ignores any filesystem safety checks. - // This could cause serious harm to your system! - // This is used in cases where bypass is needed - // to unblock customers! - ForceSafe bool `env:"FORCE_SAFE"` - - // Insecure bypasses TLS verification when cloning - // and pulling from container registries. - Insecure bool `env:"INSECURE"` - - // IgnorePaths is a comma separated list of paths - // to ignore when building the workspace. - IgnorePaths []string `env:"IGNORE_PATHS"` - - // SkipRebuild skips building if the MagicFile exists. - // This is used to skip building when a container is - // restarting. e.g. docker stop -> docker start - // This value can always be set to true - even if the - // container is being started for the first time. - SkipRebuild bool `env:"SKIP_REBUILD"` - - // GitURL is the URL of the Git repository to clone. - // This is optional! - GitURL string `env:"GIT_URL"` - - // GitCloneDepth is the depth to use when cloning - // the Git repository. - GitCloneDepth int `env:"GIT_CLONE_DEPTH"` - - // GitCloneSingleBranch clones only a single branch - // of the Git repository. - GitCloneSingleBranch bool `env:"GIT_CLONE_SINGLE_BRANCH"` - - // GitUsername is the username to use for Git authentication. - // This is optional! - GitUsername string `env:"GIT_USERNAME"` - - // GitPassword is the password to use for Git authentication. - // This is optional! - GitPassword string `env:"GIT_PASSWORD"` - - // GitHTTPProxyURL is the url for the http proxy. - // This is optional! - GitHTTPProxyURL string `env:"GIT_HTTP_PROXY_URL"` - - // WorkspaceFolder is the path to the workspace folder - // that will be built. This is optional! - WorkspaceFolder string `env:"WORKSPACE_FOLDER"` - - // SSLCertBase64 is the content of an SSL cert file. - // This is useful for self-signed certificates. - SSLCertBase64 string `env:"SSL_CERT_BASE64"` - - // ExportEnvFile is an optional file path to a .env file where - // envbuilder will dump environment variables from devcontainer.json and - // the built container image. - ExportEnvFile string `env:"EXPORT_ENV_FILE"` - - // PostStartScriptPath is the path to a script that will be created by - // envbuilder based on the `postStartCommand` in devcontainer.json, if any - // is specified (otherwise the script is not created). If this is set, the - // specified InitCommand should check for the presence of this script and - // execute it after successful startup. - PostStartScriptPath string `env:"POST_START_SCRIPT_PATH"` - - // Logger is the logger to use for all operations. - Logger func(level codersdk.LogLevel, format string, args ...interface{}) - - // Filesystem is the filesystem to use for all operations. - // Defaults to the host filesystem. - Filesystem billy.Filesystem -} - // DockerConfig represents the Docker configuration file. type DockerConfig configfile.ConfigFile // Run runs the envbuilder. +// Logger is the logf to use for all operations. +// Filesystem is the filesystem to use for all operations. +// Defaults to the host filesystem. func Run(ctx context.Context, options Options) error { + // Temporarily removed these from the default settings to prevent conflicts + // between current and legacy environment variables that add default values. + // Once the legacy environment variables are phased out, this can be + // reinstated to the previous default values. + if len(options.IgnorePaths) == 0 { + options.IgnorePaths = []string{"/var/run"} + } if options.InitScript == "" { options.InitScript = "sleep infinity" } if options.InitCommand == "" { options.InitCommand = "/bin/sh" } - if options.IgnorePaths == nil { - // Kubernetes frequently stores secrets in /var/run/secrets, and - // other applications might as well. This seems to be a sensible - // default, but if that changes, it's simple to adjust. - options.IgnorePaths = []string{"/var/run"} + if options.CacheRepo == "" && options.PushImage { + return fmt.Errorf("--cache-repo must be set when using --push-image") } // Default to the shell! initArgs := []string{"-c", options.InitScript} @@ -259,26 +113,26 @@ func Run(ctx context.Context, options Options) error { options.Filesystem = &osfsWithChmod{osfs.New("/")} } if options.WorkspaceFolder == "" { - var err error - options.WorkspaceFolder, err = DefaultWorkspaceFolder(options.GitURL) + f, err := DefaultWorkspaceFolder(options.GitURL) if err != nil { return err } + options.WorkspaceFolder = f } - logf := options.Logger - stageNumber := 1 - startStage := func(format string, args ...interface{}) func(format string, args ...interface{}) { + + stageNumber := 0 + startStage := func(format string, args ...any) func(format string, args ...any) { now := time.Now() - stageNum := stageNumber stageNumber++ - logf(codersdk.LogLevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...)) + stageNum := stageNumber + options.Logger(notcodersdk.LogLevelInfo, "#%d: %s", stageNum, fmt.Sprintf(format, args...)) - return func(format string, args ...interface{}) { - logf(codersdk.LogLevelInfo, "#%d: %s [%s]", stageNum, fmt.Sprintf(format, args...), time.Since(now)) + return func(format string, args ...any) { + options.Logger(notcodersdk.LogLevelInfo, "#%d: %s [%s]", stageNum, fmt.Sprintf(format, args...), time.Since(now)) } } - logf(codersdk.LogLevelInfo, "%s - Build development environments from repositories in a container", newColor(color.Bold).Sprintf("envbuilder")) + options.Logger(notcodersdk.LogLevelInfo, "%s - Build development environments from repositories in a container", newColor(color.Bold).Sprintf("envbuilder")) var caBundle []byte if options.SSLCertBase64 != "" { @@ -311,7 +165,7 @@ func Run(ctx context.Context, options Options) error { if err != nil { return fmt.Errorf("parse docker config: %w", err) } - err = os.WriteFile(filepath.Join(MagicDir, "config.json"), decoded, 0644) + err = os.WriteFile(filepath.Join(MagicDir, "config.json"), decoded, 0o644) if err != nil { return fmt.Errorf("write docker config: %w", err) } @@ -340,7 +194,7 @@ func Run(ctx context.Context, options Options) error { if line == "" { continue } - logf(codersdk.LogLevelInfo, "#1: %s", strings.TrimSpace(line)) + options.Logger(notcodersdk.LogLevelInfo, "#1: %s", strings.TrimSpace(line)) } } }() @@ -351,23 +205,11 @@ func Run(ctx context.Context, options Options) error { Insecure: options.Insecure, Progress: writer, SingleBranch: options.GitCloneSingleBranch, - Depth: options.GitCloneDepth, + Depth: int(options.GitCloneDepth), CABundle: caBundle, } - if options.GitUsername != "" || options.GitPassword != "" { - gitURL, err := url.Parse(options.GitURL) - if err != nil { - return fmt.Errorf("parse git url: %w", err) - } - gitURL.User = url.UserPassword(options.GitUsername, options.GitPassword) - options.GitURL = gitURL.String() - - cloneOpts.RepoAuth = &githttp.BasicAuth{ - Username: options.GitUsername, - Password: options.GitPassword, - } - } + cloneOpts.RepoAuth = SetupRepoAuth(&options) if options.GitHTTPProxyURL != "" { cloneOpts.ProxyOptions = transport.ProxyOptions{ URL: options.GitHTTPProxyURL, @@ -383,14 +225,14 @@ func Run(ctx context.Context, options Options) error { endStage("📦 The repository already exists!") } } else { - logf(codersdk.LogLevelError, "Failed to clone repository: %s", fallbackErr.Error()) - logf(codersdk.LogLevelError, "Falling back to the default image...") + options.Logger(notcodersdk.LogLevelError, "Failed to clone repository: %s", fallbackErr.Error()) + options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...") } } defaultBuildParams := func() (*devcontainer.Compiled, error) { dockerfile := filepath.Join(MagicDir, "Dockerfile") - file, err := options.Filesystem.OpenFile(dockerfile, os.O_CREATE|os.O_WRONLY, 0644) + file, err := options.Filesystem.OpenFile(dockerfile, os.O_CREATE|os.O_WRONLY, 0o644) if err != nil { return nil, err } @@ -418,26 +260,19 @@ func Run(ctx context.Context, options Options) error { var ( buildParams *devcontainer.Compiled scripts devcontainer.LifecycleScripts + + devcontainerPath string ) if options.DockerfilePath == "" { // Only look for a devcontainer if a Dockerfile wasn't specified. // devcontainer is a standard, so it's reasonable to be the default. - devcontainerDir := options.DevcontainerDir - if devcontainerDir == "" { - devcontainerDir = ".devcontainer" - } - if !filepath.IsAbs(devcontainerDir) { - devcontainerDir = filepath.Join(options.WorkspaceFolder, devcontainerDir) - } - devcontainerPath := options.DevcontainerJSONPath - if devcontainerPath == "" { - devcontainerPath = "devcontainer.json" - } - if !filepath.IsAbs(devcontainerPath) { - devcontainerPath = filepath.Join(devcontainerDir, devcontainerPath) - } - _, err := options.Filesystem.Stat(devcontainerPath) - if err == nil { + var devcontainerDir string + var err error + devcontainerPath, devcontainerDir, err = findDevcontainerJSON(options) + if err != nil { + options.Logger(notcodersdk.LogLevelError, "Failed to locate devcontainer.json: %s", err.Error()) + options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...") + } else { // We know a devcontainer exists. // Let's parse it and use it! file, err := options.Filesystem.Open(devcontainerPath) @@ -457,22 +292,31 @@ func Run(ctx context.Context, options Options) error { if err != nil { return fmt.Errorf("no Dockerfile or image found: %w", err) } - logf(codersdk.LogLevelInfo, "No Dockerfile or image specified; falling back to the default image...") + options.Logger(notcodersdk.LogLevelInfo, "No Dockerfile or image specified; falling back to the default image...") fallbackDockerfile = defaultParams.DockerfilePath } - buildParams, err = devContainer.Compile(options.Filesystem, devcontainerDir, MagicDir, fallbackDockerfile, options.WorkspaceFolder) + buildParams, err = devContainer.Compile(options.Filesystem, devcontainerDir, MagicDir, fallbackDockerfile, options.WorkspaceFolder, false, os.LookupEnv) if err != nil { return fmt.Errorf("compile devcontainer.json: %w", err) } scripts = devContainer.LifecycleScripts } else { - logf(codersdk.LogLevelError, "Failed to parse devcontainer.json: %s", err.Error()) - logf(codersdk.LogLevelError, "Falling back to the default image...") + options.Logger(notcodersdk.LogLevelError, "Failed to parse devcontainer.json: %s", err.Error()) + options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...") } } } else { // If a Dockerfile was specified, we use that. dockerfilePath := filepath.Join(options.WorkspaceFolder, options.DockerfilePath) + + // If the dockerfilePath is specified and deeper than the base of WorkspaceFolder AND the BuildContextPath is + // not defined, show a warning + dockerfileDir := filepath.Dir(dockerfilePath) + if dockerfileDir != filepath.Clean(options.WorkspaceFolder) && options.BuildContextPath == "" { + options.Logger(notcodersdk.LogLevelWarn, "given dockerfile %q is below %q and no custom build context has been defined", dockerfilePath, options.WorkspaceFolder) + options.Logger(notcodersdk.LogLevelWarn, "\t-> set BUILD_CONTEXT_PATH to %q to fix", dockerfileDir) + } + dockerfile, err := options.Filesystem.Open(dockerfilePath) if err == nil { content, err := io.ReadAll(dockerfile) @@ -482,7 +326,7 @@ func Run(ctx context.Context, options Options) error { buildParams = &devcontainer.Compiled{ DockerfilePath: dockerfilePath, DockerfileContent: string(content), - BuildContext: options.WorkspaceFolder, + BuildContext: filepath.Join(options.WorkspaceFolder, options.BuildContextPath), } } } @@ -499,7 +343,7 @@ func Run(ctx context.Context, options Options) error { HijackLogrus(func(entry *logrus.Entry) { for _, line := range strings.Split(entry.Message, "\r") { - logf(codersdk.LogLevelInfo, "#2: %s", color.HiBlackString(line)) + options.Logger(notcodersdk.LogLevelInfo, "#%d: %s", stageNumber, color.HiBlackString(line)) } }) @@ -513,13 +357,7 @@ func Run(ctx context.Context, options Options) error { }, }, } - - // Disable all logging from the registry... - logger := logrus.New() - logger.SetOutput(io.Discard) - entry := logrus.NewEntry(logger) - dcontext.SetDefaultLogger(entry) - ctx = dcontext.WithLogger(ctx, entry) + cfg.Log.Level = "error" // Spawn an in-memory registry to cache built layers... registry := handlers.NewApp(ctx, cfg) @@ -538,7 +376,7 @@ func Run(ctx context.Context, options Options) error { go func() { err := srv.Serve(listener) if err != nil && !errors.Is(err, http.ErrServerClosed) { - logf(codersdk.LogLevelError, "Failed to serve registry: %s", err.Error()) + options.Logger(notcodersdk.LogLevelError, "Failed to serve registry: %s", err.Error()) } }() closeAfterBuild = func() { @@ -546,7 +384,7 @@ func Run(ctx context.Context, options Options) error { _ = listener.Close() } if options.CacheRepo != "" { - logf(codersdk.LogLevelWarn, "Overriding cache repo with local registry...") + options.Logger(notcodersdk.LogLevelWarn, "Overriding cache repo with local registry...") } options.CacheRepo = fmt.Sprintf("localhost:%d/local/cache", tcpAddr.Port) } @@ -556,19 +394,61 @@ func Run(ctx context.Context, options Options) error { // https://github.com/GoogleContainerTools/kaniko/blob/63be4990ca5a60bdf06ddc4d10aa4eca0c0bc714/cmd/executor/cmd/root.go#L136 ignorePaths := append([]string{ MagicDir, - options.LayerCacheDir, options.WorkspaceFolder, // See: https://github.com/coder/envbuilder/issues/37 "/etc/resolv.conf", }, options.IgnorePaths...) + if options.LayerCacheDir != "" { + ignorePaths = append(ignorePaths, options.LayerCacheDir) + } + for _, ignorePath := range ignorePaths { util.AddToDefaultIgnoreList(util.IgnoreListEntry{ Path: ignorePath, PrefixMatchOnly: false, + AllowedPaths: nil, }) } + // In order to allow 'resuming' envbuilder, embed the binary into the image + // if it is being pushed + if options.PushImage { + exePath, err := os.Executable() + if err != nil { + return xerrors.Errorf("get exe path: %w", err) + } + // Add an exception for the current running binary in kaniko ignore list + if err := util.AddAllowedPathToDefaultIgnoreList(exePath); err != nil { + return xerrors.Errorf("add exe path to ignore list: %w", err) + } + // Copy the envbuilder binary into the build context. + buildParams.DockerfileContent += fmt.Sprintf(` +COPY --chmod=0755 %s %s +USER root +WORKDIR / +ENTRYPOINT [%q]`, exePath, exePath, exePath) + dst := filepath.Join(buildParams.BuildContext, exePath) + if err := copyFile(exePath, dst); err != nil { + return xerrors.Errorf("copy running binary to build context: %w", err) + } + } + + // temp move of all ro mounts + tempRemountDest := filepath.Join("/", MagicDir, "mnt") + // ignorePrefixes is a superset of ignorePaths that we pass to kaniko's + // IgnoreList. + ignorePrefixes := append([]string{"/proc", "/sys"}, ignorePaths...) + restoreMounts, err := ebutil.TempRemount(options.Logger, tempRemountDest, ignorePrefixes...) + defer func() { // restoreMounts should never be nil + if err := restoreMounts(); err != nil { + options.Logger(notcodersdk.LogLevelError, "restore mounts: %s", err.Error()) + } + }() + if err != nil { + return fmt.Errorf("temp remount: %w", err) + } + skippedRebuild := false build := func() (v1.Image, error) { _, err := options.Filesystem.Stat(MagicFile) @@ -588,15 +468,14 @@ func Run(ctx context.Context, options Options) error { } // This is required for deleting the filesystem prior to build! - err = util.InitIgnoreList(true) + err = util.InitIgnoreList() if err != nil { return nil, fmt.Errorf("init ignore list: %w", err) } // It's possible that the container will already have files in it, and // we don't want to merge a new container with the old one. - err = util.DeleteFilesystem() - if err != nil { + if err := maybeDeleteFilesystem(options.Logger, options.ForceSafe); err != nil { return nil, fmt.Errorf("delete filesystem: %w", err) } @@ -609,13 +488,13 @@ func Run(ctx context.Context, options Options) error { go func() { scanner := bufio.NewScanner(stdoutReader) for scanner.Scan() { - logf(codersdk.LogLevelInfo, "%s", scanner.Text()) + options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text()) } }() go func() { scanner := bufio.NewScanner(stderrReader) for scanner.Scan() { - logf(codersdk.LogLevelInfo, "%s", scanner.Text()) + options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text()) } }() cacheTTL := time.Hour * 24 * 7 @@ -623,16 +502,24 @@ func Run(ctx context.Context, options Options) error { cacheTTL = time.Hour * 24 * time.Duration(options.CacheTTLDays) } - endStage := startStage("🏗️ Building image...") // At this point we have all the context, we can now build! - image, err := executor.DoBuild(&config.KanikoOptions{ + registryMirror := []string{} + if val, ok := os.LookupEnv("KANIKO_REGISTRY_MIRROR"); ok { + registryMirror = strings.Split(val, ";") + } + var destinations []string + if options.CacheRepo != "" { + destinations = append(destinations, options.CacheRepo) + } + opts := &config.KanikoOptions{ // Boilerplate! CustomPlatform: platforms.Format(platforms.Normalize(platforms.DefaultSpec())), SnapshotMode: "redo", RunV2: true, RunStdout: stdoutWriter, RunStderr: stderrWriter, - Destinations: []string{"local"}, + Destinations: destinations, + NoPush: !options.PushImage || len(destinations) == 0, CacheRunLayers: true, CacheCopyLayers: true, CompressedCaching: true, @@ -656,13 +543,47 @@ func Run(ctx context.Context, options Options) error { Insecure: options.Insecure, InsecurePull: options.Insecure, SkipTLSVerify: options.Insecure, + // Enables registry mirror features in Kaniko, see more in link below + // https://github.com/GoogleContainerTools/kaniko?tab=readme-ov-file#flag---registry-mirror + // Related to PR #114 + // https://github.com/coder/envbuilder/pull/114 + RegistryMirrors: registryMirror, }, SrcContext: buildParams.BuildContext, - }) + + // For cached image utilization, produce reproducible builds. + Reproducible: options.PushImage, + } + + if options.GetCachedImage { + endStage := startStage("🏗️ Checking for cached image...") + image, err := executor.DoCacheProbe(opts) + if err != nil { + return nil, xerrors.Errorf("get cached image: %w", err) + } + digest, err := image.Digest() + if err != nil { + return nil, xerrors.Errorf("get cached image digest: %w", err) + } + endStage("🏗️ Found cached image!") + _, _ = fmt.Fprintf(os.Stdout, "ENVBUILDER_CACHED_IMAGE=%s@%s\n", options.CacheRepo, digest.String()) + os.Exit(0) + } + + endStage := startStage("🏗️ Building image...") + image, err := executor.DoBuild(opts) if err != nil { - return nil, err + return nil, xerrors.Errorf("do build: %w", err) } endStage("🏗️ Built image!") + if options.PushImage { + endStage = startStage("🏗️ Pushing image...") + if err := executor.DoPush(image, opts); err != nil { + return nil, xerrors.Errorf("do push: %w", err) + } + endStage("🏗️ Pushed image!") + } + return image, err } @@ -686,13 +607,13 @@ func Run(ctx context.Context, options Options) error { fallback = true fallbackErr = err case strings.Contains(err.Error(), "unexpected status code 401 Unauthorized"): - logf(codersdk.LogLevelError, "Unable to pull the provided image. Ensure your registry credentials are correct!") + options.Logger(notcodersdk.LogLevelError, "Unable to pull the provided image. Ensure your registry credentials are correct!") } if !fallback || options.ExitOnBuildFailure { return err } - logf(codersdk.LogLevelError, "Failed to build: %s", err) - logf(codersdk.LogLevelError, "Falling back to the default image...") + options.Logger(notcodersdk.LogLevelError, "Failed to build: %s", err) + options.Logger(notcodersdk.LogLevelError, "Falling back to the default image...") buildParams, err = defaultBuildParams() if err != nil { return err @@ -707,6 +628,10 @@ func Run(ctx context.Context, options Options) error { closeAfterBuild() } + if err := restoreMounts(); err != nil { + return fmt.Errorf("restore mounts: %w", err) + } + // Create the magic file to indicate that this build // has already been ran before! file, err := options.Filesystem.Create(MagicFile) @@ -735,10 +660,10 @@ func Run(ctx context.Context, options Options) error { if err != nil { return fmt.Errorf("unmarshal metadata: %w", err) } - logf(codersdk.LogLevelInfo, "#3: 👀 Found devcontainer.json label metadata in image...") + options.Logger(notcodersdk.LogLevelInfo, "#3: 👀 Found devcontainer.json label metadata in image...") for _, container := range devContainer { if container.RemoteUser != "" { - logf(codersdk.LogLevelInfo, "#3: 🧑 Updating the user to %q!", container.RemoteUser) + options.Logger(notcodersdk.LogLevelInfo, "#3: 🧑 Updating the user to %q!", container.RemoteUser) configFile.Config.User = container.RemoteUser } @@ -763,9 +688,16 @@ func Run(ctx context.Context, options Options) error { unsetOptionsEnv() // Remove the Docker config secret file! - err = os.Remove(filepath.Join(os.Getenv("DOCKER_CONFIG"), "config.json")) - if err != nil && !os.IsNotExist(err) { - return fmt.Errorf("remove docker config: %w", err) + if options.DockerConfigBase64 != "" { + c := filepath.Join(MagicDir, "config.json") + err = os.Remove(c) + if err != nil { + if !errors.Is(err, fs.ErrNotExist) { + return fmt.Errorf("remove docker config: %w", err) + } else { + fmt.Fprintln(os.Stderr, "failed to remove the Docker config secret file: %w", c) + } + } } environ, err := os.ReadFile("/etc/environment") @@ -790,6 +722,13 @@ func Run(ctx context.Context, options Options) error { maps.Copy(containerEnv, buildParams.ContainerEnv) maps.Copy(remoteEnv, buildParams.RemoteEnv) + // Set Envbuilder runtime markers + containerEnv["ENVBUILDER"] = "true" + if devcontainerPath != "" { + containerEnv["DEVCONTAINER"] = "true" + containerEnv["DEVCONTAINER_CONFIG"] = devcontainerPath + } + for _, env := range []map[string]string{containerEnv, remoteEnv} { envKeys := make([]string, 0, len(env)) for key := range env { @@ -798,7 +737,7 @@ func Run(ctx context.Context, options Options) error { } sort.Strings(envKeys) for _, envVar := range envKeys { - value := devcontainer.SubstituteVars(env[envVar], options.WorkspaceFolder) + value := devcontainer.SubstituteVars(env[envVar], options.WorkspaceFolder, os.LookupEnv) os.Setenv(envVar, value) } } @@ -831,7 +770,7 @@ func Run(ctx context.Context, options Options) error { username = buildParams.User } if username == "" { - logf(codersdk.LogLevelWarn, "#3: no user specified, using root") + options.Logger(notcodersdk.LogLevelWarn, "#3: no user specified, using root") } userInfo, err := getUser(username) @@ -848,16 +787,37 @@ func Run(ctx context.Context, options Options) error { // // We need to change the ownership of the files to the user that will // be running the init script. - filepath.Walk(options.WorkspaceFolder, func(path string, info os.FileInfo, err error) error { + if chownErr := filepath.Walk(options.WorkspaceFolder, func(path string, _ os.FileInfo, err error) error { if err != nil { return err } return os.Chown(path, userInfo.uid, userInfo.gid) - }) - endStage("👤 Updated the ownership of the workspace!") + }); chownErr != nil { + options.Logger(notcodersdk.LogLevelError, "chown %q: %s", userInfo.user.HomeDir, chownErr.Error()) + endStage("⚠️ Failed to the ownership of the workspace, you may need to fix this manually!") + } else { + endStage("👤 Updated the ownership of the workspace!") + } + } + + // We may also need to update the ownership of the user homedir. + // Skip this step if the user is root. + if userInfo.uid != 0 { + endStage := startStage("🔄 Updating ownership of %s...", userInfo.user.HomeDir) + if chownErr := filepath.Walk(userInfo.user.HomeDir, func(path string, _ fs.FileInfo, err error) error { + if err != nil { + return err + } + return os.Chown(path, userInfo.uid, userInfo.gid) + }); chownErr != nil { + options.Logger(notcodersdk.LogLevelError, "chown %q: %s", userInfo.user.HomeDir, chownErr.Error()) + endStage("⚠️ Failed to update ownership of %s, you may need to fix this manually!", userInfo.user.HomeDir) + } else { + endStage("🏡 Updated ownership of %s!", userInfo.user.HomeDir) + } } - err = os.MkdirAll(options.WorkspaceFolder, 0755) + err = os.MkdirAll(options.WorkspaceFolder, 0o755) if err != nil { return fmt.Errorf("create workspace folder: %w", err) } @@ -886,7 +846,7 @@ func Run(ctx context.Context, options Options) error { // We execute the initialize script as the root user! os.Setenv("HOME", "/root") - logf(codersdk.LogLevelInfo, "=== Running the setup command %q as the root user...", options.SetupScript) + options.Logger(notcodersdk.LogLevelInfo, "=== Running the setup command %q as the root user...", options.SetupScript) envKey := "ENVBUILDER_ENV" envFile := filepath.Join("/", MagicDir, "environ") @@ -913,7 +873,7 @@ func Run(ctx context.Context, options Options) error { go func() { scanner := bufio.NewScanner(&buf) for scanner.Scan() { - logf(codersdk.LogLevelInfo, "%s", scanner.Text()) + options.Logger(notcodersdk.LogLevelInfo, "%s", scanner.Text()) } }() @@ -979,7 +939,7 @@ func Run(ctx context.Context, options Options) error { return fmt.Errorf("set uid: %w", err) } - logf(codersdk.LogLevelInfo, "=== Running the init command %s %+v as the %q user...", options.InitCommand, initArgs, userInfo.user.Username) + options.Logger(notcodersdk.LogLevelInfo, "=== Running the init command %s %+v as the %q user...", options.InitCommand, initArgs, userInfo.user.Username) err = syscall.Exec(options.InitCommand, append([]string{options.InitCommand}, initArgs...), os.Environ()) if err != nil { @@ -992,14 +952,19 @@ func Run(ctx context.Context, options Options) error { // for a given repository URL. func DefaultWorkspaceFolder(repoURL string) (string, error) { if repoURL == "" { - return "/workspaces/empty", nil + return EmptyWorkspaceDir, nil } - parsed, err := url.Parse(repoURL) + parsed, err := giturls.Parse(repoURL) if err != nil { return "", err } name := strings.Split(parsed.Path, "/") - return fmt.Sprintf("/workspaces/%s", name[len(name)-1]), nil + hasOwnerAndRepo := len(name) >= 2 + if !hasOwnerAndRepo { + return EmptyWorkspaceDir, nil + } + repo := strings.TrimSuffix(name[len(name)-1], ".git") + return fmt.Sprintf("/workspaces/%s", repo), nil } type userInfo struct { @@ -1052,7 +1017,7 @@ func findUser(nameOrID string) (*user.User, error) { func execOneLifecycleScript( ctx context.Context, - logf func(level codersdk.LogLevel, format string, args ...interface{}), + logf func(level notcodersdk.LogLevel, format string, args ...any), s devcontainer.LifecycleScript, scriptName string, userInfo userInfo, @@ -1060,9 +1025,9 @@ func execOneLifecycleScript( if s.IsEmpty() { return nil } - logf(codersdk.LogLevelInfo, "=== Running %s as the %q user...", scriptName, userInfo.user.Username) + logf(notcodersdk.LogLevelInfo, "=== Running %s as the %q user...", scriptName, userInfo.user.Username) if err := s.Execute(ctx, userInfo.uid, userInfo.gid); err != nil { - logf(codersdk.LogLevelError, "Failed to run %s: %v", scriptName, err) + logf(notcodersdk.LogLevelError, "Failed to run %s: %v", scriptName, err) return err } return nil @@ -1114,7 +1079,7 @@ func createPostStartScript(path string, postStartCommand devcontainer.LifecycleS } defer postStartScript.Close() - if err := postStartScript.Chmod(0755); err != nil { + if err := postStartScript.Chmod(0o755); err != nil { return err } @@ -1124,56 +1089,22 @@ func createPostStartScript(path string, postStartCommand devcontainer.LifecycleS return nil } -// OptionsFromEnv returns a set of options from environment variables. -func OptionsFromEnv(getEnv func(string) (string, bool)) Options { - options := Options{} - - val := reflect.ValueOf(&options).Elem() - typ := val.Type() - - for i := 0; i < val.NumField(); i++ { - field := val.Field(i) - fieldTyp := typ.Field(i) - env := fieldTyp.Tag.Get("env") - if env == "" { - continue - } - e, ok := getEnv(env) - if !ok { - continue - } - switch fieldTyp.Type.Kind() { - case reflect.String: - field.SetString(e) - case reflect.Bool: - v, _ := strconv.ParseBool(e) - field.SetBool(v) - case reflect.Int: - v, _ := strconv.ParseInt(e, 10, 64) - field.SetInt(v) - case reflect.Slice: - field.Set(reflect.ValueOf(strings.Split(e, ","))) - default: - panic(fmt.Sprintf("unsupported type %s in OptionsFromEnv", fieldTyp.Type.String())) - } - } - - return options -} - // unsetOptionsEnv unsets all environment variables that are used // to configure the options. func unsetOptionsEnv() { - val := reflect.ValueOf(&Options{}).Elem() - typ := val.Type() - - for i := 0; i < val.NumField(); i++ { - fieldTyp := typ.Field(i) - env := fieldTyp.Tag.Get("env") - if env == "" { + var o Options + for _, opt := range o.CLI() { + if opt.Env == "" { continue } - os.Unsetenv(env) + // Do not strip options that do not have the magic prefix! + // For example, CODER_AGENT_URL, CODER_AGENT_TOKEN, CODER_AGENT_SUBSYSTEM. + if !strings.HasPrefix(opt.Env, envPrefix) { + continue + } + // Strip both with and without prefix. + os.Unsetenv(opt.Env) + os.Unsetenv(strings.TrimPrefix(opt.Env, envPrefix)) } } @@ -1190,3 +1121,111 @@ type osfsWithChmod struct { func (fs *osfsWithChmod) Chmod(name string, mode os.FileMode) error { return os.Chmod(name, mode) } + +func findDevcontainerJSON(options Options) (string, string, error) { + // 0. Check if custom devcontainer directory or path is provided. + if options.DevcontainerDir != "" || options.DevcontainerJSONPath != "" { + devcontainerDir := options.DevcontainerDir + if devcontainerDir == "" { + devcontainerDir = ".devcontainer" + } + + // If `devcontainerDir` is not an absolute path, assume it is relative to the workspace folder. + if !filepath.IsAbs(devcontainerDir) { + devcontainerDir = filepath.Join(options.WorkspaceFolder, devcontainerDir) + } + + // An absolute location always takes a precedence. + devcontainerPath := options.DevcontainerJSONPath + if filepath.IsAbs(devcontainerPath) { + return options.DevcontainerJSONPath, devcontainerDir, nil + } + // If an override is not provided, assume it is just `devcontainer.json`. + if devcontainerPath == "" { + devcontainerPath = "devcontainer.json" + } + + if !filepath.IsAbs(devcontainerPath) { + devcontainerPath = filepath.Join(devcontainerDir, devcontainerPath) + } + return devcontainerPath, devcontainerDir, nil + } + + // 1. Check `options.WorkspaceFolder`/.devcontainer/devcontainer.json. + location := filepath.Join(options.WorkspaceFolder, ".devcontainer", "devcontainer.json") + if _, err := options.Filesystem.Stat(location); err == nil { + return location, filepath.Dir(location), nil + } + + // 2. Check `options.WorkspaceFolder`/devcontainer.json. + location = filepath.Join(options.WorkspaceFolder, "devcontainer.json") + if _, err := options.Filesystem.Stat(location); err == nil { + return location, filepath.Dir(location), nil + } + + // 3. Check every folder: `options.WorkspaceFolder`/.devcontainer//devcontainer.json. + devcontainerDir := filepath.Join(options.WorkspaceFolder, ".devcontainer") + + fileInfos, err := options.Filesystem.ReadDir(devcontainerDir) + if err != nil { + return "", "", err + } + + for _, fileInfo := range fileInfos { + if !fileInfo.IsDir() { + options.Logger(notcodersdk.LogLevelDebug, `%s is a file`, fileInfo.Name()) + continue + } + + location := filepath.Join(devcontainerDir, fileInfo.Name(), "devcontainer.json") + if _, err := options.Filesystem.Stat(location); err != nil { + options.Logger(notcodersdk.LogLevelDebug, `stat %s failed: %s`, location, err.Error()) + continue + } + + return location, filepath.Dir(location), nil + } + + return "", "", errors.New("can't find devcontainer.json, is it a correct spec?") +} + +// maybeDeleteFilesystem wraps util.DeleteFilesystem with a guard to hopefully stop +// folks from unwittingly deleting their entire root directory. +func maybeDeleteFilesystem(log LoggerFunc, force bool) error { + kanikoDir, ok := os.LookupEnv("KANIKO_DIR") + if !ok || strings.TrimSpace(kanikoDir) != MagicDir { + if force { + bailoutSecs := 10 + log(notcodersdk.LogLevelWarn, "WARNING! BYPASSING SAFETY CHECK! THIS WILL DELETE YOUR ROOT FILESYSTEM!") + log(notcodersdk.LogLevelWarn, "You have %d seconds to bail out!", bailoutSecs) + for i := bailoutSecs; i > 0; i-- { + log(notcodersdk.LogLevelWarn, "%d...", i) + <-time.After(time.Second) + } + } else { + log(notcodersdk.LogLevelError, "KANIKO_DIR is not set to %s. Bailing!\n", MagicDir) + log(notcodersdk.LogLevelError, "To bypass this check, set FORCE_SAFE=true.") + return errors.New("safety check failed") + } + } + + return util.DeleteFilesystem() +} + +func copyFile(src, dst string) error { + content, err := os.ReadFile(src) + if err != nil { + return xerrors.Errorf("read file failed: %w", err) + } + + err = os.MkdirAll(filepath.Dir(dst), 0o755) + if err != nil { + return xerrors.Errorf("mkdir all failed: %w", err) + } + + err = os.WriteFile(dst, content, 0o644) + if err != nil { + return xerrors.Errorf("write file failed: %w", err) + } + return nil +} diff --git a/envbuilder_internal_test.go b/envbuilder_internal_test.go new file mode 100644 index 00000000..6ca5fc12 --- /dev/null +++ b/envbuilder_internal_test.go @@ -0,0 +1,154 @@ +package envbuilder + +import ( + "testing" + + "github.com/go-git/go-billy/v5/memfs" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestFindDevcontainerJSON(t *testing.T) { + t.Parallel() + + t.Run("empty filesystem", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + + // when + _, _, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + }) + + // then + require.Error(t, err) + }) + + t.Run("devcontainer.json is missing", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace/.devcontainer", 0o600) + require.NoError(t, err) + + // when + _, _, err = findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + }) + + // then + require.Error(t, err) + }) + + t.Run("default configuration", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace/.devcontainer", 0o600) + require.NoError(t, err) + fs.Create("/workspace/.devcontainer/devcontainer.json") + + // when + devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + }) + + // then + require.NoError(t, err) + assert.Equal(t, "/workspace/.devcontainer/devcontainer.json", devcontainerPath) + assert.Equal(t, "/workspace/.devcontainer", devcontainerDir) + }) + + t.Run("overridden .devcontainer directory", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace/experimental-devcontainer", 0o600) + require.NoError(t, err) + fs.Create("/workspace/experimental-devcontainer/devcontainer.json") + + // when + devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + DevcontainerDir: "experimental-devcontainer", + }) + + // then + require.NoError(t, err) + assert.Equal(t, "/workspace/experimental-devcontainer/devcontainer.json", devcontainerPath) + assert.Equal(t, "/workspace/experimental-devcontainer", devcontainerDir) + }) + + t.Run("overridden devcontainer.json path", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace/.devcontainer", 0o600) + require.NoError(t, err) + fs.Create("/workspace/.devcontainer/experimental.json") + + // when + devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + DevcontainerJSONPath: "experimental.json", + }) + + // then + require.NoError(t, err) + assert.Equal(t, "/workspace/.devcontainer/experimental.json", devcontainerPath) + assert.Equal(t, "/workspace/.devcontainer", devcontainerDir) + }) + + t.Run("devcontainer.json in workspace root", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace", 0o600) + require.NoError(t, err) + fs.Create("/workspace/devcontainer.json") + + // when + devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + }) + + // then + require.NoError(t, err) + assert.Equal(t, "/workspace/devcontainer.json", devcontainerPath) + assert.Equal(t, "/workspace", devcontainerDir) + }) + + t.Run("devcontainer.json in subfolder of .devcontainer", func(t *testing.T) { + t.Parallel() + + // given + fs := memfs.New() + err := fs.MkdirAll("/workspace/.devcontainer/sample", 0o600) + require.NoError(t, err) + fs.Create("/workspace/.devcontainer/sample/devcontainer.json") + + // when + devcontainerPath, devcontainerDir, err := findDevcontainerJSON(Options{ + Filesystem: fs, + WorkspaceFolder: "/workspace", + }) + + // then + require.NoError(t, err) + assert.Equal(t, "/workspace/.devcontainer/sample/devcontainer.json", devcontainerPath) + assert.Equal(t, "/workspace/.devcontainer/sample", devcontainerDir) + }) +} diff --git a/envbuilder_test.go b/envbuilder_test.go index ecd9d663..6af599c9 100644 --- a/envbuilder_test.go +++ b/envbuilder_test.go @@ -9,44 +9,64 @@ import ( func TestDefaultWorkspaceFolder(t *testing.T) { t.Parallel() - dir, err := envbuilder.DefaultWorkspaceFolder("https://github.com/coder/coder") - require.NoError(t, err) - require.Equal(t, "/workspaces/coder", dir) - dir, err = envbuilder.DefaultWorkspaceFolder("") - require.NoError(t, err) - require.Equal(t, envbuilder.EmptyWorkspaceDir, dir) -} + successTests := []struct { + name string + gitURL string + expected string + }{ + { + name: "HTTP", + gitURL: "https://github.com/coder/envbuilder.git", + expected: "/workspaces/envbuilder", + }, + { + name: "SSH", + gitURL: "git@github.com:coder/envbuilder.git", + expected: "/workspaces/envbuilder", + }, + { + name: "username and password", + gitURL: "https://username:password@github.com/coder/envbuilder.git", + expected: "/workspaces/envbuilder", + }, + { + name: "fragment", + gitURL: "https://github.com/coder/envbuilder.git#feature-branch", + expected: "/workspaces/envbuilder", + }, + { + name: "empty", + gitURL: "", + expected: envbuilder.EmptyWorkspaceDir, + }, + } + for _, tt := range successTests { + t.Run(tt.name, func(t *testing.T) { + dir, err := envbuilder.DefaultWorkspaceFolder(tt.gitURL) + require.NoError(t, err) + require.Equal(t, tt.expected, dir) + }) + } -func TestSystemOptions(t *testing.T) { - t.Parallel() - opts := map[string]string{ - "INIT_SCRIPT": "echo hello", - "CACHE_REPO": "kylecarbs/testing", - "CACHE_TTL_DAYS": "30", - "DEVCONTAINER_JSON_PATH": "/tmp/devcontainer.json", - "DOCKERFILE_PATH": "Dockerfile", - "FALLBACK_IMAGE": "ubuntu:latest", - "FORCE_SAFE": "true", - "INSECURE": "false", - "GIT_CLONE_DEPTH": "1", - "GIT_URL": "https://github.com/coder/coder", - "WORKSPACE_FOLDER": "/workspaces/coder", - "GIT_HTTP_PROXY_URL": "http://company-proxy.com:8081", + invalidTests := []struct { + name string + invalidURL string + }{ + { + name: "simple text", + invalidURL: "not a valid URL", + }, + { + name: "website URL", + invalidURL: "www.google.com", + }, + } + for _, tt := range invalidTests { + t.Run(tt.name, func(t *testing.T) { + dir, err := envbuilder.DefaultWorkspaceFolder(tt.invalidURL) + require.NoError(t, err) + require.Equal(t, envbuilder.EmptyWorkspaceDir, dir) + }) } - env := envbuilder.OptionsFromEnv(func(s string) (string, bool) { - return opts[s], true - }) - require.Equal(t, "echo hello", env.InitScript) - require.Equal(t, "kylecarbs/testing", env.CacheRepo) - require.Equal(t, "/tmp/devcontainer.json", env.DevcontainerJSONPath) - require.Equal(t, 30, env.CacheTTLDays) - require.Equal(t, "Dockerfile", env.DockerfilePath) - require.Equal(t, "ubuntu:latest", env.FallbackImage) - require.True(t, env.ForceSafe) - require.False(t, env.Insecure) - require.Equal(t, 1, env.GitCloneDepth) - require.Equal(t, "https://github.com/coder/coder", env.GitURL) - require.Equal(t, "/workspaces/coder", env.WorkspaceFolder) - require.Equal(t, "http://company-proxy.com:8081", env.GitHTTPProxyURL) } diff --git a/examples/docker/01_dood/Dockerfile b/examples/docker/01_dood/Dockerfile new file mode 100644 index 00000000..edc8d18f --- /dev/null +++ b/examples/docker/01_dood/Dockerfile @@ -0,0 +1,2 @@ +FROM ubuntu:noble +RUN apt-get update && apt-get install -y docker.io \ No newline at end of file diff --git a/examples/docker/01_dood/devcontainer.json b/examples/docker/01_dood/devcontainer.json new file mode 100644 index 00000000..1933fd86 --- /dev/null +++ b/examples/docker/01_dood/devcontainer.json @@ -0,0 +1,5 @@ +{ + "build": { + "dockerfile": "Dockerfile" + } +} \ No newline at end of file diff --git a/examples/docker/02_dind/Dockerfile b/examples/docker/02_dind/Dockerfile new file mode 100644 index 00000000..70a215b0 --- /dev/null +++ b/examples/docker/02_dind/Dockerfile @@ -0,0 +1,6 @@ +FROM ubuntu:noble +RUN apt-get update && \ + apt-get install -y curl apt-transport-https && \ + curl -fsSL https://get.docker.com/ | sh -s - +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/examples/docker/02_dind/devcontainer.json b/examples/docker/02_dind/devcontainer.json new file mode 100644 index 00000000..1933fd86 --- /dev/null +++ b/examples/docker/02_dind/devcontainer.json @@ -0,0 +1,5 @@ +{ + "build": { + "dockerfile": "Dockerfile" + } +} \ No newline at end of file diff --git a/examples/docker/02_dind/entrypoint.sh b/examples/docker/02_dind/entrypoint.sh new file mode 100755 index 00000000..38ac3318 --- /dev/null +++ b/examples/docker/02_dind/entrypoint.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -euo pipefail + +nohup dockerd > /var/log/docker.log 2>&1 & + +exec bash --login \ No newline at end of file diff --git a/examples/docker/03_dind_feature/Dockerfile b/examples/docker/03_dind_feature/Dockerfile new file mode 100644 index 00000000..12f1c1a0 --- /dev/null +++ b/examples/docker/03_dind_feature/Dockerfile @@ -0,0 +1,3 @@ +FROM ubuntu:noble +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/examples/docker/03_dind_feature/devcontainer.json b/examples/docker/03_dind_feature/devcontainer.json new file mode 100644 index 00000000..e1b5a18a --- /dev/null +++ b/examples/docker/03_dind_feature/devcontainer.json @@ -0,0 +1,8 @@ +{ + "build": { + "dockerfile": "Dockerfile" + }, + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + } +} \ No newline at end of file diff --git a/examples/docker/03_dind_feature/entrypoint.sh b/examples/docker/03_dind_feature/entrypoint.sh new file mode 100755 index 00000000..d18fb7dd --- /dev/null +++ b/examples/docker/03_dind_feature/entrypoint.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -euo pipefail + +/usr/local/share/docker-init.sh + +exec bash --login \ No newline at end of file diff --git a/examples/docker/04_dind_rootless/Dockerfile b/examples/docker/04_dind_rootless/Dockerfile new file mode 100644 index 00000000..5358ce60 --- /dev/null +++ b/examples/docker/04_dind_rootless/Dockerfile @@ -0,0 +1,24 @@ +FROM ubuntu:noble +# Based on UID of ubuntu user in container. +ENV XDG_RUNTIME_DIR /run/user/1000 +ENV DOCKER_HOST unix:///${XDG_RUNTIME_DIR}/docker.sock +# Setup as root +RUN apt-get update && \ + # Install prerequisites + apt-get install -y apt-transport-https curl iproute2 uidmap && \ + # Install Docker + curl -fsSL https://get.docker.com/ | sh -s - && \ + # Add ubuntu user to docker group + usermod -aG docker ubuntu && \ + # Create the XDG_RUNTIME_DIR for our user and set DOCKER_HOST + mkdir -p ${XDG_RUNTIME_DIR} && \ + chown ubuntu:ubuntu ${XDG_RUNTIME_DIR} + +# Setup rootless mode as the ubuntu user. +USER ubuntu +RUN dockerd-rootless-setuptool.sh install && \ + docker context use rootless && \ + mkdir -p /home/ubuntu/.local/share/docker +# Add our custom entrypoint +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/examples/docker/04_dind_rootless/devcontainer.json b/examples/docker/04_dind_rootless/devcontainer.json new file mode 100644 index 00000000..1933fd86 --- /dev/null +++ b/examples/docker/04_dind_rootless/devcontainer.json @@ -0,0 +1,5 @@ +{ + "build": { + "dockerfile": "Dockerfile" + } +} \ No newline at end of file diff --git a/examples/docker/04_dind_rootless/entrypoint.sh b/examples/docker/04_dind_rootless/entrypoint.sh new file mode 100755 index 00000000..6c8a6260 --- /dev/null +++ b/examples/docker/04_dind_rootless/entrypoint.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Start the rootless docker daemon as a non-root user +nohup rootlesskit --net=slirp4netns --mtu=1500 --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run dockerd > "/tmp/dockerd-rootless.log" 2>&1 & + +exec bash --login \ No newline at end of file diff --git a/examples/kaniko-cache-warmer.sh b/examples/kaniko-cache-warmer.sh new file mode 100755 index 00000000..1c7ef39f --- /dev/null +++ b/examples/kaniko-cache-warmer.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +# This is an example script to pull a number of images into the Kaniko cache +# to have them ready for consumption by envbuilder. +# Ref: https://github.com/coder/envbuilder/blob/main/README.md#image-caching +KANIKO_CACHE_VOLUME=${KANIKO_CACHE_VOLUME:-"kanikocache"} +IMAGES=( + alpine:latest + debian:latest + ubuntu:latest +) + +set -euo pipefail + +if ! docker volume inspect "${KANIKO_CACHE_VOLUME}" > /dev/null 2>&1; then + echo "Kaniko cache volume does not exist; creating it." + docker volume create "${KANIKO_CACHE_VOLUME}" +fi + +for img in "${IMAGES[@]}"; do + echo "Fetching image ${img} to kaniko cache ${KANIKO_CACHE_VOLUME}" + docker run --rm \ + -v "${KANIKO_CACHE_VOLUME}:/cache" \ + gcr.io/kaniko-project/warmer:latest \ + --cache-dir=/cache \ + --image="${img}" +done diff --git a/git.go b/git.go index 9f542add..09984fb4 100644 --- a/git.go +++ b/git.go @@ -4,8 +4,13 @@ import ( "context" "errors" "fmt" - "net/url" + "io" + "net" + "os" + "strings" + giturls "github.com/chainguard-dev/git-urls" + "github.com/coder/envbuilder/internal/notcodersdk" "github.com/go-git/go-billy/v5" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" @@ -13,7 +18,12 @@ import ( "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability" "github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband" "github.com/go-git/go-git/v5/plumbing/transport" + githttp "github.com/go-git/go-git/v5/plumbing/transport/http" + gitssh "github.com/go-git/go-git/v5/plumbing/transport/ssh" "github.com/go-git/go-git/v5/storage/filesystem" + "github.com/skeema/knownhosts" + "golang.org/x/crypto/ssh" + gossh "golang.org/x/crypto/ssh" ) type CloneRepoOptions struct { @@ -36,7 +46,7 @@ type CloneRepoOptions struct { // // The bool returned states whether the repository was cloned or not. func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) { - parsed, err := url.Parse(opts.RepoURL) + parsed, err := giturls.Parse(opts.RepoURL) if err != nil { return false, fmt.Errorf("parse url %q: %w", opts.RepoURL, err) } @@ -63,7 +73,7 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) { } } - err = opts.Storage.MkdirAll(opts.Path, 0755) + err = opts.Storage.MkdirAll(opts.Path, 0o755) if err != nil { return false, fmt.Errorf("mkdir %q: %w", opts.Path, err) } @@ -113,3 +123,131 @@ func CloneRepo(ctx context.Context, opts CloneRepoOptions) (bool, error) { } return true, nil } + +// ReadPrivateKey attempts to read an SSH private key from path +// and returns an ssh.Signer. +func ReadPrivateKey(path string) (gossh.Signer, error) { + f, err := os.Open(path) + if err != nil { + return nil, fmt.Errorf("open private key file: %w", err) + } + defer f.Close() + bs, err := io.ReadAll(f) + if err != nil { + return nil, fmt.Errorf("read private key file: %w", err) + } + k, err := gossh.ParsePrivateKey(bs) + if err != nil { + return nil, fmt.Errorf("parse private key file: %w", err) + } + return k, nil +} + +// LogHostKeyCallback is a HostKeyCallback that just logs host keys +// and does nothing else. +func LogHostKeyCallback(log LoggerFunc) gossh.HostKeyCallback { + return func(hostname string, remote net.Addr, key gossh.PublicKey) error { + var sb strings.Builder + _ = knownhosts.WriteKnownHost(&sb, hostname, remote, key) + // skeema/knownhosts uses a fake public key to determine the host key + // algorithms. Ignore this one. + if s := sb.String(); !strings.Contains(s, "fake-public-key ZmFrZSBwdWJsaWMga2V5") { + log(notcodersdk.LogLevelInfo, "#1: 🔑 Got host key: %s", strings.TrimSpace(s)) + } + return nil + } +} + +// SetupRepoAuth determines the desired AuthMethod based on options.GitURL: +// +// | Git URL format | GIT_USERNAME | GIT_PASSWORD | Auth Method | +// | ------------------------|--------------|--------------|-------------| +// | https?://host.tld/repo | Not Set | Not Set | None | +// | https?://host.tld/repo | Not Set | Set | HTTP Basic | +// | https?://host.tld/repo | Set | Not Set | HTTP Basic | +// | https?://host.tld/repo | Set | Set | HTTP Basic | +// | All other formats | - | - | SSH | +// +// For SSH authentication, the default username is "git" but will honour +// GIT_USERNAME if set. +// +// If SSH_PRIVATE_KEY_PATH is set, an SSH private key will be read from +// that path and the SSH auth method will be configured with that key. +// +// If SSH_KNOWN_HOSTS is not set, the SSH auth method will be configured +// to accept and log all host keys. Otherwise, host key checking will be +// performed as usual. +func SetupRepoAuth(options *Options) transport.AuthMethod { + if options.GitURL == "" { + options.Logger(notcodersdk.LogLevelInfo, "#1: ❔ No Git URL supplied!") + return nil + } + if strings.HasPrefix(options.GitURL, "http://") || strings.HasPrefix(options.GitURL, "https://") { + // Special case: no auth + if options.GitUsername == "" && options.GitPassword == "" { + options.Logger(notcodersdk.LogLevelInfo, "#1: 👤 Using no authentication!") + return nil + } + // Basic Auth + // NOTE: we previously inserted the credentials into the repo URL. + // This was removed in https://github.com/coder/envbuilder/pull/141 + options.Logger(notcodersdk.LogLevelInfo, "#1: 🔒 Using HTTP basic authentication!") + return &githttp.BasicAuth{ + Username: options.GitUsername, + Password: options.GitPassword, + } + } + + // Generally git clones over SSH use the 'git' user, but respect + // GIT_USERNAME if set. + if options.GitUsername == "" { + options.GitUsername = "git" + } + + // Assume SSH auth for all other formats. + options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using SSH authentication!") + + var signer ssh.Signer + if options.GitSSHPrivateKeyPath != "" { + s, err := ReadPrivateKey(options.GitSSHPrivateKeyPath) + if err != nil { + options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to read private key from %s: %s", options.GitSSHPrivateKeyPath, err.Error()) + } else { + options.Logger(notcodersdk.LogLevelInfo, "#1: 🔑 Using %s key!", s.PublicKey().Type()) + signer = s + } + } + + // If no SSH key set, fall back to agent auth. + if signer == nil { + options.Logger(notcodersdk.LogLevelError, "#1: 🔑 No SSH key found, falling back to agent!") + auth, err := gitssh.NewSSHAgentAuth(options.GitUsername) + if err != nil { + options.Logger(notcodersdk.LogLevelError, "#1: ❌ Failed to connect to SSH agent: %s", err.Error()) + return nil // nothing else we can do + } + if os.Getenv("SSH_KNOWN_HOSTS") == "" { + options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!") + auth.HostKeyCallback = LogHostKeyCallback(options.Logger) + } + return auth + } + + auth := &gitssh.PublicKeys{ + User: options.GitUsername, + Signer: signer, + } + + // Generally git clones over SSH use the 'git' user, but respect + // GIT_USERNAME if set. + if auth.User == "" { + auth.User = "git" + } + + // Duplicated code due to Go's type system. + if os.Getenv("SSH_KNOWN_HOSTS") == "" { + options.Logger(notcodersdk.LogLevelWarn, "#1: 🔓 SSH_KNOWN_HOSTS not set, accepting all host keys!") + auth.HostKeyCallback = LogHostKeyCallback(options.Logger) + } + return auth +} diff --git a/git_test.go b/git_test.go index 2c6dd13e..35a1289c 100644 --- a/git_test.go +++ b/git_test.go @@ -2,74 +2,428 @@ package envbuilder_test import ( "context" + "crypto/ed25519" + "fmt" "io" "net/http/httptest" + "net/url" "os" + "path/filepath" + "regexp" "testing" - "time" "github.com/coder/envbuilder" - "github.com/coder/envbuilder/gittest" + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/coder/envbuilder/testutil/gittest" + "github.com/coder/envbuilder/testutil/mwtest" + "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/memfs" - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-billy/v5/osfs" + githttp "github.com/go-git/go-git/v5/plumbing/transport/http" + gitssh "github.com/go-git/go-git/v5/plumbing/transport/ssh" "github.com/stretchr/testify/require" + gossh "golang.org/x/crypto/ssh" ) func TestCloneRepo(t *testing.T) { t.Parallel() - t.Run("Clones", func(t *testing.T) { + for _, tc := range []struct { + name string + srvUsername string + srvPassword string + username string + password string + mungeURL func(*string) + expectError string + expectClone bool + }{ + { + name: "no auth", + expectClone: true, + }, + { + name: "auth", + srvUsername: "user", + srvPassword: "password", + username: "user", + password: "password", + expectClone: true, + }, + { + name: "auth but no creds", + srvUsername: "user", + srvPassword: "password", + expectClone: false, + expectError: "authentication required", + }, + { + name: "invalid auth", + srvUsername: "user", + srvPassword: "password", + username: "notuser", + password: "notpassword", + expectClone: false, + expectError: "authentication required", + }, + { + name: "tokenish username", + srvUsername: "tokentokentoken", + srvPassword: "", + username: "tokentokentoken", + password: "", + expectClone: true, + }, + } { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + // We do not overwrite a repo if one is already present. + t.Run("AlreadyCloned", func(t *testing.T) { + srvFS := memfs.New() + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + authMW := mwtest.BasicAuthMW(tc.srvUsername, tc.srvPassword) + srv := httptest.NewServer(authMW(gittest.NewServer(srvFS))) + clientFS := memfs.New() + // A repo already exists! + _ = gittest.NewRepo(t, clientFS) + cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ + Path: "/", + RepoURL: srv.URL, + Storage: clientFS, + }) + require.NoError(t, err) + require.False(t, cloned) + }) + + // Basic Auth + t.Run("BasicAuth", func(t *testing.T) { + t.Parallel() + srvFS := memfs.New() + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + authMW := mwtest.BasicAuthMW(tc.srvUsername, tc.srvPassword) + srv := httptest.NewServer(authMW(gittest.NewServer(srvFS))) + clientFS := memfs.New() + + cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ + Path: "/workspace", + RepoURL: srv.URL, + Storage: clientFS, + RepoAuth: &githttp.BasicAuth{ + Username: tc.username, + Password: tc.password, + }, + }) + require.Equal(t, tc.expectClone, cloned) + if tc.expectError != "" { + require.ErrorContains(t, err, tc.expectError) + return + } + require.NoError(t, err) + require.True(t, cloned) + + readme := mustRead(t, clientFS, "/workspace/README.md") + require.Equal(t, "Hello, world!", readme) + gitConfig := mustRead(t, clientFS, "/workspace/.git/config") + // Ensure we do not modify the git URL that folks pass in. + require.Regexp(t, fmt.Sprintf(`(?m)^\s+url\s+=\s+%s\s*$`, regexp.QuoteMeta(srv.URL)), gitConfig) + }) + + // In-URL-style auth e.g. http://user:password@host:port + t.Run("InURL", func(t *testing.T) { + t.Parallel() + srvFS := memfs.New() + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + authMW := mwtest.BasicAuthMW(tc.srvUsername, tc.srvPassword) + srv := httptest.NewServer(authMW(gittest.NewServer(srvFS))) + + authURL, err := url.Parse(srv.URL) + require.NoError(t, err) + authURL.User = url.UserPassword(tc.username, tc.password) + clientFS := memfs.New() + + cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ + Path: "/workspace", + RepoURL: authURL.String(), + Storage: clientFS, + }) + require.Equal(t, tc.expectClone, cloned) + if tc.expectError != "" { + require.ErrorContains(t, err, tc.expectError) + return + } + require.NoError(t, err) + require.True(t, cloned) + + readme := mustRead(t, clientFS, "/workspace/README.md") + require.Equal(t, "Hello, world!", readme) + gitConfig := mustRead(t, clientFS, "/workspace/.git/config") + // Ensure we do not modify the git URL that folks pass in. + require.Regexp(t, fmt.Sprintf(`(?m)^\s+url\s+=\s+%s\s*$`, regexp.QuoteMeta(authURL.String())), gitConfig) + }) + }) + } +} + +func TestCloneRepoSSH(t *testing.T) { + t.Parallel() + + t.Run("AuthSuccess", func(t *testing.T) { t.Parallel() - serverFS := memfs.New() - repo := gittest.NewRepo(t, serverFS) - tree, err := repo.Worktree() - require.NoError(t, err) + // TODO: test the rest of the cloning flow. This just tests successful auth. + tmpDir := t.TempDir() + srvFS := osfs.New(tmpDir, osfs.WithChrootOS()) - gittest.WriteFile(t, serverFS, "README.md", "Hello, world!") - _, err = tree.Add("README.md") - require.NoError(t, err) - commit, err := tree.Commit("Wow!", &git.CommitOptions{ - Author: &object.Signature{ - Name: "Example", - Email: "in@tests.com", - When: time.Now(), + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + key := randKeygen(t) + tr := gittest.NewServerSSH(t, srvFS, key.PublicKey()) + gitURL := tr.String() + clientFS := memfs.New() + + cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ + Path: "/workspace", + RepoURL: gitURL, + Storage: clientFS, + RepoAuth: &gitssh.PublicKeys{ + User: "", + Signer: key, + HostKeyCallbackHelper: gitssh.HostKeyCallbackHelper{ + // Not testing host keys here. + HostKeyCallback: gossh.InsecureIgnoreHostKey(), + }, }, }) - require.NoError(t, err) - _, err = repo.CommitObject(commit) - require.NoError(t, err) + // TODO: ideally, we want to test the entire cloning flow. + // For now, this indicates successful ssh key auth. + require.ErrorContains(t, err, "repository not found") + require.False(t, cloned) + }) + + t.Run("AuthFailure", func(t *testing.T) { + t.Parallel() - srv := httptest.NewServer(gittest.NewServer(serverFS)) + tmpDir := t.TempDir() + srvFS := osfs.New(tmpDir, osfs.WithChrootOS()) + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + key := randKeygen(t) + tr := gittest.NewServerSSH(t, srvFS, key.PublicKey()) + gitURL := tr.String() clientFS := memfs.New() + + anotherKey := randKeygen(t) cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ Path: "/workspace", - RepoURL: srv.URL, + RepoURL: gitURL, Storage: clientFS, + RepoAuth: &gitssh.PublicKeys{ + User: "", + Signer: anotherKey, + HostKeyCallbackHelper: gitssh.HostKeyCallbackHelper{ + // Not testing host keys here. + HostKeyCallback: gossh.InsecureIgnoreHostKey(), + }, + }, }) - require.NoError(t, err) - require.True(t, cloned) - - file, err := clientFS.OpenFile("/workspace/README.md", os.O_RDONLY, 0644) - require.NoError(t, err) - defer file.Close() - content, err := io.ReadAll(file) - require.NoError(t, err) - require.Equal(t, "Hello, world!", string(content)) + require.ErrorContains(t, err, "handshake failed") + require.False(t, cloned) }) - t.Run("DoesntCloneIfRepoExists", func(t *testing.T) { + // nolint: paralleltest // t.Setenv + t.Run("PrivateKeyHostKeyMismatch", func(t *testing.T) { t.Parallel() + + tmpDir := t.TempDir() + srvFS := osfs.New(tmpDir, osfs.WithChrootOS()) + + _ = gittest.NewRepo(t, srvFS, gittest.Commit(t, "README.md", "Hello, world!", "Wow!")) + key := randKeygen(t) + tr := gittest.NewServerSSH(t, srvFS, key.PublicKey()) + gitURL := tr.String() clientFS := memfs.New() - gittest.NewRepo(t, clientFS) + cloned, err := envbuilder.CloneRepo(context.Background(), envbuilder.CloneRepoOptions{ - Path: "/", - RepoURL: "https://example.com", + Path: "/workspace", + RepoURL: gitURL, Storage: clientFS, + RepoAuth: &gitssh.PublicKeys{ + User: "", + Signer: key, + HostKeyCallbackHelper: gitssh.HostKeyCallbackHelper{ + HostKeyCallback: gossh.FixedHostKey(randKeygen(t).PublicKey()), + }, + }, }) - require.NoError(t, err) + require.ErrorContains(t, err, "ssh: host key mismatch") require.False(t, cloned) }) } + +// nolint:paralleltest // t.Setenv for SSH_AUTH_SOCK +func TestSetupRepoAuth(t *testing.T) { + t.Setenv("SSH_AUTH_SOCK", "") + t.Run("Empty", func(t *testing.T) { + opts := &envbuilder.Options{ + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + require.Nil(t, auth) + }) + + t.Run("HTTP/NoAuth", func(t *testing.T) { + opts := &envbuilder.Options{ + GitURL: "http://host.tld/repo", + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + require.Nil(t, auth) + }) + + t.Run("HTTP/BasicAuth", func(t *testing.T) { + opts := &envbuilder.Options{ + GitURL: "http://host.tld/repo", + GitUsername: "user", + GitPassword: "pass", + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + ba, ok := auth.(*githttp.BasicAuth) + require.True(t, ok) + require.Equal(t, opts.GitUsername, ba.Username) + require.Equal(t, opts.GitPassword, ba.Password) + }) + + t.Run("HTTPS/BasicAuth", func(t *testing.T) { + opts := &envbuilder.Options{ + GitURL: "https://host.tld/repo", + GitUsername: "user", + GitPassword: "pass", + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + ba, ok := auth.(*githttp.BasicAuth) + require.True(t, ok) + require.Equal(t, opts.GitUsername, ba.Username) + require.Equal(t, opts.GitPassword, ba.Password) + }) + + t.Run("SSH/WithScheme", func(t *testing.T) { + kPath := writeTestPrivateKey(t) + opts := &envbuilder.Options{ + GitURL: "ssh://host.tld/repo", + GitSSHPrivateKeyPath: kPath, + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + _, ok := auth.(*gitssh.PublicKeys) + require.True(t, ok) + }) + + t.Run("SSH/NoScheme", func(t *testing.T) { + kPath := writeTestPrivateKey(t) + opts := &envbuilder.Options{ + GitURL: "git@host.tld:repo/path", + GitSSHPrivateKeyPath: kPath, + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + _, ok := auth.(*gitssh.PublicKeys) + require.True(t, ok) + }) + + t.Run("SSH/OtherScheme", func(t *testing.T) { + // Anything that is not https:// or http:// is treated as SSH. + kPath := writeTestPrivateKey(t) + opts := &envbuilder.Options{ + GitURL: "git://git@host.tld:repo/path", + GitSSHPrivateKeyPath: kPath, + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + _, ok := auth.(*gitssh.PublicKeys) + require.True(t, ok) + }) + + t.Run("SSH/GitUsername", func(t *testing.T) { + kPath := writeTestPrivateKey(t) + opts := &envbuilder.Options{ + GitURL: "host.tld:12345/repo/path", + GitSSHPrivateKeyPath: kPath, + GitUsername: "user", + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + _, ok := auth.(*gitssh.PublicKeys) + require.True(t, ok) + }) + + t.Run("SSH/PrivateKey", func(t *testing.T) { + kPath := writeTestPrivateKey(t) + opts := &envbuilder.Options{ + GitURL: "ssh://git@host.tld:repo/path", + GitSSHPrivateKeyPath: kPath, + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + pk, ok := auth.(*gitssh.PublicKeys) + require.True(t, ok) + require.NotNil(t, pk.Signer) + actualSigner, err := gossh.ParsePrivateKey([]byte(testKey)) + require.NoError(t, err) + require.Equal(t, actualSigner, pk.Signer) + }) + + t.Run("SSH/NoAuthMethods", func(t *testing.T) { + opts := &envbuilder.Options{ + GitURL: "ssh://git@host.tld:repo/path", + Logger: testLog(t), + } + auth := envbuilder.SetupRepoAuth(opts) + require.Nil(t, auth) // TODO: actually test SSH_AUTH_SOCK + }) +} + +func mustRead(t *testing.T, fs billy.Filesystem, path string) string { + t.Helper() + f, err := fs.OpenFile(path, os.O_RDONLY, 0o644) + require.NoError(t, err) + content, err := io.ReadAll(f) + require.NoError(t, err) + return string(content) +} + +// generates a random ed25519 private key +func randKeygen(t *testing.T) gossh.Signer { + t.Helper() + _, key, err := ed25519.GenerateKey(nil) + require.NoError(t, err) + signer, err := gossh.NewSignerFromKey(key) + require.NoError(t, err) + return signer +} + +func testLog(t *testing.T) envbuilder.LoggerFunc { + return func(_ notcodersdk.LogLevel, format string, args ...interface{}) { + t.Logf(format, args...) + } +} + +// nolint:gosec // Throw-away key for testing. DO NOT REUSE. +var testKey = `-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBXOGgAge/EbcejqASqZa6s8PFXZle56DiGEt0VYnljuwAAAKgM05mUDNOZ +lAAAAAtzc2gtZWQyNTUxOQAAACBXOGgAge/EbcejqASqZa6s8PFXZle56DiGEt0VYnljuw +AAAEDCawwtjrM4AGYXD1G6uallnbsgMed4cfkFsQ+mLZtOkFc4aACB78Rtx6OoBKplrqzw +8VdmV7noOIYS3RVieWO7AAAAHmNpYW5AY2RyLW1icC1mdmZmdzBuOHEwNXAuaG9tZQECAw +QFBgc= +-----END OPENSSH PRIVATE KEY-----` + +func writeTestPrivateKey(t *testing.T) string { + t.Helper() + tmpDir := t.TempDir() + kPath := filepath.Join(tmpDir, "test.key") + require.NoError(t, os.WriteFile(kPath, []byte(testKey), 0o600)) + return kPath +} diff --git a/go.mod b/go.mod index 3f3e3ab4..c831fdfc 100644 --- a/go.mod +++ b/go.mod @@ -1,284 +1,200 @@ module github.com/coder/envbuilder -go 1.21.1 +go 1.22 -toolchain go1.21.5 +toolchain go1.22.3 // There are a few options we need added to Kaniko! // See: https://github.com/GoogleContainerTools/kaniko/compare/main...coder:kaniko:main -replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240103181425-f83d15201044 - -// Required to import the codersdk! -replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1 - -// Latest gvisor otherwise has refactored packages and is currently incompatible with -// Tailscale, to remove our tempfork this needs to be addressed. -replace gvisor.dev/gvisor => github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3 +replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15 require ( cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 github.com/GoogleContainerTools/kaniko v1.9.2 github.com/breml/rootcerts v0.2.10 - github.com/coder/coder/v2 v2.3.3 - github.com/containerd/containerd v1.7.11 - github.com/distribution/distribution/v3 v3.0.0-20230629214736-bac7f02e02a1 - github.com/docker/cli v23.0.5+incompatible - github.com/docker/docker v23.0.8+incompatible - github.com/fatih/color v1.16.0 + github.com/chainguard-dev/git-urls v1.0.2 + github.com/coder/retry v1.5.1 + github.com/coder/serpent v0.7.0 + github.com/containerd/containerd v1.7.15 + github.com/distribution/distribution/v3 v3.0.0-alpha.1 + github.com/docker/cli v26.1.0+incompatible + github.com/docker/docker v26.1.0+incompatible + github.com/fatih/color v1.17.0 + github.com/gliderlabs/ssh v0.3.7 github.com/go-git/go-billy/v5 v5.5.0 - github.com/go-git/go-git/v5 v5.11.0 - github.com/google/go-containerregistry v0.15.2 + github.com/go-git/go-git/v5 v5.12.0 + github.com/google/go-containerregistry v0.19.1 + github.com/google/uuid v1.6.0 + github.com/hashicorp/go-multierror v1.1.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/mattn/go-isatty v0.0.20 - github.com/moby/buildkit v0.11.6 + github.com/moby/buildkit v0.13.1 github.com/otiai10/copy v1.14.0 + github.com/prometheus/procfs v0.15.0 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.7.0 - github.com/stretchr/testify v1.8.4 + github.com/skeema/knownhosts v1.2.2 + github.com/stretchr/testify v1.9.0 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a - golang.org/x/sync v0.6.0 - golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 + go.uber.org/mock v0.4.0 + golang.org/x/crypto v0.24.0 + golang.org/x/sync v0.7.0 + golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 ) require ( - cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/longrunning v0.5.4 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect - filippo.io/edwards25519 v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go v61.3.0+incompatible // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect + github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect + github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.28 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect + github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect + github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/DataDog/appsec-internal-go v1.0.0 // indirect - github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 // indirect - github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.0-devel.0.20230725154044-2549ba9058df // indirect - github.com/DataDog/datadog-go/v5 v5.3.0 // indirect - github.com/DataDog/go-libddwaf v1.5.0 // indirect - github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect - github.com/DataDog/gostackparse v0.7.0 // indirect - github.com/DataDog/sketches-go v1.4.2 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/akutz/memconn v0.1.0 // indirect - github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 // indirect - github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/aws/aws-sdk-go-v2 v1.20.3 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.32 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.31 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.18.10 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.37.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 // indirect - github.com/aws/smithy-go v1.19.0 // indirect - github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230522190001-adf1bafd791a // indirect + github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect + github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/smithy-go v1.20.2 // indirect + github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/charmbracelet/lipgloss v0.8.0 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/cilium/ebpf v0.12.3 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/coder/retry v1.5.1 // indirect - github.com/coder/terraform-provider-coder v0.13.0 // indirect + github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 // indirect github.com/containerd/cgroups v1.1.0 // indirect - github.com/containerd/continuity v0.4.2 // indirect + github.com/containerd/cgroups/v3 v3.0.2 // indirect + github.com/containerd/continuity v0.4.3 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/typeurl v1.0.2 // indirect - github.com/coreos/go-iptables v0.6.0 // indirect - github.com/coreos/go-oidc/v3 v3.9.0 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect + github.com/containerd/ttrpc v1.2.3 // indirect + github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect + github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/djherbis/times v1.6.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker-credential-helpers v0.7.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/docker-credential-helpers v0.8.1 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect - github.com/dustin/go-humanize v1.0.1 // indirect github.com/ePirat/docker-credential-gitlabci v1.0.0 // indirect - github.com/ebitengine/purego v0.5.0-alpha.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/fxamacker/cbor/v2 v2.4.0 // indirect - github.com/go-chi/chi/v5 v5.0.10 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/frankban/quicktest v1.14.6 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-ole/go-ole v1.2.6 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/gomodule/redigo v1.8.9 // indirect - github.com/google/btree v1.1.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c // indirect - github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect - github.com/google/uuid v1.6.0 // indirect github.com/gorilla/handlers v1.5.1 // indirect - github.com/gorilla/mux v1.8.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect + github.com/gorilla/mux v1.8.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect - github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-memdb v1.3.2 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect - github.com/hashicorp/golang-lru/v2 v2.0.3 // indirect - github.com/hashicorp/hcl/v2 v2.17.0 // indirect - github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.12.0 // indirect - github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect - github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 // indirect - github.com/hashicorp/yamux v0.1.1 // indirect - github.com/hdevalence/ed25519consensus v0.1.0 // indirect - github.com/illarion/gonotify v1.0.1 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 // indirect + github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect + github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect - github.com/jsimonetti/rtnetlink v1.3.5 // indirect github.com/karrick/godirwalk v1.16.1 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.17.4 // indirect - github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mdlayher/genetlink v1.3.2 // indirect - github.com/mdlayher/netlink v1.7.2 // indirect - github.com/mdlayher/sdnotify v1.0.0 // indirect - github.com/mdlayher/socket v0.5.0 // indirect - github.com/miekg/dns v1.1.55 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect github.com/minio/highwayhash v1.0.2 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/go-ps v1.0.0 // indirect - github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/patternmatcher v0.5.0 // indirect + github.com/moby/patternmatcher v0.6.0 // indirect github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83 // indirect github.com/moby/sys/mount v0.3.3 // indirect - github.com/moby/sys/mountinfo v0.6.2 // indirect + github.com/moby/sys/mountinfo v0.7.1 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/signal v0.7.0 // indirect github.com/moby/sys/symlink v0.2.0 // indirect + github.com/moby/sys/user v0.1.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect - github.com/open-policy-agent/opa v0.58.0 // indirect + github.com/muesli/reflow v0.3.0 // indirect + github.com/muesli/termenv v0.15.2 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect - github.com/opencontainers/runc v1.1.12 // indirect - github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/opencontainers/runtime-spec v1.1.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect - github.com/outcaste-io/ristretto v0.2.3 // indirect - github.com/philhofer/fwd v1.1.2 // indirect - github.com/pierrec/lz4/v4 v4.1.18 // indirect + github.com/pion/transport/v2 v2.0.0 // indirect + github.com/pion/udp v0.1.4 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.18.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect - github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 // indirect - github.com/robfig/cron/v3 v3.0.1 // indirect - github.com/rootless-containers/rootlesskit v1.1.0 // indirect - github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/skeema/knownhosts v1.2.1 // indirect - github.com/spaolacci/murmur3 v1.1.0 // indirect + github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect + github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect + github.com/redis/go-redis/v9 v9.1.0 // indirect + github.com/rivo/uniseg v0.4.4 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d // indirect - github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e // indirect - github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect - github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 // indirect - github.com/tailscale/wireguard-go v0.0.0-20230710185534-bb2c8f22eccf // indirect - github.com/tcnksm/go-httpstat v0.2.0 // indirect - github.com/tinylib/msgp v1.1.8 // indirect - github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa // indirect - github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect - github.com/valyala/fasthttp v1.51.0 // indirect - github.com/vbatts/tar-split v0.11.3 // indirect - github.com/vishvananda/netlink v1.2.1-beta.2 // indirect - github.com/vishvananda/netns v0.0.4 // indirect - github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect - github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect - github.com/vmihailenco/tagparser v0.1.2 // indirect - github.com/x448/float16 v0.8.4 // indirect + github.com/vbatts/tar-split v0.11.5 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/zclconf/go-cty v1.14.1 // indirect - github.com/zeebo/errs v1.3.0 // indirect go.etcd.io/etcd/raft/v3 v3.5.6 // indirect - go.nhat.io/otelsql v0.12.0 // indirect - go.opentelemetry.io/otel v1.19.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect - go.opentelemetry.io/otel/metric v1.19.0 // indirect - go.opentelemetry.io/otel/sdk v1.19.0 // indirect - go.opentelemetry.io/otel/trace v1.19.0 // indirect - go.opentelemetry.io/proto/otlp v1.0.0 // indirect - go.uber.org/atomic v1.11.0 // indirect - go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect - go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect - go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 // indirect - go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect - golang.org/x/crypto v0.19.0 // indirect - golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.uber.org/goleak v1.3.0 // indirect + golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.19.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect - golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect - golang.zx2c4.com/wireguard/windows v0.5.3 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect - google.golang.org/grpc v1.61.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/grpc v1.63.2 // indirect google.golang.org/protobuf v1.33.0 // indirect - gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - gvisor.dev/gvisor v0.0.0-20240301031223-3172bc04679b // indirect - inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect - inet.af/peercred v0.0.0-20210906144145-0893ea02156a // indirect - nhooyr.io/websocket v1.8.7 // indirect - storj.io/drpc v0.0.33-0.20230420154621-9716137f6037 // indirect - tailscale.com v1.46.1 // indirect ) diff --git a/go.sum b/go.sum index 10d41283..ee16941c 100644 --- a/go.sum +++ b/go.sum @@ -1,36 +1,37 @@ cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6 h1:KHblWIE/KHOwQ6lEbMZt6YpcGve2FEZ1sDtrW1Am5UI= cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6/go.mod h1:NaoTA7KwopCrnaSb0JXTC0PTp/O/Y83Lndnq0OEV3ZQ= -cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/logging v1.8.1 h1:26skQWPeYhvIasWKm48+Eq7oUqdcdbwsCVwz5Ys0FvU= -cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= -cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg= -cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/logging v1.9.0 h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw= +cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE= +cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek= -filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= -filippo.io/mkcert v1.4.4 h1:8eVbbwfVlaqUM7OwuftKc2nuYOoTDQWqsoXmzoXZdbc= -filippo.io/mkcert v1.4.4/go.mod h1:VyvOchVuAye3BoUsPUOOofKygVwLV2KQMVFJNRq+1dA= -github.com/Azure/azure-sdk-for-go v61.3.0+incompatible h1:k7MKrYcGwX5qh+fC9xVhcEuaZajFfbDYMEgo8oemTLo= -github.com/Azure/azure-sdk-for-go v61.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM= -github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= @@ -40,290 +41,181 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= -github.com/DataDog/appsec-internal-go v1.0.0 h1:2u5IkF4DBj3KVeQn5Vg2vjPUtt513zxEYglcqnd500U= -github.com/DataDog/appsec-internal-go v1.0.0/go.mod h1:+Y+4klVWKPOnZx6XESG7QHydOaUGEXyH2j/vSg9JiNM= -github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0 h1:bUMSNsw1iofWiju9yc1f+kBd33E3hMJtq9GuU602Iy8= -github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.0/go.mod h1:HzySONXnAgSmIQfL6gOv9hWprKJkx8CicuXuUbmgWfo= -github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.0-devel.0.20230725154044-2549ba9058df h1:PbzrhHhs2+RRdKKti7JBSM8ATIeiji2T2cVt/d8GT8k= -github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.0-devel.0.20230725154044-2549ba9058df/go.mod h1:5Q39ZOIOwZMnFyRadp+5gH1bFdjmb+Pgxe+j5XOwaTg= -github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8= -github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q= -github.com/DataDog/go-libddwaf v1.5.0 h1:lrHP3VrEriy1M5uQuaOcKphf5GU40mBhihMAp6Ik55c= -github.com/DataDog/go-libddwaf v1.5.0/go.mod h1:Fpnmoc2k53h6desQrH1P0/gR52CUzkLNFugE5zWwUBQ= -github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I= -github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0= -github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4= -github.com/DataDog/gostackparse v0.7.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM= -github.com/DataDog/sketches-go v1.4.2 h1:gppNudE9d19cQ98RYABOetxIhpTCl4m7CnbRZjvVA/o= -github.com/DataDog/sketches-go v1.4.2/go.mod h1:xJIXldczJyyjnbDop7ZZcLxJdV3+7Kra7H1KMgpgkLk= -github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc= -github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE= -github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= -github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= -github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= +github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= -github.com/akutz/memconn v0.1.0 h1:NawI0TORU4hcOMsMr11g7vwlCdkYeLKXBcxWu2W/P8A= -github.com/akutz/memconn v0.1.0/go.mod h1:Jo8rI7m0NieZyLI5e2CDlRdRqRRB4S7Xp77ukDjH+Fw= -github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= -github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= -github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/ammario/tlru v0.3.0 h1:yK8ESoFlEyz/BVVL8yZQKAUzJwFJR/j9EfxjnKxtR/Q= -github.com/ammario/tlru v0.3.0/go.mod h1:aYzRFu0XLo4KavE9W8Lx7tzjkX+pAApz+NgcKYIFUBQ= -github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= -github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= -github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= -github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= -github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= -github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= -github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= -github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= -github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4= -github.com/aws/aws-sdk-go-v2 v1.20.3 h1:lgeKmAZhlj1JqN43bogrM75spIvYnRxqTAh1iupu1yE= -github.com/aws/aws-sdk-go-v2 v1.20.3/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= -github.com/aws/aws-sdk-go-v2/config v1.18.22/go.mod h1:mN7Li1wxaPxSSy4Xkr6stFuinJGf3VZW3ZSNvO0q6sI= -github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI= -github.com/aws/aws-sdk-go-v2/config v1.18.32/go.mod h1:U3ZF0fQRRA4gnbn9GGvOWLoT2EzzZfAWeKwnVrm1rDc= -github.com/aws/aws-sdk-go-v2/credentials v1.13.21/go.mod h1:90Dk1lJoMyspa/EDUrldTxsPns0wn6+KpRKpdAWc0uA= -github.com/aws/aws-sdk-go-v2/credentials v1.13.31 h1:vJyON3lG7R8VOErpJJBclBADiWTwzcwdkQpTKx8D2sk= -github.com/aws/aws-sdk-go-v2/credentials v1.13.31/go.mod h1:T4sESjBtY2lNxLgkIASmeP57b5j7hTQqCbqG0tWnxC4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 h1:X3H6+SU21x+76LRglk21dFRgMTJMa5QcpW+SqUf5BBg= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7/go.mod h1:3we0V09SwcJBzNlnyovrR2wWJhWmVdqAsmVs4uronv8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37/go.mod h1:Pdn4j43v49Kk6+82spO3Tu5gSeQXRsxo56ePPQAvFiA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 h1:CXceCS9BrDInRc74GDCQ8Qyk/Gp9VLdK+Rlve+zELSE= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40/go.mod h1:5kKmFhLeOVy6pwPDpDNA6/hK/d6URC98pqDDqHgdBx4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 h1:B+nZtd22cbko5+793hg7LEaTeLMiZwlgCLUrN5Y0uzg= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34/go.mod h1:RZP0scceAyhMIQ9JvFp7HvkpcgqjL4l/4C+7RAeGbuM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 h1:+i1DOFrW3YZ3apE45tCal9+aDKK6kNEbW6Ib7e1nFxE= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38/go.mod h1:1/jLp0OgOaWIetycOmycW+vYTYgTZFPttJQRgsI1PoU= -github.com/aws/aws-sdk-go-v2/service/ecr v1.18.10 h1:3s6Jg0xx6U/wDVgZy8exuZoGlsL/6tYcItAaXg9vMSA= -github.com/aws/aws-sdk-go-v2/service/ecr v1.18.10/go.mod h1:Ce1q2jlNm8BVpjLaOnwnm5v2RClAbK6txwPljFzyW6c= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.1 h1:iqooVPD/xAM5SCTbrFsBeuiQ2o0D9wdqlHcUBTDxJPA= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.1/go.mod h1:uHtRE7aqXNmpeYL+7Ec7LacH5zC9+w2T5MBOeEKDdu0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31/go.mod h1:3+lloe3sZuBQw1aBc5MyndvodzQlyqCZ7x1QPDHaWP4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 h1:JwvXk+1ePAD9xkFHprhHYqwsxLDcbNFsPI1IAT2sPS0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34/go.mod h1:ytsF+t+FApY2lFnN51fJKPhH6ICKOPXKEcwwgmJEdWI= -github.com/aws/aws-sdk-go-v2/service/ssm v1.37.1 h1:8wSXZ0h+Oqwe44nBX8kW5A98pgoKaI3BpolnnpuBcOA= -github.com/aws/aws-sdk-go-v2/service/ssm v1.37.1/go.mod h1:Z4GG8XYwKzRKKtexaeWeVmPVdwRDgh+LaR5ildi4mYQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.9/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI= -github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 h1:DSNpSbfEgFXRV+IfEcKE5kTbqxm+MeF5WgyeRlsLnHY= -github.com/aws/aws-sdk-go-v2/service/sso v1.13.1/go.mod h1:TC9BubuFMVScIU+TLKamO6VZiYTkYoEHqlSQwAe2omw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 h1:hd0SKLMdOL/Sl6Z0np1PX9LeH2gqNtBe0MhTedA8MGI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1/go.mod h1:XO/VcyoQ8nKyKfFW/3DMsRQXsfh/052tHTWmg3xBXRg= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.10/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8= -github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 h1:pAOJj+80tC8sPVgSDHzMYD6KLWsaLQ1kZw31PTeORbs= -github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI= -github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= -github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230522190001-adf1bafd791a h1:rW+dV12c0WD3+O4Zs8Qt4+oqnr8ecXeyg8g3yB73ZKA= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230522190001-adf1bafd791a/go.mod h1:1mvdZLjy932pV2fhj1jjwUSHaF5Ogq2gk5bvi/6ngEU= +github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= +github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= +github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= +github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 h1:Qr9W21mzWT3RhfYn9iAux7CeRIdbnTAqmiOlASqQgZI= +github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4/go.mod h1:if7ybzzjOmDB8pat9FE35AHTY6ZxlYSy3YviSmFZv8c= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4 h1:aNuiieMaS2IHxqAsTdM/pjHyY1aoaDLBGLqpNnFMMqk= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4/go.mod h1:8pvvNAklmq+hKmqyvFoMRg0bwg9sdGOvdwximmKiKP0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44 h1:oNDkocd5/+6jUuxyz07jQWnKhgpNtKQoZSXKMb7emqQ= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44/go.mod h1:2nlYPkG0rFrODp6R875pk/kOnB8Ivj3+onhzk2mO57g= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= -github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= -github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bool64/shared v0.1.5 h1:fp3eUhBsrSjNCQPcSdQqZxxh9bBwrYiZ+zOKFkM0/2E= -github.com/bool64/shared v0.1.5/go.mod h1:081yz68YC9jeFB3+Bbmno2RFWvGKv1lPKkMP6MHJlPs= github.com/breml/rootcerts v0.2.10 h1:UGVZ193UTSUASpGtg6pbDwzOd7XQP+at0Ssg1/2E4h8= github.com/breml/rootcerts v0.2.10/go.mod h1:24FDtzYMpqIeYC7QzaE8VPRQaFZU5TIUDlyk8qwjD88= +github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w= +github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0= +github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= +github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= +github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk= -github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/charmbracelet/glamour v0.6.0 h1:wi8fse3Y7nfcabbbDuwolqTqMQPMnVPeZhDM273bISc= -github.com/charmbracelet/glamour v0.6.0/go.mod h1:taqWV4swIMMbWALc0m7AfE9JkPSU8om2538k9ITBxOc= +github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ= +github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o= github.com/charmbracelet/lipgloss v0.8.0 h1:IS00fk4XAHcf8uZKc3eHeMUTCxUH6NkaTrdyCQk84RU= github.com/charmbracelet/lipgloss v0.8.0/go.mod h1:p4eYUZZJ/0oXTuCQKFF8mqyKCz0ja6y+7DniDDw5KKU= -github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0= -github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA= -github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo= -github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/coder/coder/v2 v2.3.3 h1:KGrlKg5NVrLPwFPJv+ZLAuQ4PW88YdzanwIi8EzjXQQ= -github.com/coder/coder/v2 v2.3.3/go.mod h1:5PTYkd15l/qyFTpEuOlnMiiENH+Wfj83BdDx6GhR3ac= -github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3 h1:gtuDFa+InmMVUYiurBV+XYu24AeMGv57qlZ23i6rmyE= -github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3/go.mod h1:pzr6sy8gDLfVmDAg8OYrlKvGEHw5C3PGTiBXBTCx76Q= -github.com/coder/kaniko v0.0.0-20240103181425-f83d15201044 h1:28V9fkQdceB0FzjyavTU6r+II5NwRpJqNdzUSfe6RPU= -github.com/coder/kaniko v0.0.0-20240103181425-f83d15201044/go.mod h1:byIUWxhLPDuO0o38iG+ffFWmIhUCSc8/N1INJZhjcUY= +github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15 h1:Rne2frxrqtLEQ/v4f/wS550Yp/WXLCRFzDuxg8b9woM= +github.com/coder/kaniko v0.0.0-20240624091120-7208a49f5b15/go.mod h1:YMK7BlxerzLlMwihGxNWUaFoN9LXCij4P+w/8/fNlcM= +github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs= +github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc= github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY= -github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1 h1:A7dZHNidAVH6Kxn5D3hTEH+iRO8slnM0aRer6/cxlyE= -github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4= -github.com/coder/terraform-provider-coder v0.13.0 h1:MjW7O+THAiqIYcxyiuBoGbFEduqgjp7tUZhSkiwGxwo= -github.com/coder/terraform-provider-coder v0.13.0/go.mod h1:g2bDO+IkYqMSMxMdziOlyZsVh5BP/8wBIDvhIkSJ4rg= +github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0= +github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= -github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= -github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= +github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= +github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes= +github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY= +github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= +github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= -github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= -github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= -github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk= -github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= -github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= -github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= +github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= +github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= +github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0= +github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM= +github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= +github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/distribution/distribution/v3 v3.0.0-20230629214736-bac7f02e02a1 h1:yRwt9RluqBtKyDLRY7J0Cf/TVqvG56vKx2Eyndy8qNQ= -github.com/distribution/distribution/v3 v3.0.0-20230629214736-bac7f02e02a1/go.mod h1:+fqBJ4vPYo4Uu1ZE4d+bUtTLRXfdSL3NvCZIZ9GHv58= -github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c= -github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0= -github.com/dlclark/regexp2 v1.10.0 h1:+/GIL799phkJqYW+3YbOd8LCcbHzT0Pbo8zl70MHsq0= -github.com/dlclark/regexp2 v1.10.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= -github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiUFud7aeJCIQcgzugtwjyJo= +github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlPXifX/UQ3Y= +github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.8+incompatible h1:z4ZCIwfqHgOEwhxmAWugSL1PFtPQmLP60EVhJYJPaX8= -github.com/docker/docker v23.0.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM= +github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= +github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4= -github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= -github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw= github.com/ePirat/docker-credential-gitlabci v1.0.0 h1:YRkUSvkON6rT88vtscClAmPEYWhtltGEAuRVYtz1/+Y= github.com/ePirat/docker-credential-gitlabci v1.0.0/go.mod h1:Ptmh+D0lzBQtgb6+QHjXl9HqOn3T1P8fKUHldiSQQGA= -github.com/ebitengine/purego v0.5.0-alpha.1 h1:0gVgWGb8GjKYs7cufvfNSleJAD00m2xWC26FMwOjNrw= -github.com/ebitengine/purego v0.5.0-alpha.1/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ= -github.com/elastic/go-sysinfo v1.11.0 h1:QW+6BF1oxBoAprH3w2yephF7xLkrrSXj7gl2xC2BM4w= -github.com/elastic/go-sysinfo v1.11.0/go.mod h1:6KQb31j0QeWBDF88jIdWSxE8cwoOB9tO4Y4osN7Q70E= -github.com/elastic/go-windows v1.0.0 h1:qLURgZFkkrYyTTkvYpsZIgf83AUsdIHfvlJaqaZ7aSY= -github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= -github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= -github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= -github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= -github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= -github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= -github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= -github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I= -github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo= -github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk= -github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= -github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= -github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= -github.com/go-chi/httprate v0.7.4 h1:a2GIjv8he9LRf3712zxxnRdckQCm7I8y8yQhkJ84V6M= -github.com/go-chi/httprate v0.7.4/go.mod h1:6GOYBSwnpra4CQfAKXu8sQZg+nZ0M1g9QnyFvxrAB8A= -github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8= -github.com/go-chi/render v1.0.1/go.mod h1:pq4Rr7HbnsdaeHagklXub+p6Wd16Af5l9koip1OvJns= +github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= +github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= -github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= -github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -332,47 +224,10 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= -github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/spec v0.20.6 h1:ich1RQ3WDbfoeTqTAb+5EIxNmpKVJZWBNah9RAT0jIQ= -github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= -github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= -github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= -github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= -github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= -github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= -github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM= -github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM= -github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= -github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= -github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= -github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= -github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og= -github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= -github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk= -github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= -github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -381,82 +236,52 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-migrate/migrate/v4 v4.16.0 h1:FU2GR7EdAO0LmhNLcKthfDzuYCtMcWNR7rUbZjsgH3o= -github.com/golang-migrate/migrate/v4 v4.16.0/go.mod h1:qXiwa/3Zeqaltm1MxOCZDYysW/F6folYiBgBG03l9hc= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= -github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws= -github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE= -github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= -github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= -github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= -github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= -github.com/google/go-github/v43 v43.0.1-0.20220414155304-00e42332e405 h1:DdHws/YnnPrSywrjNYu2lEHqYHWp/LnEx56w59esd54= -github.com/google/go-github/v43 v43.0.1-0.20220414155304-00e42332e405/go.mod h1:4RgUDSnsxP19d65zJWqvqJ/poJxBCvmna50eXmIvoR8= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c h1:06RMfw+TMMHtRuUOroMeatRCCgSMWXCJQeABvHU69YQ= -github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c/go.mod h1:BVIYo3cdnT4qSylnYqcd5YtmXhr51cJPGtnLBe/uLBU= -github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo= -github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= -github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= -github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= -github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -464,80 +289,26 @@ github.com/hashicorp/go-memdb v1.3.2 h1:RBKHOsnSszpU6vxq80LzC2BaQjuuvoyaQbkLTf7V github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ= -github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/golang-lru/v2 v2.0.3 h1:kmRrRLlInXvng0SmLxmQpQkpbYAvcXm7NPDrgxJa9mE= -github.com/hashicorp/golang-lru/v2 v2.0.3/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/hashicorp/hc-install v0.6.0 h1:fDHnU7JNFNSQebVKYhHZ0va1bC6SrPQ8fpebsvNr2w4= -github.com/hashicorp/hc-install v0.6.0/go.mod h1:10I912u3nntx9Umo1VAeYPUUuehk0aRQJYpMwbX5wQA= -github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY= -github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4= -github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go= -github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8= -github.com/hashicorp/terraform-json v0.17.2-0.20230905102422-cd7b46b136bb h1:tYx6g/IihykJWZXCzn9lpPql1IrADtaMpqNY6lUifA4= -github.com/hashicorp/terraform-json v0.17.2-0.20230905102422-cd7b46b136bb/go.mod h1:0a5tk65jPDbGo2lEMmvmwwvM0qCbOhW33hXtGrJQBgc= -github.com/hashicorp/terraform-plugin-go v0.12.0 h1:6wW9mT1dSs0Xq4LR6HXj1heQ5ovr5GxXNJwkErZzpJw= -github.com/hashicorp/terraform-plugin-go v0.12.0/go.mod h1:kwhmaWHNDvT1B3QiSJdAtrB/D4RaKSY/v3r2BuoWK4M= -github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs= -github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0 h1:+KxZULPsbjpAVoP0WNj/8aVW6EqpcX5JcUcQ5wl7Da4= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.20.0/go.mod h1:DwGJG3KNxIPluVk6hexvDfYR/MS/eKGpiztJoT3Bbbw= -github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg= -github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI= -github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0= -github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= -github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= -github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/hdevalence/ed25519consensus v0.1.0 h1:jtBwzzcHuTmFrQN6xQZn6CQEO/V9f7HsjsjeEZ6auqU= -github.com/hdevalence/ed25519consensus v0.1.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo= -github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02 h1:AgcIVYPa6XJnU3phs104wLj8l5GEththEw6+F79YsIY= -github.com/hinshun/vt10x v0.0.0-20220301184237-5011da428d02/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68= -github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc= -github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE= -github.com/illarion/gonotify v1.0.1 h1:F1d+0Fgbq/sDWjj/r66ekjDG+IDeecQKUFH4wNwsoio= -github.com/illarion/gonotify v1.0.1/go.mod h1:zt5pmDofZpU1f8aqlK0+95eQhoEAn/d4G4B/FjVW4jE= -github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= -github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA= -github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= +github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= +github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= -github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4= -github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk= -github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8= -github.com/jsimonetti/rtnetlink v1.3.5 h1:hVlNQNRlLDGZz31gBPicsG7Q53rnlsz1l1Ix/9XlpVA= -github.com/jsimonetti/rtnetlink v1.3.5/go.mod h1:0LFedyiTkebnd43tE4YAkWGIq9jQphow4CcwxaT2Y00= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/justinas/nosurf v1.1.1 h1:92Aw44hjSK4MxJeMSyDa7jwuI9GR2J/JCQiaKvXXSlk= -github.com/justinas/nosurf v1.1.1/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ= github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= @@ -547,16 +318,9 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= -github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ= -github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk= -github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -565,86 +329,52 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= -github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= -github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= -github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= -github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw= -github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o= -github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= -github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= -github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ3c= -github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE= -github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI= -github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI= -github.com/microcosm-cc/bluemonday v1.0.23 h1:SMZe2IGa0NuHvnVNAZ+6B38gsTbi5e4sViiWJyDDqFY= -github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgStuPzlK76QuruE/z4= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g= github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= -github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= -github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= -github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= -github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= -github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= -github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/buildkit v0.11.6 h1:VYNdoKk5TVxN7k4RvZgdeM4GOyRvIi4Z8MXOY7xvyUs= -github.com/moby/buildkit v0.11.6/go.mod h1:GCqKfHhz+pddzfgaR7WmHVEE3nKKZMMDPpK8mh3ZLv4= +github.com/moby/buildkit v0.13.1 h1:L8afOFhPq2RPJJSr/VyzbufwID7jquZVB7oFHbPRcPE= +github.com/moby/buildkit v0.13.1/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/moby v24.0.1+incompatible h1:VzcmrGPwKZLMsjylQP6yqYz3D+MTwFnPt2BDAPYuzQE= -github.com/moby/moby v24.0.1+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= -github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= -github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= +github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= +github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83 h1:jUbNDiRMDXd2rYoa4bcI+g3nIb4A1R8HNCe9wdCdh8I= github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e8ba9bc83/go.mod h1:GvjR7mC8YuUd9Mq44lrrIZPaXyKPAGEUMBpAQzaj3dI= github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs= github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0= -github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI= github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= +github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= +github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= @@ -652,52 +382,32 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758= -github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs= -github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/open-policy-agent/opa v0.58.0 h1:S5qvevW8JoFizU7Hp66R/Y1SOXol0aCdFYVkzIqIpUo= -github.com/open-policy-agent/opa v0.58.0/go.mod h1:EGWBwvmyt50YURNvL8X4W5hXdlKeNhAHn3QXsetmYcc= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= -github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= -github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w= -github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= +github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= -github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= -github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= -github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0= -github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac= -github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw= -github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0= -github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ= -github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms= +github.com/pion/transport/v2 v2.0.0 h1:bsMYyqHCbkvHwj+eNCFBuxtlKndKfyGI2vaQmM3fIE4= +github.com/pion/transport/v2 v2.0.0/go.mod h1:HS2MEBJTwD+1ZI2eSXSvHJx/HnzQqRy2/LXxt6eVMHc= +github.com/pion/udp v0.1.4 h1:OowsTmu1Od3sD6i3fQUJxJn2fEvJO6L1TidgadtbTI8= +github.com/pion/udp v0.1.4/go.mod h1:G8LDo56HsFwC24LIcnT4YIDU5qcB6NepqqjP0keL2us= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= -github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -708,6 +418,7 @@ github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+ github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -717,206 +428,85 @@ github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1B github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA= -github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052/go.mod h1:uvX/8buq8uVeiZiFht+0lqSLBHF+uGV8BrTv8W/SIwk= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= +github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= +github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY= +github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= -github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/rootless-containers/rootlesskit v1.1.0 h1:cRaRIYxY8oce4eE/zeAUZhgKu/4tU1p9YHN4+suwV7M= -github.com/rootless-containers/rootlesskit v1.1.0/go.mod h1:H+o9ndNe7tS91WqU0/+vpvc+VaCd7TCIWaJjnV0ujUo= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg= -github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= -github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= -github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/sqlc-dev/pqtype v0.3.0 h1:b09TewZ3cSnO5+M1Kqq05y0+OjqIptxELaSayg7bmqk= -github.com/sqlc-dev/pqtype v0.3.0/go.mod h1:oyUjp5981ctiL9UYvj1bVvCKi8OXkCa0u645hce7CAs= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/swaggest/assertjson v1.9.0 h1:dKu0BfJkIxv/xe//mkCrK5yZbs79jL7OVf9Ija7o2xQ= -github.com/swaggest/assertjson v1.9.0/go.mod h1:b+ZKX2VRiUjxfUIal0HDN85W0nHPAYUbYH5WkkSsFsU= -github.com/swaggo/files/v2 v2.0.0 h1:hmAt8Dkynw7Ssz46F6pn8ok6YmGZqHSVLZ+HQM7i0kw= -github.com/swaggo/files/v2 v2.0.0/go.mod h1:24kk2Y9NYEJ5lHuCra6iVwkMjIekMCaFq/0JQj66kyM= -github.com/swaggo/http-swagger/v2 v2.0.1 h1:mNOBLxDjSNwCKlMxcErjjvct/xhc9t2KIO48xzz/V/k= -github.com/swaggo/http-swagger/v2 v2.0.1/go.mod h1:XYhrQVIKz13CxuKD4p4kvpaRB4jJ1/MlfQXVOE+CX8Y= -github.com/swaggo/swag v1.16.2 h1:28Pp+8DkQoV+HLzLx8RGJZXNGKbFqnuvSbAAtoxiY04= -github.com/swaggo/swag v1.16.2/go.mod h1:6YzXnDcpr0767iOejs318CwYkCQqyGer6BizOg03f+E= -github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d h1:K3j02b5j2Iw1xoggN9B2DIEkhWGheqFOeDkdJdBrJI8= -github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d/go.mod h1:2P+hpOwd53e7JMX/L4f3VXkv1G+33ES6IWZSrkIeWNs= -github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e h1:JyeJF/HuSwvxWtsR1c0oKX1lzaSH5Wh4aX+MgiStaGQ= -github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e/go.mod h1:DjoeCULdP6vTJ/xY+nzzR9LaUHprkbZEpNidX0aqEEk= -github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio= -github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw= github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a/go.mod h1:DFSS3NAGHthKo1gTlmEcSBiZrRJXi28rLNd/1udP1c8= -github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 h1:zrsUcqrG2uQSPhaUPjUQwozcRdDdSxxqhNgNZ3drZFk= -github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0= -github.com/tailscale/wireguard-go v0.0.0-20230710185534-bb2c8f22eccf h1:bHQHwIHId353jAF2Lm0cGDjJpse/PYS0I0DTtihL9Ls= -github.com/tailscale/wireguard-go v0.0.0-20230710185534-bb2c8f22eccf/go.mod h1:QRIcq2+DbdIC5sKh/gcAZhuqu6WT6L6G8/ALPN5wqYw= -github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0= -github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8= -github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= -github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw= -github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa h1:XOFp/3aBXlqmOFAg3r6e0qQjPnK5I970LilqX+Is1W8= -github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa/go.mod h1:AvLEd1LEIl64G2Jpgwo7aVV5lGH0ePcKl0ygGIHNYl8= -github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= -github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= -github.com/u-root/u-root v0.11.0 h1:6gCZLOeRyevw7gbTwMj3fKxnr9+yHFlgF3N7udUVNO8= -github.com/u-root/u-root v0.11.0/go.mod h1:DBkDtiZyONk9hzVEdB/PWI9B4TxDkElWlVTHseglrZY= -github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg= -github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264= -github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= -github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= -github.com/unrolled/secure v1.13.0 h1:sdr3Phw2+f8Px8HE5sd1EHdj1aV3yUwed/uZXChLFsk= -github.com/unrolled/secure v1.13.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= -github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= -github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.51.0 h1:8b30A5JlZ6C7AS81RsWjYMQmrZG6feChmgAolCl1SqA= -github.com/valyala/fasthttp v1.51.0/go.mod h1:oI2XroL+lI7vdXyYoQk03bXBThfFl2cVdIA3Xl7cH8g= -github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= -github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= -github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs= -github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= -github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= -github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= -github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= -github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc= -github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/wagslane/go-password-validator v0.3.0 h1:vfxOPzGHkz5S146HDpavl0cw1DSVP061Ry2PX0/ON6I= -github.com/wagslane/go-password-validator v0.3.0/go.mod h1:TI1XJ6T5fRdRnHqHt14pvy1tNVnrwe7m3/f1f2fDphQ= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= +github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= -github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= -github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M= -github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/goldmark v1.5.6 h1:COmQAWTCcGetChm3Ig7G/t8AFAN00t+o8Mt4cf7JpwA= -github.com/yuin/goldmark v1.5.6/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/goldmark-emoji v1.0.1 h1:ctuWEyzGBwiucEqxzwe0SOYDXPAucOrE9NQC18Wa1os= -github.com/yuin/goldmark-emoji v1.0.1/go.mod h1:2w1E6FEWLcDQkoTE+7HU6QF1F6SLlNGjRIBbIZQFqkQ= -github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA= -github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= -github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= -github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= -github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= -github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= go.etcd.io/etcd/raft/v3 v3.5.6 h1:tOmx6Ym6rn2GpZOrvTGJZciJHek6RnC3U/zNInzIN50= go.etcd.io/etcd/raft/v3 v3.5.6/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.nhat.io/otelsql v0.12.0 h1:/rBhWZiwHFLpCm5SGdafm+Owm0OmGmnF31XWxgecFtY= -go.nhat.io/otelsql v0.12.0/go.mod h1:39Hc9/JDfCl7NGrBi1uPP3QPofqwnC/i5SFd7gtDMWM= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib v1.19.0 h1:rnYI7OEPMWFeM4QCqWQ3InMJ0arWMR1i0Cx9A5hcjYM= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= -go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.40.0 h1:hf7JSONqAuXT1PDYYlVhKNMPLe4060d+4RFREcv7X2c= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.40.0/go.mod h1:IxD5qbw/XcnFB7i5k4d7J1aW5iBU2h4DgSxtk4YqR4c= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.17.0 h1:Ut6hgtYcASHwCzRHkXEtSsM251cXJPW+Z9DyLwEn6iI= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.17.0/go.mod h1:TYeE+8d5CjrgBa0ZuRaDeMpIC1xZ7atg4g+nInjuSjc= -go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= -go.opentelemetry.io/otel/sdk/metric v0.40.0 h1:qOM29YaGcxipWjL5FzpyZDpCYrDREvX0mVlmXdOjCHU= -go.opentelemetry.io/otel/sdk/metric v0.40.0/go.mod h1:dWxHtdzdJvg+ciJUKLTKwrMe5P6Dv3FyDbh8UkfgkVs= -go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= +go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= +go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= +go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= +go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= +go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= +go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go4.org/intern v0.0.0-20211027215823-ae77deb06f29/go.mod h1:cS2ma+47FKrLPdXFpr7CuxiTW3eyJbWew4qx0qtQWDA= -go4.org/intern v0.0.0-20230525184215-6c62f75575cb h1:ae7kzL5Cfdmcecbh22ll7lYP3iuUdnfnhiPcSaDgH/8= -go4.org/intern v0.0.0-20230525184215-6c62f75575cb/go.mod h1:Ycrt6raEcnF5FTsLiLKkhBTO6DPX3RCUCUVnks3gFJU= -go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H9rmp5nkDTAst8= -go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g= -go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516 h1:X66ZEoMN2SuaoI/dfZVYobB6E5zjZyyHUMWlCA7MgGE= -go4.org/netipx v0.0.0-20230728180743-ad4cb58a6516/go.mod h1:TQvodOM+hJTioNQJilmLXu08JNb8i+ccq418+KWu1/Y= -go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= -go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 h1:WJhcL4p+YeDxmZWg141nRm7XC8IDmhz7lk5GpadO1Sg= -go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= -golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc= -golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -928,167 +518,152 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE= -golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= +golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210301091718-77cc2087c03b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg= -golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= -golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE= -golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI= -google.golang.org/api v0.152.0 h1:t0r1vPnfMc260S2Ci+en7kfCZaLOPs5KI0sVV/6jZrY= -google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= +google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= +google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc= +google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 h1:AUe/ZF7xm6vYnigPe+TY54DmfWYJxhMRaw/TfvrbzvE= -gopkg.in/DataDog/dd-trace-go.v1 v1.56.1/go.mod h1:KDLJ3CWVOSuVVwu+0ZR5KZo2rP6c7YyBV3v387dIpUU= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -1103,21 +678,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= -howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= -inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a h1:1XCVEdxrvL6c0TGOhecLuB7U9zYNdxZEjvOqJreKZiM= -inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a/go.mod h1:e83i32mAQOW1LAqEIweALsuK2Uw4mhQadA5r7b0Wobo= -inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg= -inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU= -nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= -nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE= -software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= -storj.io/drpc v0.0.33-0.20230420154621-9716137f6037 h1:SYRl2YUthhsXNkrP30KwxkDGN9TESdNrbpr14rOxsnM= -storj.io/drpc v0.0.33-0.20230420154621-9716137f6037/go.mod h1:vR804UNzhBa49NOJ6HeLjd2H3MakC1j5Gv8bsOQT6N4= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/integration/integration_test.go b/integration/integration_test.go index 2bab8e0c..1364e966 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -23,59 +23,242 @@ import ( "github.com/coder/envbuilder" "github.com/coder/envbuilder/devcontainer/features" - "github.com/coder/envbuilder/gittest" - "github.com/coder/envbuilder/registrytest" + "github.com/coder/envbuilder/testutil/gittest" + "github.com/coder/envbuilder/testutil/mwtest" + "github.com/coder/envbuilder/testutil/registrytest" clitypes "github.com/docker/cli/cli/config/types" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/image" + "github.com/docker/docker/api/types/mount" + "github.com/docker/docker/api/types/volume" "github.com/docker/docker/client" "github.com/docker/docker/pkg/stdcopy" "github.com/go-git/go-billy/v5/memfs" - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/plumbing/object" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/registry" + "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/google/go-containerregistry/pkg/v1/remote/transport" + "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) const ( testContainerLabel = "envbox-integration-test" + testImageAlpine = "localhost:5000/envbuilder-test-alpine:latest" + testImageUbuntu = "localhost:5000/envbuilder-test-ubuntu:latest" ) +func TestInitScriptInitCommand(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + defer cancel() + + // Init script will hit the below handler to signify INIT_SCRIPT works. + initCalled := make(chan struct{}) + initSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + initCalled <- struct{}{} + w.WriteHeader(http.StatusOK) + })) + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + // Let's say /bin/sh is not available and we can only use /bin/ash + "Dockerfile": fmt.Sprintf("FROM %s\nRUN unlink /bin/sh", testImageAlpine), + }, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("INIT_SCRIPT", fmt.Sprintf(`wget -O - %q`, initSrv.URL)), + envbuilderEnv("INIT_COMMAND", "/bin/ash"), + }}) + require.NoError(t, err) + + select { + case <-initCalled: + case <-ctx.Done(): + } + require.NoError(t, ctx.Err(), "init script did not execute for prefixed env vars") + + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + fmt.Sprintf(`INIT_SCRIPT=wget -O - %q`, initSrv.URL), + `INIT_COMMAND=/bin/ash`, + }}) + require.NoError(t, err) + + select { + case <-initCalled: + case <-ctx.Done(): + } + require.NoError(t, ctx.Err(), "init script did not execute for legacy env vars") +} + +func TestUidGid(t *testing.T) { + t.Parallel() + t.Run("MultiStage", func(t *testing.T) { + t.Parallel() + + dockerFile := fmt.Sprintf(`FROM %s AS builder +RUN mkdir -p /myapp/somedir \ +&& touch /myapp/somedir/somefile \ +&& chown 123:123 /myapp/somedir \ +&& chown 321:321 /myapp/somedir/somefile + +FROM %s +COPY --from=builder /myapp /myapp +RUN printf "%%s\n" \ + "0 0 /myapp/" \ + "123 123 /myapp/somedir" \ + "321 321 /myapp/somedir/somefile" \ + > /tmp/expected \ +&& stat -c "%%u %%g %%n" \ + /myapp/ \ + /myapp/somedir \ + /myapp/somedir/somefile \ + > /tmp/got \ +&& diff -u /tmp/got /tmp/expected`, testImageAlpine, testImageAlpine) + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": dockerFile, + }, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.NoError(t, err) + }) + + t.Run("SingleStage", func(t *testing.T) { + t.Parallel() + + dockerFile := fmt.Sprintf(`FROM %s +RUN mkdir -p /myapp/somedir \ +&& touch /myapp/somedir/somefile \ +&& chown 123:123 /myapp/somedir \ +&& chown 321:321 /myapp/somedir/somefile \ +&& printf "%%s\n" \ + "0 0 /myapp/" \ + "123 123 /myapp/somedir" \ + "321 321 /myapp/somedir/somefile" \ + > /tmp/expected \ +&& stat -c "%%u %%g %%n" \ + /myapp/ \ + /myapp/somedir \ + /myapp/somedir/somefile \ + > /tmp/got \ +&& diff -u /tmp/got /tmp/expected`, testImageAlpine) + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": dockerFile, + }, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.NoError(t, err) + }) +} + +func TestForceSafe(t *testing.T) { + t.Parallel() + + t.Run("Safe", func(t *testing.T) { + t.Parallel() + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": "FROM " + testImageAlpine, + }, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + "KANIKO_DIR=/not/envbuilder", + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.ErrorContains(t, err, "delete filesystem: safety check failed") + }) + + // Careful with this one! + t.Run("Unsafe", func(t *testing.T) { + t.Parallel() + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": "FROM " + testImageAlpine, + }, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + "KANIKO_DIR=/not/envbuilder", + envbuilderEnv("FORCE_SAFE", "true"), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.NoError(t, err) + }) +} + func TestFailsGitAuth(t *testing.T) { t.Parallel() - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, username: "kyle", password: "testing", }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, + envbuilderEnv("GIT_URL", srv.URL), }}) require.ErrorContains(t, err, "authentication required") } func TestSucceedsGitAuth(t *testing.T) { t.Parallel() - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, username: "kyle", password: "testing", }) - _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "GIT_USERNAME=kyle", - "GIT_PASSWORD=testing", + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("GIT_USERNAME", "kyle"), + envbuilderEnv("GIT_PASSWORD", "testing"), + }}) + require.NoError(t, err) + gitConfig := execContainer(t, ctr, "cat /workspaces/empty/.git/config") + require.Contains(t, gitConfig, srv.URL) +} + +func TestSucceedsGitAuthInURL(t *testing.T) { + t.Parallel() + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": "FROM " + testImageAlpine, + }, + username: "kyle", + password: "testing", + }) + + u, err := url.Parse(srv.URL) + require.NoError(t, err) + u.User = url.UserPassword("kyle", "testing") + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", u.String()), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), }}) require.NoError(t, err) + gitConfig := execContainer(t, ctr, "cat /workspaces/empty/.git/config") + require.Contains(t, gitConfig, u.String()) } func TestBuildFromDevcontainerWithFeatures(t *testing.T) { @@ -123,7 +306,7 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) { require.NoError(t, err) // Ensures that a Git repository with a devcontainer.json is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": `{ "name": "Test", @@ -142,13 +325,13 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) { } } }`, - ".devcontainer/Dockerfile": "FROM ubuntu", + ".devcontainer/Dockerfile": "FROM " + testImageUbuntu, ".devcontainer/feature3/devcontainer-feature.json": string(feature3Spec), ".devcontainer/feature3/install.sh": "echo $GRAPE > /test3output", }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, + envbuilderEnv("GIT_URL", srv.URL), }}) require.NoError(t, err) @@ -164,31 +347,36 @@ func TestBuildFromDevcontainerWithFeatures(t *testing.T) { func TestBuildFromDockerfile(t *testing.T) { // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString([]byte(`{"experimental": "enabled"}`))), }}) require.NoError(t, err) output := execContainer(t, ctr, "echo hello") require.Equal(t, "hello", strings.TrimSpace(output)) + + // Verify that the Docker configuration secret file is removed + output = execContainer(t, ctr, "stat "+filepath.Join(envbuilder.MagicDir, "config.json")) + require.Contains(t, output, "No such file or directory") } func TestBuildPrintBuildOutput(t *testing.T) { // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest\nRUN echo hello", + "Dockerfile": "FROM " + testImageAlpine + "\nRUN echo hello", }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), }}) require.NoError(t, err) @@ -209,38 +397,56 @@ func TestBuildPrintBuildOutput(t *testing.T) { func TestBuildIgnoreVarRunSecrets(t *testing.T) { // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, }) dir := t.TempDir() - err := os.WriteFile(filepath.Join(dir, "secret"), []byte("test"), 0644) + secretVal := uuid.NewString() + err := os.WriteFile(filepath.Join(dir, "secret"), []byte(secretVal), 0o644) require.NoError(t, err) - ctr, err := runEnvbuilder(t, options{ - env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - }, - binds: []string{fmt.Sprintf("%s:/var/run/secrets", dir)}, + + t.Run("ReadWrite", func(t *testing.T) { + ctr, err := runEnvbuilder(t, options{ + env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }, + binds: []string{fmt.Sprintf("%s:/var/run/secrets:rw", dir)}, + }) + require.NoError(t, err) + + output := execContainer(t, ctr, "cat /var/run/secrets/secret") + require.Equal(t, secretVal, strings.TrimSpace(output)) }) - require.NoError(t, err) - output := execContainer(t, ctr, "echo hello") - require.Equal(t, "hello", strings.TrimSpace(output)) + t.Run("ReadOnly", func(t *testing.T) { + ctr, err := runEnvbuilder(t, options{ + env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }, + binds: []string{fmt.Sprintf("%s:/var/run/secrets:ro", dir)}, + }) + require.NoError(t, err) + + output := execContainer(t, ctr, "cat /var/run/secrets/secret") + require.Equal(t, secretVal, strings.TrimSpace(output)) + }) } func TestBuildWithSetupScript(t *testing.T) { // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "SETUP_SCRIPT=echo \"INIT_ARGS=-c 'echo hi > /wow && sleep infinity'\" >> $ENVBUILDER_ENV", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("SETUP_SCRIPT", "echo \"INIT_ARGS=-c 'echo hi > /wow && sleep infinity'\" >> $ENVBUILDER_ENV"), }}) require.NoError(t, err) @@ -252,7 +458,7 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) { t.Parallel() // Ensures that a Git repository with a devcontainer.json is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/custom/devcontainer.json": `{ "name": "Test", @@ -260,12 +466,60 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) { "dockerfile": "Dockerfile" }, }`, - ".devcontainer/custom/Dockerfile": "FROM ubuntu", + ".devcontainer/custom/Dockerfile": "FROM " + testImageUbuntu, }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DEVCONTAINER_DIR=.devcontainer/custom", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DEVCONTAINER_DIR", ".devcontainer/custom"), + }}) + require.NoError(t, err) + + output := execContainer(t, ctr, "echo hello") + require.Equal(t, "hello", strings.TrimSpace(output)) +} + +func TestBuildFromDevcontainerInSubfolder(t *testing.T) { + t.Parallel() + + // Ensures that a Git repository with a devcontainer.json is cloned and built. + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/subfolder/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + ".devcontainer/subfolder/Dockerfile": "FROM " + testImageUbuntu, + }, + }) + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + }}) + require.NoError(t, err) + + output := execContainer(t, ctr, "echo hello") + require.Equal(t, "hello", strings.TrimSpace(output)) +} + +func TestBuildFromDevcontainerInRoot(t *testing.T) { + t.Parallel() + + // Ensures that a Git repository with a devcontainer.json is cloned and built. + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + "Dockerfile": "FROM " + testImageUbuntu, + }, + }) + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), }}) require.NoError(t, err) @@ -274,18 +528,19 @@ func TestBuildFromDevcontainerInCustomPath(t *testing.T) { } func TestBuildCustomCertificates(t *testing.T) { - srv := httptest.NewTLSServer(createGitHandler(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, - })) + tls: true, + }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + srv.URL, - "DOCKERFILE_PATH=Dockerfile", - "SSL_CERT_BASE64=" + base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("SSL_CERT_BASE64", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{ Type: "CERTIFICATE", Bytes: srv.TLS.Certificates[0].Certificate[0], - })), + }))), }}) require.NoError(t, err) @@ -295,15 +550,15 @@ func TestBuildCustomCertificates(t *testing.T) { func TestBuildStopStartCached(t *testing.T) { // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": "FROM alpine:latest", + "Dockerfile": "FROM " + testImageAlpine, }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "SKIP_REBUILD=true", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("SKIP_REBUILD", "true"), }}) require.NoError(t, err) @@ -315,7 +570,7 @@ func TestBuildStopStartCached(t *testing.T) { err = cli.ContainerStop(ctx, ctr, container.StopOptions{}) require.NoError(t, err) - err = cli.ContainerStart(ctx, ctr, types.ContainerStartOptions{}) + err = cli.ContainerStart(ctx, ctr, container.StartOptions{}) require.NoError(t, err) logChan, _ := streamContainerLogs(t, cli, ctr) @@ -332,7 +587,7 @@ func TestCloneFailsFallback(t *testing.T) { t.Run("BadRepo", func(t *testing.T) { t.Parallel() _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=bad-value", + envbuilderEnv("GIT_URL", "bad-value"), }}) require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error()) }) @@ -343,14 +598,14 @@ func TestBuildFailsFallback(t *testing.T) { t.Run("BadDockerfile", func(t *testing.T) { t.Parallel() // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ "Dockerfile": "bad syntax", }, }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), }}) require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error()) require.ErrorContains(t, err, "dockerfile parse error") @@ -358,41 +613,41 @@ func TestBuildFailsFallback(t *testing.T) { t.Run("FailsBuild", func(t *testing.T) { t.Parallel() // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ - "Dockerfile": `FROM alpine + "Dockerfile": `FROM ` + testImageAlpine + ` RUN exit 1`, }, }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), }}) require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error()) }) t.Run("BadDevcontainer", func(t *testing.T) { t.Parallel() // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": "not json", }, }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, + envbuilderEnv("GIT_URL", srv.URL), }}) require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error()) }) t.Run("NoImageOrDockerfile", func(t *testing.T) { t.Parallel() - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": "{}", }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "FALLBACK_IMAGE=alpine:latest", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("FALLBACK_IMAGE", testImageAlpine), }}) require.NoError(t, err) @@ -403,17 +658,17 @@ RUN exit 1`, func TestExitBuildOnFailure(t *testing.T) { t.Parallel() - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ "Dockerfile": "bad syntax", }, }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "FALLBACK_IMAGE=alpine", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("FALLBACK_IMAGE", testImageAlpine), // Ensures that the fallback doesn't work when an image is specified. - "EXIT_ON_BUILD_FAILURE=true", + envbuilderEnv("EXIT_ON_BUILD_FAILURE", "true"), }}) require.ErrorContains(t, err, "parsing dockerfile") } @@ -422,7 +677,7 @@ func TestContainerEnv(t *testing.T) { t.Parallel() // Ensures that a Git repository with a devcontainer.json is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": `{ "name": "Test", @@ -439,29 +694,72 @@ func TestContainerEnv(t *testing.T) { "REMOTE_BAR": "${FROM_CONTAINER_ENV}" } }`, - ".devcontainer/Dockerfile": "FROM alpine:latest\nENV FROM_DOCKERFILE=foo", + ".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo", }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "EXPORT_ENV_FILE=/env", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("EXPORT_ENV_FILE", "/env"), }}) require.NoError(t, err) output := execContainer(t, ctr, "cat /env") require.Contains(t, strings.TrimSpace(output), - `FROM_CONTAINER_ENV=bar + `DEVCONTAINER=true +DEVCONTAINER_CONFIG=/workspaces/empty/.devcontainer/devcontainer.json +ENVBUILDER=true +FROM_CONTAINER_ENV=bar FROM_DOCKERFILE=foo FROM_REMOTE_ENV=baz PATH=/usr/local/bin:/bin:/go/bin:/opt REMOTE_BAR=bar`) } +func TestUnsetOptionsEnv(t *testing.T) { + t.Parallel() + + // Ensures that a Git repository with a devcontainer.json is cloned and built. + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + ".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nENV FROM_DOCKERFILE=foo", + }, + }) + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + "GIT_URL", srv.URL, + envbuilderEnv("GIT_PASSWORD", "supersecret"), + "GIT_PASSWORD", "supersecret", + envbuilderEnv("INIT_SCRIPT", "env > /root/env.txt && sleep infinity"), + "INIT_SCRIPT", "env > /root/env.txt && sleep infinity", + }}) + require.NoError(t, err) + + output := execContainer(t, ctr, "cat /root/env.txt") + var os envbuilder.Options + for _, s := range strings.Split(strings.TrimSpace(output), "\n") { + for _, o := range os.CLI() { + if strings.HasPrefix(s, o.Env) { + assert.Fail(t, "environment variable should be stripped when running init script", s) + } + optWithoutPrefix := strings.TrimPrefix(o.Env, envbuilder.WithEnvPrefix("")) + if strings.HasPrefix(s, optWithoutPrefix) { + assert.Fail(t, "environment variable should be stripped when running init script", s) + } + } + } +} + func TestLifecycleScripts(t *testing.T) { t.Parallel() // Ensures that a Git repository with a devcontainer.json is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": `{ "name": "Test", @@ -476,11 +774,11 @@ func TestLifecycleScripts(t *testing.T) { "parallel2": ["sh", "-c", "echo parallel2 > /tmp/parallel2"] } }`, - ".devcontainer/Dockerfile": "FROM alpine:latest\nUSER nobody", + ".devcontainer/Dockerfile": "FROM " + testImageAlpine + "\nUSER nobody", }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, + envbuilderEnv("GIT_URL", srv.URL), }}) require.NoError(t, err) @@ -497,7 +795,7 @@ func TestPostStartScript(t *testing.T) { t.Parallel() // Ensures that a Git repository with a devcontainer.json is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ ".devcontainer/devcontainer.json": `{ "name": "Test", @@ -512,16 +810,16 @@ func TestPostStartScript(t *testing.T) { ".devcontainer/init.sh": `#!/bin/sh /tmp/post-start.sh sleep infinity`, - ".devcontainer/Dockerfile": `FROM alpine:latest + ".devcontainer/Dockerfile": `FROM ` + testImageAlpine + ` COPY init.sh /bin RUN chmod +x /bin/init.sh USER nobody`, }, }) ctr, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "POST_START_SCRIPT_PATH=/tmp/post-start.sh", - "INIT_COMMAND=/bin/init.sh", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("POST_START_SCRIPT_PATH", "/tmp/post-start.sh"), + envbuilderEnv("INIT_COMMAND", "/bin/init.sh"), }}) require.NoError(t, err) @@ -539,32 +837,34 @@ func TestPrivateRegistry(t *testing.T) { t.Parallel() t.Run("NoAuth", func(t *testing.T) { t.Parallel() - image := setupPassthroughRegistry(t, "library/alpine", ®istryAuth{ + // Even if something goes wrong with auth, + // the pull will fail as "scratch" is a reserved name. + image := setupPassthroughRegistry(t, "scratch", &setupPassthroughRegistryOptions{ Username: "user", Password: "test", }) // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ "Dockerfile": "FROM " + image, }, }) _, err := runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), }}) require.ErrorContains(t, err, "Unauthorized") }) t.Run("Auth", func(t *testing.T) { t.Parallel() - image := setupPassthroughRegistry(t, "library/alpine", ®istryAuth{ + image := setupPassthroughRegistry(t, "envbuilder-test-alpine:latest", &setupPassthroughRegistryOptions{ Username: "user", Password: "test", }) // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ "Dockerfile": "FROM " + image, }, @@ -580,21 +880,23 @@ func TestPrivateRegistry(t *testing.T) { require.NoError(t, err) _, err = runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "DOCKER_CONFIG_BASE64=" + base64.StdEncoding.EncodeToString(config), + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)), }}) require.NoError(t, err) }) t.Run("InvalidAuth", func(t *testing.T) { t.Parallel() - image := setupPassthroughRegistry(t, "library/alpine", ®istryAuth{ + // Even if something goes wrong with auth, + // the pull will fail as "scratch" is a reserved name. + image := setupPassthroughRegistry(t, "scratch", &setupPassthroughRegistryOptions{ Username: "user", Password: "banana", }) // Ensures that a Git repository with a Dockerfile is cloned and built. - url := createGitServer(t, gitServerOptions{ + srv := createGitServer(t, gitServerOptions{ files: map[string]string{ "Dockerfile": "FROM " + image, }, @@ -610,53 +912,57 @@ func TestPrivateRegistry(t *testing.T) { require.NoError(t, err) _, err = runEnvbuilder(t, options{env: []string{ - "GIT_URL=" + url, - "DOCKERFILE_PATH=Dockerfile", - "DOCKER_CONFIG_BASE64=" + base64.StdEncoding.EncodeToString(config), + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(config)), }}) require.ErrorContains(t, err, "Unauthorized") }) } -type registryAuth struct { +type setupPassthroughRegistryOptions struct { Username string Password string + Upstream string } -func setupPassthroughRegistry(t *testing.T, image string, auth *registryAuth) string { +func setupPassthroughRegistry(t *testing.T, image string, opts *setupPassthroughRegistryOptions) string { t.Helper() - dockerURL, err := url.Parse("https://registry-1.docker.io") + if opts.Upstream == "" { + // Default to local test registry + opts.Upstream = "http://localhost:5000" + } + upstreamURL, err := url.Parse(opts.Upstream) require.NoError(t, err) - proxy := httputil.NewSingleHostReverseProxy(dockerURL) + proxy := httputil.NewSingleHostReverseProxy(upstreamURL) // The Docker registry uses short-lived JWTs to authenticate // anonymously to pull images. To test our MITM auth, we need to // generate a JWT for the proxy to use. - registry, err := name.NewRegistry("registry-1.docker.io") + registry, err := name.NewRegistry(upstreamURL.Host) require.NoError(t, err) proxy.Transport, err = transport.NewWithContext(context.Background(), registry, authn.Anonymous, http.DefaultTransport, []string{}) require.NoError(t, err) srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - r.Host = "registry-1.docker.io" - r.URL.Host = "registry-1.docker.io" - r.URL.Scheme = "https" + r.Host = upstreamURL.Host + r.URL.Host = upstreamURL.Host + r.URL.Scheme = upstreamURL.Scheme - if auth != nil { + if opts != nil { user, pass, ok := r.BasicAuth() if !ok { w.Header().Set("WWW-Authenticate", "Basic realm=\"Access to the staging site\", charset=\"UTF-8\"") w.WriteHeader(http.StatusUnauthorized) return } - if user != auth.Username || pass != auth.Password { + if user != opts.Username || pass != opts.Password { w.WriteHeader(http.StatusUnauthorized) return } } proxy.ServeHTTP(w, r) - })) return fmt.Sprintf("%s/%s", strings.TrimPrefix(srv.URL, "http://"), image) } @@ -666,8 +972,562 @@ func TestNoMethodFails(t *testing.T) { require.ErrorContains(t, err, envbuilder.ErrNoFallbackImage.Error()) } +func TestDockerfileBuildContext(t *testing.T) { + t.Parallel() + + inclFile := "myfile" + dockerfile := fmt.Sprintf(`FROM %s +COPY %s .`, testImageAlpine, inclFile) + + tests := []struct { + name string + files map[string]string + dockerfilePath string + buildContextPath string + expectedErr string + }{ + { + // Dockerfile & build context are in the same dir, copying inclFile should work. + name: "same build context (default)", + files: map[string]string{ + "Dockerfile": dockerfile, + inclFile: "...", + }, + dockerfilePath: "Dockerfile", + buildContextPath: "", // use default + expectedErr: "", // expect no errors + }, + { + // Dockerfile & build context are not in the same dir, build context is still the default; this should fail + // to copy inclFile since it is not in the same dir as the Dockerfile. + name: "different build context (default)", + files: map[string]string{ + "a/Dockerfile": dockerfile, + "a/" + inclFile: "...", + }, + dockerfilePath: "a/Dockerfile", + buildContextPath: "", // use default + expectedErr: inclFile + ": no such file or directory", + }, + { + // Dockerfile & build context are not in the same dir, but inclFile is in the default build context dir; + // this should allow inclFile to be copied. This is probably not desirable though? + name: "different build context (default, different content roots)", + files: map[string]string{ + "a/Dockerfile": dockerfile, + inclFile: "...", + }, + dockerfilePath: "a/Dockerfile", + buildContextPath: "", // use default + expectedErr: "", + }, + { + // Dockerfile is not in the default build context dir, but the build context has been overridden; this should + // allow inclFile to be copied. + name: "different build context (custom)", + files: map[string]string{ + "a/Dockerfile": dockerfile, + "a/" + inclFile: "...", + }, + dockerfilePath: "a/Dockerfile", + buildContextPath: "a/", + expectedErr: "", + }, + } + + for _, tc := range tests { + tc := tc + + t.Run(tc.name, func(t *testing.T) { + srv := createGitServer(t, gitServerOptions{ + files: tc.files, + }) + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("DOCKERFILE_PATH", tc.dockerfilePath), + envbuilderEnv("BUILD_CONTEXT_PATH", tc.buildContextPath), + }}) + + if tc.expectedErr == "" { + require.NoError(t, err) + } else { + require.ErrorContains(t, err, tc.expectedErr) + } + }) + } +} + +func TestPushImage(t *testing.T) { + t.Parallel() + + t.Run("CacheWithoutPush", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // Given: an empty registry + testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{}) + testRepo := testReg + "/test" + ref, err := name.ParseReference(testRepo + ":latest") + require.NoError(t, err) + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with GET_CACHED_IMAGE + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.ErrorContains(t, err, "error probing build cache: uncached command") + // Then: it should fail to build the image and nothing should be pushed + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with PUSH_IMAGE set + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + }}) + require.NoError(t, err) + + // Then: the image tag should not be present, only the layers + _, err = remote.Image(ref) + require.ErrorContains(t, err, "MANIFEST_UNKNOWN", "expected image to not be present before build + push") + + // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.NoError(t, err) + }) + + t.Run("CacheAndPush", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // Given: an empty registry + testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{}) + testRepo := testReg + "/test" + ref, err := name.ParseReference(testRepo + ":latest") + require.NoError(t, err) + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with GET_CACHED_IMAGE + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.ErrorContains(t, err, "error probing build cache: uncached command") + // Then: it should fail to build the image and nothing should be pushed + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with PUSH_IMAGE set + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("PUSH_IMAGE", "1"), + }}) + require.NoError(t, err) + + // Then: the image should be pushed + img, err := remote.Image(ref) + require.NoError(t, err, "expected image to be present after build + push") + + // Then: the image should have its directives replaced with those required + // to run envbuilder automatically + configFile, err := img.ConfigFile() + require.NoError(t, err, "expected image to return a config file") + + assert.Equal(t, "root", configFile.Config.User, "user must be root") + assert.Equal(t, "/", configFile.Config.WorkingDir, "workdir must be /") + if assert.Len(t, configFile.Config.Entrypoint, 1) { + assert.Equal(t, "/.envbuilder/bin/envbuilder", configFile.Config.Entrypoint[0], "incorrect entrypoint") + } + + // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed + ctrID, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.NoError(t, err) + + // Then: the cached image ref should be emitted in the container logs + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + require.NoError(t, err) + defer cli.Close() + logs, err := cli.ContainerLogs(ctx, ctrID, container.LogsOptions{ + ShowStdout: true, + ShowStderr: true, + }) + require.NoError(t, err) + defer logs.Close() + logBytes, err := io.ReadAll(logs) + require.NoError(t, err) + require.Regexp(t, `ENVBUILDER_CACHED_IMAGE=(\S+)`, string(logBytes)) + + // When: we pull the image we just built + rc, err := cli.ImagePull(ctx, ref.String(), image.PullOptions{}) + require.NoError(t, err) + t.Cleanup(func() { _ = rc.Close() }) + _, err = io.ReadAll(rc) + require.NoError(t, err) + + // When: we run the image we just built + ctr, err := cli.ContainerCreate(ctx, &container.Config{ + Image: ref.String(), + Entrypoint: []string{"sleep", "infinity"}, + Labels: map[string]string{ + testContainerLabel: "true", + }, + }, nil, nil, nil, "") + require.NoError(t, err) + t.Cleanup(func() { + _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{ + RemoveVolumes: true, + Force: true, + }) + }) + err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{}) + require.NoError(t, err) + + // Then: the envbuilder binary exists in the image! + out := execContainer(t, ctr.ID, "/.envbuilder/bin/envbuilder --help") + require.Regexp(t, `(?s)^USAGE:\s+envbuilder`, strings.TrimSpace(out)) + out = execContainer(t, ctr.ID, "cat /root/date.txt") + require.NotEmpty(t, strings.TrimSpace(out)) + }) + + t.Run("CacheAndPushAuth", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // Given: an empty registry + opts := setupInMemoryRegistryOpts{ + Username: "testing", + Password: "testing", + } + remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password}) + testReg := setupInMemoryRegistry(t, opts) + testRepo := testReg + "/test" + regAuthJSON, err := json.Marshal(envbuilder.DockerConfig{ + AuthConfigs: map[string]clitypes.AuthConfig{ + testRepo: { + Username: opts.Username, + Password: opts.Password, + }, + }, + }) + require.NoError(t, err) + ref, err := name.ParseReference(testRepo + ":latest") + require.NoError(t, err) + _, err = remote.Image(ref, remoteAuthOpt) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with GET_CACHED_IMAGE + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.ErrorContains(t, err, "error probing build cache: uncached command") + // Then: it should fail to build the image and nothing should be pushed + _, err = remote.Image(ref, remoteAuthOpt) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with PUSH_IMAGE set + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("PUSH_IMAGE", "1"), + envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)), + }}) + require.NoError(t, err) + + // Then: the image should be pushed + _, err = remote.Image(ref, remoteAuthOpt) + require.NoError(t, err, "expected image to be present after build + push") + + // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + envbuilderEnv("DOCKER_CONFIG_BASE64", base64.StdEncoding.EncodeToString(regAuthJSON)), + }}) + require.NoError(t, err) + }) + + t.Run("CacheAndPushAuthFail", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // Given: an empty registry + opts := setupInMemoryRegistryOpts{ + Username: "testing", + Password: "testing", + } + remoteAuthOpt := remote.WithAuth(&authn.Basic{Username: opts.Username, Password: opts.Password}) + testReg := setupInMemoryRegistry(t, opts) + testRepo := testReg + "/test" + ref, err := name.ParseReference(testRepo + ":latest") + require.NoError(t, err) + _, err = remote.Image(ref, remoteAuthOpt) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with GET_CACHED_IMAGE + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + }}) + require.ErrorContains(t, err, "error probing build cache: uncached command") + // Then: it should fail to build the image and nothing should be pushed + _, err = remote.Image(ref, remoteAuthOpt) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with PUSH_IMAGE set + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("PUSH_IMAGE", "1"), + }}) + // Then: it should fail with an Unauthorized error + require.ErrorContains(t, err, "401 Unauthorized", "expected unauthorized error using no auth when cache repo requires it") + + // Then: the image should not be pushed + _, err = remote.Image(ref, remoteAuthOpt) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + }) + + t.Run("CacheAndPushMultistage", func(t *testing.T) { + // Currently fails with: + // /home/coder/src/coder/envbuilder/integration/integration_test.go:1417: "error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory" + // /home/coder/src/coder/envbuilder/integration/integration_test.go:1156: + // Error Trace: /home/coder/src/coder/envbuilder/integration/integration_test.go:1156 + // Error: Received unexpected error: + // error: unable to get cached image: error fake building stage: failed to optimize instructions: failed to get files used from context: failed to get fileinfo for /.envbuilder/0/root/date.txt: lstat /.envbuilder/0/root/date.txt: no such file or directory + // Test: TestPushImage/CacheAndPushMultistage + t.Skip("TODO: https://github.com/coder/envbuilder/issues/230") + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + "Dockerfile": fmt.Sprintf(`FROM %s AS a +RUN date --utc > /root/date.txt +FROM %s as b +COPY --from=a /root/date.txt /date.txt`, testImageAlpine, testImageAlpine), + }, + }) + + // Given: an empty registry + testReg := setupInMemoryRegistry(t, setupInMemoryRegistryOpts{}) + testRepo := testReg + "/test" + ref, err := name.ParseReference(testRepo + ":latest") + require.NoError(t, err) + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with GET_CACHED_IMAGE + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.ErrorContains(t, err, "error probing build cache: uncached command") + // Then: it should fail to build the image and nothing should be pushed + _, err = remote.Image(ref) + require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push") + + // When: we run envbuilder with PUSH_IMAGE set + ctrID, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("PUSH_IMAGE", "1"), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.NoError(t, err) + // Then: The file copied from stage a should be present + out := execContainer(t, ctrID, "cat /date.txt") + require.NotEmpty(t, out) + + // Then: the image should be pushed + _, err = remote.Image(ref) + require.NoError(t, err, "expected image to be present after build + push") + + // Then: re-running envbuilder with GET_CACHED_IMAGE should succeed + _, err = runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", testRepo), + envbuilderEnv("GET_CACHED_IMAGE", "1"), + envbuilderEnv("DOCKERFILE_PATH", "Dockerfile"), + }}) + require.NoError(t, err) + }) + + t.Run("PushImageRequiresCache", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // When: we run envbuilder with PUSH_IMAGE set but no cache repo set + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("PUSH_IMAGE", "1"), + }}) + + // Then: Envbuilder should fail explicitly, as it does not make sense to + // specify PUSH_IMAGE + require.ErrorContains(t, err, "--cache-repo must be set when using --push-image") + }) + + t.Run("PushErr", func(t *testing.T) { + t.Parallel() + + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/Dockerfile": fmt.Sprintf("FROM %s\nRUN date --utc > /root/date.txt", testImageAlpine), + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + }, + }) + + // Given: registry is not set up (in this case, not a registry) + notRegSrv := httptest.NewServer(http.NotFoundHandler()) + notRegURL := strings.TrimPrefix(notRegSrv.URL, "http://") + "/test" + + // When: we run envbuilder with PUSH_IMAGE set + _, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + envbuilderEnv("CACHE_REPO", notRegURL), + envbuilderEnv("PUSH_IMAGE", "1"), + }}) + + // Then: envbuilder should fail with a descriptive error + require.ErrorContains(t, err, "failed to push to destination") + }) +} + +func TestChownHomedir(t *testing.T) { + t.Parallel() + + // Ensures that a Git repository with a devcontainer.json is cloned and built. + srv := createGitServer(t, gitServerOptions{ + files: map[string]string{ + ".devcontainer/devcontainer.json": `{ + "name": "Test", + "build": { + "dockerfile": "Dockerfile" + }, + }`, + ".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s +RUN useradd test \ + --create-home \ + --shell=/bin/bash \ + --uid=1001 \ + --user-group +USER test +`, testImageUbuntu), // Note: this isn't reproducible with Alpine for some reason. + }, + }) + + // Run envbuilder with a Docker volume mounted to homedir + volName := fmt.Sprintf("%s%d-home", t.Name(), time.Now().Unix()) + ctr, err := runEnvbuilder(t, options{env: []string{ + envbuilderEnv("GIT_URL", srv.URL), + }, volumes: map[string]string{volName: "/home/test"}}) + require.NoError(t, err) + + output := execContainer(t, ctr, "stat -c %u:%g /home/test/") + require.Equal(t, "1001:1001", strings.TrimSpace(output)) +} + +type setupInMemoryRegistryOpts struct { + Username string + Password string +} + +func setupInMemoryRegistry(t *testing.T, opts setupInMemoryRegistryOpts) string { + t.Helper() + tempDir := t.TempDir() + regHandler := registry.New(registry.WithBlobHandler(registry.NewDiskBlobHandler(tempDir))) + authHandler := mwtest.BasicAuthMW(opts.Username, opts.Password)(regHandler) + regSrv := httptest.NewServer(authHandler) + t.Cleanup(func() { regSrv.Close() }) + regSrvURL, err := url.Parse(regSrv.URL) + require.NoError(t, err) + return fmt.Sprintf("localhost:%s", regSrvURL.Port()) +} + // TestMain runs before all tests to build the envbuilder image. func TestMain(m *testing.M) { + checkTestRegistry() cleanOldEnvbuilders() ctx := context.Background() // Run the build script to create the envbuilder image. @@ -695,47 +1555,43 @@ type gitServerOptions struct { files map[string]string username string password string + authMW func(http.Handler) http.Handler + tls bool } // createGitServer creates a git repository with an in-memory filesystem // and serves it over HTTP using a httptest.Server. -func createGitServer(t *testing.T, opts gitServerOptions) string { +func createGitServer(t *testing.T, opts gitServerOptions) *httptest.Server { t.Helper() - srv := httptest.NewServer(createGitHandler(t, opts)) - return srv.URL + if opts.authMW == nil { + opts.authMW = mwtest.BasicAuthMW(opts.username, opts.password) + } + commits := make([]gittest.CommitFunc, 0) + for path, content := range opts.files { + commits = append(commits, gittest.Commit(t, path, content, "my test commit")) + } + fs := memfs.New() + _ = gittest.NewRepo(t, fs, commits...) + if opts.tls { + return httptest.NewTLSServer(opts.authMW(gittest.NewServer(fs))) + } + return httptest.NewServer(opts.authMW(gittest.NewServer(fs))) } -func createGitHandler(t *testing.T, opts gitServerOptions) http.Handler { - t.Helper() - fs := memfs.New() - repo := gittest.NewRepo(t, fs) - w, err := repo.Worktree() - require.NoError(t, err) - for key, value := range opts.files { - gittest.WriteFile(t, fs, key, value) - _, err = w.Add(key) - require.NoError(t, err) +func checkTestRegistry() { + resp, err := http.Get("http://localhost:5000/v2/_catalog") + if err != nil { + _, _ = fmt.Printf("Check test registry: %s\n", err.Error()) + _, _ = fmt.Printf("Hint: Did you run `make test-registry`?\n") + os.Exit(1) + } + defer resp.Body.Close() + v := make(map[string][]string) + if err := json.NewDecoder(resp.Body).Decode(&v); err != nil { + _, _ = fmt.Printf("Read test registry catalog: %s\n", err.Error()) + _, _ = fmt.Printf("Hint: Did you run `make test-registry`?\n") + os.Exit(1) } - commit, err := w.Commit("my test commit", &git.CommitOptions{ - Author: &object.Signature{ - Name: "Example", - Email: "in@tests.com", - When: time.Now(), - }, - }) - require.NoError(t, err) - _, err = repo.CommitObject(commit) - require.NoError(t, err) - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if opts.username != "" || opts.password != "" { - username, password, ok := r.BasicAuth() - if !ok || username != opts.username || password != opts.password { - w.WriteHeader(http.StatusUnauthorized) - return - } - } - gittest.NewServer(fs).ServeHTTP(w, r) - }) } // cleanOldEnvbuilders removes any old envbuilder containers. @@ -746,7 +1602,7 @@ func cleanOldEnvbuilders() { panic(err) } defer cli.Close() - ctrs, err := cli.ContainerList(ctx, types.ContainerListOptions{ + ctrs, err := cli.ContainerList(ctx, container.ListOptions{ Filters: filters.NewArgs(filters.KeyValuePair{ Key: "label", Value: testContainerLabel, @@ -756,15 +1612,16 @@ func cleanOldEnvbuilders() { panic(err) } for _, ctr := range ctrs { - cli.ContainerRemove(ctx, ctr.ID, types.ContainerRemoveOptions{ + cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{ Force: true, }) } } type options struct { - binds []string - env []string + binds []string + env []string + volumes map[string]string } // runEnvbuilder starts the envbuilder container with the given environment @@ -777,6 +1634,21 @@ func runEnvbuilder(t *testing.T, options options) (string, error) { t.Cleanup(func() { cli.Close() }) + mounts := make([]mount.Mount, 0) + for volName, volPath := range options.volumes { + mounts = append(mounts, mount.Mount{ + Type: mount.TypeVolume, + Source: volName, + Target: volPath, + }) + _, err = cli.VolumeCreate(ctx, volume.CreateOptions{ + Name: volName, + }) + require.NoError(t, err) + t.Cleanup(func() { + _ = cli.VolumeRemove(ctx, volName, true) + }) + } ctr, err := cli.ContainerCreate(ctx, &container.Config{ Image: "envbuilder:latest", Env: options.env, @@ -786,15 +1658,16 @@ func runEnvbuilder(t *testing.T, options options) (string, error) { }, &container.HostConfig{ NetworkMode: container.NetworkMode("host"), Binds: options.binds, + Mounts: mounts, }, nil, nil, "") require.NoError(t, err) t.Cleanup(func() { - cli.ContainerRemove(ctx, ctr.ID, types.ContainerRemoveOptions{ + _ = cli.ContainerRemove(ctx, ctr.ID, container.RemoveOptions{ RemoveVolumes: true, Force: true, }) }) - err = cli.ContainerStart(ctx, ctr.ID, types.ContainerStartOptions{}) + err = cli.ContainerStart(ctx, ctr.ID, container.StartOptions{}) require.NoError(t, err) logChan, errChan := streamContainerLogs(t, cli, ctr.ID) @@ -835,9 +1708,9 @@ func execContainer(t *testing.T, containerID, command string) string { func streamContainerLogs(t *testing.T, cli *client.Client, containerID string) (chan string, chan error) { ctx := context.Background() - err := cli.ContainerStart(ctx, containerID, types.ContainerStartOptions{}) + err := cli.ContainerStart(ctx, containerID, container.StartOptions{}) require.NoError(t, err) - rawLogs, err := cli.ContainerLogs(ctx, containerID, types.ContainerLogsOptions{ + rawLogs, err := cli.ContainerLogs(ctx, containerID, container.LogsOptions{ ShowStdout: true, ShowStderr: true, Follow: true, @@ -871,3 +1744,7 @@ func streamContainerLogs(t *testing.T, cli *client.Client, containerID string) ( return logChan, errChan } + +func envbuilderEnv(env string, value string) string { + return fmt.Sprintf("%s=%s", envbuilder.WithEnvPrefix(env), value) +} diff --git a/internal/ebutil/mock_mounter_test.go b/internal/ebutil/mock_mounter_test.go new file mode 100644 index 00000000..7445376a --- /dev/null +++ b/internal/ebutil/mock_mounter_test.go @@ -0,0 +1,130 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: remount.go +// +// Generated by this command: +// +// mockgen -source=remount.go -package=ebutil -destination=mock_mounter_test.go -write_generate_directive +// + +// Package ebutil is a generated GoMock package. +package ebutil + +import ( + os "os" + reflect "reflect" + + procfs "github.com/prometheus/procfs" + gomock "go.uber.org/mock/gomock" +) + +//go:generate mockgen -source=remount.go -package=ebutil -destination=mock_mounter_test.go -write_generate_directive + +// Mockmounter is a mock of mounter interface. +type Mockmounter struct { + ctrl *gomock.Controller + recorder *MockmounterMockRecorder +} + +// MockmounterMockRecorder is the mock recorder for Mockmounter. +type MockmounterMockRecorder struct { + mock *Mockmounter +} + +// NewMockmounter creates a new mock instance. +func NewMockmounter(ctrl *gomock.Controller) *Mockmounter { + mock := &Mockmounter{ctrl: ctrl} + mock.recorder = &MockmounterMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *Mockmounter) EXPECT() *MockmounterMockRecorder { + return m.recorder +} + +// GetMounts mocks base method. +func (m *Mockmounter) GetMounts() ([]*procfs.MountInfo, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetMounts") + ret0, _ := ret[0].([]*procfs.MountInfo) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetMounts indicates an expected call of GetMounts. +func (mr *MockmounterMockRecorder) GetMounts() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMounts", reflect.TypeOf((*Mockmounter)(nil).GetMounts)) +} + +// MkdirAll mocks base method. +func (m *Mockmounter) MkdirAll(arg0 string, arg1 os.FileMode) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "MkdirAll", arg0, arg1) + ret0, _ := ret[0].(error) + return ret0 +} + +// MkdirAll indicates an expected call of MkdirAll. +func (mr *MockmounterMockRecorder) MkdirAll(arg0, arg1 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MkdirAll", reflect.TypeOf((*Mockmounter)(nil).MkdirAll), arg0, arg1) +} + +// Mount mocks base method. +func (m *Mockmounter) Mount(arg0, arg1, arg2 string, arg3 uintptr, arg4 string) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Mount", arg0, arg1, arg2, arg3, arg4) + ret0, _ := ret[0].(error) + return ret0 +} + +// Mount indicates an expected call of Mount. +func (mr *MockmounterMockRecorder) Mount(arg0, arg1, arg2, arg3, arg4 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Mount", reflect.TypeOf((*Mockmounter)(nil).Mount), arg0, arg1, arg2, arg3, arg4) +} + +// OpenFile mocks base method. +func (m *Mockmounter) OpenFile(arg0 string, arg1 int, arg2 os.FileMode) (*os.File, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "OpenFile", arg0, arg1, arg2) + ret0, _ := ret[0].(*os.File) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// OpenFile indicates an expected call of OpenFile. +func (mr *MockmounterMockRecorder) OpenFile(arg0, arg1, arg2 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OpenFile", reflect.TypeOf((*Mockmounter)(nil).OpenFile), arg0, arg1, arg2) +} + +// Stat mocks base method. +func (m *Mockmounter) Stat(arg0 string) (os.FileInfo, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Stat", arg0) + ret0, _ := ret[0].(os.FileInfo) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Stat indicates an expected call of Stat. +func (mr *MockmounterMockRecorder) Stat(arg0 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Stat", reflect.TypeOf((*Mockmounter)(nil).Stat), arg0) +} + +// Unmount mocks base method. +func (m *Mockmounter) Unmount(arg0 string, arg1 int) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Unmount", arg0, arg1) + ret0, _ := ret[0].(error) + return ret0 +} + +// Unmount indicates an expected call of Unmount. +func (mr *MockmounterMockRecorder) Unmount(arg0, arg1 any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Unmount", reflect.TypeOf((*Mockmounter)(nil).Unmount), arg0, arg1) +} diff --git a/internal/ebutil/remount.go b/internal/ebutil/remount.go new file mode 100644 index 00000000..f4a2b416 --- /dev/null +++ b/internal/ebutil/remount.go @@ -0,0 +1,163 @@ +package ebutil + +import ( + "fmt" + "os" + "path/filepath" + "strings" + "sync" + "syscall" + + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/hashicorp/go-multierror" + "github.com/prometheus/procfs" +) + +// TempRemount iterates through all read-only mounted filesystems, bind-mounts them at dest, +// and unmounts them from their original source. All mount points underneath ignorePrefixes +// will not be touched. +// +// Some container runtimes such as sysbox-runc will mount in `/lib/modules` read-only. +// See https://github.com/nestybox/sysbox/issues/564 +// This trips us up because: +// 1. We call a Kaniko library function `util.DeleteFilesystem` that does exactly what it says +// on the tin. If this hits a read-only volume mounted in, unhappiness is the result. +// 2. After deleting the filesystem and building the image, we extract it to the filesystem. +// If some paths mounted in via volume are present at that time, unhappiness is also likely +// to result -- especially in case of read-only mounts. +// +// To work around this we move the mounts out of the way temporarily by bind-mounting them +// while we do our thing, and move them back when we're done. +// +// It is the responsibility of the caller to call the returned function +// to restore the original mount points. If an error is encountered while attempting to perform +// the operation, calling the returned function will make a best-effort attempt to restore +// the original state. +func TempRemount(logf func(notcodersdk.LogLevel, string, ...any), dest string, ignorePrefixes ...string) (restore func() error, err error, +) { + return tempRemount(&realMounter{}, logf, dest, ignorePrefixes...) +} + +func tempRemount(m mounter, logf func(notcodersdk.LogLevel, string, ...any), base string, ignorePrefixes ...string) (restore func() error, err error) { + mountInfos, err := m.GetMounts() + if err != nil { + return func() error { return nil }, fmt.Errorf("get mounts: %w", err) + } + + // temp move of all ro mounts + mounts := map[string]string{} + var restoreOnce sync.Once + var merr error + // closer to attempt to restore original mount points + restore = func() error { + restoreOnce.Do(func() { + for orig, moved := range mounts { + if err := remount(m, moved, orig); err != nil { + merr = multierror.Append(merr, fmt.Errorf("restore mount: %w", err)) + } + } + }) + return merr + } + +outer: + for _, mountInfo := range mountInfos { + // TODO: do this for all mounts + if _, ok := mountInfo.Options["ro"]; !ok { + logf(notcodersdk.LogLevelTrace, "skip rw mount %s", mountInfo.MountPoint) + continue + } + + for _, prefix := range ignorePrefixes { + if strings.HasPrefix(mountInfo.MountPoint, prefix) { + logf(notcodersdk.LogLevelTrace, "skip mount %s under ignored prefix %s", mountInfo.MountPoint, prefix) + continue outer + } + } + + src := mountInfo.MountPoint + dest := filepath.Join(base, src) + if err := remount(m, src, dest); err != nil { + return restore, fmt.Errorf("temp remount: %w", err) + } + + mounts[src] = dest + } + + return restore, nil +} + +func remount(m mounter, src, dest string) error { + stat, err := m.Stat(src) + if err != nil { + return fmt.Errorf("stat %s: %w", src, err) + } + var destDir string + if stat.IsDir() { + destDir = dest + } else { + destDir = filepath.Dir(dest) + } + if err := m.MkdirAll(destDir, 0o750); err != nil { + return fmt.Errorf("ensure path: %w", err) + } + if !stat.IsDir() { + f, err := m.OpenFile(dest, os.O_CREATE, 0o640) + if err != nil { + return fmt.Errorf("ensure file path: %w", err) + } + defer f.Close() + } + if err := m.Mount(src, dest, "bind", syscall.MS_BIND, ""); err != nil { + return fmt.Errorf("bind mount %s => %s: %w", src, dest, err) + } + if err := m.Unmount(src, 0); err != nil { + return fmt.Errorf("unmount orig src %s: %w", src, err) + } + return nil +} + +// mounter is an interface to system-level calls used by TempRemount. +type mounter interface { + // GetMounts wraps procfs.GetMounts + GetMounts() ([]*procfs.MountInfo, error) + // Stat wraps os.Stat + Stat(string) (os.FileInfo, error) + // MkdirAll wraps os.MkdirAll + MkdirAll(string, os.FileMode) error + // OpenFile wraps os.OpenFile + OpenFile(string, int, os.FileMode) (*os.File, error) + // Mount wraps syscall.Mount + Mount(string, string, string, uintptr, string) error + // Unmount wraps syscall.Unmount + Unmount(string, int) error +} + +// realMounter implements mounter and actually does the thing. +type realMounter struct{} + +var _ mounter = &realMounter{} + +func (m *realMounter) Mount(src string, dest string, fstype string, flags uintptr, data string) error { + return syscall.Mount(src, dest, fstype, flags, data) +} + +func (m *realMounter) Unmount(tgt string, flags int) error { + return syscall.Unmount(tgt, flags) +} + +func (m *realMounter) GetMounts() ([]*procfs.MountInfo, error) { + return procfs.GetMounts() +} + +func (m *realMounter) MkdirAll(path string, perm os.FileMode) error { + return os.MkdirAll(path, perm) +} + +func (m *realMounter) OpenFile(name string, flag int, perm os.FileMode) (*os.File, error) { + return os.OpenFile(name, flag, perm) +} + +func (m *realMounter) Stat(path string) (os.FileInfo, error) { + return os.Stat(path) +} diff --git a/internal/ebutil/remount_internal_test.go b/internal/ebutil/remount_internal_test.go new file mode 100644 index 00000000..41036177 --- /dev/null +++ b/internal/ebutil/remount_internal_test.go @@ -0,0 +1,254 @@ +package ebutil + +import ( + "os" + "strings" + "syscall" + "testing" + time "time" + + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "go.uber.org/mock/gomock" + + "github.com/prometheus/procfs" +) + +func Test_tempRemount(t *testing.T) { + t.Parallel() + + t.Run("OK", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil) + mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(nil) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.NoError(t, err) + err = remount() + require.NoError(t, err) + // sync.Once should handle multiple remount calls + _ = remount() + }) + + t.Run("OKFile", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/usr/bin/utility:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil) + mm.EXPECT().MkdirAll("/.test/usr/bin", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().OpenFile("/.test/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil) + mm.EXPECT().Mount("/usr/bin/utility", "/.test/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/usr/bin/utility", 0).Times(1).Return(nil) + mm.EXPECT().Stat("/.test/usr/bin/utility").Return(&fakeFileInfo{isDir: false}, nil) + mm.EXPECT().MkdirAll("/usr/bin", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().OpenFile("/usr/bin/utility", os.O_CREATE, os.FileMode(0o640)).Times(1).Return(new(os.File), nil) + mm.EXPECT().Mount("/.test/usr/bin/utility", "/usr/bin/utility", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/.test/usr/bin/utility", 0).Times(1).Return(nil) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.NoError(t, err) + err = remount() + require.NoError(t, err) + // sync.Once should handle multiple remount calls + _ = remount() + }) + + t.Run("IgnorePrefixes", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + + remount, err := tempRemount(mm, fakeLog(t), "/.test", "/var/lib") + require.NoError(t, err) + err = remount() + require.NoError(t, err) + }) + + t.Run("ErrGetMounts", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mm.EXPECT().GetMounts().Return(nil, assert.AnError) + remount, err := tempRemount(mm, fakeLog(t), "/.test", "/var/lib") + require.ErrorContains(t, err, assert.AnError.Error()) + err = remount() + require.NoError(t, err) + }) + + t.Run("ErrMkdirAll", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.ErrorContains(t, err, assert.AnError.Error()) + err = remount() + require.NoError(t, err) + }) + + t.Run("ErrMountBind", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.ErrorContains(t, err, assert.AnError.Error()) + err = remount() + require.NoError(t, err) + }) + + t.Run("ErrUnmount", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.ErrorContains(t, err, assert.AnError.Error()) + err = remount() + require.NoError(t, err) + }) + + t.Run("ErrRemountMkdirAll", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil) + mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.NoError(t, err) + err = remount() + require.ErrorContains(t, err, assert.AnError.Error()) + }) + + t.Run("ErrRemountMountBind", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil) + mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.NoError(t, err) + err = remount() + require.ErrorContains(t, err, assert.AnError.Error()) + }) + + t.Run("ErrRemountUnmount", func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + mm := NewMockmounter(ctrl) + mounts := fakeMounts("/home", "/var/lib/modules:ro", "/proc", "/sys") + + mm.EXPECT().GetMounts().Return(mounts, nil) + mm.EXPECT().Stat("/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/.test/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/var/lib/modules", "/.test/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/var/lib/modules", 0).Times(1).Return(nil) + mm.EXPECT().Stat("/.test/var/lib/modules").Return(&fakeFileInfo{isDir: true}, nil) + mm.EXPECT().MkdirAll("/var/lib/modules", os.FileMode(0o750)).Times(1).Return(nil) + mm.EXPECT().Mount("/.test/var/lib/modules", "/var/lib/modules", "bind", uintptr(syscall.MS_BIND), "").Times(1).Return(nil) + mm.EXPECT().Unmount("/.test/var/lib/modules", 0).Times(1).Return(assert.AnError) + + remount, err := tempRemount(mm, fakeLog(t), "/.test") + require.NoError(t, err) + err = remount() + require.ErrorContains(t, err, assert.AnError.Error()) + }) +} + +// convenience function for generating a slice of *procfs.MountInfo +func fakeMounts(mounts ...string) []*procfs.MountInfo { + m := make([]*procfs.MountInfo, 0) + for _, s := range mounts { + mp := s + o := make(map[string]string) + if strings.HasSuffix(mp, ":ro") { + mp = strings.TrimSuffix(mp, ":ro") + o["ro"] = "true" + } + m = append(m, &procfs.MountInfo{MountPoint: mp, Options: o}) + } + return m +} + +func fakeLog(t *testing.T) func(notcodersdk.LogLevel, string, ...any) { + t.Helper() + return func(_ notcodersdk.LogLevel, s string, a ...any) { + t.Logf(s, a...) + } +} + +type fakeFileInfo struct { + isDir bool +} + +func (fi *fakeFileInfo) Name() string { return "" } +func (fi *fakeFileInfo) Size() int64 { return 0 } +func (fi *fakeFileInfo) Mode() os.FileMode { return 0 } +func (fi *fakeFileInfo) ModTime() time.Time { return time.Time{} } +func (fi *fakeFileInfo) IsDir() bool { return fi.isDir } +func (fi *fakeFileInfo) Sys() any { return nil } + +var _ os.FileInfo = &fakeFileInfo{} diff --git a/internal/notcodersdk/agentclient.go b/internal/notcodersdk/agentclient.go new file mode 100644 index 00000000..e65bc4cc --- /dev/null +++ b/internal/notcodersdk/agentclient.go @@ -0,0 +1,430 @@ +package notcodersdk + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "fmt" + "io" + "mime" + "net/http" + "net/http/httputil" + "net/url" + "strings" + "sync" + "time" + + "github.com/google/uuid" + "golang.org/x/xerrors" +) + +const ( + SessionTokenHeader = "Coder-Session-Token" +) + +type AgentSubsystem string + +const ( + AgentSubsystemEnvbuilder AgentSubsystem = "envbuilder" +) + +// ExternalLogSourceID is the statically-defined ID of a log-source that +// appears as "External" in the dashboard. +// +// This is to support legacy API-consumers that do not create their own +// log-source. This should be removed in the future. +var ExternalLogSourceID = uuid.MustParse("3b579bf4-1ed8-4b99-87a8-e9a1e3410410") + +type LogLevel string + +const ( + LogLevelTrace LogLevel = "trace" + LogLevelDebug LogLevel = "debug" + LogLevelInfo LogLevel = "info" + LogLevelWarn LogLevel = "warn" + LogLevelError LogLevel = "error" +) + +type Log struct { + CreatedAt time.Time `json:"created_at"` + Output string `json:"output"` + Level LogLevel `json:"level"` +} + +type PatchLogs struct { + LogSourceID uuid.UUID `json:"log_source_id"` + Logs []Log `json:"logs"` +} + +// New returns a client that is used to interact with the +// Coder API from a workspace agent. +func New(serverURL *url.URL) *Client { + return &Client{ + URL: serverURL, + HTTPClient: &http.Client{}, + } +} + +// Client wraps `notcodersdk.Client` with specific functions +// scoped to a workspace agent. +type Client struct { + // mu protects the fields sessionToken, logger, and logBodies. These + // need to be safe for concurrent access. + mu sync.RWMutex + sessionToken string + logBodies bool + + HTTPClient *http.Client + URL *url.URL + + // SessionTokenHeader is an optional custom header to use for setting tokens. By + // default 'Coder-Session-Token' is used. + SessionTokenHeader string + + // PlainLogger may be set to log HTTP traffic in a human-readable form. + // It uses the LogBodies option. + PlainLogger io.Writer +} + +// SessionToken returns the currently set token for the client. +func (c *Client) SessionToken() string { + c.mu.RLock() + defer c.mu.RUnlock() + return c.sessionToken +} + +// SetSessionToken returns the currently set token for the client. +func (c *Client) SetSessionToken(token string) { + c.mu.Lock() + defer c.mu.Unlock() + c.sessionToken = token +} + +// PatchLogs writes log messages to the agent startup script. +// Log messages are limited to 1MB in total. +// +// Deprecated: use the DRPCAgentClient.BatchCreateLogs instead +func (c *Client) PatchLogs(ctx context.Context, req PatchLogs) error { + res, err := c.Request(ctx, http.MethodPatch, "/api/v2/workspaceagents/me/logs", req) + if err != nil { + return err + } + defer res.Body.Close() + if res.StatusCode != http.StatusOK { + return ReadBodyAsError(res) + } + return nil +} + +// RequestOption is a function that can be used to modify an http.Request. +type RequestOption func(*http.Request) + +// Request performs a HTTP request with the body provided. The caller is +// responsible for closing the response body. +func (c *Client) Request(ctx context.Context, method, path string, body interface{}, opts ...RequestOption) (*http.Response, error) { + serverURL, err := c.URL.Parse(path) + if err != nil { + return nil, xerrors.Errorf("parse url: %w", err) + } + + var r io.Reader + if body != nil { + switch data := body.(type) { + case io.Reader: + r = data + case []byte: + r = bytes.NewReader(data) + default: + // Assume JSON in all other cases. + buf := bytes.NewBuffer(nil) + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + err = enc.Encode(body) + if err != nil { + return nil, xerrors.Errorf("encode body: %w", err) + } + r = buf + } + } + + // Copy the request body so we can log it. + var reqBody []byte + c.mu.RLock() + logBodies := c.logBodies + c.mu.RUnlock() + if r != nil && logBodies { + reqBody, err = io.ReadAll(r) + if err != nil { + return nil, xerrors.Errorf("read request body: %w", err) + } + r = bytes.NewReader(reqBody) + } + + req, err := http.NewRequestWithContext(ctx, method, serverURL.String(), r) + if err != nil { + return nil, xerrors.Errorf("create request: %w", err) + } + + tokenHeader := c.SessionTokenHeader + if tokenHeader == "" { + tokenHeader = SessionTokenHeader + } + req.Header.Set(tokenHeader, c.SessionToken()) + + if r != nil { + req.Header.Set("Content-Type", "application/json") + } + for _, opt := range opts { + opt(req) + } + + resp, err := c.HTTPClient.Do(req) + + // We log after sending the request because the HTTP Transport may modify + // the request within Do, e.g. by adding headers. + if resp != nil && c.PlainLogger != nil { + out, err := httputil.DumpRequest(resp.Request, logBodies) + if err != nil { + return nil, xerrors.Errorf("dump request: %w", err) + } + out = prefixLines([]byte("http --> "), out) + _, _ = c.PlainLogger.Write(out) + } + + if err != nil { + return nil, err + } + + if c.PlainLogger != nil { + out, err := httputil.DumpResponse(resp, logBodies) + if err != nil { + return nil, xerrors.Errorf("dump response: %w", err) + } + out = prefixLines([]byte("http <-- "), out) + _, _ = c.PlainLogger.Write(out) + } + + // Copy the response body so we can log it if it's a loggable mime type. + var respBody []byte + if resp.Body != nil && logBodies { + mimeType := parseMimeType(resp.Header.Get("Content-Type")) + if _, ok := loggableMimeTypes[mimeType]; ok { + respBody, err = io.ReadAll(resp.Body) + if err != nil { + return nil, xerrors.Errorf("copy response body for logs: %w", err) + } + err = resp.Body.Close() + if err != nil { + return nil, xerrors.Errorf("close response body: %w", err) + } + resp.Body = io.NopCloser(bytes.NewReader(respBody)) + } + } + + return resp, err +} + +func parseMimeType(contentType string) string { + mimeType, _, err := mime.ParseMediaType(contentType) + if err != nil { + mimeType = strings.TrimSpace(strings.Split(contentType, ";")[0]) + } + + return mimeType +} + +// loggableMimeTypes is a list of MIME types that are safe to log +// the output of. This is useful for debugging or testing. +var loggableMimeTypes = map[string]struct{}{ + "application/json": {}, + "text/plain": {}, + // lots of webserver error pages are HTML + "text/html": {}, +} + +func prefixLines(prefix, s []byte) []byte { + ss := bytes.NewBuffer(make([]byte, 0, len(s)*2)) + for _, line := range bytes.Split(s, []byte("\n")) { + _, _ = ss.Write(prefix) + _, _ = ss.Write(line) + _ = ss.WriteByte('\n') + } + return ss.Bytes() +} + +// ReadBodyAsError reads the response as a codersdk.Response, and +// wraps it in a codersdk.Error type for easy marshaling. +// +// This will always return an error, so only call it if the response failed +// your expectations. Usually via status code checking. +// nolint:staticcheck +func ReadBodyAsError(res *http.Response) error { + if res == nil { + return xerrors.Errorf("no body returned") + } + defer res.Body.Close() + + var requestMethod, requestURL string + if res.Request != nil { + requestMethod = res.Request.Method + if res.Request.URL != nil { + requestURL = res.Request.URL.String() + } + } + + var helpMessage string + if res.StatusCode == http.StatusUnauthorized { + // 401 means the user is not logged in + // 403 would mean that the user is not authorized + helpMessage = "Try logging in using 'coder login'." + } + + resp, err := io.ReadAll(res.Body) + if err != nil { + return xerrors.Errorf("read body: %w", err) + } + + if mimeErr := ExpectJSONMime(res); mimeErr != nil { + if len(resp) > 2048 { + resp = append(resp[:2048], []byte("...")...) + } + if len(resp) == 0 { + resp = []byte("no response body") + } + return &Error{ + statusCode: res.StatusCode, + method: requestMethod, + url: requestURL, + Response: Response{ + Message: mimeErr.Error(), + Detail: string(resp), + }, + Helper: helpMessage, + } + } + + var m Response + err = json.NewDecoder(bytes.NewBuffer(resp)).Decode(&m) + if err != nil { + if errors.Is(err, io.EOF) { + return &Error{ + statusCode: res.StatusCode, + Response: Response{ + Message: "empty response body", + }, + Helper: helpMessage, + } + } + return xerrors.Errorf("decode body: %w", err) + } + if m.Message == "" { + if len(resp) > 1024 { + resp = append(resp[:1024], []byte("...")...) + } + m.Message = fmt.Sprintf("unexpected status code %d, response has no message", res.StatusCode) + m.Detail = string(resp) + } + + return &Error{ + Response: m, + statusCode: res.StatusCode, + method: requestMethod, + url: requestURL, + Helper: helpMessage, + } +} + +// Response represents a generic HTTP response. +type Response struct { + // Message is an actionable message that depicts actions the request took. + // These messages should be fully formed sentences with proper punctuation. + // Examples: + // - "A user has been created." + // - "Failed to create a user." + Message string `json:"message"` + // Detail is a debug message that provides further insight into why the + // action failed. This information can be technical and a regular golang + // err.Error() text. + // - "database: too many open connections" + // - "stat: too many open files" + Detail string `json:"detail,omitempty"` + // Validations are form field-specific friendly error messages. They will be + // shown on a form field in the UI. These can also be used to add additional + // context if there is a set of errors in the primary 'Message'. + Validations []ValidationError `json:"validations,omitempty"` +} + +// ValidationError represents a scoped error to a user input. +type ValidationError struct { + Field string `json:"field" validate:"required"` + Detail string `json:"detail" validate:"required"` +} + +func (e ValidationError) Error() string { + return fmt.Sprintf("field: %s detail: %s", e.Field, e.Detail) +} + +var _ error = (*ValidationError)(nil) + +// Error represents an unaccepted or invalid request to the API. +// @typescript-ignore Error +type Error struct { + Response + + statusCode int + method string + url string + + Helper string +} + +func (e *Error) StatusCode() int { + return e.statusCode +} + +func (e *Error) Method() string { + return e.method +} + +func (e *Error) URL() string { + return e.url +} + +func (e *Error) Friendly() string { + var sb strings.Builder + _, _ = fmt.Fprintf(&sb, "%s. %s", strings.TrimSuffix(e.Message, "."), e.Helper) + for _, err := range e.Validations { + _, _ = fmt.Fprintf(&sb, "\n- %s: %s", err.Field, err.Detail) + } + return sb.String() +} + +func (e *Error) Error() string { + var builder strings.Builder + if e.method != "" && e.url != "" { + _, _ = fmt.Fprintf(&builder, "%v %v: ", e.method, e.url) + } + _, _ = fmt.Fprintf(&builder, "unexpected status code %d: %s", e.statusCode, e.Message) + if e.Helper != "" { + _, _ = fmt.Fprintf(&builder, ": %s", e.Helper) + } + if e.Detail != "" { + _, _ = fmt.Fprintf(&builder, "\n\tError: %s", e.Detail) + } + for _, err := range e.Validations { + _, _ = fmt.Fprintf(&builder, "\n\t%s: %s", err.Field, err.Detail) + } + return builder.String() +} + +// ExpectJSONMime is a helper function that will assert the content type +// of the response is application/json. +func ExpectJSONMime(res *http.Response) error { + contentType := res.Header.Get("Content-Type") + mimeType := parseMimeType(contentType) + if mimeType != "application/json" { + return xerrors.Errorf("unexpected non-JSON response %q", contentType) + } + return nil +} diff --git a/internal/notcodersdk/doc.go b/internal/notcodersdk/doc.go new file mode 100644 index 00000000..cfa92db6 --- /dev/null +++ b/internal/notcodersdk/doc.go @@ -0,0 +1,13 @@ +// Package notcodersdk contains manually-vendored code from +// github.com/coder/coder/v2/codersdk. +// +// This code is currently required for sending workspace build logs to +// coder. It was manually vendored to avoid dependency issues. +// +// If the direct integration is moved outside of envbuilder, +// this package can safely be removed. +// See the below issues for context: +// - https://github.com/coder/envbuilder/issues/178 +// - https://github.com/coder/coder/issues/11342 +// - https://github.com/coder/envbuilder/issues/193 +package notcodersdk diff --git a/internal/notcodersdk/logs.go b/internal/notcodersdk/logs.go new file mode 100644 index 00000000..6ca4aca8 --- /dev/null +++ b/internal/notcodersdk/logs.go @@ -0,0 +1,169 @@ +package notcodersdk + +import ( + "context" + "errors" + "net/http" + "time" + + "github.com/google/uuid" + "golang.org/x/xerrors" + + "cdr.dev/slog" + "github.com/coder/retry" +) + +type logsSenderOptions struct { + flushTimeout time.Duration +} + +// LogsSender will send agent startup logs to the server. Calls to +// sendLog are non-blocking and will return an error if flushAndClose +// has been called. Calling sendLog concurrently is not supported. If +// the context passed to flushAndClose is canceled, any remaining logs +// will be discarded. +// +// Deprecated: Use NewLogSender instead, based on the v2 Agent API. +func LogsSender(sourceID uuid.UUID, patchLogs func(ctx context.Context, req PatchLogs) error, logger slog.Logger, opts ...func(*logsSenderOptions)) (sendLog func(ctx context.Context, log ...Log) error, flushAndClose func(context.Context) error) { + o := logsSenderOptions{ + flushTimeout: 250 * time.Millisecond, + } + for _, opt := range opts { + opt(&o) + } + + // The main context is used to close the sender goroutine and cancel + // any outbound requests to the API. The shutdown context is used to + // signal the sender goroutine to flush logs and then exit. + ctx, cancel := context.WithCancel(context.Background()) + shutdownCtx, shutdown := context.WithCancel(ctx) + + // Synchronous sender, there can only be one outbound send at a time. + sendDone := make(chan struct{}) + send := make(chan []Log, 1) + go func() { + // Set flushTimeout and backlogLimit so that logs are uploaded + // once every 250ms or when 100 logs have been added to the + // backlog, whichever comes first. + backlogLimit := 100 + + flush := time.NewTicker(o.flushTimeout) + + var backlog []Log + defer func() { + flush.Stop() + if len(backlog) > 0 { + logger.Warn(ctx, "startup logs sender exiting early, discarding logs", slog.F("discarded_logs_count", len(backlog))) + } + logger.Debug(ctx, "startup logs sender exited") + close(sendDone) + }() + + done := false + for { + flushed := false + select { + case <-ctx.Done(): + return + case <-shutdownCtx.Done(): + done = true + + // Check queued logs before flushing. + select { + case logs := <-send: + backlog = append(backlog, logs...) + default: + } + case <-flush.C: + flushed = true + case logs := <-send: + backlog = append(backlog, logs...) + flushed = len(backlog) >= backlogLimit + } + + if (done || flushed) && len(backlog) > 0 { + flush.Stop() // Lower the chance of a double flush. + + // Retry uploading logs until successful or a specific + // error occurs. Note that we use the main context here, + // meaning these requests won't be interrupted by + // shutdown. + var err error + for r := retry.New(time.Second, 5*time.Second); r.Wait(ctx); { + err = patchLogs(ctx, PatchLogs{ + Logs: backlog, + LogSourceID: sourceID, + }) + if err == nil { + break + } + + if errors.Is(err, context.Canceled) { + break + } + // This error is expected to be codersdk.Error, but it has + // private fields so we can't fake it in tests. + var statusErr interface{ StatusCode() int } + if errors.As(err, &statusErr) { + if statusErr.StatusCode() == http.StatusRequestEntityTooLarge { + logger.Warn(ctx, "startup logs too large, discarding logs", slog.F("discarded_logs_count", len(backlog)), slog.Error(err)) + err = nil + break + } + } + logger.Error(ctx, "startup logs sender failed to upload logs, retrying later", slog.F("logs_count", len(backlog)), slog.Error(err)) + } + if err != nil { + return + } + backlog = nil + + // Anchor flush to the last log upload. + flush.Reset(o.flushTimeout) + } + if done { + return + } + } + }() + + var queue []Log + sendLog = func(callCtx context.Context, log ...Log) error { + select { + case <-shutdownCtx.Done(): + return xerrors.Errorf("closed: %w", shutdownCtx.Err()) + case <-callCtx.Done(): + return callCtx.Err() + case queue = <-send: + // Recheck to give priority to context cancellation. + select { + case <-shutdownCtx.Done(): + return xerrors.Errorf("closed: %w", shutdownCtx.Err()) + case <-callCtx.Done(): + return callCtx.Err() + default: + } + // Queue has not been captured by sender yet, re-use. + default: + } + + queue = append(queue, log...) + send <- queue // Non-blocking. + queue = nil + + return nil + } + flushAndClose = func(callCtx context.Context) error { + defer cancel() + shutdown() + select { + case <-sendDone: + return nil + case <-callCtx.Done(): + cancel() + <-sendDone + return callCtx.Err() + } + } + return sendLog, flushAndClose +} diff --git a/options.go b/options.go new file mode 100644 index 00000000..2913fdea --- /dev/null +++ b/options.go @@ -0,0 +1,489 @@ +package envbuilder + +import ( + "strings" + + "github.com/coder/envbuilder/internal/notcodersdk" + "github.com/coder/serpent" + "github.com/go-git/go-billy/v5" +) + +type LoggerFunc func(level notcodersdk.LogLevel, format string, args ...interface{}) + +// Options contains the configuration for the envbuilder. +type Options struct { + // SetupScript is the script to run before the init script. It runs as the + // root user regardless of the user specified in the devcontainer.json file. + // SetupScript is ran as the root user prior to the init script. It is used to + // configure envbuilder dynamically during the runtime. e.g. specifying + // whether to start systemd or tiny init for PID 1. + SetupScript string + // InitScript is the script to run to initialize the workspace. + InitScript string + // InitCommand is the command to run to initialize the workspace. + InitCommand string + // InitArgs are the arguments to pass to the init command. They are split + // according to /bin/sh rules with https://github.com/kballard/go-shellquote. + InitArgs string + // CacheRepo is the name of the container registry to push the cache image to. + // If this is empty, the cache will not be pushed. + CacheRepo string + // BaseImageCacheDir is the path to a directory where the base image can be + // found. This should be a read-only directory solely mounted for the purpose + // of caching the base image. + BaseImageCacheDir string + // LayerCacheDir is the path to a directory where built layers will be stored. + // This spawns an in-memory registry to serve the layers from. + LayerCacheDir string + // DevcontainerDir is the path to the folder containing the devcontainer.json + // file that will be used to build the workspace and can either be an absolute + // path or a path relative to the workspace folder. If not provided, defaults + // to `.devcontainer`. + DevcontainerDir string + // DevcontainerJSONPath is a path to a devcontainer.json file + // that is either an absolute path or a path relative to + // DevcontainerDir. This can be used in cases where one wants + // to substitute an edited devcontainer.json file for the one + // that exists in the repo. + // If neither `DevcontainerDir` nor `DevcontainerJSONPath` is provided, + // envbuilder will browse following directories to locate it: + // 1. `.devcontainer/devcontainer.json` + // 2. `.devcontainer.json` + // 3. `.devcontainer//devcontainer.json` + DevcontainerJSONPath string + // DockerfilePath is the relative path to the Dockerfile that will be used to + // build the workspace. This is an alternative to using a devcontainer that + // some might find simpler. + DockerfilePath string + // BuildContextPath can be specified when a DockerfilePath is specified + // outside the base WorkspaceFolder. This path MUST be relative to the + // WorkspaceFolder path into which the repo is cloned. + BuildContextPath string + // CacheTTLDays is the number of days to use cached layers before expiring + // them. Defaults to 7 days. + CacheTTLDays int64 + // DockerConfigBase64 is the base64 encoded Docker config file that will be + // used to pull images from private container registries. + DockerConfigBase64 string + // FallbackImage specifies an alternative image to use when neither an image + // is declared in the devcontainer.json file nor a Dockerfile is present. If + // there's a build failure (from a faulty Dockerfile) or a misconfiguration, + // this image will be the substitute. Set ExitOnBuildFailure to true to halt + // the container if the build faces an issue. + FallbackImage string + // ExitOnBuildFailure terminates the container upon a build failure. This is + // handy when preferring the FALLBACK_IMAGE in cases where no + // devcontainer.json or image is provided. However, it ensures that the + // container stops if the build process encounters an error. + ExitOnBuildFailure bool + // ForceSafe ignores any filesystem safety checks. This could cause serious + // harm to your system! This is used in cases where bypass is needed to + // unblock customers. + ForceSafe bool + // Insecure bypasses TLS verification when cloning and pulling from container + // registries. + Insecure bool + // IgnorePaths is the comma separated list of paths to ignore when building + // the workspace. + IgnorePaths []string + // SkipRebuild skips building if the MagicFile exists. This is used to skip + // building when a container is restarting. e.g. docker stop -> docker start + // This value can always be set to true - even if the container is being + // started for the first time. + SkipRebuild bool + // GitURL is the URL of the Git repository to clone. This is optional. + GitURL string + // GitCloneDepth is the depth to use when cloning the Git repository. + GitCloneDepth int64 + // GitCloneSingleBranch clone only a single branch of the Git repository. + GitCloneSingleBranch bool + // GitUsername is the username to use for Git authentication. This is + // optional. + GitUsername string + // GitPassword is the password to use for Git authentication. This is + // optional. + GitPassword string + // GitSSHPrivateKeyPath is the path to an SSH private key to be used for + // Git authentication. + GitSSHPrivateKeyPath string + // GitHTTPProxyURL is the URL for the HTTP proxy. This is optional. + GitHTTPProxyURL string + // WorkspaceFolder is the path to the workspace folder that will be built. + // This is optional. + WorkspaceFolder string + // SSLCertBase64 is the content of an SSL cert file. This is useful for + // self-signed certificates. + SSLCertBase64 string + // ExportEnvFile is the optional file path to a .env file where envbuilder + // will dump environment variables from devcontainer.json and the built + // container image. + ExportEnvFile string + // PostStartScriptPath is the path to a script that will be created by + // envbuilder based on the postStartCommand in devcontainer.json, if any is + // specified (otherwise the script is not created). If this is set, the + // specified InitCommand should check for the presence of this script and + // execute it after successful startup. + PostStartScriptPath string + // Logger is the logger to use for all operations. + Logger LoggerFunc + // Filesystem is the filesystem to use for all operations. Defaults to the + // host filesystem. + Filesystem billy.Filesystem + // These options are specifically used when envbuilder is invoked as part of a + // Coder workspace. + // Revert to `*url.URL` once https://github.com/coder/serpent/issues/14 is fixed. + CoderAgentURL string + // CoderAgentToken is the authentication token for a Coder agent. + CoderAgentToken string + // CoderAgentSubsystem is the Coder agent subsystems to report when forwarding + // logs. The envbuilder subsystem is always included. + CoderAgentSubsystem []string + + // PushImage is a flag to determine if the image should be pushed to the + // container registry. This option implies reproducible builds. + PushImage bool + // GetCachedImage is a flag to determine if the cached image is available, + // and if it is, to return it. + GetCachedImage bool +} + +const envPrefix = "ENVBUILDER_" + +// Generate CLI options for the envbuilder command. +func (o *Options) CLI() serpent.OptionSet { + options := serpent.OptionSet{ + { + Flag: "setup-script", + Env: WithEnvPrefix("SETUP_SCRIPT"), + Value: serpent.StringOf(&o.SetupScript), + Description: "The script to run before the init script. It runs as " + + "the root user regardless of the user specified in the devcontainer.json " + + "file. SetupScript is ran as the root user prior to the init script. " + + "It is used to configure envbuilder dynamically during the runtime. e.g. " + + "specifying whether to start systemd or tiny init for PID 1.", + }, + { + Flag: "init-script", + Env: WithEnvPrefix("INIT_SCRIPT"), + // Default: "sleep infinity", // TODO: reinstate once legacy opts are removed. + Value: serpent.StringOf(&o.InitScript), + Description: "The script to run to initialize the workspace. Default: `sleep infinity`.", + }, + { + Flag: "init-command", + Env: WithEnvPrefix("INIT_COMMAND"), + // Default: "/bin/sh", // TODO: reinstate once legacy opts are removed. + Value: serpent.StringOf(&o.InitCommand), + Description: "The command to run to initialize the workspace. Default: `/bin/sh`.", + }, + { + Flag: "init-args", + Env: WithEnvPrefix("INIT_ARGS"), + Value: serpent.StringOf(&o.InitArgs), + Description: "The arguments to pass to the init command. They are " + + "split according to /bin/sh rules with " + + "https://github.com/kballard/go-shellquote.", + }, + { + Flag: "cache-repo", + Env: WithEnvPrefix("CACHE_REPO"), + Value: serpent.StringOf(&o.CacheRepo), + Description: "The name of the container registry to push the cache " + + "image to. If this is empty, the cache will not be pushed.", + }, + { + Flag: "base-image-cache-dir", + Env: WithEnvPrefix("BASE_IMAGE_CACHE_DIR"), + Value: serpent.StringOf(&o.BaseImageCacheDir), + Description: "The path to a directory where the base image " + + "can be found. This should be a read-only directory solely mounted " + + "for the purpose of caching the base image.", + }, + { + Flag: "layer-cache-dir", + Env: WithEnvPrefix("LAYER_CACHE_DIR"), + Value: serpent.StringOf(&o.LayerCacheDir), + Description: "The path to a directory where built layers will " + + "be stored. This spawns an in-memory registry to serve the layers " + + "from.", + }, + { + Flag: "devcontainer-dir", + Env: WithEnvPrefix("DEVCONTAINER_DIR"), + Value: serpent.StringOf(&o.DevcontainerDir), + Description: "The path to the folder containing the " + + "devcontainer.json file that will be used to build the workspace " + + "and can either be an absolute path or a path relative to the " + + "workspace folder. If not provided, defaults to `.devcontainer`.", + }, + { + Flag: "devcontainer-json-path", + Env: WithEnvPrefix("DEVCONTAINER_JSON_PATH"), + Value: serpent.StringOf(&o.DevcontainerJSONPath), + Description: "The path to a devcontainer.json file that " + + "is either an absolute path or a path relative to DevcontainerDir. " + + "This can be used in cases where one wants to substitute an edited " + + "devcontainer.json file for the one that exists in the repo.", + }, + { + Flag: "dockerfile-path", + Env: WithEnvPrefix("DOCKERFILE_PATH"), + Value: serpent.StringOf(&o.DockerfilePath), + Description: "The relative path to the Dockerfile that will " + + "be used to build the workspace. This is an alternative to using " + + "a devcontainer that some might find simpler.", + }, + { + Flag: "build-context-path", + Env: WithEnvPrefix("BUILD_CONTEXT_PATH"), + Value: serpent.StringOf(&o.BuildContextPath), + Description: "Can be specified when a DockerfilePath is " + + "specified outside the base WorkspaceFolder. This path MUST be " + + "relative to the WorkspaceFolder path into which the repo is cloned.", + }, + { + Flag: "cache-ttl-days", + Env: WithEnvPrefix("CACHE_TTL_DAYS"), + Value: serpent.Int64Of(&o.CacheTTLDays), + Description: "The number of days to use cached layers before " + + "expiring them. Defaults to 7 days.", + }, + { + Flag: "docker-config-base64", + Env: WithEnvPrefix("DOCKER_CONFIG_BASE64"), + Value: serpent.StringOf(&o.DockerConfigBase64), + Description: "The base64 encoded Docker config file that " + + "will be used to pull images from private container registries.", + }, + { + Flag: "fallback-image", + Env: WithEnvPrefix("FALLBACK_IMAGE"), + Value: serpent.StringOf(&o.FallbackImage), + Description: "Specifies an alternative image to use when neither " + + "an image is declared in the devcontainer.json file nor a Dockerfile " + + "is present. If there's a build failure (from a faulty Dockerfile) " + + "or a misconfiguration, this image will be the substitute. Set " + + "ExitOnBuildFailure to true to halt the container if the build " + + "faces an issue.", + }, + { + Flag: "exit-on-build-failure", + Env: WithEnvPrefix("EXIT_ON_BUILD_FAILURE"), + Value: serpent.BoolOf(&o.ExitOnBuildFailure), + Description: "Terminates the container upon a build failure. " + + "This is handy when preferring the FALLBACK_IMAGE in cases where " + + "no devcontainer.json or image is provided. However, it ensures " + + "that the container stops if the build process encounters an error.", + }, + { + Flag: "force-safe", + Env: WithEnvPrefix("FORCE_SAFE"), + Value: serpent.BoolOf(&o.ForceSafe), + Description: "Ignores any filesystem safety checks. This could cause " + + "serious harm to your system! This is used in cases where bypass " + + "is needed to unblock customers.", + }, + { + Flag: "insecure", + Env: WithEnvPrefix("INSECURE"), + Value: serpent.BoolOf(&o.Insecure), + Description: "Bypass TLS verification when cloning and pulling from " + + "container registries.", + }, + { + Flag: "ignore-paths", + Env: WithEnvPrefix("IGNORE_PATHS"), + Value: serpent.StringArrayOf(&o.IgnorePaths), + Description: "The comma separated list of paths to ignore when " + + "building the workspace.", + }, + { + Flag: "skip-rebuild", + Env: WithEnvPrefix("SKIP_REBUILD"), + Value: serpent.BoolOf(&o.SkipRebuild), + Description: "Skip building if the MagicFile exists. This is used " + + "to skip building when a container is restarting. e.g. docker stop -> " + + "docker start This value can always be set to true - even if the " + + "container is being started for the first time.", + }, + { + Flag: "git-url", + Env: WithEnvPrefix("GIT_URL"), + Value: serpent.StringOf(&o.GitURL), + Description: "The URL of a Git repository containing a Devcontainer or Docker image to clone. This is optional.", + }, + { + Flag: "git-clone-depth", + Env: WithEnvPrefix("GIT_CLONE_DEPTH"), + Value: serpent.Int64Of(&o.GitCloneDepth), + Description: "The depth to use when cloning the Git repository.", + }, + { + Flag: "git-clone-single-branch", + Env: WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), + Value: serpent.BoolOf(&o.GitCloneSingleBranch), + Description: "Clone only a single branch of the Git repository.", + }, + { + Flag: "git-username", + Env: WithEnvPrefix("GIT_USERNAME"), + Value: serpent.StringOf(&o.GitUsername), + Description: "The username to use for Git authentication. This is optional.", + }, + { + Flag: "git-password", + Env: WithEnvPrefix("GIT_PASSWORD"), + Value: serpent.StringOf(&o.GitPassword), + Description: "The password to use for Git authentication. This is optional.", + }, + { + Flag: "git-ssh-private-key-path", + Env: WithEnvPrefix("GIT_SSH_PRIVATE_KEY_PATH"), + Value: serpent.StringOf(&o.GitSSHPrivateKeyPath), + Description: "Path to an SSH private key to be used for Git authentication.", + }, + { + Flag: "git-http-proxy-url", + Env: WithEnvPrefix("GIT_HTTP_PROXY_URL"), + Value: serpent.StringOf(&o.GitHTTPProxyURL), + Description: "The URL for the HTTP proxy. This is optional.", + }, + { + Flag: "workspace-folder", + Env: WithEnvPrefix("WORKSPACE_FOLDER"), + Value: serpent.StringOf(&o.WorkspaceFolder), + Description: "The path to the workspace folder that will " + + "be built. This is optional.", + }, + { + Flag: "ssl-cert-base64", + Env: WithEnvPrefix("SSL_CERT_BASE64"), + Value: serpent.StringOf(&o.SSLCertBase64), + Description: "The content of an SSL cert file. This is useful " + + "for self-signed certificates.", + }, + { + Flag: "export-env-file", + Env: WithEnvPrefix("EXPORT_ENV_FILE"), + Value: serpent.StringOf(&o.ExportEnvFile), + Description: "Optional file path to a .env file where " + + "envbuilder will dump environment variables from devcontainer.json " + + "and the built container image.", + }, + { + Flag: "post-start-script-path", + Env: WithEnvPrefix("POST_START_SCRIPT_PATH"), + Value: serpent.StringOf(&o.PostStartScriptPath), + Description: "The path to a script that will be created " + + "by envbuilder based on the postStartCommand in devcontainer.json, " + + "if any is specified (otherwise the script is not created). If this " + + "is set, the specified InitCommand should check for the presence of " + + "this script and execute it after successful startup.", + }, + { + Flag: "coder-agent-url", + Env: "CODER_AGENT_URL", + Value: serpent.StringOf(&o.CoderAgentURL), + Description: "URL of the Coder deployment. If CODER_AGENT_TOKEN is also " + + "set, logs from envbuilder will be forwarded here and will be " + + "visible in the workspace build logs.", + }, + { + Flag: "coder-agent-token", + Env: "CODER_AGENT_TOKEN", + Value: serpent.StringOf(&o.CoderAgentToken), + Description: "Authentication token for a Coder agent. If this is set, " + + "then CODER_AGENT_URL must also be set.", + }, + { + Flag: "coder-agent-subsystem", + Env: "CODER_AGENT_SUBSYSTEM", + Value: serpent.StringArrayOf(&o.CoderAgentSubsystem), + Description: "Coder agent subsystems to report when forwarding logs. " + + "The envbuilder subsystem is always included.", + }, + { + Flag: "push-image", + Env: WithEnvPrefix("PUSH_IMAGE"), + Value: serpent.BoolOf(&o.PushImage), + Description: "Push the built image to a remote registry. " + + "This option forces a reproducible build.", + }, + { + Flag: "get-cached-image", + Env: WithEnvPrefix("GET_CACHED_IMAGE"), + Value: serpent.BoolOf(&o.GetCachedImage), + Description: "Print the digest of the cached image, if available. " + + "Exits with an error if not found.", + }, + } + + // Add options without the prefix for backward compatibility. These options + // are marked as deprecated and will be removed in future versions. Note: + // Future versions will require the 'ENVBUILDER_' prefix for default + // environment variables. + options = supportLegacyEnvWithoutPrefixes(options) + + return options +} + +func WithEnvPrefix(str string) string { + return envPrefix + str +} + +func supportLegacyEnvWithoutPrefixes(opts serpent.OptionSet) serpent.OptionSet { + withLegacyOpts := opts + + for _, o := range opts { + if strings.HasPrefix(o.Env, envPrefix) { + prevOption := o + prevOption.Flag = "legacy-" + o.Flag + prevOption.Env = strings.TrimPrefix(o.Env, envPrefix) + prevOption.UseInstead = []serpent.Option{o} + prevOption.Hidden = true + prevOption.Default = "" + withLegacyOpts = append(withLegacyOpts, prevOption) + } + } + + return withLegacyOpts +} + +func (o *Options) Markdown() string { + cliOptions := skipDeprecatedOptions(o.CLI()) + + var sb strings.Builder + _, _ = sb.WriteString("| Flag | Environment variable | Default | Description |\n") + _, _ = sb.WriteString("| - | - | - | - |\n") + + for _, opt := range cliOptions { + d := opt.Default + if d != "" { + d = "`" + d + "`" + } + _, _ = sb.WriteString("| `--") + _, _ = sb.WriteString(opt.Flag) + _, _ = sb.WriteString("` | `") + _, _ = sb.WriteString(opt.Env) + _, _ = sb.WriteString("` | ") + _, _ = sb.WriteString(d) + _, _ = sb.WriteString(" | ") + _, _ = sb.WriteString(opt.Description) + _, _ = sb.WriteString(" |\n") + } + + return sb.String() +} + +func skipDeprecatedOptions(options []serpent.Option) []serpent.Option { + var activeOptions []serpent.Option + + for _, opt := range options { + isDeprecated := len(opt.UseInstead) > 0 + if !isDeprecated { + activeOptions = append(activeOptions, opt) + } + } + + return activeOptions +} diff --git a/options_test.go b/options_test.go new file mode 100644 index 00000000..e32af9e6 --- /dev/null +++ b/options_test.go @@ -0,0 +1,206 @@ +package envbuilder_test + +import ( + "bytes" + "flag" + "os" + "testing" + + "github.com/coder/envbuilder" + "github.com/coder/serpent" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +// TestEnvOptionParsing tests that given environment variables of different types are handled as expected. +func TestEnvOptionParsing(t *testing.T) { + t.Run("string", func(t *testing.T) { + const val = "setup.sh" + t.Setenv(envbuilder.WithEnvPrefix("SETUP_SCRIPT"), val) + o := runCLI() + require.Equal(t, o.SetupScript, val) + }) + + t.Run("int", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("CACHE_TTL_DAYS"), "7") + o := runCLI() + require.Equal(t, o.CacheTTLDays, int64(7)) + }) + + t.Run("string array", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("IGNORE_PATHS"), "/var,/temp") + o := runCLI() + require.Equal(t, o.IgnorePaths, []string{"/var", "/temp"}) + }) + + t.Run("bool", func(t *testing.T) { + t.Run("lowercase", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "true") + t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "false") + o := runCLI() + require.True(t, o.SkipRebuild) + require.False(t, o.GitCloneSingleBranch) + }) + + t.Run("uppercase", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "TRUE") + t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "FALSE") + o := runCLI() + require.True(t, o.SkipRebuild) + require.False(t, o.GitCloneSingleBranch) + }) + + t.Run("numeric", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("SKIP_REBUILD"), "1") + t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "0") + o := runCLI() + require.True(t, o.SkipRebuild) + require.False(t, o.GitCloneSingleBranch) + }) + + t.Run("empty", func(t *testing.T) { + t.Setenv(envbuilder.WithEnvPrefix("GIT_CLONE_SINGLE_BRANCH"), "") + o := runCLI() + require.False(t, o.GitCloneSingleBranch) + }) + }) +} + +func TestLegacyEnvVars(t *testing.T) { + legacyEnvs := map[string]string{ + "SETUP_SCRIPT": "./setup-legacy-script.sh", + "INIT_SCRIPT": "./init-legacy-script.sh", + "INIT_COMMAND": "/bin/zsh", + "INIT_ARGS": "arg1 arg2", + "CACHE_REPO": "example-cache-repo", + "BASE_IMAGE_CACHE_DIR": "/path/to/base/image/cache", + "LAYER_CACHE_DIR": "/path/to/layer/cache", + "DEVCONTAINER_DIR": "/path/to/devcontainer/dir", + "DEVCONTAINER_JSON_PATH": "/path/to/devcontainer.json", + "DOCKERFILE_PATH": "/path/to/Dockerfile", + "BUILD_CONTEXT_PATH": "/path/to/build/context", + "CACHE_TTL_DAYS": "7", + "DOCKER_CONFIG_BASE64": "base64encodedconfig", + "FALLBACK_IMAGE": "fallback-image:latest", + "EXIT_ON_BUILD_FAILURE": "true", + "FORCE_SAFE": "true", + "INSECURE": "true", + "IGNORE_PATHS": "/var/run,/tmp", + "SKIP_REBUILD": "true", + "GIT_URL": "https://github.com/example/repo.git", + "GIT_CLONE_DEPTH": "1", + "GIT_CLONE_SINGLE_BRANCH": "true", + "GIT_USERNAME": "gituser", + "GIT_PASSWORD": "gitpassword", + "GIT_SSH_PRIVATE_KEY_PATH": "/path/to/private/key", + "GIT_HTTP_PROXY_URL": "http://proxy.example.com", + "WORKSPACE_FOLDER": "/path/to/workspace/folder", + "SSL_CERT_BASE64": "base64encodedcert", + "EXPORT_ENV_FILE": "/path/to/export/env/file", + "POST_START_SCRIPT_PATH": "/path/to/post/start/script", + } + for k, v := range legacyEnvs { + t.Setenv(k, v) + } + + o := runCLI() + + assert.Equal(t, legacyEnvs["SETUP_SCRIPT"], o.SetupScript) + assert.Equal(t, legacyEnvs["INIT_SCRIPT"], o.InitScript) + assert.Equal(t, legacyEnvs["INIT_COMMAND"], o.InitCommand) + assert.Equal(t, legacyEnvs["INIT_ARGS"], o.InitArgs) + assert.Equal(t, legacyEnvs["CACHE_REPO"], o.CacheRepo) + assert.Equal(t, legacyEnvs["BASE_IMAGE_CACHE_DIR"], o.BaseImageCacheDir) + assert.Equal(t, legacyEnvs["LAYER_CACHE_DIR"], o.LayerCacheDir) + assert.Equal(t, legacyEnvs["DEVCONTAINER_DIR"], o.DevcontainerDir) + assert.Equal(t, legacyEnvs["DEVCONTAINER_JSON_PATH"], o.DevcontainerJSONPath) + assert.Equal(t, legacyEnvs["DOCKERFILE_PATH"], o.DockerfilePath) + assert.Equal(t, legacyEnvs["BUILD_CONTEXT_PATH"], o.BuildContextPath) + assert.Equal(t, int64(7), o.CacheTTLDays) + assert.Equal(t, legacyEnvs["DOCKER_CONFIG_BASE64"], o.DockerConfigBase64) + assert.Equal(t, legacyEnvs["FALLBACK_IMAGE"], o.FallbackImage) + assert.Equal(t, true, o.ExitOnBuildFailure) + assert.Equal(t, true, o.ForceSafe) + assert.Equal(t, true, o.Insecure) + assert.Equal(t, []string{"/var/run", "/tmp"}, o.IgnorePaths) + assert.Equal(t, true, o.SkipRebuild) + assert.Equal(t, legacyEnvs["GIT_URL"], o.GitURL) + assert.Equal(t, int64(1), o.GitCloneDepth) + assert.Equal(t, true, o.GitCloneSingleBranch) + assert.Equal(t, legacyEnvs["GIT_USERNAME"], o.GitUsername) + assert.Equal(t, legacyEnvs["GIT_PASSWORD"], o.GitPassword) + assert.Equal(t, legacyEnvs["GIT_SSH_PRIVATE_KEY_PATH"], o.GitSSHPrivateKeyPath) + assert.Equal(t, legacyEnvs["GIT_HTTP_PROXY_URL"], o.GitHTTPProxyURL) + assert.Equal(t, legacyEnvs["WORKSPACE_FOLDER"], o.WorkspaceFolder) + assert.Equal(t, legacyEnvs["SSL_CERT_BASE64"], o.SSLCertBase64) + assert.Equal(t, legacyEnvs["EXPORT_ENV_FILE"], o.ExportEnvFile) + assert.Equal(t, legacyEnvs["POST_START_SCRIPT_PATH"], o.PostStartScriptPath) +} + +// UpdateGoldenFiles indicates golden files should be updated. +var updateCLIOutputGoldenFiles = flag.Bool("update", false, "update options CLI output .golden files") + +// TestCLIOutput tests that the default CLI output is as expected. +func TestCLIOutput(t *testing.T) { + var o envbuilder.Options + cmd := serpent.Command{ + Use: "envbuilder", + Options: o.CLI(), + Handler: func(inv *serpent.Invocation) error { + return nil + }, + } + + var b ioBufs + i := cmd.Invoke("--help") + i.Stdout = &b.Stdout + i.Stderr = &b.Stderr + i.Stdin = &b.Stdin + + err := i.Run() + require.NoError(t, err) + + if *updateCLIOutputGoldenFiles { + err = os.WriteFile("testdata/options.golden", b.Stdout.Bytes(), 0o644) + require.NoError(t, err) + t.Logf("updated golden file: testdata/options.golden") + } else { + golden, err := os.ReadFile("testdata/options.golden") + require.NoError(t, err) + require.Equal(t, string(golden), b.Stdout.String()) + } +} + +func runCLI() envbuilder.Options { + var o envbuilder.Options + cmd := serpent.Command{ + Options: o.CLI(), + Handler: func(inv *serpent.Invocation) error { + return nil + }, + } + + i := cmd.Invoke().WithOS() + i.Args = []string{"--help"} + fakeIO(i) + err := i.Run() + if err != nil { + panic("failed to run CLI: " + err.Error()) + } + + return o +} + +type ioBufs struct { + Stdin bytes.Buffer + Stdout bytes.Buffer + Stderr bytes.Buffer +} + +func fakeIO(i *serpent.Invocation) *ioBufs { + var b ioBufs + i.Stdout = &b.Stdout + i.Stderr = &b.Stderr + i.Stdin = &b.Stdin + return &b +} diff --git a/scripts/build.sh b/scripts/build.sh index 4f0b17f9..2fac5e04 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -41,7 +41,6 @@ if [ -z "$BUILDER_EXISTS" ]; then docker buildx create --use --platform=linux/arm64,linux/amd64,linux/arm/v7 --name $BUILDER_NAME else echo "Builder $BUILDER_NAME already exists. Using it." - docker buildx use $BUILDER_NAME fi # Ensure the builder is bootstrapped and ready to use @@ -63,7 +62,7 @@ else args+=( --load ) fi -docker buildx build "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile . +docker buildx build --builder $BUILDER_NAME "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile . # Check if archs contains the current. If so, then output a message! if [[ -z "${CI:-}" ]] && [[ " ${archs[@]} " =~ " ${current} " ]]; then diff --git a/scripts/check_fmt.sh b/scripts/check_fmt.sh new file mode 100755 index 00000000..e6db0c2a --- /dev/null +++ b/scripts/check_fmt.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +list="$(go run mvdan.cc/gofumpt@v0.6.0 -l .)" +if [[ -n $list ]]; then + echo -n -e "error: The following files have changes:\n\n${list}\n\nDiff:\n\n" + go run mvdan.cc/gofumpt@v0.6.0 -d . + exit 1 +fi diff --git a/scripts/docsgen/main.go b/scripts/docsgen/main.go new file mode 100644 index 00000000..c79995cf --- /dev/null +++ b/scripts/docsgen/main.go @@ -0,0 +1,39 @@ +package main + +import ( + "fmt" + "os" + "strings" + + "github.com/coder/envbuilder" +) + +const ( + startSection = "" + endSection = "" +) + +func main() { + readmePath := "README.md" + readmeFile, err := os.ReadFile(readmePath) + if err != nil { + panic("error reading " + readmePath + " file") + } + readmeContent := string(readmeFile) + startIndex := strings.Index(readmeContent, startSection) + endIndex := strings.Index(readmeContent, endSection) + if startIndex == -1 || endIndex == -1 { + panic("start or end section comments not found in the file.") + } + + var options envbuilder.Options + mkd := "\n## Environment Variables\n\n" + options.Markdown() + modifiedContent := readmeContent[:startIndex+len(startSection)] + mkd + readmeContent[endIndex:] + + err = os.WriteFile(readmePath, []byte(modifiedContent), 0o644) + if err != nil { + panic(err) + } + + fmt.Println("README updated successfully with the latest flags!") +} diff --git a/testdata/options.golden b/testdata/options.golden new file mode 100644 index 00000000..73e68540 --- /dev/null +++ b/testdata/options.golden @@ -0,0 +1,160 @@ +USAGE: + envbuilder + +OPTIONS: + --base-image-cache-dir string, $ENVBUILDER_BASE_IMAGE_CACHE_DIR + The path to a directory where the base image can be found. This should + be a read-only directory solely mounted for the purpose of caching the + base image. + + --build-context-path string, $ENVBUILDER_BUILD_CONTEXT_PATH + Can be specified when a DockerfilePath is specified outside the base + WorkspaceFolder. This path MUST be relative to the WorkspaceFolder + path into which the repo is cloned. + + --cache-repo string, $ENVBUILDER_CACHE_REPO + The name of the container registry to push the cache image to. If this + is empty, the cache will not be pushed. + + --cache-ttl-days int, $ENVBUILDER_CACHE_TTL_DAYS + The number of days to use cached layers before expiring them. Defaults + to 7 days. + + --coder-agent-subsystem string-array, $CODER_AGENT_SUBSYSTEM + Coder agent subsystems to report when forwarding logs. The envbuilder + subsystem is always included. + + --coder-agent-token string, $CODER_AGENT_TOKEN + Authentication token for a Coder agent. If this is set, then + CODER_AGENT_URL must also be set. + + --coder-agent-url string, $CODER_AGENT_URL + URL of the Coder deployment. If CODER_AGENT_TOKEN is also set, logs + from envbuilder will be forwarded here and will be visible in the + workspace build logs. + + --devcontainer-dir string, $ENVBUILDER_DEVCONTAINER_DIR + The path to the folder containing the devcontainer.json file that will + be used to build the workspace and can either be an absolute path or a + path relative to the workspace folder. If not provided, defaults to + `.devcontainer`. + + --devcontainer-json-path string, $ENVBUILDER_DEVCONTAINER_JSON_PATH + The path to a devcontainer.json file that is either an absolute path + or a path relative to DevcontainerDir. This can be used in cases where + one wants to substitute an edited devcontainer.json file for the one + that exists in the repo. + + --docker-config-base64 string, $ENVBUILDER_DOCKER_CONFIG_BASE64 + The base64 encoded Docker config file that will be used to pull images + from private container registries. + + --dockerfile-path string, $ENVBUILDER_DOCKERFILE_PATH + The relative path to the Dockerfile that will be used to build the + workspace. This is an alternative to using a devcontainer that some + might find simpler. + + --exit-on-build-failure bool, $ENVBUILDER_EXIT_ON_BUILD_FAILURE + Terminates the container upon a build failure. This is handy when + preferring the FALLBACK_IMAGE in cases where no devcontainer.json or + image is provided. However, it ensures that the container stops if the + build process encounters an error. + + --export-env-file string, $ENVBUILDER_EXPORT_ENV_FILE + Optional file path to a .env file where envbuilder will dump + environment variables from devcontainer.json and the built container + image. + + --fallback-image string, $ENVBUILDER_FALLBACK_IMAGE + Specifies an alternative image to use when neither an image is + declared in the devcontainer.json file nor a Dockerfile is present. If + there's a build failure (from a faulty Dockerfile) or a + misconfiguration, this image will be the substitute. Set + ExitOnBuildFailure to true to halt the container if the build faces an + issue. + + --force-safe bool, $ENVBUILDER_FORCE_SAFE + Ignores any filesystem safety checks. This could cause serious harm to + your system! This is used in cases where bypass is needed to unblock + customers. + + --get-cached-image bool, $ENVBUILDER_GET_CACHED_IMAGE + Print the digest of the cached image, if available. Exits with an + error if not found. + + --git-clone-depth int, $ENVBUILDER_GIT_CLONE_DEPTH + The depth to use when cloning the Git repository. + + --git-clone-single-branch bool, $ENVBUILDER_GIT_CLONE_SINGLE_BRANCH + Clone only a single branch of the Git repository. + + --git-http-proxy-url string, $ENVBUILDER_GIT_HTTP_PROXY_URL + The URL for the HTTP proxy. This is optional. + + --git-password string, $ENVBUILDER_GIT_PASSWORD + The password to use for Git authentication. This is optional. + + --git-ssh-private-key-path string, $ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH + Path to an SSH private key to be used for Git authentication. + + --git-url string, $ENVBUILDER_GIT_URL + The URL of a Git repository containing a Devcontainer or Docker image + to clone. This is optional. + + --git-username string, $ENVBUILDER_GIT_USERNAME + The username to use for Git authentication. This is optional. + + --ignore-paths string-array, $ENVBUILDER_IGNORE_PATHS + The comma separated list of paths to ignore when building the + workspace. + + --init-args string, $ENVBUILDER_INIT_ARGS + The arguments to pass to the init command. They are split according to + /bin/sh rules with https://github.com/kballard/go-shellquote. + + --init-command string, $ENVBUILDER_INIT_COMMAND + The command to run to initialize the workspace. Default: `/bin/sh`. + + --init-script string, $ENVBUILDER_INIT_SCRIPT + The script to run to initialize the workspace. Default: `sleep + infinity`. + + --insecure bool, $ENVBUILDER_INSECURE + Bypass TLS verification when cloning and pulling from container + registries. + + --layer-cache-dir string, $ENVBUILDER_LAYER_CACHE_DIR + The path to a directory where built layers will be stored. This spawns + an in-memory registry to serve the layers from. + + --post-start-script-path string, $ENVBUILDER_POST_START_SCRIPT_PATH + The path to a script that will be created by envbuilder based on the + postStartCommand in devcontainer.json, if any is specified (otherwise + the script is not created). If this is set, the specified InitCommand + should check for the presence of this script and execute it after + successful startup. + + --push-image bool, $ENVBUILDER_PUSH_IMAGE + Push the built image to a remote registry. This option forces a + reproducible build. + + --setup-script string, $ENVBUILDER_SETUP_SCRIPT + The script to run before the init script. It runs as the root user + regardless of the user specified in the devcontainer.json file. + SetupScript is ran as the root user prior to the init script. It is + used to configure envbuilder dynamically during the runtime. e.g. + specifying whether to start systemd or tiny init for PID 1. + + --skip-rebuild bool, $ENVBUILDER_SKIP_REBUILD + Skip building if the MagicFile exists. This is used to skip building + when a container is restarting. e.g. docker stop -> docker start This + value can always be set to true - even if the container is being + started for the first time. + + --ssl-cert-base64 string, $ENVBUILDER_SSL_CERT_BASE64 + The content of an SSL cert file. This is useful for self-signed + certificates. + + --workspace-folder string, $ENVBUILDER_WORKSPACE_FOLDER + The path to the workspace folder that will be built. This is optional. + diff --git a/gittest/gittest.go b/testutil/gittest/gittest.go similarity index 51% rename from gittest/gittest.go rename to testutil/gittest/gittest.go index 348862a8..ffa9bd01 100644 --- a/gittest/gittest.go +++ b/testutil/gittest/gittest.go @@ -1,16 +1,26 @@ package gittest import ( + "fmt" + "io" "log" + "net" "net/http" "os" + "os/exec" + "sync" "testing" + "time" + gossh "golang.org/x/crypto/ssh" + + "github.com/gliderlabs/ssh" "github.com/go-git/go-billy/v5" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/cache" "github.com/go-git/go-git/v5/plumbing/format/pktline" + "github.com/go-git/go-git/v5/plumbing/object" "github.com/go-git/go-git/v5/plumbing/protocol/packp" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/server" @@ -95,8 +105,125 @@ func NewServer(fs billy.Filesystem) http.Handler { return mux } +func NewServerSSH(t *testing.T, fs billy.Filesystem, pubkeys ...gossh.PublicKey) *transport.Endpoint { + t.Helper() + + l, err := net.Listen("tcp", "localhost:0") + require.NoError(t, err) + t.Cleanup(func() { _ = l.Close() }) + + srvOpts := []ssh.Option{ + ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool { + for _, pk := range pubkeys { + if ssh.KeysEqual(pk, key) { + return true + } + } + return false + }), + } + + done := make(chan struct{}, 1) + go func() { + _ = ssh.Serve(l, handleSession, srvOpts...) + close(done) + }() + t.Cleanup(func() { + _ = l.Close() + <-done + }) + + addr, ok := l.Addr().(*net.TCPAddr) + require.True(t, ok) + tr, err := transport.NewEndpoint(fmt.Sprintf("ssh://git@%s:%d/", addr.IP, addr.Port)) + require.NoError(t, err) + return tr +} + +func handleSession(sess ssh.Session) { + c := sess.Command() + if len(c) < 1 { + _, _ = fmt.Fprintf(os.Stderr, "invalid command: %q\n", c) + } + + cmd := exec.Command(c[0], c[1:]...) + stdout, err := cmd.StdoutPipe() + if err != nil { + _, _ = fmt.Fprintf(os.Stderr, "cmd stdout pipe: %s\n", err.Error()) + return + } + + stdin, err := cmd.StdinPipe() + if err != nil { + _, _ = fmt.Fprintf(os.Stderr, "cmd stdin pipe: %s\n", err.Error()) + return + } + + stderr, err := cmd.StderrPipe() + if err != nil { + _, _ = fmt.Fprintf(os.Stderr, "cmd stderr pipe: %s\n", err.Error()) + return + } + + err = cmd.Start() + if err != nil { + _, _ = fmt.Fprintf(os.Stderr, "start cmd: %s\n", err.Error()) + return + } + + go func() { + defer stdin.Close() + _, _ = io.Copy(stdin, sess) + }() + + var wg sync.WaitGroup + wg.Add(2) + + go func() { + defer wg.Done() + _, _ = io.Copy(sess.Stderr(), stderr) + }() + + go func() { + defer wg.Done() + _, _ = io.Copy(sess, stdout) + }() + + wg.Wait() + + if err := cmd.Wait(); err != nil { + _, _ = fmt.Fprintf(os.Stderr, "wait cmd: %s\n", err.Error()) + } +} + +// CommitFunc commits to a repo. +type CommitFunc func(billy.Filesystem, *git.Repository) + +// Commit is a test helper for committing a single file to a repo. +func Commit(t *testing.T, path, content, msg string) CommitFunc { + return func(fs billy.Filesystem, repo *git.Repository) { + t.Helper() + tree, err := repo.Worktree() + require.NoError(t, err) + WriteFile(t, fs, path, content) + _, err = tree.Add(path) + require.NoError(t, err) + commit, err := tree.Commit(msg, &git.CommitOptions{ + Author: &object.Signature{ + Name: "Example", + Email: "test@example.com", + When: time.Now(), + }, + }) + require.NoError(t, err) + _, err = repo.CommitObject(commit) + require.NoError(t, err) + } +} + // NewRepo returns a new Git repository. -func NewRepo(t *testing.T, fs billy.Filesystem) *git.Repository { +func NewRepo(t *testing.T, fs billy.Filesystem, commits ...CommitFunc) *git.Repository { + t.Helper() storage := filesystem.NewStorage(fs, cache.NewObjectLRU(cache.DefaultMaxSize)) repo, err := git.Init(storage, fs) require.NoError(t, err) @@ -106,12 +233,16 @@ func NewRepo(t *testing.T, fs billy.Filesystem) *git.Repository { err = storage.SetReference(h) require.NoError(t, err) + for _, commit := range commits { + commit(fs, repo) + } return repo } // WriteFile writes a file to the filesystem. func WriteFile(t *testing.T, fs billy.Filesystem, path, content string) { - file, err := fs.OpenFile(path, os.O_CREATE|os.O_RDWR, 0644) + t.Helper() + file, err := fs.OpenFile(path, os.O_CREATE|os.O_RDWR, 0o644) require.NoError(t, err) _, err = file.Write([]byte(content)) require.NoError(t, err) diff --git a/testutil/mwtest/auth_basic.go b/testutil/mwtest/auth_basic.go new file mode 100644 index 00000000..fffa1aec --- /dev/null +++ b/testutil/mwtest/auth_basic.go @@ -0,0 +1,18 @@ +package mwtest + +import "net/http" + +func BasicAuthMW(username, password string) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if username != "" || password != "" { + authUser, authPass, ok := r.BasicAuth() + if !ok || username != authUser || password != authPass { + w.WriteHeader(http.StatusUnauthorized) + return + } + } + next.ServeHTTP(w, r) + }) + } +} diff --git a/registrytest/registrytest.go b/testutil/registrytest/registrytest.go similarity index 99% rename from registrytest/registrytest.go rename to testutil/registrytest/registrytest.go index 4c7e1e13..0bc3d312 100644 --- a/registrytest/registrytest.go +++ b/testutil/registrytest/registrytest.go @@ -74,7 +74,7 @@ func WriteContainer(t *testing.T, serverURL, containerRef, mediaType string, fil require.NoError(t, err) } err := wtr.WriteHeader(&tar.Header{ - Mode: 0777, + Mode: 0o777, Name: name, Typeflag: tar.TypeReg, Size: int64(len(data)),