-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerfile: Allow files to be excluded from cache on COPY and ADD commands #4561
Dockerfile: Allow files to be excluded from cache on COPY and ADD commands #4561
Conversation
Hi @tonistiigi I'm moving the discussion of the issue #4439 to this PR, if you don't mind. I can move this comment back to the issue if you find more suitable. Previously on #4439 (comment)
I confess this is yet no clear to me. On a concrete example, let's suppose I have the following file tree on my repository:
Where FROM scratch as builder1
COPY --exclude=**/*.png --exclude=**/*.jpeg --exclude=**/*.excluded ./ /all-except-images
FROM scratch as builder2
COPY --exclude=**/*.pdf --exclude=**/*.txt --exclude=**/*.excluded ./ /all-except-text
FROM scratch
COPY --from=builder1 / /builder1
COPY --from=builder2 / /builder2 The final image should have the following files:
So far so good. This is already working in the current PR. A problem (1) I have now is that the files I confess I could not figure out yet how to get them not to be copied to the context. Would you be able to roughly point out what part of the code is responsible for copying stuff to the context? And, upon finding it, what approach would recommend to take here? In the example above, it's clear for me as a human that If I understood properly, the cache mechanism, which uses the The other problem (2) I'd like to have some insights is on what kind of integration tests I need to validate this change. Although I could manually run the example above with the current PR, there seems to be in the repository no integration test that spawns from parsing the The test I foresee would consist on reading a Any insights into this problem as well? I am afraid I'm over-complicating things :-( |
The exludepatterns that are controlling the transfer of local files are in https://github.com/moby/buildkit/blob/master/frontend/dockerui/config.go#L453 and https://github.com/moby/buildkit/blob/master/frontend/dockerui/namedcontext.go#L291
I think if could find the More complicated cases would be when the source path is not It is fine by me if we start with some basic rules in here and can extend the coverage in follow-ups.
Dockerfile integration tests are in https://github.com/moby/buildkit/blob/master/frontend/dockerfile/dockerfile_test.go and other test files in same package. For example of test that also checks what files were transferred see |
2567f9f
to
36863a0
Compare
36863a0
to
2f6740f
Compare
@leandrosansilva Is this ready? |
Thank you for checking. I have to rebase master to fix build issues. I will do it tomorrow and let you know when done.
7 Feb 2024 20:52:36 Tõnis Tiigi ***@***.***>:
…
@leandrosansilva[https://github.com/leandrosansilva] Is this ready?
—
Reply to this email directly, view it on GitHub[#4561 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AALPAZURSORVBEKN37SI4ELYSPLQJAVCNFSM6AAAAABB5LBN5CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZSG43DCMJYGY].
You are receiving this because you were mentioned.
[Tracking image][https://github.com/notifications/beacon/AALPAZUD6JPOXDRKCUF3I4TYSPLQJA5CNFSM6AAAAABB5LBN5CWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTTTGOMGE.gif]
|
2f6740f
to
5c405e2
Compare
hi @tonistiigi the PR is now ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks mostly fine but should initially go to labs
channel for v0.13 where it can be further tested. For that it needs to be enabled only with a build tag and that build tag added to https://github.com/moby/buildkit/blob/master/frontend/dockerfile/release/labs/tags . If flag is used without build tag then it can show in error that labs channel is needed.
This can be follow-up (but it may need to be documented) but looks like when ADD
does extraction from a tarball then the ExcludePatterns
are not currently passed through. https://github.com/moby/buildkit/blob/master/solver/llbsolver/file/unpack.go#L38 . The library itself seems to support ExcludePatterns
.
@@ -1127,6 +1137,8 @@ func dispatchCopy(d *dispatchState, cfg copyConfig) error { | |||
copyOpt = append(copyOpt, llb.WithUser(cfg.chown)) | |||
} | |||
|
|||
copyOpt = append(copyOpt, &excludeOnCopy{cfg.excludePatterns}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can add llb.WithExcludePatterns
for this
@@ -7281,3 +7284,151 @@ func fixedWriteCloser(wc io.WriteCloser) filesync.FileOutputFunc { | |||
return wc, nil | |||
} | |||
} | |||
|
|||
// See #4439 | |||
func testExcludedFilesOnCopy(t *testing.T, sb integration.Sandbox) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add a couple of more cases (or additional test):
- with a git source (see testAddGit)
- testing that adding a file that does not match does not invalidate cache (see testCopyWildcardCache)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx for the review. I am traveling at the moment and will resume working on this PR next week. I've moved the PR to draft state until then.
It exposes the `ExcludePatterns` to the Dockerfile frontend, adding `--exclude=<pattern>` option in the COPY and ADD commands, which will cause filepaths matching such patterns not to be copied. `--exclude` can be used multiple times. References moby#4439 Signed-off-by: Leandro Santiago <[email protected]>
References moby#4439 Signed-off-by: Leandro Santiago <[email protected]>
This affects the --exclude option in the COPY and ADD commands on Dockerfiles. References moby#4439 Signed-off-by: Leandro Santiago <[email protected]>
Signed-off-by: Leandro Santiago <[email protected]>
Signed-off-by: Leandro Santiago <[email protected]>
Signed-off-by: Leandro Santiago <[email protected]>
5c405e2
to
0befd8f
Compare
@@ -138,7 +138,7 @@ target "lint" { | |||
matrix = { | |||
buildtags = [ | |||
{ name = "default", tags = "", target = "golangci-lint" }, | |||
{ name = "labs", tags = "dfrunsecurity dfparents", target = "golangci-lint" }, | |||
{ name = "labs", tags = "dfrunsecurity dfparents dfexcludepatterns", target = "golangci-lint" }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just linter. https://github.com/moby/buildkit/tree/master/frontend/dockerfile/release/labs needs to be updated. Your code and new test does not run atm in the CI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
carried this
Signed-off-by: Tonis Tiigi <[email protected]>
> **Note** | ||
> | ||
> The `--exclude` option can be specified multiple times and cause files matching its patterns not to be copied, | ||
> even if the files paths match the pattern specified in `<src>`. This feature requires the build tag `dfexcludepatterns`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"This feature requires using labs channel"
cc @dvdksn to double check this before the release. Maybe we need to separate it more. I also see that --parents
is not mentioned for COPY
that should be similar.
thank you @tonistiigi for taking over and finishing this PR! :-) I will hopefuly resume this week working on the follow up changes. |
note to the reviewers: this PR is essentially the re-creation of the closed PR #4440 , as I could not find a way to reopen it.
This PR introduces new options in the Dockerfile frontend, namely
--exclude
onCOPY
andADD
commands.It essentially exposes the existing
ExcludePatterns
from the LLB to the frontend.This PR affects only the cache does not prevent file which are excluded by the ADD or COPY commands to be added to the context.
I have manually tested the changes and they work as expected, but I have not yet added integration tests.
TODO:
Prevent files of being added to the contextEdit: not done. I've found it easier to implement this in a further PR, as this seems to be an optimization. Please @tonistiigi let me know if you advice if you'd advice otherwise.More information in the related issue #4439.