Draft
Conversation
ci: update docker/github-builder to v1
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Split image export into two phases to enable parallel execution: 1. Export creates artifacts (layers, manifests) in the content store 2. FinalizeFunc pushes artifacts to the registry This allows image push to run in parallel with cache export, reducing overall build time when both image and cache exports are configured. The cache exporters run after image Export completes, ensuring they can see and reuse the layers in the content store. Signed-off-by: Amr Mahdi <[email protected]>
solver: run image and cache exports in parallel
migrate to github.com/pelletier/go-toml/v2
dockerui: allow sharedkey sent for local named contexts
buildctl: enabled bash completion
…ignore-file-version frontend: prevent `SecretsUsedInArgOrEnv` warning for `_FILE`/`_VERSION` ARG/ENV names
When image was (externally or in parallel build request) created in between Update and Create calls, Create can fail. Handle this case by running Update again. Signed-off-by: Tonis Tiigi <[email protected]>
Allow ResolveSourceMetadata to resolve specific bytes from the attestation manifest. Signed-off-by: Tonis Tiigi <[email protected]>
containerimage: add resolve attestation support
containerimage: fix possible race on parallel image create
Signed-off-by: Tonis Tiigi <[email protected]>
policy: fix ResolveAttestations via policy callback
Signed-off-by: Tonis Tiigi <[email protected]>
gitsign: support combined public keys for verification
Abort uncommitted ingest on ReaderAt failures and reset resumed writer offset before copy to avoid stale partial state for digest refs. Tests for canceled-read poisoning and resumed-ingest offset handling. Signed-off-by: Tonis Tiigi <[email protected]>
This removes the MigrateV2 function, which was added in BuildKit v0.7.0 (Docker v20.10.0) in 31a9aee. That was in 2019, which is now over 6 Years ago, so it's very unlikely for old files to be still present. Removing this code would impact users migrating from Docker 19.03 or older, which are versions that reached EOL many years ago, so very unlikely. Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: David Karlsson <[email protected]>
docs: add "good" example for SecretsUsedInArgOrEnv check
Signed-off-by: CrazyMax <[email protected]>
contentutil: fix referrer blob ingest cleanup
Signed-off-by: CrazyMax <[email protected]>
update binfmt to v10.1.3
Signed-off-by: Kevin L. <[email protected]>
…t conversion Signed-off-by: CrazyMax <[email protected]>
…OVENANCE_V1 Signed-off-by: CrazyMax <[email protected]>
…ient Add support for riscv64 architecture in llb client
These requests allow computing additional checksum algorithms for the payload of HTTP sources. Optionally suffix can be passed that is added to payload. This is needed to make validation of PGP signatures possible remotely. Signed-off-by: Tonis Tiigi <[email protected]>
Add detached PGP verification for HTTP sources during metadata resolution and expose LLB options/caps/attrs for signature validation. Extract shared OpenPGP verification/parsing logic into util/pgpsign and reuse it from git signing, plus add integration and source-level tests. Signed-off-by: Tonis Tiigi <[email protected]>
frontend/dockerfile: fix HEALTHCHECK history formatting
test: use separate container ID for exec phase of worker test
Update Test Coverage for Secrets
|
| Branch | Total Count |
|---|---|
| main | 217 |
| This PR | 253 |
| Difference | +36 (16.59%) |
📁 Changes by file type:
| File Type | Change |
|---|---|
| Go files (.go) | ❌ +33 |
| Documentation (.md) | ➖ No change |
| Earthfiles | ➖ No change |
Keep up the great work migrating from Earthly to Earthbuild! 🚀
💡 Tips for finding more occurrences
Run locally to see detailed breakdown:
./.github/scripts/count-earthly.shNote that the goal is not to reach 0.
There is anticipated to be at least some occurences of earthly in the source code due to backwards compatibility with config files and language constructs.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if err != nil { | ||
| return nil, errors.Wrapf(err, "failed to parse api version %q, expected positive integer", apiVersion) | ||
| } | ||
| apiVersionInt = int(i) |
| if _, err := os.Stat(newp); err != nil { | ||
| if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { | ||
| if err := user.MkdirAllAndChown(newp, 0755, int(uid), int(gid)); err != nil { |
| if _, err := os.Stat(newp); err != nil { | ||
| if err := idtools.MkdirAllAndChown(newp, 0755, identity); err != nil { | ||
| if err := user.MkdirAllAndChown(newp, 0755, int(uid), int(gid)); err != nil { |
| UID: int(uid), | ||
| GID: int(gid), | ||
| } | ||
| rootUID, rootGID = int(uid), int(gid) |
| UID: int(uid), | ||
| GID: int(gid), | ||
| } | ||
| rootUID, rootGID = int(uid), int(gid) |
| if err != nil { | ||
| return 0 | ||
| } | ||
| return int(id) |
| if err != nil { | ||
| return nil, err | ||
| } | ||
| id.Perm = int(i) |
| if err != nil { | ||
| return nil, err | ||
| } | ||
| id.UID = int(i) |
| if err != nil { | ||
| return nil, err | ||
| } | ||
| id.GID = int(i) |
| func encodeFrames(frames []Frame) ([]byte, error) { | ||
| var out []byte | ||
| for _, f := range frames { | ||
| buf := make([]byte, 8+len(f.Data)) |
|
Warning Gemini is experiencing higher than usual traffic and was unable to create the review. Please try again in a few hours by commenting |
The earthly fork added GitLogLevel and existingSSHCommand params to getGitSSHCommand. Upstream's test only passes knownHosts. Signed-off-by: Giles Cope <[email protected]>
Earthly's OCI hooks feature was still importing containerd v1 types (containers, oci) while the rest of the codebase migrated to v2. Signed-off-by: Giles Cope <[email protected]>
Earthly's vendored fsutil fork lacks vtprotobuf's CloneVT method. A simple value copy achieves the same result for this test. Signed-off-by: Giles Cope <[email protected]>
The vendored fsutil's wire.proto uses bare import "stat.proto" which needs the fsutil types directory on protoc's include path. Signed-off-by: Giles Cope <[email protected]>
After the upstream merge added CDI support, the earthly-specific parameters (hooks, sampleFrequency, cdiManager) were passed in the wrong order at the call site. Signed-off-by: Giles Cope <[email protected]>
- Fix Env field incorrectly set to hook.Args instead of hook.Env - Suppress staticcheck SA1019 for intentional legacy prestart support Signed-off-by: Giles Cope <[email protected]>
Resolve 47 lint issues introduced by upstream's stricter lint config: - errorlint: use errors.Is/errors.As instead of == and type assertions - forbidigo: use context.WithCancelCause/WithTimeoutCause/Cause - gocritic: fix comment formatting (space after //) - gofmt: reformat 4 files - staticcheck: fix deprecated imports, simplify selectors, nolint pkg names - noctx: use DialContext/Listen with context - unused: remove dead code Signed-off-by: Giles Cope <[email protected]>
- Replace interface{} with any
- Use strings.CutPrefix instead of HasPrefix+TrimPrefix
- Use maps.Copy instead of manual k/v loops
- Modernize for loops to range over int
- Remove unnecessary variable copy
- Fix comment formatting (space after //)
Signed-off-by: Giles Cope <[email protected]>
gilescope
force-pushed
the
merge-in-buildkit-all-at-once
branch
from
9c315bd to
d8293f6
Compare
Sort maps import alphabetically among stdlib imports. Signed-off-by: Giles Cope <[email protected]>
Prefix unused function parameters with _ to satisfy the gopls unusedparams analyzer. Signed-off-by: Giles Cope <[email protected]>
Earthly's base64 encoding of git stderr prevented upstream code in source/git/source.go from detecting "would clobber existing tag" and "refname conflict" errors via strings.Contains. Include raw redacted stderr alongside the base64 so pattern matching works. Also update TestGitCLIConfigEnv to match earthly's intentional behavior of not isolating git config (HOME is always passed through). Signed-off-by: Giles Cope <[email protected]>
go mod tidy removed unused direct deps (containerd v1, docker/docker, gogo/googleapis, go-fuzz-headers) left over from the upstream merge. go mod vendor then cleaned up 149 files of unused vendored code. Signed-off-by: Giles Cope <[email protected]>
- Remove gogoproto.stdtime annotations from control.proto (earthly- specific SessionHistory fields) since gogo protoc is no longer used - Fix vendored fsutil wire.proto bare import to use fully-qualified path - Exclude earthly-specific protos (localhost, pullping, socketforward, registry, gateway) from protoc generation as they use old gogo-style codegen incompatible with modern protoc-gen-go - Add M-flag overrides for fsutil types proto go_package paths - Remove hand-written control_earthly.pb.go (now generated by protoc) - Update control.go to use timestamppb.New() for History timestamps Signed-off-by: Giles Cope <[email protected]>
Signed-off-by: Giles Cope <[email protected]>
- Fix copylocks warning in client_test.go: types.Stat now contains a mutex via protoimpl.MessageState, use pointers instead of copies - Re-vendor after go mod tidy to sync vendor with updated fsutil Signed-off-by: Giles Cope <[email protected]>
|
Not looking too shabby. Passes all the tests (except some flaky windows ones that are flaky upstream also). Next question, what does EarthBuild make of it? |
Signed-off-by: Giles Cope <[email protected]>
Earthly's multi-BUILD pattern legitimately produces multiple refs without platform mapping. The upstream verifier added in buildkit treats this as a hard error; downgrade to a warning so earthly builds continue to work. Signed-off-by: Giles Cope <[email protected]>
Upstream commit 7aaa797 caches gateway mounts for performance, but this causes stale reads when a persistent cache mount is modified by a RUN and then read by a subsequent SAVE ARTIFACT within the same target. Disable the cache lookup so each operation gets a fresh mount. Signed-off-by: Giles Cope <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Experimental huge merge of latest moby/buildkit into earthbuild fork's main.
Not planning to merge this as-is, just opening to see what can be learned about the work ahead from attempting the merge
Claude final message after performing the merge
It would be interesting to see how this can be split in to coherent PRs and to use this state of the code to try to determine what needs to be changed on the earthbuild client side