mirror of
https://github.com/docker/build-push-action.git
synced 2025-01-22 17:04:46 +01:00
add cgroup-parent
, shm-size
, ulimit
inputs
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
91274a04da
commit
67ff4df4b7
12 changed files with 181 additions and 28 deletions
80
.github/workflows/ci.yml
vendored
80
.github/workflows/ci.yml
vendored
|
@ -336,6 +336,86 @@ jobs:
|
|||
if: always()
|
||||
uses: crazy-max/ghaction-dump-context@v1
|
||||
|
||||
shm-size:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
version: v0.7.0
|
||||
driver-opts: |
|
||||
image=moby/buildkit:master
|
||||
-
|
||||
name: Build
|
||||
uses: ./
|
||||
with:
|
||||
context: ./test
|
||||
file: ./test/shmsize.Dockerfile
|
||||
tags: name/app:latest
|
||||
shm-size: 2g
|
||||
-
|
||||
name: Dump context
|
||||
if: always()
|
||||
uses: crazy-max/ghaction-dump-context@v1
|
||||
|
||||
ulimit:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
version: v0.7.0
|
||||
driver-opts: |
|
||||
image=moby/buildkit:master
|
||||
-
|
||||
name: Build
|
||||
uses: ./
|
||||
with:
|
||||
context: ./test
|
||||
file: ./test/ulimit.Dockerfile
|
||||
tags: name/app:latest
|
||||
ulimit: |
|
||||
nofile=1024:1024
|
||||
nproc=3
|
||||
-
|
||||
name: Dump context
|
||||
if: always()
|
||||
uses: crazy-max/ghaction-dump-context@v1
|
||||
|
||||
cgroup-parent:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
with:
|
||||
version: v0.7.0
|
||||
driver-opts: |
|
||||
image=moby/buildkit:master
|
||||
-
|
||||
name: Build
|
||||
uses: ./
|
||||
with:
|
||||
context: ./test
|
||||
file: ./test/cgroup.Dockerfile
|
||||
tags: name/app:latest
|
||||
cgroup-parent: foo
|
||||
-
|
||||
name: Dump context
|
||||
if: always()
|
||||
uses: crazy-max/ghaction-dump-context@v1
|
||||
|
||||
multi:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
|
|
2
.github/workflows/e2e.yml
vendored
2
.github/workflows/e2e.yml
vendored
|
@ -3,7 +3,7 @@ name: e2e
|
|||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 10 * * *' # everyday at 10am
|
||||
- cron: '0 10 * * *'
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
|
4
.github/workflows/example.yml
vendored
4
.github/workflows/example.yml
vendored
|
@ -1,9 +1,9 @@
|
|||
# This workflow is provided just as an usage example and not for repo testing/verification
|
||||
# This workflow is provided just as an example and not for repo testing/verification
|
||||
name: example
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 10 * * 0' # everyday sunday at 10am
|
||||
- cron: '0 10 * * 0'
|
||||
push:
|
||||
branches:
|
||||
- '**'
|
||||
|
|
2
.github/workflows/virtual-env.yml
vendored
2
.github/workflows/virtual-env.yml
vendored
|
@ -3,7 +3,7 @@ name: virtual-env
|
|||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 10 * * *' # everyday at 10am
|
||||
- cron: '0 10 * * *'
|
||||
|
||||
jobs:
|
||||
os:
|
||||
|
|
13
README.md
13
README.md
|
@ -190,11 +190,12 @@ Following inputs can be used as `step.with` keys
|
|||
|
||||
| Name | Type | Description |
|
||||
|---------------------|----------|------------------------------------|
|
||||
| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) |
|
||||
| `allow` | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) |
|
||||
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
|
||||
| `build-args` | List | List of build-time variables |
|
||||
| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) |
|
||||
| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) |
|
||||
| `cache-from` | List | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) |
|
||||
| `cache-to` | List | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) |
|
||||
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
|
||||
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
|
||||
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
|
||||
| `labels` | List | List of metadata for an image |
|
||||
|
@ -205,11 +206,13 @@ Following inputs can be used as `step.with` keys
|
|||
| `platforms` | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build |
|
||||
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
|
||||
| `push` | Bool | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
|
||||
| `secrets` | List | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
|
||||
| `secret-files` | List | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
|
||||
| `secrets` | List | List of secrets to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
|
||||
| `secret-files` | List | List of secret files to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
|
||||
| `shm-size` | String | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) |
|
||||
| `ssh` | List | List of SSH agent socket or keys to expose to the build |
|
||||
| `tags` | List/CSV | List of tags |
|
||||
| `target` | String | Sets the target stage to build |
|
||||
| `ulimit` | List | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) |
|
||||
|
||||
### outputs
|
||||
|
||||
|
|
|
@ -147,7 +147,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -164,7 +164,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -183,7 +183,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -204,7 +204,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -224,7 +224,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -241,7 +241,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -259,7 +259,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -278,7 +278,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -301,7 +301,7 @@ describe('getArgs', () => {
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'true'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -336,7 +336,7 @@ ccc"`],
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'true'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -374,7 +374,7 @@ ccc`],
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'true'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -404,7 +404,7 @@ ccc`],
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'true'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -428,7 +428,7 @@ ccc`],
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -450,7 +450,7 @@ ccc`],
|
|||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'true'],
|
||||
['pull', 'false']
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
|
@ -463,6 +463,34 @@ ccc`],
|
|||
'.'
|
||||
]
|
||||
],
|
||||
[
|
||||
14,
|
||||
'0.7.0',
|
||||
new Map<string, string>([
|
||||
['context', '.'],
|
||||
['file', './test/Dockerfile'],
|
||||
['cgroup-parent', 'foo'],
|
||||
['shm-size', '2g'],
|
||||
['ulimit', `nofile=1024:1024
|
||||
nproc=3`],
|
||||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false'],
|
||||
]),
|
||||
[
|
||||
'buildx',
|
||||
'build',
|
||||
'--cgroup-parent', 'foo',
|
||||
'--file', './test/Dockerfile',
|
||||
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
|
||||
'--shm-size', '2g',
|
||||
'--ulimit', 'nofile=1024:1024',
|
||||
'--ulimit', 'nproc=3',
|
||||
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
|
||||
'.'
|
||||
]
|
||||
],
|
||||
])(
|
||||
'[%d] given %p with %p as inputs, returns %p',
|
||||
async (num: number, buildxVersion: string, inputs: Map<string, any>, expected: Array<string>) => {
|
||||
|
|
19
action.yml
19
action.yml
|
@ -8,7 +8,7 @@ branding:
|
|||
|
||||
inputs:
|
||||
allow:
|
||||
description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
|
||||
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
|
||||
required: false
|
||||
build-args:
|
||||
description: "List of build-time variables"
|
||||
|
@ -17,10 +17,13 @@ inputs:
|
|||
description: "Builder instance"
|
||||
required: false
|
||||
cache-from:
|
||||
description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
|
||||
description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
|
||||
required: false
|
||||
cache-to:
|
||||
description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
|
||||
description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
|
||||
required: false
|
||||
cgroup-parent:
|
||||
description: "Optional parent cgroup for the container used in the build"
|
||||
required: false
|
||||
context:
|
||||
description: "Build's context is the set of files located in the specified PATH or URL"
|
||||
|
@ -57,10 +60,13 @@ inputs:
|
|||
required: false
|
||||
default: 'false'
|
||||
secrets:
|
||||
description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
|
||||
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
|
||||
required: false
|
||||
secret-files:
|
||||
description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
|
||||
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
|
||||
required: false
|
||||
shm-size:
|
||||
description: "Size of /dev/shm (e.g., 2g)"
|
||||
required: false
|
||||
ssh:
|
||||
description: "List of SSH agent socket or keys to expose to the build"
|
||||
|
@ -71,6 +77,9 @@ inputs:
|
|||
target:
|
||||
description: "Sets the target stage to build"
|
||||
required: false
|
||||
ulimit:
|
||||
description: "Ulimit options (e.g., nofile=1024:1024)"
|
||||
required: false
|
||||
github-token:
|
||||
description: "GitHub Token used to authenticate against a repository for Git context"
|
||||
default: ${{ github.token }}
|
||||
|
|
12
dist/index.js
generated
vendored
12
dist/index.js
generated
vendored
|
@ -274,6 +274,7 @@ function getInputs(defaultContext) {
|
|||
builder: core.getInput('builder'),
|
||||
cacheFrom: yield getInputList('cache-from', true),
|
||||
cacheTo: yield getInputList('cache-to', true),
|
||||
cgroupParent: core.getInput('cgroup-parent'),
|
||||
context: core.getInput('context') || defaultContext,
|
||||
file: core.getInput('file'),
|
||||
labels: yield getInputList('labels', true),
|
||||
|
@ -286,9 +287,11 @@ function getInputs(defaultContext) {
|
|||
push: core.getBooleanInput('push'),
|
||||
secrets: yield getInputList('secrets', true),
|
||||
secretFiles: yield getInputList('secret-files', true),
|
||||
shmSize: core.getInput('shm-size'),
|
||||
ssh: yield getInputList('ssh'),
|
||||
tags: yield getInputList('tags'),
|
||||
target: core.getInput('target'),
|
||||
ulimit: yield getInputList('ulimit', true),
|
||||
githubToken: core.getInput('github-token')
|
||||
};
|
||||
});
|
||||
|
@ -319,6 +322,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) {
|
|||
yield exports.asyncForEach(inputs.cacheTo, (cacheTo) => __awaiter(this, void 0, void 0, function* () {
|
||||
args.push('--cache-to', cacheTo);
|
||||
}));
|
||||
if (inputs.cgroupParent) {
|
||||
args.push('--cgroup-parent', inputs.cgroupParent);
|
||||
}
|
||||
if (inputs.file) {
|
||||
args.push('--file', inputs.file);
|
||||
}
|
||||
|
@ -353,6 +359,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) {
|
|||
if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
|
||||
args.push('--secret', yield buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
||||
}
|
||||
if (inputs.shmSize) {
|
||||
args.push('--shm-size', inputs.shmSize);
|
||||
}
|
||||
yield exports.asyncForEach(inputs.ssh, (ssh) => __awaiter(this, void 0, void 0, function* () {
|
||||
args.push('--ssh', ssh);
|
||||
}));
|
||||
|
@ -362,6 +371,9 @@ function getBuildArgs(inputs, defaultContext, buildxVersion) {
|
|||
if (inputs.target) {
|
||||
args.push('--target', inputs.target);
|
||||
}
|
||||
yield exports.asyncForEach(inputs.ulimit, (ulimit) => __awaiter(this, void 0, void 0, function* () {
|
||||
args.push('--ulimit', ulimit);
|
||||
}));
|
||||
return args;
|
||||
});
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ export interface Inputs {
|
|||
builder: string;
|
||||
cacheFrom: string[];
|
||||
cacheTo: string[];
|
||||
cgroupParent: string;
|
||||
context: string;
|
||||
file: string;
|
||||
labels: string[];
|
||||
|
@ -30,9 +31,11 @@ export interface Inputs {
|
|||
push: boolean;
|
||||
secrets: string[];
|
||||
secretFiles: string[];
|
||||
shmSize: string;
|
||||
ssh: string[];
|
||||
tags: string[];
|
||||
target: string;
|
||||
ulimit: string[];
|
||||
githubToken: string;
|
||||
}
|
||||
|
||||
|
@ -68,6 +71,7 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
|
|||
builder: core.getInput('builder'),
|
||||
cacheFrom: await getInputList('cache-from', true),
|
||||
cacheTo: await getInputList('cache-to', true),
|
||||
cgroupParent: core.getInput('cgroup-parent'),
|
||||
context: core.getInput('context') || defaultContext,
|
||||
file: core.getInput('file'),
|
||||
labels: await getInputList('labels', true),
|
||||
|
@ -80,9 +84,11 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
|
|||
push: core.getBooleanInput('push'),
|
||||
secrets: await getInputList('secrets', true),
|
||||
secretFiles: await getInputList('secret-files', true),
|
||||
shmSize: core.getInput('shm-size'),
|
||||
ssh: await getInputList('ssh'),
|
||||
tags: await getInputList('tags'),
|
||||
target: core.getInput('target'),
|
||||
ulimit: await getInputList('ulimit', true),
|
||||
githubToken: core.getInput('github-token')
|
||||
};
|
||||
}
|
||||
|
@ -109,6 +115,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
|
|||
await asyncForEach(inputs.cacheTo, async cacheTo => {
|
||||
args.push('--cache-to', cacheTo);
|
||||
});
|
||||
if (inputs.cgroupParent) {
|
||||
args.push('--cgroup-parent', inputs.cgroupParent);
|
||||
}
|
||||
if (inputs.file) {
|
||||
args.push('--file', inputs.file);
|
||||
}
|
||||
|
@ -141,6 +150,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
|
|||
if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
|
||||
args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
||||
}
|
||||
if (inputs.shmSize) {
|
||||
args.push('--shm-size', inputs.shmSize);
|
||||
}
|
||||
await asyncForEach(inputs.ssh, async ssh => {
|
||||
args.push('--ssh', ssh);
|
||||
});
|
||||
|
@ -150,6 +162,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
|
|||
if (inputs.target) {
|
||||
args.push('--target', inputs.target);
|
||||
}
|
||||
await asyncForEach(inputs.ulimit, async ulimit => {
|
||||
args.push('--ulimit', ulimit);
|
||||
});
|
||||
return args;
|
||||
}
|
||||
|
||||
|
|
2
test/cgroup.Dockerfile
Normal file
2
test/cgroup.Dockerfile
Normal file
|
@ -0,0 +1,2 @@
|
|||
FROM alpine
|
||||
RUN cat /proc/self/cgroup
|
2
test/shmsize.Dockerfile
Normal file
2
test/shmsize.Dockerfile
Normal file
|
@ -0,0 +1,2 @@
|
|||
FROM busybox
|
||||
RUN mount | grep /dev/shm
|
2
test/ulimit.Dockerfile
Normal file
2
test/ulimit.Dockerfile
Normal file
|
@ -0,0 +1,2 @@
|
|||
FROM busybox
|
||||
RUN ulimit -a
|
Loading…
Reference in a new issue