JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add lint 

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
v0.8
CrazyMax 2020-11-22 18:10:34 +01:00
parent f30fab2532
commit 072078a403
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7
12 changed files with 287 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.golangci.yml
View File

@ -28,5 +28,5 @@ linters:
issues: issues:
exclude-rules: exclude-rules:
- linters: - linters:
- golint - golint
text: "stutters" text: "stutters"

22
.travis.yml
View File

@ -39,15 +39,15 @@ jobs:
- TESTPKGS=./cmd/buildctl ./hack/test integration - TESTPKGS=./cmd/buildctl ./hack/test integration
- TESTPKGS=./worker/containerd ./hack/test integration - TESTPKGS=./worker/containerd ./hack/test integration
- script: - script:
- ./hack/lint - ./hack/lint
- SKIP_INTEGRATION_TESTS=1 ./hack/test integration gateway - SKIP_INTEGRATION_TESTS=1 ./hack/test integration gateway
- ./hack/validate-vendor - ./hack/validate-vendor
- ./hack/validate-generated-files - ./hack/validate-generated-files
- ./hack/validate-shfmt - ./hack/validate-shfmt
- TESTPKGS=./frontend ./hack/test - TESTPKGS=./frontend ./hack/test
name: "Unit Tests & Lint & Vendor & Proto" name: "Unit Tests & Lint & Vendor & Proto"
- script: - script:
- TESTPKGS=./frontend/dockerfile TESTFLAGS='-v --parallel=5 --timeout=30m' ./hack/test - TESTPKGS=./frontend/dockerfile TESTFLAGS='-v --parallel=5 --timeout=30m' ./hack/test
name: "Dockerfile integration tests" name: "Dockerfile integration tests"
- script: TESTPKGS=./frontend/dockerfile ./hack/test dockerfile - script: TESTPKGS=./frontend/dockerfile ./hack/test dockerfile
name: "External Dockerfile tests" name: "External Dockerfile tests"
@ -80,9 +80,9 @@ jobs:
skip_cleanup: true skip_cleanup: true
file_glob: true file_glob: true
on: on:
repo: moby/buildkit repo: moby/buildkit
tags: true tags: true
condition: $TRAVIS_TAG =~ ^v[0-9] condition: $TRAVIS_TAG =~ ^v[0-9]
- provider: script - provider: script
script: ./frontend/dockerfile/cmd/dockerfile-frontend/hack/release master mainline $DF_REPO_SLUG_TARGET push script: ./frontend/dockerfile/cmd/dockerfile-frontend/hack/release master mainline $DF_REPO_SLUG_TARGET push
on: on:
@ -108,7 +108,5 @@ jobs:
branch: master branch: master
condition: $TRAVIS_EVENT_TYPE == "cron" condition: $TRAVIS_EVENT_TYPE == "cron"
before_deploy: before_deploy:
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin

13
.yamllint.yml Normal file
View File

@ -0,0 +1,13 @@
ignore: |
/vendor
extends: default
yaml-files:
- '*.yaml'
- '*.yml'
rules:
truthy: disable
line-length: disable
document-start: disable

90
examples/kubernetes/deployment+service.privileged.yaml
View File

@ -15,50 +15,50 @@ spec:
app: buildkitd app: buildkitd
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master image: moby/buildkit:master
args: args:
- --addr - --addr
- unix:///run/buildkit/buildkitd.sock - unix:///run/buildkit/buildkitd.sock
- --addr - --addr
- tcp://0.0.0.0:1234 - tcp://0.0.0.0:1234
- --tlscacert - --tlscacert
- /certs/ca.pem - /certs/ca.pem
- --tlscert - --tlscert
- /certs/cert.pem - /certs/cert.pem
- --tlskey - --tlskey
- /certs/key.pem - /certs/key.pem
# the probe below will only work after Release v0.6.3 # the probe below will only work after Release v0.6.3
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
# the probe below will only work after Release v0.6.3 # the probe below will only work after Release v0.6.3
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
privileged: true privileged: true
ports: ports:
- containerPort: 1234 - containerPort: 1234
volumeMounts: volumeMounts:
- name: certs - name: certs
readOnly: true readOnly: true
mountPath: /certs mountPath: /certs
volumes: volumes:
# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
- name: certs - name: certs
secret: secret:
secretName: buildkit-daemon-certs secretName: buildkit-daemon-certs
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -68,7 +68,7 @@ metadata:
name: buildkitd name: buildkitd
spec: spec:
ports: ports:
- port: 1234 - port: 1234
protocol: TCP protocol: TCP
selector: selector:
app: buildkitd app: buildkitd

98
examples/kubernetes/deployment+service.rootless.yaml
View File

@ -16,56 +16,56 @@ spec:
annotations: annotations:
container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined
# see buildkit/docs/rootless.md for caveats of rootless mode # see buildkit/docs/rootless.md for caveats of rootless mode
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master-rootless image: moby/buildkit:master-rootless
args: args:
- --addr - --addr
- unix:///run/user/1000/buildkit/buildkitd.sock - unix:///run/user/1000/buildkit/buildkitd.sock
- --addr - --addr
- tcp://0.0.0.0:1234 - tcp://0.0.0.0:1234
- --tlscacert - --tlscacert
- /certs/ca.pem - /certs/ca.pem
- --tlscert - --tlscert
- /certs/cert.pem - /certs/cert.pem
- --tlskey - --tlskey
- /certs/key.pem - /certs/key.pem
- --oci-worker-no-process-sandbox - --oci-worker-no-process-sandbox
# the probe below will only work after Release v0.6.3 # the probe below will only work after Release v0.6.3
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
# the probe below will only work after Release v0.6.3 # the probe below will only work after Release v0.6.3
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
# To change UID/GID, you need to rebuild the image # To change UID/GID, you need to rebuild the image
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
ports: ports:
- containerPort: 1234 - containerPort: 1234
volumeMounts: volumeMounts:
- name: certs - name: certs
readOnly: true readOnly: true
mountPath: /certs mountPath: /certs
volumes: volumes:
# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
- name: certs - name: certs
secret: secret:
secretName: buildkit-daemon-certs secretName: buildkit-daemon-certs
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -75,7 +75,7 @@ metadata:
name: buildkitd name: buildkitd
spec: spec:
ports: ports:
- port: 1234 - port: 1234
protocol: TCP protocol: TCP
selector: selector:
app: buildkitd app: buildkitd

66
examples/kubernetes/job.privileged.yaml
View File

@ -7,38 +7,38 @@ spec:
spec: spec:
restartPolicy: Never restartPolicy: Never
initContainers: initContainers:
- name: prepare - name: prepare
image: alpine:3.10 image: alpine:3.10
command: command:
- sh - sh
- -c - -c
- "echo FROM hello-world > /workspace/Dockerfile" - "echo FROM hello-world > /workspace/Dockerfile"
volumeMounts: volumeMounts:
- name: workspace - name: workspace
mountPath: /workspace mountPath: /workspace
containers: containers:
- name: buildkit - name: buildkit
image: moby/buildkit:master image: moby/buildkit:master
command: command:
- buildctl-daemonless.sh - buildctl-daemonless.sh
args: args:
- build - build
- --frontend - --frontend
- dockerfile.v0 - dockerfile.v0
- --local - --local
- context=/workspace - context=/workspace
- --local - --local
- dockerfile=/workspace - dockerfile=/workspace
# To push the image to a registry, add # To push the image to a registry, add
# `--output type=image,name=docker.io/username/image,push=true` # `--output type=image,name=docker.io/username/image,push=true`
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:
- name: workspace - name: workspace
readOnly: true readOnly: true
mountPath: /workspace mountPath: /workspace
# To push the image, you also need to create `~/.docker/config.json` secret # To push the image, you also need to create `~/.docker/config.json` secret
# and set $DOCKER_CONFIG to `/path/to/.docker` directory. # and set $DOCKER_CONFIG to `/path/to/.docker` directory.
volumes: volumes:
- name: workspace - name: workspace
emptyDir: {} emptyDir: {}

84
examples/kubernetes/job.rootless.yaml
View File

@ -8,50 +8,50 @@ spec:
annotations: annotations:
container.apparmor.security.beta.kubernetes.io/buildkit: unconfined container.apparmor.security.beta.kubernetes.io/buildkit: unconfined
container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined
# see buildkit/docs/rootless.md for caveats of rootless mode # see buildkit/docs/rootless.md for caveats of rootless mode
spec: spec:
restartPolicy: Never restartPolicy: Never
initContainers: initContainers:
- name: prepare - name: prepare
image: alpine:3.10 image: alpine:3.10
command: command:
- sh - sh
- -c - -c
- "echo FROM hello-world > /workspace/Dockerfile" - "echo FROM hello-world > /workspace/Dockerfile"
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
volumeMounts: volumeMounts:
- name: workspace - name: workspace
mountPath: /workspace mountPath: /workspace
containers: containers:
- name: buildkit - name: buildkit
image: moby/buildkit:master-rootless image: moby/buildkit:master-rootless
env: env:
- name: BUILDKITD_FLAGS - name: BUILDKITD_FLAGS
value: --oci-worker-no-process-sandbox value: --oci-worker-no-process-sandbox
command: command:
- buildctl-daemonless.sh - buildctl-daemonless.sh
args: args:
- build - build
- --frontend - --frontend
- dockerfile.v0 - dockerfile.v0
- --local - --local
- context=/workspace - context=/workspace
- --local - --local
- dockerfile=/workspace - dockerfile=/workspace
# To push the image to a registry, add # To push the image to a registry, add
# `--output type=image,name=docker.io/username/image,push=true` # `--output type=image,name=docker.io/username/image,push=true`
securityContext: securityContext:
# To change UID/GID, you need to rebuild the image # To change UID/GID, you need to rebuild the image
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
volumeMounts: volumeMounts:
- name: workspace - name: workspace
readOnly: true readOnly: true
mountPath: /workspace mountPath: /workspace
# To push the image, you also need to create `~/.docker/config.json` secret # To push the image, you also need to create `~/.docker/config.json` secret
# and set $DOCKER_CONFIG to `/path/to/.docker` directory. # and set $DOCKER_CONFIG to `/path/to/.docker` directory.
volumes: volumes:
- name: workspace - name: workspace
emptyDir: {} emptyDir: {}

40
examples/kubernetes/pod.privileged.yaml
View File

@ -4,23 +4,23 @@ metadata:
name: buildkitd name: buildkitd
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master image: moby/buildkit:master
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
privileged: true privileged: true

48
examples/kubernetes/pod.rootless.yaml
View File

@ -8,27 +8,27 @@ metadata:
# see buildkit/docs/rootless.md for caveats of rootless mode # see buildkit/docs/rootless.md for caveats of rootless mode
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master-rootless image: moby/buildkit:master-rootless
args: args:
- --oci-worker-no-process-sandbox - --oci-worker-no-process-sandbox
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
# To change UID/GID, you need to rebuild the image # To change UID/GID, you need to rebuild the image
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000

40
examples/kubernetes/statefulset.privileged.yaml
View File

@ -17,23 +17,23 @@ spec:
app: buildkitd app: buildkitd
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master image: moby/buildkit:master
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
privileged: true privileged: true

50
examples/kubernetes/statefulset.rootless.yaml
View File

@ -18,30 +18,30 @@ spec:
annotations: annotations:
container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined
# see buildkit/docs/rootless.md for caveats of rootless mode # see buildkit/docs/rootless.md for caveats of rootless mode
spec: spec:
containers: containers:
- name: buildkitd - name: buildkitd
image: moby/buildkit:master-rootless image: moby/buildkit:master-rootless
args: args:
- --oci-worker-no-process-sandbox - --oci-worker-no-process-sandbox
readinessProbe: readinessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
livenessProbe: livenessProbe:
exec: exec:
command: command:
- buildctl - buildctl
- debug - debug
- workers - workers
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
securityContext: securityContext:
# To change UID/GID, you need to rebuild the image # To change UID/GID, you need to rebuild the image
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000

4
hack/dockerfiles/lint.Dockerfile
View File

@ -1,8 +1,10 @@
# syntax=docker/dockerfile:1.1-experimental # syntax=docker/dockerfile:1.1-experimental
FROM golang:1.13-alpine FROM golang:1.13-alpine
RUN apk add --no-cache gcc musl-dev RUN apk add --no-cache gcc musl-dev yamllint
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.27.0 RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.27.0
WORKDIR /go/src/github.com/moby/buildkit WORKDIR /go/src/github.com/moby/buildkit
RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache \ RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache \
golangci-lint run golangci-lint run
RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache \
yamllint -c .yamllint.yml --strict .