365 lines
9.9 KiB
Protocol Buffer
365 lines
9.9 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
// Package pb provides the protobuf definition of LLB: low-level builder instruction.
|
|
// LLB is DAG-structured; Op represents a vertex, and Definition represents a graph.
|
|
package pb;
|
|
|
|
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
|
|
|
option (gogoproto.stable_marshaler_all) = true;
|
|
|
|
// Op represents a vertex of the LLB DAG.
|
|
message Op {
|
|
// inputs is a set of input edges.
|
|
repeated Input inputs = 1;
|
|
oneof op {
|
|
ExecOp exec = 2;
|
|
SourceOp source = 3;
|
|
FileOp file = 4;
|
|
BuildOp build = 5;
|
|
}
|
|
Platform platform = 10;
|
|
WorkerConstraints constraints = 11;
|
|
}
|
|
|
|
// Platform is github.com/opencontainers/image-spec/specs-go/v1.Platform
|
|
message Platform {
|
|
string Architecture = 1;
|
|
string OS = 2;
|
|
string Variant = 3;
|
|
string OSVersion = 4; // unused
|
|
repeated string OSFeatures = 5; // unused
|
|
}
|
|
|
|
// Input represents an input edge for an Op.
|
|
message Input {
|
|
// digest of the marshaled input Op
|
|
string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
|
|
// output index of the input Op
|
|
int64 index = 2 [(gogoproto.customtype) = "OutputIndex", (gogoproto.nullable) = false];
|
|
}
|
|
|
|
// ExecOp executes a command in a container.
|
|
message ExecOp {
|
|
Meta meta = 1;
|
|
repeated Mount mounts = 2;
|
|
NetMode network = 3;
|
|
SecurityMode security = 4;
|
|
}
|
|
|
|
// Meta is a set of arguments for ExecOp.
|
|
// Meta is unrelated to LLB metadata.
|
|
// FIXME: rename (ExecContext? ExecArgs?)
|
|
message Meta {
|
|
repeated string args = 1;
|
|
repeated string env = 2;
|
|
string cwd = 3;
|
|
string user = 4;
|
|
ProxyEnv proxy_env = 5;
|
|
repeated HostIP extraHosts = 6;
|
|
string hostname = 7;
|
|
repeated Ulimit ulimit = 9;
|
|
}
|
|
|
|
message HostIP {
|
|
string Host = 1;
|
|
string IP = 2;
|
|
}
|
|
|
|
message Ulimit {
|
|
string Name = 1;
|
|
int64 Soft = 2;
|
|
int64 Hard = 3;
|
|
}
|
|
|
|
enum NetMode {
|
|
UNSET = 0; // sandbox
|
|
HOST = 1;
|
|
NONE = 2;
|
|
}
|
|
|
|
enum SecurityMode {
|
|
SANDBOX = 0;
|
|
INSECURE = 1; // privileged mode
|
|
}
|
|
|
|
// Mount specifies how to mount an input Op as a filesystem.
|
|
message Mount {
|
|
int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
|
|
string selector = 2;
|
|
string dest = 3;
|
|
int64 output = 4 [(gogoproto.customtype) = "OutputIndex", (gogoproto.nullable) = false];
|
|
bool readonly = 5;
|
|
MountType mountType = 6;
|
|
TmpfsOpt TmpfsOpt = 19;
|
|
CacheOpt cacheOpt = 20;
|
|
SecretOpt secretOpt = 21;
|
|
SSHOpt SSHOpt = 22;
|
|
string resultID = 23;
|
|
}
|
|
|
|
// MountType defines a type of a mount from a supported set
|
|
enum MountType {
|
|
BIND = 0;
|
|
SECRET = 1;
|
|
SSH = 2;
|
|
CACHE = 3;
|
|
TMPFS = 4;
|
|
}
|
|
|
|
// TmpfsOpt defines options describing tpmfs mounts
|
|
message TmpfsOpt {
|
|
// Specify an upper limit on the size of the filesystem.
|
|
int64 size = 1;
|
|
}
|
|
|
|
// CacheOpt defines options specific to cache mounts
|
|
message CacheOpt {
|
|
// ID is an optional namespace for the mount
|
|
string ID = 1;
|
|
// Sharing is the sharing mode for the mount
|
|
CacheSharingOpt sharing = 2;
|
|
}
|
|
|
|
// CacheSharingOpt defines different sharing modes for cache mount
|
|
enum CacheSharingOpt {
|
|
// SHARED cache mount can be used concurrently by multiple writers
|
|
SHARED = 0;
|
|
// PRIVATE creates a new mount if there are multiple writers
|
|
PRIVATE = 1;
|
|
// LOCKED pauses second writer until first one releases the mount
|
|
LOCKED = 2;
|
|
}
|
|
|
|
// SecretOpt defines options describing secret mounts
|
|
message SecretOpt {
|
|
// ID of secret. Used for quering the value.
|
|
string ID = 1;
|
|
// UID of secret file
|
|
uint32 uid = 2;
|
|
// GID of secret file
|
|
uint32 gid = 3;
|
|
// Mode is the filesystem mode of secret file
|
|
uint32 mode = 4;
|
|
// Optional defines if secret value is required. Error is produced
|
|
// if value is not found and optional is false.
|
|
bool optional = 5;
|
|
}
|
|
|
|
// SSHOpt defines options describing secret mounts
|
|
message SSHOpt {
|
|
// ID of exposed ssh rule. Used for quering the value.
|
|
string ID = 1;
|
|
// UID of agent socket
|
|
uint32 uid = 2;
|
|
// GID of agent socket
|
|
uint32 gid = 3;
|
|
// Mode is the filesystem mode of agent socket
|
|
uint32 mode = 4;
|
|
// Optional defines if ssh socket is required. Error is produced
|
|
// if client does not expose ssh.
|
|
bool optional = 5;
|
|
}
|
|
|
|
// SourceOp specifies a source such as build contexts and images.
|
|
message SourceOp {
|
|
// TODO: use source type or any type instead of URL protocol.
|
|
// identifier e.g. local://, docker-image://, git://, https://...
|
|
string identifier = 1;
|
|
// attrs are defined in attr.go
|
|
map<string, string> attrs = 2;
|
|
}
|
|
|
|
// BuildOp is used for nested build invocation.
|
|
// BuildOp is experimental and can break without backwards compatibility
|
|
message BuildOp {
|
|
int64 builder = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
|
|
map<string, BuildInput> inputs = 2;
|
|
Definition def = 3;
|
|
map<string, string> attrs = 4;
|
|
// outputs
|
|
}
|
|
|
|
// BuildInput is used for BuildOp.
|
|
message BuildInput {
|
|
int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
|
|
}
|
|
|
|
// OpMetadata is a per-vertex metadata entry, which can be defined for arbitrary Op vertex and overridable on the run time.
|
|
message OpMetadata {
|
|
// ignore_cache specifies to ignore the cache for this Op.
|
|
bool ignore_cache = 1;
|
|
// Description can be used for keeping any text fields that builder doesn't parse
|
|
map<string, string> description = 2;
|
|
// index 3 reserved for WorkerConstraint in previous versions
|
|
// WorkerConstraint worker_constraint = 3;
|
|
ExportCache export_cache = 4;
|
|
|
|
map<string, bool> caps = 5 [(gogoproto.castkey) = "github.com/moby/buildkit/util/apicaps.CapID", (gogoproto.nullable) = false];
|
|
}
|
|
|
|
// Source is a source mapping description for a file
|
|
message Source {
|
|
map<string, Locations> locations = 1;
|
|
repeated SourceInfo infos = 2;
|
|
}
|
|
|
|
// Locations is a list of ranges with a index to its source map.
|
|
message Locations {
|
|
repeated Location locations = 1;
|
|
}
|
|
|
|
// Source info contains the shared metadata of a source mapping
|
|
message SourceInfo {
|
|
string filename = 1;
|
|
bytes data = 2;
|
|
Definition definition = 3;
|
|
}
|
|
|
|
// Location defines list of areas in to source file
|
|
message Location {
|
|
int32 sourceIndex = 1;
|
|
repeated Range ranges = 2;
|
|
}
|
|
|
|
// Range is an area in the source file
|
|
message Range {
|
|
Position start = 1 [(gogoproto.nullable) = false];
|
|
Position end = 2 [(gogoproto.nullable) = false];
|
|
}
|
|
|
|
// Position is single location in a source file
|
|
message Position {
|
|
int32 Line = 1;
|
|
int32 Character = 2;
|
|
}
|
|
|
|
message ExportCache {
|
|
bool Value = 1;
|
|
}
|
|
|
|
message ProxyEnv {
|
|
string http_proxy = 1;
|
|
string https_proxy = 2;
|
|
string ftp_proxy = 3;
|
|
string no_proxy = 4;
|
|
string all_proxy = 5;
|
|
}
|
|
|
|
// WorkerConstraints defines conditions for the worker
|
|
message WorkerConstraints {
|
|
repeated string filter = 1; // containerd-style filter
|
|
}
|
|
|
|
// Definition is the LLB definition structure with per-vertex metadata entries
|
|
message Definition {
|
|
// def is a list of marshaled Op messages
|
|
repeated bytes def = 1;
|
|
// metadata contains metadata for the each of the Op messages.
|
|
// A key must be an LLB op digest string. Currently, empty string is not expected as a key, but it may change in the future.
|
|
map<string, OpMetadata> metadata = 2 [(gogoproto.castkey) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
|
|
// Source contains the source mapping information for the vertexes in the definition
|
|
Source Source = 3;
|
|
}
|
|
|
|
message FileOp {
|
|
repeated FileAction actions = 2;
|
|
}
|
|
|
|
message FileAction {
|
|
int64 input = 1 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false]; // could be real input or target (target index + max input index)
|
|
int64 secondaryInput = 2 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false]; // --//--
|
|
int64 output = 3 [(gogoproto.customtype) = "OutputIndex", (gogoproto.nullable) = false];
|
|
oneof action {
|
|
// FileActionCopy copies files from secondaryInput on top of input
|
|
FileActionCopy copy = 4;
|
|
// FileActionMkFile creates a new file
|
|
FileActionMkFile mkfile = 5;
|
|
// FileActionMkDir creates a new directory
|
|
FileActionMkDir mkdir = 6;
|
|
// FileActionRm removes a file
|
|
FileActionRm rm = 7;
|
|
}
|
|
}
|
|
|
|
message FileActionCopy {
|
|
// src is the source path
|
|
string src = 1;
|
|
// dest path
|
|
string dest = 2;
|
|
// optional owner override
|
|
ChownOpt owner = 3;
|
|
// optional permission bits override
|
|
int32 mode = 4;
|
|
// followSymlink resolves symlinks in src
|
|
bool followSymlink = 5;
|
|
// dirCopyContents only copies contents if src is a directory
|
|
bool dirCopyContents = 6;
|
|
// attemptUnpackDockerCompatibility detects if src is an archive to unpack it instead
|
|
bool attemptUnpackDockerCompatibility = 7;
|
|
// createDestPath creates dest path directories if needed
|
|
bool createDestPath = 8;
|
|
// allowWildcard allows filepath.Match wildcards in src path
|
|
bool allowWildcard = 9;
|
|
// allowEmptyWildcard doesn't fail the whole copy if wildcard doesn't resolve to files
|
|
bool allowEmptyWildcard = 10;
|
|
// optional created time override
|
|
int64 timestamp = 11;
|
|
// include only files/dirs matching at least one of these patterns
|
|
repeated string include_patterns = 12;
|
|
// exclude files/dir matching any of these patterns (even if they match an include pattern)
|
|
repeated string exclude_patterns = 13;
|
|
}
|
|
|
|
message FileActionMkFile {
|
|
// path for the new file
|
|
string path = 1;
|
|
// permission bits
|
|
int32 mode = 2;
|
|
// data is the new file contents
|
|
bytes data = 3;
|
|
// optional owner for the new file
|
|
ChownOpt owner = 4;
|
|
// optional created time override
|
|
int64 timestamp = 5;
|
|
}
|
|
|
|
message FileActionMkDir {
|
|
// path for the new directory
|
|
string path = 1;
|
|
// permission bits
|
|
int32 mode = 2;
|
|
// makeParents creates parent directories as well if needed
|
|
bool makeParents = 3;
|
|
// optional owner for the new directory
|
|
ChownOpt owner = 4;
|
|
// optional created time override
|
|
int64 timestamp = 5;
|
|
}
|
|
|
|
message FileActionRm {
|
|
// path to remove
|
|
string path = 1;
|
|
// allowNotFound doesn't fail the rm if file is not found
|
|
bool allowNotFound = 2;
|
|
// allowWildcard allows filepath.Match wildcards in path
|
|
bool allowWildcard = 3;
|
|
}
|
|
|
|
message ChownOpt {
|
|
UserOpt user = 1;
|
|
UserOpt group = 2;
|
|
}
|
|
|
|
message UserOpt {
|
|
oneof user {
|
|
NamedUserOpt byName = 1;
|
|
uint32 byID = 2;
|
|
}
|
|
}
|
|
|
|
message NamedUserOpt {
|
|
string name = 1;
|
|
int64 input = 2 [(gogoproto.customtype) = "InputIndex", (gogoproto.nullable) = false];
|
|
}
|