bake: additional support for named context on remote inputs#965
bake: additional support for named context on remote inputs#965tonistiigi merged 2 commits intodocker:masterfrom
Conversation
tonistiigi
commented
Feb 24, 2022
tonistiigi
commented
- Update named context paths to be relative of remote inputs
- Add basic validation that named paths don't escape the current working directory when loaded from remote sources.
| if inp == nil || inp.State == nil { | ||
| return nil | ||
| } | ||
| if v, ok := os.LookupEnv("BAKE_ALLOW_REMOTE_FS_ACCESS"); ok { |
There was a problem hiding this comment.
@crazy-max I think in our github actions we can define this by default as the whole system is in a vm anyway.
There was a problem hiding this comment.
On GHA they could include /home/runner/.docker which contains auth token in config.json if login step has been done in a previous step.
tonistiigi
force-pushed
the
bake-context-validation
branch
from
ea42084 to
dee1d82
Compare
Signed-off-by: Tonis Tiigi <[email protected]>
This is a stopgap before proper entitlements support is implemented. Signed-off-by: Tonis Tiigi <[email protected]>
tonistiigi
force-pushed
the
bake-context-validation
branch
from
dee1d82 to
91e550b
Compare
crazy-max
left a comment
crazy-max
left a comment
There was a problem hiding this comment.
Can you add BAKE_ALLOW_REMOTE_FS_ACCESS to the list of built-in variables: https://github.com/docker/buildx/blob/master/docs/reference/buildx_bake.md#built-in-variables
I don't really want to make this very official. Hopefully, it would be removed in the next release if we have proper entitlements support. |
2 participants
