Design LGTM

Why are the commits squashed here? It'd be better to have two commits, to preserve history and authorship. Could you rebase to split the commits, @tonistiigi?

We discussed this PR in the maintainers meeting and like this feature; @vieux is gonna look into adding the same for -f /path/to/a/Dockerfile as a follow up

While I like the idea of this, I'm not comfortable with replacing a user-owned file with the stdin and we should be adding any files we inject into the context to .dockerignore.

My preferred solution would be to make the input of the API a multi-part mime where one section is the tar and another section is the Dockerfile. But, that's a much bigger change. Short of that, can we consider storing the stdin into a new/random file that then gets added to .dockerignore? Our goal should be to have zero impact on existing files in the context. Meaning, a Dockerfile cmd of COPY * ... should not see any new files due to this feature.

@duglin This is definitely harder but I'll see what I can do. Although for - I don't see much of a problem. Dockerfile is the default name that is always used unless user sets a new name with -f. If they set -f - they don't really specify the new name. But I can see it becoming more complicated when we start accepting absolute paths outside working dir for -f as well.

Can't we write to some temp file within the context, add to dockerignore, and set the dockerfile path to the temp file when sending to the API? If the user wants it to be part of their context they shouldn't use stdin, I think?

@cpuguy83 I guess that's what @duglin was suggesting as well. Note though that even atm we don't make any promises about the contents of Dockerfile. Using content trust with COPY Dockerfile . you would not get the same contents.

@tonistiigi can you elaborate on your statement about the Dockerfile? With docker build -f foo . I would hope that any file in . would be totally untouched, including one named Dockerfile. So the user could put anything they wanted in there an be assured that docker won't touch it.

To be honest, I'm not thrilled with modifying the user's .dockerignore file either since we never claimed it was "ours". To me its the user's input to us.

Another option would be to add a flag to just the API for now (e.g. &tmpDockerfile) to indicate that the referenced Dockerfile is a temporary one that we created that should be deleted after it is read. Then we know for sure we're not mucking with the user's files at all.

@duglin When content trust is used we add a digest to every FROM instruction if needed, before uploading the Dockerfile. We don't rename the file while doing so.

that's interesting - is this during a docker build so that it knows which file is the real Dockerfile?

@duglin That's in https://github.com/docker/docker/blob/3fe2730ab3d7bba483d7bf4fb1e95b627823ff4d/cli/command/image/build.go#L384-L388

@duglin @cpuguy83 I have updated to use the random name and .dockerignore. I generalized the tar converter method as well so the same method can be more easily used for dct and plugin create.

I've rebased and pushed a couple commits to address these comments.

I updated the tests for ReplaceFileTarWrapper to use table testing, and added a case for appending to a file.

Ok, added the comment, and also fixed a failing test. content was being passed as an empty reader instead of nil. This case is now also caught by the unit tests, and the comment for TarModifierFunc mentions that content will be nil when the file doesn't exist.

LGTM

LGTM for the latest updates