builder: produce error when using unsupported Dockerfile option#41912
builder: produce error when using unsupported Dockerfile option#41912tiborvass merged 1 commit intomoby:masterfrom
Conversation
thaJeztah
added
area/builder
There was a problem hiding this comment.
Temporary patch; perhaps there's a cleaner approach for this, but thought I'd open a PR to discuss the best approach.
There was a problem hiding this comment.
Perhaps all command should take the same approach; COPY and ADD have some additional properties to store the Chmod, Chown values, but other commands may not; perhaps using the FlagsUsed approach could make it more generic (we could make a supportedOptions variable, containing the supported options per command.
|
@tonistiigi @tiborvass PTAL; let me know what approach you think is best for this |
|
Can we continue ignoring cache mounts? (With warning) |
I initially proposed doing so in moby/buildkit#799, but I know @tonistiigi didn't agree on silently ignoring them; moby/buildkit#799 (comment) Also wondering if we have a mechanism to return warnings back to the CLI; we can of course log them, but daemon logs won't be visible to the user (unless explicitly looking for them), or do you know a way to return warnings? Alternative would be to parse the Dockerfile on the client-side before starting the build, but that would complicate things (especially if client and daemon are different versions). |
Would writing to moby/builder/dockerfile/dispatchers.go Line 378 in cf0ce96 |
|
Yes, that looks to work to print warnings if we want to; |
thaJeztah
force-pushed
the
improve_build_errors
branch
from
392c4ec to
f502aa2
Compare
thaJeztah
force-pushed
the
improve_build_errors
branch
2 times, most recently
from
215fd10 to
f6ae6d7
Compare
thaJeztah
force-pushed
the
improve_build_errors
branch
from
f6ae6d7 to
9d635e1
Compare
|
Perhaps needs a |
thaJeztah
force-pushed
the
improve_build_errors
branch
from
9d635e1 to
848c076
Compare
thaJeztah
force-pushed
the
improve_build_errors
branch
from
848c076 to
b7ce94d
Compare
|
This should be ready for review now; @tonistiigi @AkihiroSuda @cpuguy83 ptal |
There was a problem hiding this comment.
bit weird to have a return in a for loop. Would be slightly better with an if len(c.FlagsUsed) > 0 { return errors.Errorf(..., c.FlagsUsed[0]) }
There was a problem hiding this comment.
Ah, yes, I think I started with creating an error-message for all flags or to have a "whitelist", but then decided "meh, just return an error for the first one"; I'll update
|
Overall looks good to me |
With the promotion of the experimental Dockerfile syntax to "stable", the Dockerfile
syntax now includes some options that are supported by BuildKit, but not (yet)
supported in the classic builder.
As a result, parsing a Dockerfile may succeed, but any flag that's known to BuildKit,
but not supported by the classic builder is silently ignored;
$ mkdir buildkit_flags && cd buildkit_flags
$ touch foo.txt
For example, `RUN --mount`:
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<EOF
FROM busybox
RUN --mount=type=cache,target=/foo echo hello
EOF
Sending build context to Docker daemon 2.095kB
Step 1/2 : FROM busybox
---> 219ee5171f80
Step 2/2 : RUN --mount=type=cache,target=/foo echo hello
---> Running in 022fdb856bc8
hello
Removing intermediate container 022fdb856bc8
---> e9f0988844d1
Successfully built e9f0988844d1
Or `COPY --chmod` (same for `ADD --chmod`):
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<EOF
FROM busybox
COPY --chmod=0777 /foo.txt /foo.txt
EOF
Sending build context to Docker daemon 2.095kB
Step 1/2 : FROM busybox
---> 219ee5171f80
Step 2/2 : COPY --chmod=0777 /foo.txt /foo.txt
---> 8b7117932a2a
Successfully built 8b7117932a2a
Note that unknown flags still produce and error, for example, the below fails because `--hello` is an unknown flag;
DOCKER_BUILDKIT=0 docker build -<<EOF
FROM busybox
RUN --hello echo hello
EOF
Sending build context to Docker daemon 2.048kB
Error response from daemon: dockerfile parse error line 2: Unknown flag: hello
With this patch applied
----------------------------
With this patch applied, flags that are known in the Dockerfile spec, but are not
supported by the classic builder, produce an error, which includes a link to the
documentation how to enable BuildKit:
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<EOF
FROM busybox
RUN --mount=type=cache,target=/foo echo hello
EOF
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM busybox
---> b97242f89c8a
Step 2/2 : RUN --mount=type=cache,target=/foo echo hello
the --mount option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<EOF
FROM busybox
COPY --chmod=0777 /foo.txt /foo.txt
EOF
Sending build context to Docker daemon 2.095kB
Step 1/2 : FROM busybox
---> b97242f89c8a
Step 2/2 : COPY --chmod=0777 /foo.txt /foo.txt
the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled
Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
improve_build_errors
branch
from
b7ce94d to
a09c027
Compare
|
@tiborvass @AkihiroSuda updated; PTAL |
| for _, f := range []string{"mount", "network", "security", "any-flag"} { | ||
| cmd.FlagsUsed = []string{f} | ||
| err := dispatch(sb, cmd) | ||
| assert.Error(t, err, fmt.Sprintf("the --%s option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled", f)) |
There was a problem hiding this comment.
"the --any-flag option requires BuildKit" is slightly inaccurate. What about "the --%s option is not supported on legacy mode"
There was a problem hiding this comment.
Hmmm... yes, that's a bit tricky; it would indeed suggest that in case someone made an actual RUN --i-made-a-typo, it would print the standard message; do you think we should keep an actual list of known options?
There was a problem hiding this comment.
oh, actually, that should already be handled, because the frontend will produce an error;
DOCKER_BUILDKIT=0 docker build -<<EOF
FROM busybox
RUN --no-such-flag echo hello
EOF
Sending build context to Docker daemon 2.048kB
Error response from daemon: dockerfile parse error line 2: Unknown flag: no-such-flag
|
@tiborvass PTAL |
thaJeztah
added
process/cherry-picked
area/builder/classic-builder
3 participants
fixes #41911
depends on
builder: produce error when using unsupported Dockerfile option
With the promotion of the experimental Dockerfile syntax to "stable", the Dockerfile
syntax now includes some options that are supported by BuildKit, but not (yet)
supported in the classic builder.
As a result, parsing a Dockerfile may succeed, but any flag that's known to BuildKit,
but not supported by the classic builder is silently ignored;
For example,
RUN --mount:Or
COPY --chmod(same forADD --chmod):Note that unknown flags still produce and error, for example, the below fails because
--hellois an unknown flag;With this patch applied
With this patch applied, flags that are known in the Dockerfile spec, but are not
supported by the classic builder, produce an error, which includes a link to the
documentation how to enable BuildKit:
- Description for the changelog