From 83d5c0c61bbb4b9fd68a9495c30c7a7167fadb93 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Tue, 3 Sep 2024 18:18:59 -0700
Subject: [PATCH] bake: allow setting networkmode in HCL/JSON

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
---
 bake/bake.go      |  6 +++--
 bake/bake_test.go | 64 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/bake/bake.go b/bake/bake.go
index fc707131..9ed1dfd8 100644
--- a/bake/bake.go
+++ b/bake/bake.go
@@ -543,7 +543,7 @@ func (c Config) newOverrides(v []string) (map[string]map[string]Override, error)
 			o := t[kk[1]]
 
 			switch keys[1] {
-			case "output", "cache-to", "cache-from", "tags", "platform", "secrets", "ssh", "attest", "entitlements":
+			case "output", "cache-to", "cache-from", "tags", "platform", "secrets", "ssh", "attest", "entitlements", "network":
 				if len(parts) == 2 {
 					o.ArrValue = append(o.ArrValue, parts[1])
 				}
@@ -704,7 +704,7 @@ type Target struct {
 	Outputs          []string           `json:"output,omitempty" hcl:"output,optional" cty:"output"`
 	Pull             *bool              `json:"pull,omitempty" hcl:"pull,optional" cty:"pull"`
 	NoCache          *bool              `json:"no-cache,omitempty" hcl:"no-cache,optional" cty:"no-cache"`
-	NetworkMode      *string            `json:"-" hcl:"-" cty:"-"`
+	NetworkMode      *string            `json:"network" hcl:"network" cty:"network"`
 	NoCacheFilter    []string           `json:"no-cache-filter,omitempty" hcl:"no-cache-filter,optional" cty:"no-cache-filter"`
 	ShmSize          *string            `json:"shm-size,omitempty" hcl:"shm-size,optional"`
 	Ulimits          []string           `json:"ulimits,omitempty" hcl:"ulimits,optional"`
@@ -914,6 +914,8 @@ func (t *Target) AddOverrides(overrides map[string]Override) error {
 			t.ShmSize = &value
 		case "ulimits":
 			t.Ulimits = o.ArrValue
+		case "network":
+			t.NetworkMode = &value
 		case "pull":
 			pull, err := strconv.ParseBool(value)
 			if err != nil {
diff --git a/bake/bake_test.go b/bake/bake_test.go
index 185b5285..bb95499a 100644
--- a/bake/bake_test.go
+++ b/bake/bake_test.go
@@ -1757,7 +1757,7 @@ func TestHCLEntitlements(t *testing.T) {
 	require.Equal(t, entitlements.EntitlementNetworkHost, bo["app"].Allow[1])
 }
 
-func TestEntitlementsForNetHost(t *testing.T) {
+func TestEntitlementsForNetHostCompose(t *testing.T) {
 	fp := File{
 		Name: "docker-bake.hcl",
 		Data: []byte(
@@ -1790,7 +1790,69 @@ func TestEntitlementsForNetHost(t *testing.T) {
 	require.Contains(t, m, "app")
 	require.Len(t, m["app"].Entitlements, 1)
 	require.Equal(t, "network.host", m["app"].Entitlements[0])
+	require.Equal(t, "host", *m["app"].NetworkMode)
 
 	require.Len(t, bo["app"].Allow, 1)
 	require.Equal(t, entitlements.EntitlementNetworkHost, bo["app"].Allow[0])
+	require.Equal(t, "host", bo["app"].NetworkMode)
+}
+
+func TestEntitlementsForNetHost(t *testing.T) {
+	fp := File{
+		Name: "docker-bake.hcl",
+		Data: []byte(
+			`target "app" {
+				dockerfile = "app.Dockerfile"
+				network = "host"
+			}`),
+	}
+
+	ctx := context.TODO()
+	m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil)
+	require.NoError(t, err)
+
+	bo, err := TargetsToBuildOpt(m, &Input{})
+	require.NoError(t, err)
+
+	require.Equal(t, 1, len(g))
+	require.Equal(t, []string{"app"}, g["default"].Targets)
+
+	require.Equal(t, 1, len(m))
+	require.Contains(t, m, "app")
+	require.Len(t, m["app"].Entitlements, 1)
+	require.Equal(t, "network.host", m["app"].Entitlements[0])
+	require.Equal(t, "host", *m["app"].NetworkMode)
+
+	require.Len(t, bo["app"].Allow, 1)
+	require.Equal(t, entitlements.EntitlementNetworkHost, bo["app"].Allow[0])
+	require.Equal(t, "host", bo["app"].NetworkMode)
+}
+
+func TestNetNone(t *testing.T) {
+	fp := File{
+		Name: "docker-bake.hcl",
+		Data: []byte(
+			`target "app" {
+				dockerfile = "app.Dockerfile"
+				network = "none"
+			}`),
+	}
+
+	ctx := context.TODO()
+	m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil)
+	require.NoError(t, err)
+
+	bo, err := TargetsToBuildOpt(m, &Input{})
+	require.NoError(t, err)
+
+	require.Equal(t, 1, len(g))
+	require.Equal(t, []string{"app"}, g["default"].Targets)
+
+	require.Equal(t, 1, len(m))
+	require.Contains(t, m, "app")
+	require.Len(t, m["app"].Entitlements, 0)
+	require.Equal(t, "none", *m["app"].NetworkMode)
+
+	require.Len(t, bo["app"].Allow, 0)
+	require.Equal(t, "none", bo["app"].NetworkMode)
 }