Add support for security.insecure and network.host
entitlements via bake. User needs to confirm elevated
privileges through a prompt or CLI flags.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
It was possible for multiple status messages to be written at the same
time which caused some of the metric writer code to have a race
condition.
This code should be fast enough that it doesn't interrupt the display,
but some further work might be needed here.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Compile the regular expressions only on first use rather than implicitly
as part of the `init()` function of the package. This prevents taking a
speed hit on the initialization of the package regardless if this type
is used and moves it to the time when a regular expression is first
used.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
The Docker docs in multiple places describe passing an annotation at the
command line like "index,manifest:com.example.name=my-cool-image", and
say that this will result in the annotation being applied to both the
index and the manifest. It doesn't seem like this was actually
implemented, and instead it just results in an annotation key with
"index,manifest:" at the beginning being applied to the manifest.
This change splits the part of the key before the colon by comma, and
creates an annotation for each type/platform given, so the
implementation should now match the docs.
Signed-off-by: Eli Treuherz <et@arenko.group>
This package has moved to a separate module. Also added linting
rules to prevent accidental reintroduction.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds an alias for `--check` that causes it to behave the same as
`--call=check`. This is done using `BoolFunc` to call a function when
the option is seen and to set it to the correct value. This should allow
command line flags like `--check --call=targets` to work correctly (even
though they conflict) by making it so the first invocation sets the
print function to `check` and the second overwrites the first. This is
the expected behavior for these types of boolean flags.
`BoolFunc` itself is part of the standard library flags package, but
never seems to have made it into pflag possibly because it was added in
go 1.21.
https://pkg.go.dev/flag#FlagSet.BoolFunc
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Update buildkit dependency to v0.14.0-rc1. Update the tracing
infrastructure to use the new detect API which updates how the delegated
exporter is configured.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This metric records the number of times it sees a lint warning in the
progress stream and categorizes the number of times each rule has been
triggered. This will only record whether a lint warning was triggered
and not whether the linter was even used or which rules were present.
That information isn't presently part of the stream.
With this change, we might be reaching some of the limitations that
spying on the progress stream gives us for metrics and may want to
consider another way for the build to communicate metrics back to the
client.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This version of docker/cli has changes to remove compose-cli wrapper and
move all CLI metrics to OTEL.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
The meter provider initialization that was located here has now been
moved to a common area in the docker cli. This upgrades our CLI version
and then uses this common code instead of our own version.
As a piece of additional functionality, the docker OTEL endpoint can now
be overwritten with `DOCKER_CLI_OTEL_EXPORTER_OTLP_ENDPOINT` for
testing.
This removes the OTLP exporter from the CLI that was previously locked
behind `BUILDX_EXPERIMENTAL`. I do plan for this to return, but as a
proper part of the `docker/cli` implementation rather than something
special with `buildx`.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Removes the experimental label from progress metrics. User-metrics
themselves are still experimental so this is still blocked behind the
experimental flag, but this will allow the docker otlp endpoint to
receive these metrics.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This measures the amount of time spent idle during the build. This is
done by collecting the set of task times, determining which sections
contain gaps where no task is running, and aggregating that duration
into a metric.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Tonis Tiigi