summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2021-03-02 14:57:46 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2021-03-07 06:42:02 -0500
commit2c500a8145854c5f566bf76199d2a27226925b60 (patch)
treebb6a8ef928d691fe4047c275775775feefba3119
parenta9fcd9d7602ce59a704884c6840e27666fea20d1 (diff)
downloadpodman-2c500a8145854c5f566bf76199d2a27226925b60.tar.gz
podman-2c500a8145854c5f566bf76199d2a27226925b60.tar.bz2
podman-2c500a8145854c5f566bf76199d2a27226925b60.zip
Add support for podman build --ignorefile
Fixes: https://github.com/containers/podman/issues/9570 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--cmd/podman/images/build.go24
-rw-r--r--test/system/070-build.bats76
2 files changed, 100 insertions, 0 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index de532ed78..78cf4efd0 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -2,6 +2,7 @@ package images
import (
"io"
+ "io/ioutil"
"os"
"path/filepath"
"strings"
@@ -512,6 +513,14 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
TransientMounts: flags.Volumes,
}
+ if flags.IgnoreFile != "" {
+ excludes, err := parseDockerignore(flags.IgnoreFile)
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to obtain decrypt config")
+ }
+ opts.Excludes = excludes
+ }
+
if c.Flag("timestamp").Changed {
timestamp := time.Unix(flags.Timestamp, 0).UTC()
opts.Timestamp = &timestamp
@@ -534,3 +543,18 @@ func getDecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error)
return decConfig, nil
}
+
+func parseDockerignore(ignoreFile string) ([]string, error) {
+ excludes := []string{}
+ ignore, err := ioutil.ReadFile(ignoreFile)
+ if err != nil {
+ return excludes, err
+ }
+ for _, e := range strings.Split(string(ignore), "\n") {
+ if len(e) == 0 || e[0] == '#' {
+ continue
+ }
+ excludes = append(excludes, e)
+ }
+ return excludes, nil
+}
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 1e7d366a1..a9f97d5ab 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -362,6 +362,82 @@ Labels.$label_name | $label_value
run_podman rmi -f build_test
}
+@test "podman build - COPY with ignore" {
+ local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10)
+ mkdir -p $tmpdir/subdir
+
+ # Create a bunch of files. Declare this as an array to avoid duplication
+ # because we iterate over that list below, checking for each file.
+ # A leading "-" indicates that the file SHOULD NOT exist in the built image
+ local -a files=(
+ -test1 -test1.txt
+ test2 test2.txt
+ subdir/sub1 subdir/sub1.txt
+ -subdir/sub2 -subdir/sub2.txt
+ this-file-does-not-match-anything-in-ignore-file
+ comment
+ )
+ for f in ${files[@]}; do
+ # The magic '##-' strips off the '-' prefix
+ echo "$f" > $tmpdir/${f##-}
+ done
+
+ # Directory that doesn't exist in the image; COPY should create it
+ local newdir=/newdir-$(random_string 12)
+ cat >$tmpdir/Containerfile <<EOF
+FROM $IMAGE
+COPY ./ $newdir/
+EOF
+
+ # Run twice: first with a custom --ignorefile, then with a default one.
+ # This ordering is deliberate: if we were to run with .dockerignore
+ # first, and forget to rm it, and then run with --ignorefile, _and_
+ # there was a bug in podman where --ignorefile was a NOP (eg #9570),
+ # the test might pass because of the existence of .dockerfile.
+ for ignorefile in ignoreme-$(random_string 5) .dockerignore; do
+ # Patterns to ignore. Mostly copied from buildah/tests/bud/dockerignore
+ cat >$tmpdir/$ignorefile <<EOF
+# comment
+test*
+!test2*
+subdir
+!*/sub1*
+EOF
+
+ # Build an image. For .dockerignore
+ local -a ignoreflag
+ unset ignoreflag
+ if [[ $ignorefile != ".dockerignore" ]]; then
+ ignoreflag="--ignorefile $tmpdir/$ignorefile"
+ fi
+ run_podman build -t build_test ${ignoreflag} $tmpdir
+
+ # Delete the ignore file! Otherwise, in the next iteration of the loop,
+ # we could end up with an existing .dockerignore that invisibly
+ # takes precedence over --ignorefile
+ rm -f $tmpdir/$ignorefile
+
+ # It would be much more readable, and probably safer, to iterate
+ # over each file, running 'podman run ... ls -l $f'. But each podman run
+ # takes a second or so, and we are mindful of each second.
+ run_podman run --rm build_test find $newdir -type f
+ for f in ${files[@]}; do
+ if [[ $f =~ ^- ]]; then
+ f=${f##-}
+ if [[ $output =~ $f ]]; then
+ die "File '$f' found in image; it should have been ignored via $ignorefile"
+ fi
+ else
+ is "$output" ".*$newdir/$f" \
+ "File '$f' should exist in container (no match in $ignorefile)"
+ fi
+ done
+
+ # Clean up
+ run_podman rmi -f build_test
+ done
+}
+
@test "podman build - stdin test" {
# Random workdir, and random string to verify build output
workdir=/$(random_string 10)