Skip to content

Commit

Permalink
bake: ulimits support
Browse files Browse the repository at this point in the history
Signed-off-by: CrazyMax <[email protected]>
  • Loading branch information
crazy-max committed Feb 5, 2024
1 parent 3abc8ba commit 3eba441
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 0 deletions.
15 changes: 15 additions & 0 deletions bake/bake.go
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,7 @@ type Target struct {
NetworkMode *string `json:"-" hcl:"-" cty:"-"`
NoCacheFilter []string `json:"no-cache-filter,omitempty" hcl:"no-cache-filter,optional" cty:"no-cache-filter"`
ShmSize *string `json:"shm-size,omitempty" hcl:"shm-size,optional"`
Ulimits []string `json:"ulimits,omitempty" hcl:"ulimits,optional"`
// IMPORTANT: if you add more fields here, do not forget to update newOverrides and docs/bake-reference.md.

// linked is a private field to mark a target used as a linked one
Expand All @@ -723,6 +724,7 @@ func (t *Target) normalize() {
t.CacheTo = removeDupes(t.CacheTo)
t.Outputs = removeDupes(t.Outputs)
t.NoCacheFilter = removeDupes(t.NoCacheFilter)
t.Ulimits = removeDupes(t.Ulimits)

for k, v := range t.Contexts {
if v == "" {
Expand Down Expand Up @@ -814,6 +816,9 @@ func (t *Target) Merge(t2 *Target) {
if t2.ShmSize != nil { // no merge
t.ShmSize = t2.ShmSize
}
if t2.Ulimits != nil { // merge
t.Ulimits = append(t.Ulimits, t2.Ulimits...)
}
t.Inherits = append(t.Inherits, t2.Inherits...)
}

Expand Down Expand Up @@ -880,6 +885,8 @@ func (t *Target) AddOverrides(overrides map[string]Override) error {
t.NoCacheFilter = o.ArrValue
case "shm-size":
t.ShmSize = &value
case "ulimits":
t.Ulimits = o.ArrValue
case "pull":
pull, err := strconv.ParseBool(value)
if err != nil {
Expand Down Expand Up @@ -1335,6 +1342,14 @@ func toBuildOpt(t *Target, inp *Input) (*build.Options, error) {
return nil, err
}

var ulimits *dockeropts.UlimitOpt
for _, field := range t.Ulimits {
if err := ulimits.Set(field); err != nil {
return nil, err
}
}
bo.Ulimits = ulimits

return bo, nil
}

Expand Down
2 changes: 2 additions & 0 deletions bake/bake_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ target "webDEP" {
}
no-cache = true
shm-size = "128m"
ulimits = ["nofile=1024:1024"]
}
target "webapp" {
Expand All @@ -47,6 +48,7 @@ target "webapp" {
require.Equal(t, ptrstr("webDEP"), m["webapp"].Args["VAR_INHERITED"])
require.Equal(t, true, *m["webapp"].NoCache)
require.Equal(t, "128m", *m["webapp"].ShmSize)
require.Equal(t, []string{"nofile=1024:1024"}, m["webapp"].Ulimits)
require.Nil(t, m["webapp"].Pull)

require.Equal(t, 1, len(g))
Expand Down
14 changes: 14 additions & 0 deletions bake/compose.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package bake

import (
"context"
"fmt"
"os"
"path/filepath"
"strings"
Expand All @@ -10,6 +11,7 @@ import (
"github.com/compose-spec/compose-go/v2/loader"
composetypes "github.com/compose-spec/compose-go/v2/types"
dockeropts "github.com/docker/cli/opts"
"github.com/docker/go-units"
"github.com/pkg/errors"
"gopkg.in/yaml.v3"
)
Expand Down Expand Up @@ -94,6 +96,17 @@ func ParseCompose(cfgs []composetypes.ConfigFile, envs map[string]string) (*Conf
shmSize = &shmSizeStr
}

var ulimits []string
if s.Build.Ulimits != nil {
for n, u := range s.Build.Ulimits {
if ulimit, err := units.ParseUlimit(fmt.Sprintf("%s=%d:%d", n, u.Soft, u.Hard)); err != nil {
return nil, err
} else {
ulimits = append(ulimits, ulimit.String())
}
}
}

var secrets []string
for _, bs := range s.Build.Secrets {
secret, err := composeToBuildkitSecret(bs, cfg.Secrets[bs.Source])
Expand Down Expand Up @@ -131,6 +144,7 @@ func ParseCompose(cfgs []composetypes.ConfigFile, envs map[string]string) (*Conf
NetworkMode: &s.Build.Network,
Secrets: secrets,
ShmSize: shmSize,
Ulimits: ulimits,
}
if err = t.composeExtTarget(s.Build.Extensions); err != nil {
return nil, err
Expand Down
5 changes: 5 additions & 0 deletions bake/compose_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,10 @@ services:
CT_ECR: foo
CT_TAG: bar
shm_size: 128m
ulimits:
nofile:
soft: 1024
hard: 1024
x-bake:
secret:
- id=mysecret,src=/local/secret
Expand Down Expand Up @@ -334,6 +338,7 @@ services:
require.Equal(t, []string{"type=docker"}, c.Targets[1].Outputs)
require.Equal(t, newBool(true), c.Targets[1].NoCache)
require.Equal(t, ptrstr("128MiB"), c.Targets[1].ShmSize)
require.Equal(t, []string{"nofile=1024:1024"}, c.Targets[1].Ulimits)
}

func TestComposeExtDedup(t *testing.T) {
Expand Down
20 changes: 20 additions & 0 deletions docs/bake-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,7 @@ The following table shows the complete list of attributes that you can assign to
| [`ssh`](#targetssh) | List | SSH agent sockets or keys to expose to the build |
| [`tags`](#targettags) | List | Image names and tags |
| [`target`](#targettarget) | String | Target build stage |
| [`ulimits`](#targetulimits) | List | Ulimit options |

### `target.args`

Expand Down Expand Up @@ -893,6 +894,25 @@ target "default" {
}
```

### `target.ulimits`

Ulimits are specified with a soft and hard limit as such:
`<type>=<soft limit>[:<hard limit>]`, for example:

```hcl
target "app" {
ulimits = [
"nofile=1024:1024"
]
}
```

> **Note**
>
> If you do not provide a `hard limit`, the `soft limit` is used
> for both values. If no `ulimits` are set, they are inherited from
> the default `ulimits` set on the daemon.
## Group

Groups allow you to invoke multiple builds (targets) at once.
Expand Down
33 changes: 33 additions & 0 deletions tests/bake.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ var bakeTests = []func(t *testing.T, sb integration.Sandbox){
testBakeRemoteLocalContextRemoteDockerfile,
testBakeEmpty,
testBakeShmSize,
testBakeUlimits,
}

func testBakeLocal(t *testing.T, sb integration.Sandbox) {
Expand Down Expand Up @@ -553,3 +554,35 @@ target "default" {
require.NoError(t, err)
require.Contains(t, string(dt), `size=131072k`)
}

func testBakeUlimits(t *testing.T, sb integration.Sandbox) {
dockerfile := []byte(`
FROM busybox AS build
RUN ulimit -n > first > /ulimit
FROM scratch
COPY --from=build /ulimit /
`)
bakefile := []byte(`
target "default" {
ulimits = ["nofile:1024:1024"]
}
`)
dir := tmpdir(
t,
fstest.CreateFile("docker-bake.hcl", bakefile, 0600),
fstest.CreateFile("Dockerfile", dockerfile, 0600),
)

dirDest := t.TempDir()

out, err := bakeCmd(
sb,
withDir(dir),
withArgs("--set", "*.output=type=local,dest="+dirDest),
)
require.NoError(t, err, out)

Check failure on line 583 in tests/bake.go

View workflow job for this annotation

GitHub Actions / test-integration (docker, ./tests)

Failed: tests/TestIntegration/TestBakeUlimits/worker=docker

=== RUN TestIntegration/TestBakeUlimits/worker=docker === PAUSE TestIntegration/TestBakeUlimits/worker=docker === CONT TestIntegration/TestBakeUlimits/worker=docker bake.go:583: Error Trace: /src/tests/bake.go:583 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:93 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:207 Error: Received unexpected error: exit status 1 Test: TestIntegration/TestBakeUlimits/worker=docker Messages: ERROR: invalid ulimit argument: nofile:1024:1024 sandbox.go:128: stderr: /usr/bin/dockerd sandbox.go:131: > startCmd 2024-02-05 14:22:20.027033773 +0000 UTC m=+37.078795537 /usr/bin/dockerd --data-root /tmp/integration1151862240/d8scyg9o69z43/root --exec-root /tmp/dxr/d8scyg9o69z43 --pidfile /tmp/integration1151862240/d8scyg9o69z43/docker.pid --containerd-namespace d8scyg9o69z43 --containerd-plugins-namespace d8scyg9o69z43p --host unix:///tmp/docker-integration/d8scyg9o69z43.sock --config-file /tmp/integration1151862240/daemon.json --userland-proxy=false --tls=false --debug sandbox.go:131: time="2024-02-05T14:22:20.055587395Z" level=info msg="Starting up" sandbox.go:131: time="2024-02-05T14:22:20.056689015Z" level=warning msg="could not change group /tmp/docker-integration/d8scyg9o69z43.sock to docker: group docker not found" sandbox.go:131: time="2024-02-05T14:22:20.056803588Z" level=debug msg="Listener created for HTTP on unix (/tmp/docker-integration/d8scyg9o69z43.sock)" sandbox.go:131: time="2024-02-05T14:22:20.056826270Z" level=info msg="containerd not running, starting managed containerd" sandbox.go:131: time="2024-02-05T14:22:20.057358551Z" level=info msg="started new containerd process" address=/tmp/dxr/d8scyg9o69z43/containerd/containerd.sock module=libcontainerd pid=6885 sandbox.go:131: time="2024-02-05T14:22:20.057898015Z" level=debug msg="created containerd monitoring client" address=/tmp/dxr/d8scyg9o69z43/containerd/containerd.sock module=libcontainerd sandbox.go:131: time="2024-02-05T14:22:20.058073891Z" level=debug msg="2024/02/05 14:22:20 WARNING: [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: \"/tmp/dxr/d8scyg9o69z43/containerd/containerd.sock\", ServerName: \"localhost\", Attributes: {\"<%!p(networktype.keyType=grpc.internal.transport.networktype)>\": \"unix\" }, }. Err: connection error: desc = \"transport: Error while dialing: dial unix /tmp/dxr/d8scyg9o69z43/containerd/containerd.sock: connect: no such file or directory\"" library=grpc sandbox.go:131: time="2024-02-05T14:22:20.069114194Z" level=info msg="starting containerd" revision=71909c1814c544ac47ab91d2e8b84718e517bb99 version=v1.7.12 sandbox.go:131: time="2024-02-05T14:22:20.082039546Z" level=info msg="loading plugin \"io.containerd.event.v1.exchange\"..." type=io.containerd.event.v1 sandbox.go:131: time="2024-02-05T14:22:20.082066025Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1 sandbox.go:131: time="2024-02-05T14:22:20.082090851Z" level=info msg="loading plugin \"io.containerd.warning.v1.deprecations\"..." type=io.containerd.warning.v1 sandbox.go:131: time="2024-02-05T14:22:20.082103985Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:20.082196197Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." error="no scratch file generator: skip plugin" type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:20.082216645Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:20.082236262Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured" sandbox.go:131: time="2024-02-05T14:22:20

Check failure on line 583 in tests/bake.go

View workflow job for this annotation

GitHub Actions / test-integration (docker\+containerd, ./tests)

Failed: tests/TestIntegration/TestBakeUlimits/worker=docker+containerd

=== RUN TestIntegration/TestBakeUlimits/worker=docker+containerd === PAUSE TestIntegration/TestBakeUlimits/worker=docker+containerd === CONT TestIntegration/TestBakeUlimits/worker=docker+containerd bake.go:583: Error Trace: /src/tests/bake.go:583 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:93 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:207 Error: Received unexpected error: exit status 1 Test: TestIntegration/TestBakeUlimits/worker=docker+containerd Messages: ERROR: invalid ulimit argument: nofile:1024:1024 sandbox.go:128: stdout: /usr/bin/dockerd sandbox.go:128: stderr: /usr/bin/dockerd sandbox.go:131: > startCmd 2024-02-05 14:22:08.328455836 +0000 UTC m=+34.446694266 /usr/bin/dockerd --data-root /tmp/integration514256617/d70evnlerqosa/root --exec-root /tmp/dxr/d70evnlerqosa --pidfile /tmp/integration514256617/d70evnlerqosa/docker.pid --containerd-namespace d70evnlerqosa --containerd-plugins-namespace d70evnlerqosap --host unix:///tmp/docker-integration/d70evnlerqosa.sock --config-file /tmp/integration514256617/daemon.json --userland-proxy=false --tls=false --debug sandbox.go:131: time="2024-02-05T14:22:08.358080768Z" level=info msg="Starting up" sandbox.go:131: time="2024-02-05T14:22:08.359196000Z" level=warning msg="could not change group /tmp/docker-integration/d70evnlerqosa.sock to docker: group docker not found" sandbox.go:131: time="2024-02-05T14:22:08.359828320Z" level=debug msg="Listener created for HTTP on unix (/tmp/docker-integration/d70evnlerqosa.sock)" sandbox.go:131: time="2024-02-05T14:22:08.359853598Z" level=info msg="containerd not running, starting managed containerd" sandbox.go:131: time="2024-02-05T14:22:08.362375859Z" level=info msg="started new containerd process" address=/tmp/dxr/d70evnlerqosa/containerd/containerd.sock module=libcontainerd pid=6783 sandbox.go:131: time="2024-02-05T14:22:08.363208303Z" level=debug msg="created containerd monitoring client" address=/tmp/dxr/d70evnlerqosa/containerd/containerd.sock module=libcontainerd sandbox.go:131: time="2024-02-05T14:22:08.363472942Z" level=debug msg="2024/02/05 14:22:08 WARNING: [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: \"/tmp/dxr/d70evnlerqosa/containerd/containerd.sock\", ServerName: \"localhost\", Attributes: {\"<%!p(networktype.keyType=grpc.internal.transport.networktype)>\": \"unix\" }, }. Err: connection error: desc = \"transport: Error while dialing: dial unix /tmp/dxr/d70evnlerqosa/containerd/containerd.sock: connect: no such file or directory\"" library=grpc sandbox.go:131: time="2024-02-05T14:22:08.372406260Z" level=info msg="starting containerd" revision=71909c1814c544ac47ab91d2e8b84718e517bb99 version=v1.7.12 sandbox.go:131: time="2024-02-05T14:22:08.384677755Z" level=info msg="loading plugin \"io.containerd.event.v1.exchange\"..." type=io.containerd.event.v1 sandbox.go:131: time="2024-02-05T14:22:08.384711848Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1 sandbox.go:131: time="2024-02-05T14:22:08.384746002Z" level=info msg="loading plugin \"io.containerd.warning.v1.deprecations\"..." type=io.containerd.warning.v1 sandbox.go:131: time="2024-02-05T14:22:08.384765218Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:08.384854294Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.blockfile\"..." error="no scratch file generator: skip plugin" type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:08.384873450Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1 sandbox.go:131: time="2024-02-05T14:22:08.384890452Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.dev

Check failure on line 583 in tests/bake.go

View workflow job for this annotation

GitHub Actions / test-integration (docker-container, ./tests)

Failed: tests/TestIntegration/TestBakeUlimits/worker=docker-container

=== RUN TestIntegration/TestBakeUlimits/worker=docker-container === PAUSE TestIntegration/TestBakeUlimits/worker=docker-container === CONT TestIntegration/TestBakeUlimits/worker=docker-container bake.go:583: Error Trace: /src/tests/bake.go:583 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:93 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:207 Error: Received unexpected error: exit status 1 Test: TestIntegration/TestBakeUlimits/worker=docker-container Messages: ERROR: invalid ulimit argument: nofile:1024:1024 --- FAIL: TestIntegration/TestBakeUlimits/worker=docker-container (1.24s)

Check failure on line 583 in tests/bake.go

View workflow job for this annotation

GitHub Actions / test-integration (remote, ./tests)

Failed: tests/TestIntegration/TestBakeUlimits/worker=remote

=== RUN TestIntegration/TestBakeUlimits/worker=remote === PAUSE TestIntegration/TestBakeUlimits/worker=remote === CONT TestIntegration/TestBakeUlimits/worker=remote bake.go:583: Error Trace: /src/tests/bake.go:583 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:93 /src/vendor/github.com/moby/buildkit/util/testutil/integration/run.go:207 Error: Received unexpected error: exit status 1 Test: TestIntegration/TestBakeUlimits/worker=remote Messages: ERROR: invalid ulimit argument: nofile:1024:1024 sandbox.go:128: stdout: /usr/bin/buildkitd --oci-worker=true --containerd-worker=false --oci-worker-gc=false --oci-worker-labels=org.mobyproject.buildkit.worker.sandbox=true --config=/tmp/bktest_config3913496509/buildkitd.toml --root /tmp/bktest_buildkitd2673620185 --addr unix:///tmp/bktest_buildkitd2673620185/buildkitd.sock --debug sandbox.go:128: stderr: /usr/bin/buildkitd --oci-worker=true --containerd-worker=false --oci-worker-gc=false --oci-worker-labels=org.mobyproject.buildkit.worker.sandbox=true --config=/tmp/bktest_config3913496509/buildkitd.toml --root /tmp/bktest_buildkitd2673620185 --addr unix:///tmp/bktest_buildkitd2673620185/buildkitd.sock --debug sandbox.go:131: > StartCmd 2024-02-05 14:21:41.010249249 +0000 UTC m=+9.274419930 /usr/bin/buildkitd --oci-worker=true --containerd-worker=false --oci-worker-gc=false --oci-worker-labels=org.mobyproject.buildkit.worker.sandbox=true --config=/tmp/bktest_config3913496509/buildkitd.toml --root /tmp/bktest_buildkitd2673620185 --addr unix:///tmp/bktest_buildkitd2673620185/buildkitd.sock --debug sandbox.go:131: time="2024-02-05T14:21:41Z" level=info msg="auto snapshotter: using overlayfs" sandbox.go:131: time="2024-02-05T14:21:41Z" level=warning msg="using host network as the default" sandbox.go:131: time="2024-02-05T14:21:41Z" level=info msg="found worker \"nlvgj621goo3r8aot0tpeiptl\", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:a3ef2dbd5c86 org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.oci.process-mode:sandbox org.mobyproject.buildkit.worker.sandbox:true org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/amd64/v2 linux/amd64/v3 linux/arm64 linux/riscv64 linux/ppc64le linux/s390x linux/386 linux/mips64le linux/mips64 linux/arm/v7 linux/arm/v6]" sandbox.go:131: time="2024-02-05T14:21:41Z" level=info msg="found 1 workers, default=\"nlvgj621goo3r8aot0tpeiptl\"" sandbox.go:131: time="2024-02-05T14:21:41Z" level=warning msg="currently, only the default worker can be used." sandbox.go:131: time="2024-02-05T14:21:41Z" level=info msg="running server on /tmp/bktest_buildkitd2673620185/buildkitd.sock" --- FAIL: TestIntegration/TestBakeUlimits/worker=remote (0.83s)

dt, err := os.ReadFile(filepath.Join(dirDest, "ulimit"))
require.NoError(t, err)
require.Contains(t, string(dt), `1024`)
}

0 comments on commit 3eba441

Please sign in to comment.