/
bud.bats
6461 lines (5429 loc) · 240 KB
/
bud.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/env bats
load helpers
@test "bud with a path to a Dockerfile (-f) containing a non-directory entry" {
run_buildah 125 build -f $BUDFILES/non-directory-in-path/non-directory/Dockerfile
expect_output --substring "non-directory/Dockerfile: not a directory"
}
@test "bud stdio is usable pipes" {
run_buildah build $BUDFILES/stdio
}
@test "bud: build manifest list and --add-compression zstd" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile1 << _EOF
FROM alpine
_EOF
start_registry
run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
run_buildah build $WITH_POLICY_JSON -t image1 --platform linux/amd64 -f $contextdir/Dockerfile1
run_buildah build $WITH_POLICY_JSON -t image2 --platform linux/arm64 -f $contextdir/Dockerfile1
run_buildah manifest create foo
run_buildah manifest add foo image1
run_buildah manifest add foo image2
run_buildah manifest push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --all --add-compression zstd --tls-verify=false foo docker://localhost:${REGISTRY_PORT}/list
run_buildah manifest inspect --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false localhost:${REGISTRY_PORT}/list
list="$output"
validate_instance_compression "0" "$list" "amd64" "gzip"
validate_instance_compression "1" "$list" "arm64" "gzip"
validate_instance_compression "2" "$list" "amd64" "zstd"
validate_instance_compression "3" "$list" "arm64" "zstd"
}
@test "bud: build manifest list with --add-compression zstd, --compression and --force-compression" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile1 << _EOF
FROM alpine
_EOF
start_registry
run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
run_buildah build $WITH_POLICY_JSON -t image1 --platform linux/amd64 -f $contextdir/Dockerfile1
run_buildah build $WITH_POLICY_JSON -t image2 --platform linux/arm64 -f $contextdir/Dockerfile1
run_buildah manifest create foo
run_buildah manifest add foo image1
run_buildah manifest add foo image2
run_buildah manifest push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --all --add-compression zstd --tls-verify=false foo docker://localhost:${REGISTRY_PORT}/list
run_buildah manifest inspect --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false localhost:${REGISTRY_PORT}/list
list="$output"
validate_instance_compression "0" "$list" "amd64" "gzip"
validate_instance_compression "1" "$list" "arm64" "gzip"
validate_instance_compression "2" "$list" "amd64" "zstd"
validate_instance_compression "3" "$list" "arm64" "zstd"
# Pushing again should keep every thing intact if original compression is `gzip` and `--force-compression` is specified
run_buildah manifest push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --all --add-compression zstd --compression-format gzip --force-compression --tls-verify=false foo docker://localhost:${REGISTRY_PORT}/list
run_buildah manifest inspect --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false localhost:${REGISTRY_PORT}/list
list="$output"
validate_instance_compression "0" "$list" "amd64" "gzip"
validate_instance_compression "1" "$list" "arm64" "gzip"
validate_instance_compression "2" "$list" "amd64" "zstd"
validate_instance_compression "3" "$list" "arm64" "zstd"
# Pushing again without --force-compression but with --compression-format should do the same thing
run_buildah manifest push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --all --add-compression zstd --compression-format gzip --tls-verify=false foo docker://localhost:${REGISTRY_PORT}/list
run_buildah manifest inspect --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false localhost:${REGISTRY_PORT}/list
list="$output"
validate_instance_compression "0" "$list" "amd64" "gzip"
validate_instance_compression "1" "$list" "arm64" "gzip"
validate_instance_compression "2" "$list" "amd64" "zstd"
validate_instance_compression "3" "$list" "arm64" "zstd"
}
@test "Multi-stage should not remove used base-image without --layers" {
run_buildah build -t parent-one -f $BUDFILES/multi-stage-only-base/Containerfile1
run_buildah build -t parent-two -f $BUDFILES/multi-stage-only-base/Containerfile2
run_buildah build -t multi-stage -f $BUDFILES/multi-stage-only-base/Containerfile3
run_buildah images -a
expect_output --substring "parent-one" "parent one must not be removed"
}
@test "no layer should be created on scratch" {
run_buildah build --layers --label "label1=value1" -t test -f $BUDFILES/from-scratch/Containerfile
run_buildah inspect -f '{{len .Docker.RootFS.DiffIDs}}' test
expect_output "0" "layer should not exist"
run_buildah build --layers -t test -f $BUDFILES/from-scratch/Containerfile
run_buildah inspect -f '{{len .Docker.RootFS.DiffIDs}}' test
expect_output "0" "layer should not exist"
}
@test "bud: build push with --force-compression" {
skip_if_no_podman
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile1 << _EOF
FROM alpine
_EOF
start_registry
run_buildah login --tls-verify=false --authfile ${TEST_SCRATCH_DIR}/test.auth --username testuser --password testpassword localhost:${REGISTRY_PORT}
run_buildah build $WITH_POLICY_JSON -t image1 --platform linux/amd64 -f $contextdir/Dockerfile1
run_buildah push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false --compression-format gzip image1 docker://localhost:${REGISTRY_PORT}/image
run podman run --rm --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z --net host quay.io/skopeo/stable inspect --authfile=/test.auth --tls-verify=false --raw docker://localhost:${REGISTRY_PORT}/image
# layers should have no trace of zstd since push was with --compression-format gzip
assert "$output" !~ "zstd" "zstd found in layers where push was with --compression-format gzip"
run_buildah push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false --compression-format zstd --force-compression=false image1 docker://localhost:${REGISTRY_PORT}/image
run podman run --rm --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z --net host quay.io/skopeo/stable inspect --authfile=/test.auth --tls-verify=false --raw docker://localhost:${REGISTRY_PORT}/image
# layers should have no trace of zstd since push is --force-compression=false
assert "$output" !~ "zstd" "zstd found even though push was without --force-compression"
run_buildah push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false --compression-format zstd image1 docker://localhost:${REGISTRY_PORT}/image
run podman run --rm --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z --net host quay.io/skopeo/stable inspect --authfile=/test.auth --tls-verify=false --raw docker://localhost:${REGISTRY_PORT}/image
# layers should container `zstd`
expect_output --substring "zstd" "layers must contain zstd compression"
run_buildah push $WITH_POLICY_JSON --authfile ${TEST_SCRATCH_DIR}/test.auth --tls-verify=false --compression-format zstd --force-compression image1 docker://localhost:${REGISTRY_PORT}/image
run podman run --rm --mount type=bind,src=${TEST_SCRATCH_DIR}/test.auth,target=/test.auth,Z --net host quay.io/skopeo/stable inspect --authfile=/test.auth --tls-verify=false --raw docker://localhost:${REGISTRY_PORT}/image
# layers should container `zstd`
expect_output --substring "zstd" "layers must contain zstd compression"
}
@test "bud with --dns* flags" {
_prefetch alpine
for dnsopt in --dns --dns-option --dns-search; do
run_buildah 125 build $dnsopt=example.com --network=none $WITH_POLICY_JSON -f $BUDFILES/dns/Dockerfile $BUDFILES/dns
expect_output "Error: the $dnsopt option cannot be used with --network=none" "dns options should not be allowed with --network=none"
done
run_buildah build --dns-search=example.com --dns=223.5.5.5 --dns-option=use-vc $WITH_POLICY_JSON -f $BUDFILES/dns/Dockerfile $BUDFILES/dns
expect_output --substring "search example.com"
expect_output --substring "nameserver 223.5.5.5"
expect_output --substring "options use-vc"
}
@test "build with inline RUN --network=host" {
#hostns=$(readlink /proc/self/ns/net)
run readlink /proc/self/ns/net
hostns="$output"
run_buildah build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile1
expect_output --from="${lines[8]}" "${hostns}"
}
@test "build with inline RUN --network=none" {
run_buildah 1 build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile2
expect_output --substring "wget: bad address"
}
@test "build with inline RUN --network=fake" {
run_buildah 125 build $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile3
expect_output --substring "unsupported value"
}
@test "build with inline default RUN --network=default" {
skip_if_chroot
_prefetch alpine
run readlink /proc/self/ns/net
hostns=$output
run_buildah build --network=host $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile4
firstns=${lines[2]}
assert "${hostns}" == "$firstns"
run_buildah build --network=private $WITH_POLICY_JSON -t source -f $BUDFILES/inline-network/Dockerfile4
secondns=${lines[2]}
assert "$secondns" != "$firstns"
}
@test "bud with ignoresymlink on default file" {
cat > /tmp/private_file << _EOF
hello
_EOF
run_buildah build $WITH_POLICY_JSON -t test -f Dockerfile $BUDFILES/container-ignoresymlink
# Default file must not point to symlink so hello should not be ignored from build context
expect_output --substring "hello"
}
#Verify https://github.com/containers/buildah/issues/4342
@test "buildkit-mount type=cache should not hang if cache is wiped in between" {
containerfile=$BUDFILES/cache-mount-locked/Containerfile
run_buildah build $WITH_POLICY_JSON --build-arg WIPE_CACHE=1 -t source -f $containerfile $BUDFILES/cache-mount-locked
# build should be success and must contain `hello` from `file` in last step
expect_output --substring "hello"
}
# Test for https://github.com/containers/buildah/pull/4295
@test "build test warning for preconfigured TARGETARCH, TARGETOS, TARGETPLATFORM or TARGETVARIANT" {
_prefetch alpine
containerfile=$BUDFILES/platform-sets-args/Containerfile
# Containerfile must contain one or more (four, as of 2022-10) lines
# of the form 'ARG TARGETxxx' for each of the variables of interest.
local -a checkvars=($(sed -ne 's/^ARG //p' <$containerfile))
assert "${checkvars[*]}" != "" \
"INTERNAL ERROR! No 'ARG xxx' lines in $containerfile!"
# With explicit and full --platform, buildah should not warn.
run_buildah build $WITH_POLICY_JSON --platform linux/amd64/v2 \
-t source -f $containerfile
assert "$output" !~ "missing .* build argument" \
"With explicit --platform, buildah should not warn"
# Likewise with individual args
run_buildah build $WITH_POLICY_JSON --os linux --arch amd64 --variant v2 \
-t source -f $containerfile
assert "$output" !~ "missing .* build argument" \
"With explicit --os + --arch + --variant, buildah should not warn"
# FIXME FIXME FIXME: #4319: with --os only, buildah should not warn about OS
if false; then
run_buildah build $WITH_POLICY_JSON --os linux \
-t source -f $containerfile
assert "$output" !~ "missing.*TARGETOS" \
"With explicit --os (but no arch/variant), buildah should not warn about TARGETOS"
# FIXME: add --arch test too, and maybe make this cleaner
fi
}
@test "build-conflicting-isolation-chroot-and-network" {
_prefetch alpine
cat > ${TEST_SCRATCH_DIR}/Containerfile << _EOF
FROM alpine
RUN ping -c 1 4.2.2.2
_EOF
run_buildah 125 build --network=none --isolation=chroot $WITH_POLICY_JSON ${TEST_SCRATCH_DIR}
expect_output --substring "cannot set --network other than host with --isolation chroot"
}
@test "bud with .dockerignore #1" {
_prefetch alpine busybox
run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $BUDFILES/dockerignore/Dockerfile $BUDFILES/dockerignore
expect_output --substring 'building.*"COPY subdir \./".*no such file or directory'
run_buildah build -t testbud $WITH_POLICY_JSON -f $BUDFILES/dockerignore/Dockerfile.succeed $BUDFILES/dockerignore
run_buildah from --name myctr testbud
run_buildah 1 run myctr ls -l test1.txt
run_buildah run myctr ls -l test2.txt
run_buildah 1 run myctr ls -l sub1.txt
run_buildah 1 run myctr ls -l sub2.txt
run_buildah 1 run myctr ls -l subdir/
}
@test "bud build with heredoc content" {
run_buildah build -t heredoc $WITH_POLICY_JSON -f $BUDFILES/heredoc/Containerfile .
expect_output --substring "print first line from heredoc"
expect_output --substring "print second line from heredoc"
expect_output --substring "Heredoc writing first file"
expect_output --substring "some text of first file"
expect_output --substring "file2 from python"
expect_output --substring "(your index page goes here)"
expect_output --substring "(robots content)"
expect_output --substring "(humans content)"
expect_output --substring "this is the output of test6 part1"
expect_output --substring "this is the output of test6 part2"
expect_output --substring "this is the output of test7 part1"
expect_output --substring "this is the output of test7 part2"
expect_output --substring "this is the output of test7 part3"
expect_output --substring "this is the output of test8 part1"
expect_output --substring "this is the output of test8 part2"
}
@test "bud with .containerignore" {
_prefetch alpine busybox
run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $BUDFILES/containerignore/Dockerfile $BUDFILES/containerignore
expect_output --substring 'building.*"COPY subdir \./".*no such file or directory'
run_buildah build -t testbud $WITH_POLICY_JSON -f $BUDFILES/containerignore/Dockerfile.succeed $BUDFILES/containerignore
run_buildah from --name myctr testbud
run_buildah 1 run myctr ls -l test1.txt
run_buildah run myctr ls -l test2.txt
run_buildah 1 run myctr ls -l sub1.txt
run_buildah 1 run myctr ls -l sub2.txt
run_buildah 1 run myctr ls -l subdir/
}
@test "bud with .dockerignore - unmatched" {
# Here .dockerignore contains 'unmatched', which will not match anything.
# Therefore everything in the subdirectory should be copied into the image.
#
# We need to do this from a tmpdir, not the original or distributed
# bud subdir, because of rpm: as of 2020-04-01 rpmbuild 4.16 alpha
# on rawhide no longer packages circular symlinks (rpm issue #1159).
# We used to include these symlinks in git and the rpm; now we need to
# set them up manually as part of test setup to be able to package tests.
local contextdir=${TEST_SCRATCH_DIR}/dockerignore2
cp -a $BUDFILES/dockerignore2 $contextdir
# Create symlinks, including bad ones
ln -sf subdir $contextdir/symlink
ln -sf circular-link $contextdir/subdir/circular-link
ln -sf no-such-file $contextdir/subdir/dangling-link
# Build, create a container, mount it, and list all files therein
run_buildah build -t testbud2 $WITH_POLICY_JSON $contextdir
run_buildah from --pull=false testbud2
cid=$output
run_buildah mount $cid
mnt=$output
run find $mnt -printf "%P(%l)\n"
filelist=$(LC_ALL=C sort <<<"$output")
run_buildah umount $cid
# Format is: filename, and, in parentheses, symlink target (usually empty)
# The list below has been painstakingly crafted; please be careful if
# you need to touch it (e.g. if you add new files/symlinks)
expect="()
.dockerignore()
Dockerfile()
subdir()
subdir/circular-link(circular-link)
subdir/dangling-link(no-such-file)
subdir/sub1.txt()
subdir/subsubdir()
subdir/subsubdir/subsub1.txt()
symlink(subdir)"
# If this test ever fails, the 'expect' message will be almost impossible
# for humans to read -- sorry, I never implemented multi-line comparisons.
# Should this ever happen, uncomment these two lines and run tests in
# your own vm; then diff the two files.
#echo "$filelist" >${TMPDIR}/filelist.actual
#echo "$expect" >${TMPDIR}/filelist.expect
expect_output --from="$filelist" "$expect" "container file list"
}
@test "bud with .dockerignore #2" {
run_buildah 125 build -t testbud3 $WITH_POLICY_JSON $BUDFILES/dockerignore3
expect_output --substring 'building.*"COPY test1.txt /upload/test1.txt".*no such file or directory'
expect_output --substring $(realpath "$BUDFILES/dockerignore3/.dockerignore")
}
@test "bud with .dockerignore #4" {
run_buildah 125 build -t testbud3 $WITH_POLICY_JSON -f Dockerfile.test $BUDFILES/dockerignore4
expect_output --substring 'building.*"COPY test1.txt /upload/test1.txt".*no such file or directory'
expect_output --substring '1 filtered out using /[^ ]*/Dockerfile.test.dockerignore'
}
@test "bud with .dockerignore #6" {
_prefetch alpine busybox
run_buildah 125 build -t testbud $WITH_POLICY_JSON -f $BUDFILES/dockerignore6/Dockerfile $BUDFILES/dockerignore6
expect_output --substring 'building.*"COPY subdir \./".*no such file or directory'
run_buildah build -t testbud $WITH_POLICY_JSON -f $BUDFILES/dockerignore6/Dockerfile.succeed $BUDFILES/dockerignore6
run_buildah from --name myctr testbud
run_buildah 1 run myctr ls -l test1.txt
run_buildah run myctr ls -l test2.txt
run_buildah 1 run myctr ls -l sub1.txt
run_buildah 1 run myctr ls -l sub2.txt
run_buildah 1 run myctr ls -l subdir/
}
@test "build with --platform without OS" {
run_buildah info --format '{{.host.arch}}'
myarch="$output"
run_buildah build --platform $myarch $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile
expect_output --substring "This is built for $myarch"
## podman-remote binding has a bug where is sends `--platform as /`
run_buildah build --platform "/" $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile
expect_output --substring "This is built for $myarch"
}
@test "build with basename resolving default arg" {
run_buildah info --format '{{.host.arch}}'
myarch="$output"
run_buildah info --format '{{.host.variant}}'
myvariant="$output"
run_buildah build --platform linux/$myarch/$myvariant $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile
expect_output --substring "This is built for $myarch"
}
@test "build with basename resolving user arg" {
run_buildah build --build-arg CUSTOM_TARGET=first $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for first"
run_buildah build --build-arg CUSTOM_TARGET=second $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for second"
}
@test "build with basename resolving user arg from file" {
run_buildah build \
--build-arg-file $BUDFILES/base-with-arg/first.args \
$WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for first"
run_buildah build \
--build-arg-file $BUDFILES/base-with-arg/second.args \
$WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for second"
}
@test "build with basename resolving user arg from latest file in arg list" {
run_buildah build \
--build-arg-file $BUDFILES/base-with-arg/second.args \
--build-arg-file $BUDFILES/base-with-arg/first.args \
$WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for first"
}
@test "build with basename resolving user arg from in arg list" {
run_buildah build \
--build-arg-file $BUDFILES/base-with-arg/second.args \
--build-arg CUSTOM_TARGET=first \
$WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfile2
expect_output --substring "This is built for first"
}
# Following test should fail since we are trying to use build-arg which
# was not declared. Honors discussion here: https://github.com/containers/buildah/pull/4061/commits/1237c04d6ae0ee1f027a1f02bf3ab5c57ac7d9b6#r906188374
@test "build with basename resolving user arg - should fail" {
run_buildah 125 build --build-arg CUSTOM_TARGET=first $WITH_POLICY_JSON -t test -f $BUDFILES/base-with-arg/Containerfilebad
expect_output --substring "invalid reference format"
}
# Try building with arch and variant
# Issue: https://github.com/containers/buildah/issues/4276
@test "build-with-inline-platform-and-variant" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM --platform=freebsd/arm64/v8 scratch
COPY . .
_EOF
run_buildah build $WITH_POLICY_JSON -t test $contextdir
run_buildah inspect --format '{{ .OCIv1.Architecture }}' test
expect_output --substring "arm64"
run_buildah inspect --format '{{ .OCIv1.Variant }}' test
expect_output --substring "v8"
}
# Following test must fail since we are trying to run linux/arm64 on linux/amd64
# Issue: https://github.com/containers/buildah/issues/3712
@test "build-with-inline-platform" {
# Host arch
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
run_buildah info --format '{{.host.arch}}'
myarch="$output"
otherarch="arm64"
# just make sure that other arch is not equivalent to host arch
if [[ "$otherarch" == "$myarch" ]]; then
otherarch="amd64"
fi
# ...create a Containerfile with --platform=linux/$otherarch
cat > $contextdir/Dockerfile << _EOF
FROM --platform=linux/${otherarch} alpine
RUN uname -m
_EOF
run_buildah '?' build $WITH_POLICY_JSON -t test $contextdir
if [[ $status -eq 0 ]]; then
run_buildah inspect --format '{{ .OCIv1.Architecture }}' test
expect_output --substring "$otherarch"
else
# Build failed: we DO NOT have qemu-user-static installed.
expect_output --substring "format error"
fi
}
@test "build-with-inline-platform-and-rely-on-defaultbuiltinargs" {
# Get host arch
run_buildah info --format '{{.host.arch}}'
myarch="$output"
otherarch="arm64"
# just make sure that other arch is not equivalent to host arch
if [[ "$otherarch" == "$myarch" ]]; then
otherarch="amd64"
fi
run_buildah build --platform linux/$otherarch $WITH_POLICY_JSON -t test -f $BUDFILES/multiarch/Dockerfile.built-in-args
expect_output --substring "I'm compiling for linux/$otherarch"
expect_output --substring "and tagging for linux/$otherarch"
expect_output --substring "and OS linux"
expect_output --substring "and ARCH $otherarch"
run_buildah inspect --format '{{ .OCIv1.Architecture }}' test
expect_output --substring "$otherarch"
}
# Buildkit parity: this verifies if we honor custom overrides of TARGETOS, TARGETVARIANT, TARGETARCH and TARGETPLATFORM if user wants
@test "build-with-inline-platform-and-rely-on-defaultbuiltinargs-check-custom-override" {
run_buildah build --platform linux/arm64 $WITH_POLICY_JSON --build-arg TARGETOS=android -t test -f $BUDFILES/multiarch/Dockerfile.built-in-args
expect_output --substring "I'm compiling for linux/arm64"
expect_output --substring "and tagging for linux/arm64"
## Note since we used --build-arg and overrode OS, OS must be android
expect_output --substring "and OS android"
expect_output --substring "and ARCH $otherarch"
run_buildah inspect --format '{{ .OCIv1.Architecture }}' test
expect_output --substring "$otherarch"
}
# Following test must pass since we want to tag image as host arch
# Test for use-case described here: https://github.com/containers/buildah/issues/3261
@test "build-with-inline-platform-amd-but-tag-as-arm" {
# Host arch
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
run_buildah info --format '{{.host.arch}}'
myarch="$output"
targetarch="arm64"
if [[ "$targetArch" == "$myarch" ]]; then
targetarch="amd64"
fi
cat > $contextdir/Dockerfile << _EOF
FROM --platform=linux/${myarch} alpine
RUN uname -m
_EOF
# Tries building image where baseImage has --platform=linux/HostArch
run_buildah build --platform linux/${targetarch} $WITH_POLICY_JSON -t test $contextdir
run_buildah inspect --format '{{ .OCIv1.Architecture }}' test
# base image is pulled as HostArch but tagged as non host arch
expect_output --substring $targetarch
}
# Test build with --add-history=false
@test "build-with-omit-history-to-true should not add history" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile1 << _EOF
FROM alpine
RUN echo hello
RUN echo world
_EOF
# Built image must not contain history for the layers which we have just built.
run_buildah build $WITH_POLICY_JSON --omit-history -t source -f $contextdir/Dockerfile1
run_buildah inspect --format "{{index .Docker.History}}" source
expect_output "[]"
run_buildah inspect --format "{{index .OCIv1.History}}" source
expect_output "[]"
run_buildah inspect --format "{{index .History}}" source
expect_output "[]"
}
# Test building with --userns=auto
@test "build with --userns=auto also with size" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
user=$USER
if [[ "$user" == "root" ]]; then
user="containers"
fi
if ! grep -q $user "/etc/subuid"; then
skip "cannot find mappings for the current user"
fi
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN cat /proc/self/uid_map
RUN echo hello
FROM alpine
COPY --from=0 /tmp /tmp
RUN cat /proc/self/uid_map
RUN ls -a
_EOF
run_buildah build --userns=auto $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "1024"
run_buildah build --userns=auto:size=500 $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "500"
}
# Test building with --userns=auto with uidmapping
@test "build with --userns=auto with uidmapping" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
user=$USER
if [[ "$user" == "root" ]]; then
user="containers"
fi
if ! grep -q $user "/etc/subuid"; then
skip "cannot find mappings for the current user"
fi
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN cat /proc/self/uid_map
_EOF
run_buildah build --userns=auto:size=8192,uidmapping=0:0:1 $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "8191"
run_buildah build --userns=auto:uidmapping=0:0:1 $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring " 0 0 1"
}
# Test building with --userns=auto with gidmapping
@test "build with --userns=auto with gidmapping" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
user=$USER
if [[ "$user" == "root" ]]; then
user="containers"
fi
if ! grep -q $user "/etc/subuid"; then
skip "cannot find mappings for the current user"
fi
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN cat /proc/self/gid_map
_EOF
run_buildah build --userns=auto:size=8192,gidmapping=0:0:1 $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "8191"
run_buildah build --userns=auto:gidmapping=0:0:1 $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring " 0 0 1"
}
# Test bud with prestart hook
@test "build-test with OCI prestart hook" {
skip_if_in_container # This works in privileged container setup but does not works in CI setup
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir/hooks
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo hello
_EOF
cat > $contextdir/hooks/test.json << _EOF
{
"version": "1.0.0",
"hook": {
"path": "$contextdir/hooks/test"
},
"when": {
"always": true
},
"stages": ["prestart"]
}
_EOF
cat > $contextdir/hooks/test << _EOF
#!/bin/sh
echo from-hook > $contextdir/hooks/hook-output
_EOF
# make actual hook executable
chmod +x $contextdir/hooks/test
run_buildah build $WITH_POLICY_JSON -t source --hooks-dir=$contextdir/hooks -f $contextdir/Dockerfile
run cat $contextdir/hooks/hook-output
expect_output --substring "from-hook"
}
@test "build with add resolving to invalid HTTP status code" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine
ADD https://google.com/test /
_EOF
run_buildah 125 build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "invalid response status"
}
@test "build test has gid in supplemental groups" {
_prefetch alpine
run_buildah build $WITH_POLICY_JSON -t source -f $BUDFILES/supplemental-groups/Dockerfile
# gid 1000 must be in supplemental groups
expect_output --substring "Groups: 1000"
}
@test "build test if supplemental groups has gid with --isolation chroot" {
test -z "${BUILDAH_ISOLATION}" || skip "BUILDAH_ISOLATION=${BUILDAH_ISOLATION} overrides --isolation"
_prefetch alpine
run_buildah build --isolation chroot $WITH_POLICY_JSON -t source -f $BUDFILES/supplemental-groups/Dockerfile
# gid 1000 must be in supplemental groups
expect_output --substring "Groups: 1000"
}
@test "build-test --mount=type=secret test relative to workdir mount" {
local contextdir=$BUDFILES/secret-relative
run_buildah build $WITH_POLICY_JSON --no-cache --secret id=secret-foo,src=$contextdir/secret1.txt --secret id=secret-bar,src=$contextdir/secret2.txt -t test -f $contextdir/Dockerfile
expect_output --substring "secret:foo"
expect_output --substring "secret:bar"
}
@test "build-test --mount=type=cache test relative to workdir mount" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
## write-cache
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN mkdir test
WORKDIR test
RUN --mount=type=cache,id=YfHI60aApFM-target,target=target echo world > /test/target/hello
_EOF
run_buildah build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN mkdir test
WORKDIR test
RUN --mount=type=cache,id=YfHI60aApFM-target,target=target cat /test/target/hello
_EOF
run_buildah build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "world"
}
@test "build-test do not use mount stage from cache if it was rebuilt" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine as dependencies
RUN mkdir /build && echo v1 > /build/version
FROM alpine
RUN --mount=type=bind,source=/build,target=/build,from=dependencies \
cp /build/version /version
RUN cat /version
_EOF
run_buildah build $WITH_POLICY_JSON --layers -t source -f $contextdir/Dockerfile
run_buildah build $WITH_POLICY_JSON --layers -t source2 -f $contextdir/Dockerfile
expect_output --substring "Using cache"
# First stage i.e dependencies is changed so it should not use the steps in second stage from
# cache
cat > $contextdir/Dockerfile << _EOF
FROM alpine as dependencies
RUN mkdir /build && echo v2 > /build/version
FROM alpine
RUN --mount=type=bind,source=/build,target=/build,from=dependencies \
cp /build/version /version
RUN cat /version
_EOF
run_buildah build $WITH_POLICY_JSON --layers -t source3 -f $contextdir/Dockerfile
assert "$output" !~ "Using cache"
}
# Verify: https://github.com/containers/buildah/issues/4572
@test "build-test verify no dangling containers are left" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine AS alpine_builder
FROM busybox AS busybox_builder
FROM scratch
COPY --from=alpine_builder /etc/alpine* .
COPY --from=busybox_builder /bin/busybox /bin/busybox
_EOF
run_buildah build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
# No leftover containers, just the header line.
run_buildah containers
expect_line_count 1
}
# Verify: https://github.com/containers/buildah/issues/4485
# Verify: https://github.com/containers/buildah/issues/4319
@test "No default warning for TARGETARCH, TARGETOS, TARGETPLATFORM " {
local contextdir=$BUDFILES/targetarch
run_buildah build $WITH_POLICY_JSON --platform=linux/amd64,linux/arm64 -f $contextdir/Dockerfile
assert "$output" !~ "one or more build args were not consumed" \
"No warning for default args should be there"
run_buildah build $WITH_POLICY_JSON --os linux -f $contextdir/Dockerfile
assert "$output" !~ "Try adding" \
"No Warning for default args should be there"
}
@test "build-test skipping unwanted stages with --skip-unused-stages=false and --skip-unused-stages=true" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo "first unwanted stage"
FROM alpine as one
RUN echo "needed stage"
FROM alpine
RUN echo "another unwanted stage"
FROM one
RUN echo "target stage"
_EOF
# with --skip-unused-stages=false
run_buildah build $WITH_POLICY_JSON --skip-unused-stages=false -t source -f $contextdir/Dockerfile
expect_output --substring "needed stage"
expect_output --substring "target stage"
# this is expected since user specified `--skip-unused-stages=false`
expect_output --substring "first unwanted stage"
expect_output --substring "another unwanted stage"
# with --skip-unused-stages=true
run_buildah build $WITH_POLICY_JSON --skip-unused-stages=true -t source -f $contextdir/Dockerfile
expect_output --substring "needed stage"
expect_output --substring "target stage"
assert "$output" !~ "unwanted stage"
}
@test "build-test: do not warn for instructions declared in unused stages" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo "first unwanted stage"
FROM alpine as one
RUN echo "needed stage"
FROM alpine
ARG FOO_BAR
RUN echo "another unwanted stage"
FROM one
RUN echo "target stage"
_EOF
# with --skip-unused-stages=true no warning should be printed since ARG is decalred in stage which is not used
run_buildah build $WITH_POLICY_JSON --skip-unused-stages=true -t source -f $contextdir/Dockerfile
expect_output --substring "needed stage"
expect_output --substring "target stage"
assert "$output" !~ "unwanted stage"
# must not contain warning "missing FOO_BAR"
assert "$output" !~ "missing"
# with --skip-unused-stages=false should print unwanted stage as well as warning for unused arg
run_buildah build $WITH_POLICY_JSON --skip-unused-stages=false -t source -f $contextdir/Dockerfile
expect_output --substring "needed stage"
expect_output --substring "target stage"
expect_output --substring "unwanted stage"
expect_output --substring "missing"
}
# Test skipping images with FROM
@test "build-test skipping unwanted stages with FROM" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo "unwanted stage"
FROM alpine as one
RUN echo "needed stage"
FROM alpine
RUN echo "another unwanted stage"
FROM one
RUN echo "target stage"
_EOF
run_buildah build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile
expect_output --substring "needed stage"
expect_output --substring "target stage"
assert "$output" !~ "unwanted stage"
}
# Note: Please skip this tests in case of podman-remote build
@test "build: test race in updating image name while performing parallel commits" {
_prefetch alpine
# Run 25 parallel builds using the same Containerfile
local count=25
for i in $(seq --format '%02g' 1 $count); do
timeout --foreground -v --kill=10 300 \
${BUILDAH_BINARY} ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} $WITH_POLICY_JSON build --quiet --squash --iidfile ${TEST_SCRATCH_DIR}/id.$i --timestamp 0 -f $BUDFILES/check-race/Containerfile >/dev/null &
done
# Wait for all background builds to complete. Note that this succeeds
# even if some of the individual builds fail! Our actual test is below.
wait
# Number of output bytes must be always same, which confirms that there is no race.
assert "$(cat ${TEST_SCRATCH_DIR}/id.* | wc -c)" = 1775 "Total chars in all id.* files"
# clean all images built for this test
run_buildah rmi --all -f
}
# Test skipping images with FROM but stage name also conflicts with additional build context
# so selected stage should be still skipped since it is not being actually used by additional build
# context is being used.
@test "build-test skipping unwanted stages with FROM and conflict with additional build context" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
# add file on original context
echo something > $contextdir/somefile
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo "unwanted stage"
FROM alpine as one
RUN echo "unwanted stage"
RUN echo "from stage unwanted stage"
FROM alpine
RUN echo "another unwanted stage"
FROM alpine
COPY --from=one somefile .
RUN cat somefile
_EOF
run_buildah build $WITH_POLICY_JSON --build-context one=$contextdir -t source -f $contextdir/Dockerfile
expect_output --substring "something"
assert "$output" !~ "unwanted stage"
}
# Test skipping unwanted stage with COPY from stage name
@test "build-test skipping unwanted stages with COPY from stage name" {
local contextdir=${TEST_SCRATCH_DIR}/bud/platform
mkdir -p $contextdir
echo something > $contextdir/somefile
cat > $contextdir/Dockerfile << _EOF
FROM alpine
RUN echo "unwanted stage"
FROM alpine as one
RUN echo "needed stage"
COPY somefile file
FROM alpine
COPY --from=one file .
RUN cat file
RUN echo "target stage"
_EOF
run_buildah build $WITH_POLICY_JSON -t source -f $contextdir/Dockerfile $contextdir
expect_output --substring "needed stage"
expect_output --substring "something"
expect_output --substring "target stage"
assert "$output" !~ "unwanted stage"