feat: display docker scout hints on build and pull #2252
Conversation
On `docker build` and `docker pull` commands, display a hint to `docker scout quickview`. Hints are disabled if quiet flag is used or if `DOCKER_SCOUT_HINTS` environment variable is set to a false (according to Go) value: `0`, `f`, `F`, `false`, `FALSE`, `False` In case of a `docker build` the `docker scout quickview` command doesn't need an argument as it will take the most recently built image by default. In case of a `docker pull` the pulled image is extracted from the command arguments. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
force-pushed
the
docker-scout-cli-hints
branch
from
676857e
to
635db3c
Compare
cli/mobycli/exec.go
Outdated
| if command == "pull" { | ||
| for _, a := range commandArgs[1:] { | ||
| if !strings.HasPrefix(a, "--") { | ||
| image = a |
There was a problem hiding this comment.
This probably won't work for docker build as it takes the build context as positional argument, not an image.
Also note that;
- build may not build an image (in case
--outputis used) - build allows controlling the output format (plain/tty), ik which case we may have to adjust the output accordingly
There was a problem hiding this comment.
Yes, this part is only for pull, not build. In case of a build we don't care that much as we already have a shortcut to get the most recently built image.
But I'll check:
- the output so it's only displayed when we build an image
- I'll check the output format
There was a problem hiding this comment.
The hint already handle plain/tty, I'll just check if there's other way to enable/disable it for build for instance
Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
only display the hints in main case, without progress, output or push flags Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
- cliHints entry in config.json - if not present, enabled by default - can be overridden by the DOCKER_CLI_HINTS environment variable Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
|
I updated some things:
|
Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
|
Also added a |
eunomie
force-pushed
the
docker-scout-cli-hints
branch
from
3a77039
to
ce28ca2
Compare
To avoid any conflict with the CLI, use the `plugins` section of the config. This section is read and saved by the CLI without the risk to remove the value in there. So it's a safe way to deal with this feature. As it's a cross plugin configuration (now for scout but goal is wider than that) then put it under a generic `-x-cli-hints` name so that other plugins might use it if needed. Value can be true/false, but is parsed against these exact two values instead of using the ParseBool. Both the environment variable and the config value are parsed the same way. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
force-pushed
the
docker-scout-cli-hints
branch
from
ce28ca2
to
8371dab
Compare
| b := color.New(color.Bold) | ||
| _, _ = fmt.Fprintln(out) | ||
| _, _ = b.Fprintln(out, "What's Next?") | ||
| _, _ = fmt.Fprintf(out, " View summary of image vulnerabilities and recommendations → %s", color.CyanString("docker scout quickview%s", image)) |
There was a problem hiding this comment.
For a while we've talked about using "analysis" vs "vulnerabilities", I feel like in this case, this might still be a better choice of word?
There was a problem hiding this comment.
🤔 I don't know, analysis is really more vague than "vulnerabilities and recommendations". Especially that's what will be displayed by the proposed command.
There was a problem hiding this comment.
OK for sure, I just know there's been a lot of discussion around trying to stop using "vulnerabilities", but if others have already seen this, then maybe it's fine as is.
There was a problem hiding this comment.
I don't know, I think I'm not aware of those discussions and it's still what we are displaying in the docker scout help so I'd more in favour to keep it consistent with the CLI.
Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
| displayPATSuggestMsg(commandArgs) | ||
| if !metrics.HasQuietFlag(commandArgs) { | ||
| switch command { | ||
| case "build": // only on regular build, not on buildx build |
There was a problem hiding this comment.
build command redirects to buildx build since Docker 23 and I don't see in the metrics.HasQuietFlag anything checking the BuildKit progress quiet mode.
| func displayScoutQuickViewSuggestMsgOnBuild(args []string) { | ||
| // only display the hint in the main case, build command and not buildx build, no output flag, no progress flag, no push flag | ||
| if utils.StringContains(args, "--output") || utils.StringContains(args, "-o") || | ||
| utils.StringContains(args, "--progress") || |
There was a problem hiding this comment.
Ah I see --progress but not BUILDKIT_PROGRESS env var being taken into account though.
| } | ||
|
|
||
| func displayScoutQuickViewSuggestMsgOnBuild(args []string) { | ||
| // only display the hint in the main case, build command and not buildx build, no output flag, no progress flag, no push flag |
There was a problem hiding this comment.
Same as previous comment, build redirects to buildx build since Docker 23 and therefore buildx build flags are being applied.
There was a problem hiding this comment.
I'm not sure to understand.
Here I check the command flags the user is passing, not what it's done internally. So if it's a buildx build command hint will not be displayed, as well as if it's a build command with --progress or --output flags.
Then the build command can redirect to buildx build but it's more an implementation detail here, no?
the same way we check --progress flag, if it exists, disable Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
What I did
On
docker buildanddocker pullcommands, display a hint todocker scout quickview.Hints are enabled by default.
To disable them:
--quiet/-qquiet flagDOCKER_CLI_HINTSenvironment variable with a false (according to Go) value-x-cli-hintsconfiguration in~/.docker/config.jsonfile under{plugins: {-x-cli-hints: {enabled}}}In case of
build, if--push,--progressor--outputflag are used, hints are not displayed to keep it working on main (and less advanced) case.There's no hint for
buildx build.In case of a
docker buildthedocker scout quickviewcommand doesn't need an argument as it will take the most recently built image by default.In case of a
docker pullthe pulled image is extracted from the command arguments.The output already handles plain/tty display:
Related issue
https://github.com/docker/team-ssc-dev-features/issues/306
(not mandatory) A picture of a cute animal, if possible in relation with what you did
