-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sourcepolicy #3332
Sourcepolicy #3332
Conversation
e8f8a03
to
4e308ac
Compare
1ad024c
to
43e8ffb
Compare
Marking this ready, looks like it's gonna be all 💚 |
43e8ffb
to
c196502
Compare
solver/llbsolver/solver.go
Outdated
@@ -125,7 +129,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { | |||
return s.bridge(b) | |||
} | |||
|
|||
func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor) (_ *client.SolveResponse, err error) { | |||
func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, post []Processor, srcPol *sourcepolicypb.Policy) (_ *client.SolveResponse, err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SolverResponse should contain a (boolean?) value that indicates whether the policy was consumed or not
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consumed in what way? Policy applied to sources?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a boolean here is not very useful except for just 1-off testing cases.
Probably it would be best to look at the build metadata to see what sources were actually used... maybe we could add something to trace policy usage in that metadata, but this will require a bit more effort.
f491e5f
to
9502353
Compare
This is updated with suggestions. |
32a6668
to
2bce7d0
Compare
87725f9
to
385f4f0
Compare
385f4f0
to
aeca4e1
Compare
Alternative to PR 2816 ("dockerfile: support Dockerfile.pin for pinning sources") This version is implemented on the llbsolver side and agnostic to the LLB frontends. See `solver/llbsolver/vertex.go:loadLLB()`. See `docs/build-repro.md` for the usage. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This defines a better type for wildcard matching as well as a more appropritate package (contributed by Akihiro) for doing wildcard matching. Also some improvements to caching state such as compiled regexes. Co-authored-by: Akihiro Suda <suda.kyoto@gmail.com> Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes destination more symetrical with sources. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Allows frontends to pass in a list of policies in the solve request. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
These were just there while figuring out how things would work and are not needed now. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Per our discussion on github, each policy should be evaluated on it's own. ie. an "allow" in one policy should be able to change to a "deny" in another policy. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This makes it so a deny is always a deny regardless of if it was allowed in a prior rule. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This turns the closure into a proper recursive funciton. It also ensures there isn't a chance of infinite recursion due to changes to op inputs. Signed-off-by: Brian Goff <cpuguy83@gmail.com> fix
Updates the field names for source policies to be a little less confusing: `Source` -> `Selector`, `Destination` -> `Updates`. Also collapse `Type` into the `Identifier` which matches how the rest of buildkit works and greatly simplifies matching.. and generally makes it so the policy engine doesn't need to care about schemes. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
aeca4e1
to
c40f30e
Compare
Add source policy in LLB as described in #2943 (comment)
Replaces #2943
Closes #2943