Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.dockerignore causes unstable image ID with Dockerfile from stdin #39696

Open
nickmyatt opened this issue Aug 8, 2019 · 0 comments
Open

.dockerignore causes unstable image ID with Dockerfile from stdin #39696

nickmyatt opened this issue Aug 8, 2019 · 0 comments
Labels
area/builder

Comments

@nickmyatt
Copy link

Description

I want to generate a build context hash as requested in #32963. My workaround is

echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .

which seems to work, and importantly respects rules from .dockerignore. However if .dockerignore is present but is not itself ignored it leads to unstable (non-deterministic) image IDs.

This only happens when the Dockerfile is supplied on stdin; if an actual file is used instead the image ID is stable as expected.

Steps to reproduce the issue:

/$ mkdir -p /tmp/dockerignore-loop
/$ cd /tmp/dockerignore-loop/
/tmp/dockerignore-loop$ touch foo
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:d73e388134b4956cf413298f06a7b7a664e5a3abd2ed36d608ed2cc2e4de3ed4
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:d73e388134b4956cf413298f06a7b7a664e5a3abd2ed36d608ed2cc2e4de3ed4

i.e. without a .dockerignore the image ID is stable

/tmp/dockerignore-loop$ touch .dockerignore
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:09ded3b2dc1fb2cc556cac4853a0e1279a8db659d8237bab84e9c40068860293
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:963312c57952a34d244159b616e1c621136b37e7e21a36d718dabfda145e98ca

adding a .dockerignore makes the image ID unstable (it is different every time!)

/tmp/dockerignore-loop$ echo .dockerignore > .dockerignore
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:d73e388134b4956cf413298f06a7b7a664e5a3abd2ed36d608ed2cc2e4de3ed4
/tmp/dockerignore-loop$ echo -e 'FROM scratch\nCOPY . .' | docker build --quiet -f - .
sha256:d73e388134b4956cf413298f06a7b7a664e5a3abd2ed36d608ed2cc2e4de3ed4

but ignoring .dockerignore itself restores a stable image ID.

Describe the results you received:

Image IDs are unstable (different every time).

Describe the results you expected:

Image IDs should be stable.

Additional information you deem important (e.g. issue happens only occasionally):

Only hapens when Dockerfile given on stdin.

Output of docker version:

Client:
 Version:           18.06.3-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        d7080c1
 Built:             Wed Feb 20 02:27:18 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.3-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       d7080c1
  Built:            Wed Feb 20 02:26:20 2019
  OS/Arch:          linux/amd64
  Experimental:     true

Output of docker info:

Client:
 Version:           18.06.3-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        d7080c1
 Built:             Wed Feb 20 02:27:18 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.3-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       d7080c1
  Built:            Wed Feb 20 02:26:20 2019
  OS/Arch:          linux/amd64
  Experimental:     true
/tmp/dockerignore-loop$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 55
Server Version: 18.06.3-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: a592beb5bc4c4092b1b1bac971afed27687340c5
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-48-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.61GiB
Name : REDACTED
ID: LG57:2ZHL:Z2AE:N65M:DHM5:DUEV:PLA5:2NBS:PRYT:EFRZ:FJOO:UJ5Q
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
 REDACTED
Live Restore Enabled: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/builder
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickmyatt @GordonTheTurtle