Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use path context #1770

Merged
merged 1 commit into from
Sep 8, 2021
Merged

Use path context #1770

merged 1 commit into from
Sep 8, 2021

Conversation

crazy-max
Copy link
Contributor

@crazy-max crazy-max commented Sep 8, 2021
edited

Fixes #1769

As discussed with @thaJeztah it might be an issue with the Git context through BuildKit (cc @tonistiigi).

Permissions in the working tree look correct:

$ git ls-files -s .
100644 8fafbb04eb32b001b3a9dfd9f2a4a6d5b926f238 0       .dockerignore
100644 99d688b08ac835d24415631c0430478966d98a7b 0       .github/ISSUE_TEMPLATE.md
100644 9056ae137af1ca95e49e91af65718e050727adbd 0       .github/dependabot.yml
100644 5d4cfba4cababa6e10d8dab2fec8686f8f938e47 0       .github/workflows/dockerhub.yml
100644 6be93bd487f038e482b6c342671501b5589fc0fa 0       .github/workflows/test.yml
100644 5daab4f78ff8f34540bd8e64add0db0270426689 0       .gitignore
100644 97c0cc9acad1a057c95117013a4d9f5860a10bac 0       Dockerfile
100644 c08dcc3d560910c385657e360428c3da819dfbcb 0       Dockerfile.alpine
100644 fc926a882d8e05c5dcf3db68ce9adf18664bbb56 0       LICENSE
100644 18fcd335597d56b28d2975b665a0adcb5b790fdd 0       Makefile
100644 29fe166270ab219a5b69292bc2a252305ee07a73 0       Procfile
100644 16ac020d6366edbf9b49032b6cf0b44362e9a02a 0       README.md
100644 8548c34bbca00ed8aa57f8539ccfbd38a447328b 0       dhparam.pem.default
100644 a4edb9414075b0194d32a1620a4d77dc3ca56dfd 0       docker-compose-separate-containers.yml
100644 138f3963d252dfdb4e8caa75275a2eec1284dde3 0       docker-compose.yml
100755 0e428809ae1301f40cfce82476b6a5e2fe4ed4b7 0       docker-entrypoint.sh
100755 397fab052cfb57c108aed00d08022fb80d7b4eb0 0       generate-dhparam.sh
100644 cdf3c9c0a4bc1acf594fd94a920b38bfd6ba3274 0       network_internal.conf
100644 e79f79072a6fcb2c3a6c6a504b7f28d06f93168e 0       nginx.tmpl
100644 99d16dbc9ead5c2c916b474a54b6314ff0061c1c 0       test/README.md
100644 343b53e0d2f680319af2069ada784b4d1f93190d 0       test/certs/README.md
100644 a707881758593a8dd6c977a46e9d89b84e70ded0 0       test/certs/ca-root.crt
100644 28e86a91584c16dc16dcd2278a7269e6cc8b8b66 0       test/certs/ca-root.key
100755 bcbfdca7467f5c832b0e317b5cfc122d1cc66d66 0       test/certs/create_server_certificate.sh
100644 3e0f3af3635f0726ad38c7b0fb77e084ada1867f 0       test/conftest.py
100644 eb3218ce69604762c3c69865076e6cceeff24d60 0       test/lib/ssl/dhparam.pem
100644 9ca76672cab4cf2ff6df693514a823cd07cf6ec8 0       test/pytest.ini
100755 a9745f556e6672d70a19967029e2cce0a496e738 0       test/pytest.sh
100644 3c25c0c01c4ce5a08c9f78ef8a7abba7050343ee 0       test/requirements/Dockerfile-nginx-proxy-tester
100644 394c9b1e9b1aaff487275692c4e03f3671d376b2 0       test/requirements/README.md
100644 2f231f8e27d4efef4a8a27cec1efe11079e3c2f6 0       test/requirements/python-requirements.txt
100644 923ed79c4d41f8869798a4c2fd488528f8f7978d 0       test/requirements/web/Dockerfile
100644 3015c115d970a4bea0fc96f05281a25077dd3d04 0       test/requirements/web/entrypoint.sh
100755 b8e81c06200277dafb51591c2b9689018ff06159 0       test/requirements/web/webserver.py
100644 ca20cc10987c3aa701ce7a22fc9d2172c547c9b6 0       test/stress_tests/README.md
100644 9fac0b90849107d7dd6fb84298c6b896ef0aa1a0 0       test/stress_tests/test_deleted_cert/README.md
100644 2c92efee707ea56253719f98a83bbb87aa6e0138 0       test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.crt
100644 dca1c9983f0b78e0116059a0c7fad892c48446b6 0       test/stress_tests/test_deleted_cert/certs/web.nginx-proxy.key
100644 33c92a7fed24a06c58e80e9190cfa5d21c70967b 0       test/stress_tests/test_deleted_cert/docker-compose.yml
100644 0c5565bc7dc1ee0c958b22ee097081c909e48fcd 0       test/stress_tests/test_deleted_cert/test_restart_while_missing_cert.py
100644 c96a04f008ee21e260b28f7701595ed59e2839e3 0       test/stress_tests/test_deleted_cert/tmp_certs/.gitignore
100644 550b28912dc0a18afcc50dac8f15a03d962d36e3 0       test/stress_tests/test_unreachable_network/README.md
100644 9666d29709b7e9f0aeffb53cda5ba68a12385433 0       test/stress_tests/test_unreachable_network/docker-compose.yml
100644 4c09da27ce28a64cfc9308a368d4097ca1d7e438 0       test/stress_tests/test_unreachable_network/test_unreachable_net.py
100644 b31da1627fd874b3b54b4e457b5019d40275ce51 0       test/test_DOCKER_HOST_unix_socket.py
100644 d1aba4b9984b9c79c02322387853d7b9566c785c 0       test/test_DOCKER_HOST_unix_socket.yml
100644 88a4f809b38292d88f9ffc0b276e911194393b12 0       test/test_composev2.py
100644 283e070c5fecf02fdf4939e5cd0d39ba6be215c9 0       test/test_composev2.yml
100644 8d8502d96b96e1debcfe09b7179fc2a16f681be8 0       test/test_custom/my_custom_proxy_settings.conf
100644 e8b08279aa0ec68793d203623f3305901cefd944 0       test/test_custom/my_custom_proxy_settings_bar.conf
100644 2b47f71c6cab419e2f28cc56cd56c789b6e14f72 0       test/test_custom/test_defaults-location.py
100644 306927382f687ca37cf0c009a6bcbb4200d23949 0       test/test_custom/test_defaults-location.yml
100644 c338628812f10cde42d2f86fcf62eb85b730c690 0       test/test_custom/test_defaults.py
100644 165264ca7cd9e9d5f4ee108e69076bb9b4353abe 0       test/test_custom/test_defaults.yml
100644 f67b5011ff98669ff6e2045f9ba85b4b1687f06f 0       test/test_custom/test_location-per-vhost.py
100644 3622325d46f1cf5f35ac1100cacc889c051adf39 0       test/test_custom/test_location-per-vhost.yml
100644 57c3bcabc1576950de05ce8c4348cd3f1a315ed2 0       test/test_custom/test_per-vhost.py
100644 256c20796dde65a1e682f05fa0990b6d7de1520e 0       test/test_custom/test_per-vhost.yml
100644 c338628812f10cde42d2f86fcf62eb85b730c690 0       test/test_custom/test_proxy-wide.py
100644 1715b8b70a760f96848d91dd17ac7d4a58880a58 0       test/test_custom/test_proxy-wide.yml
100644 af7f73af11ec7410c9bc3d697de51c990121a0d5 0       test/test_debug/test_proxy-debug-flag.py
100644 e7af54c7e3ec5b74a9302bbb1d95732b09800fdd 0       test/test_debug/test_proxy-debug-flag.yml
100644 50ae737d31a05671d0ae9667ce13daa3ea8da122 0       test/test_debug/test_server-debug-flag.py
100644 0256cf8af045b79803237dae6e42ec4017bfc5e4 0       test/test_debug/test_server-debug-flag.yml
100644 90809a5cc28cf93fe97551f37d6622d678ff18a5 0       test/test_default-host.py
100644 47b852529f004ebd0f411a3e5040a29b25a8f38c 0       test/test_default-host.yml
100644 98c0b068e29cede1689e774cdf7c5017059101b6 0       test/test_dockergen/.gitignore
100644 43b14314ffaf66cd1ec6c3068a7682328a61b039 0       test/test_dockergen/test_dockergen_v2.py
100644 0fc8af5aeac01e6bab05af5ca9be9b76b188de91 0       test/test_dockergen/test_dockergen_v2.yml
100644 67561bfd4908fea9ebf99d6f54ab4c61c14b8e21 0       test/test_dockergen/test_dockergen_v3.py
100644 fad145aa1c0df782434b5071fd05a44d881dd8ba 0       test/test_dockergen/test_dockergen_v3.yml
100644 201917f1ea495884c14195da749002ee9fb3bd21 0       test/test_events.py
100644 dcaaafc0e0725a9a9137556886ed2cb6562fdaef 0       test/test_events.yml
100644 a96109ab217dbb53f5cfe007d958429a6997434e 0       test/test_headers/certs/web-server-tokens-off.nginx-proxy.tld.crt
100644 4e87ba80a83aef2f31f054dd6c24c375be8f86db 0       test/test_headers/certs/web-server-tokens-off.nginx-proxy.tld.key
100644 aed93498c1b2eed2dfb4f28a347bac2c6d2cc257 0       test/test_headers/certs/web.nginx-proxy.tld.crt
100644 8365ecfd053358258572a6613d207e76f233818a 0       test/test_headers/certs/web.nginx-proxy.tld.key
100644 5983a10ecad57ee219bfb5c1a39f5bcdb6713f0b 0       test/test_headers/test_http.py
100644 0e3880d246667ccd12dbf35a1742d05eb8ddb2c1 0       test/test_headers/test_http.yml
100644 c5457c4f9de7a071c8240c38f2f9a95db130ee4a 0       test/test_headers/test_https.py
100644 c0c67b48132d58b04c952f9117b631526d638dcb 0       test/test_headers/test_https.yml
100644 26302c536bd9310de4ce284fdd67a5dd61b3c83a 0       test/test_http_port.py
100644 a7fa0ebe1ee875096ace771218ae26597edaa573 0       test/test_http_port.yml
100644 36bf653af9eef93b41a9635bf2bd35a0f614fe82 0       test/test_ipv6.py
100644 c98c17e140760db610e2af376e07f49e1a744fe8 0       test/test_ipv6.yml
100644 76e7de67c7f3d018e80184e7be1a16913bb2babe 0       test/test_multiple-hosts.py
100644 bdc2804e8437b05a32b01f7a058a65f702b8900a 0       test/test_multiple-hosts.yml
100644 b9fa4c584aa0d8e02d76e7493a963024c20180aa 0       test/test_multiple-networks.py
100644 1cc6d30bec675f3e2869b5db76d6793f8c0a045f 0       test/test_multiple-networks.yml
100644 4008166e26baa776fcc8c03a53dfdb2b140c8c3d 0       test/test_multiple-ports/test_VIRTUAL_PORT-single-different-from-single-port.py
100644 e28a4813db0a7741e96e097fd83d722a77ae64c7 0       test/test_multiple-ports/test_VIRTUAL_PORT-single-different-from-single-port.yml
100644 3c95ba629c269be8fc793328de904e5445b44320 0       test/test_multiple-ports/test_VIRTUAL_PORT.py
100644 3ee2d1a1a71835ae9a15355cd010daf5c354a914 0       test/test_multiple-ports/test_VIRTUAL_PORT.yml
100644 74c2f9fd24187c62e780654d7d9bd5bdf511c621 0       test/test_multiple-ports/test_default-80.py
100644 ca61286980ae645d72796918e0c13c457d0db523 0       test/test_multiple-ports/test_default-80.yml
100644 ee86eca760a5a62d022284cff22410fdbae47662 0       test/test_multiple-ports/test_single-port-not-80.py
100644 fbb5b6a7ec882101972f3f5284638a6221ede23d 0       test/test_multiple-ports/test_single-port-not-80.yml
100644 cce7c9444a605702f1af42792f13f786aee7d558 0       test/test_nominal.py
100644 2b62d04f85a48f5870533e9d9a9179937f85ec8a 0       test/test_nominal.yml
100644 aaff8529a8c37adfcf9e252e98388ce893f7d241 0       test/test_raw-ip-vhost.py
100644 e265d742d9904e32865e6a4834dcb81d47cb274e 0       test/test_raw-ip-vhost.yml
100644 b65d0a16bad7e780bbfb2db86e372a5f4638bcfc 0       test/test_server-down/test_load-balancing.py
100644 b7162d1dadf6e0d4e0acb45794465ab961365a9b 0       test/test_server-down/test_load-balancing.yml
100644 a98ed564c57e737a5a5d6c24c3169142ee6634e8 0       test/test_server-down/test_no-server-down.py
100644 2f99f052d3d1c9ded8c0e09323ba8f3f916da51a 0       test/test_server-down/test_no-server-down.yml
100644 995cd7d8e2868fc880515b6f2671be2e958a4d62 0       test/test_server-down/test_server-down.py
100644 fc20e8599d026c58cca690840f97a76c858a410f 0       test/test_server-down/test_server-down.yml
100644 cd7284b066bedd4e6fe659084b9392ecb43ae923 0       test/test_ssl/certs/nginx-proxy.tld.crt
100644 91adb14e1f254ac23b6b038cb56665f9ee5d9d0a 0       test/test_ssl/certs/nginx-proxy.tld.key
100644 94562f425a255cff519994b68f4d2b0ec89b2368 0       test/test_ssl/certs/web2.nginx-proxy.tld.crt
100644 5cf1114f5545d9423a9f843dcdc2427f660d49db 0       test/test_ssl/certs/web2.nginx-proxy.tld.key
100644 453ef450ad18fa87099bc3a5826c3193eb81d2a6 0       test/test_ssl/certs/web3.nginx-proxy.tld.crt
100644 773cd0b8f3d8d34da5f5916b546f2e06a708638a 0       test/test_ssl/certs/web3.nginx-proxy.tld.key
100644 acb426994ace6ce5e791488fbdad9a8f7ee965e5 0       test/test_ssl/test_dhparam.py
100644 9b29842b6e16871f6a6db86f61d915e0020b2817 0       test/test_ssl/test_dhparam.yml
100644 ec1c90ed2c67662b23930f26c144eb5858ec6aaf 0       test/test_ssl/test_dhparam_generation.py
100644 6df55c1e14d416f4b097d5a2704a4f5ec6319d19 0       test/test_ssl/test_dhparam_generation.yml
100644 16dffd2a399b9e6d1f2deca4fb520ece272cb546 0       test/test_ssl/test_hsts.py
100644 779dc0792f507e0ea27aac0e308117411a621f6b 0       test/test_ssl/test_hsts.yml
100644 214d4d93887131ce37d75aabfaaa2575378aa521 0       test/test_ssl/test_https_port.py
100644 adcf2a8eed70af2efa8fb6756b652b19777e1c3f 0       test/test_ssl/test_https_port.yml
100644 d7f0d92346e246c952f9d2f2c80d589e1ef03277 0       test/test_ssl/test_nohttp.py
100644 7a7ea0887112a907965bebeae1679c818a611034 0       test/test_ssl/test_nohttp.yml
100644 1cedf82188a6d8a6e3e45b8e879ce7a295d84ea5 0       test/test_ssl/test_nohttps.py
100644 0a6a9a52f969a563fdfecb8f75d16b279c150862 0       test/test_ssl/test_nohttps.yml
100644 62df28b130330b5185f121365da9481716221d7f 0       test/test_ssl/test_noredirect.py
100644 9ac7169c59d3499f47f00eb55c21039e28e978c6 0       test/test_ssl/test_noredirect.yml
100644 202ba247e4d0cb1a67bd5993eb90db614cf704cb 0       test/test_ssl/test_wildcard.py
100644 6168084f7152760bff0cbe1b9c84c54416837a96 0       test/test_ssl/test_wildcard.yml
100644 0ccdd2ee9bf452a6a816a94bff2fb2faeeb790c4 0       test/test_ssl/wildcard_cert_and_nohttps/README.md
100644 81af239a65ab84e7a3f157b9e3dab36ca9f40e83 0       test/test_ssl/wildcard_cert_and_nohttps/certs/default.crt
100644 af5fa34cb34775ff41690eb6bfb051dc0c212963 0       test/test_ssl/wildcard_cert_and_nohttps/certs/default.key
100644 9020a44d69fceec7d2157286b70867774ee415fc 0       test/test_ssl/wildcard_cert_and_nohttps/certs/web.nginx-proxy.tld.crt
100644 358eb4b500fae5b78486281b7281ccabe66fd9bb 0       test/test_ssl/wildcard_cert_and_nohttps/certs/web.nginx-proxy.tld.key
100644 6257aee2b78794d2a12b55bb2726c4136b21204f 0       test/test_ssl/wildcard_cert_and_nohttps/docker-compose.yml
100644 68b032913abf6b36c1be64e8685a5e55070f3d37 0       test/test_ssl/wildcard_cert_and_nohttps/test_wildcard_cert_nohttps.py
100644 7e196461e7069b2d59e2bbb12d1095999474999f 0       test/test_upstream-name/test_predictable-name.py
100644 1265230a44e446c7a6ec7c3937d75367ed9353e2 0       test/test_upstream-name/test_predictable-name.yml
100644 663ca28b51647966f12d56def1497a25a0a94d7e 0       test/test_upstream-name/test_sha1-name.py
100644 d2095f3dda2440cb162bf7296d1fb693762f7b1b 0       test/test_upstream-name/test_sha1-name.yml
100644 a5b663382f00977bcd1a7ef7b5c33e32845a38ae 0       test/test_wildcard_host.py
100644 d39dad43c268f6696f9bec5dccc6697aff984e29 0       test/test_wildcard_host.yml

This PR uses the path context instead to test if the behavior is the same.

cc @buchdag

@thaJeztah thaJeztah mentioned this pull request Sep 8, 2021
Closed
@buchdag buchdag added type/build PR that affect the build system or external dependencies type/ci PR that change the CI configuration files and scripts type/fix PR for a bug fix labels Sep 8, 2021
@buchdag buchdag merged commit 07abbb4 into nginx-proxy:main Sep 8, 2021
@crazy-max crazy-max deleted the path-context branch September 8, 2021 14:11
@agmorey
Copy link

agmorey commented Sep 8, 2021

I pulled the latest image from dockerhub, looks fixed to me. Thanks!

@tonistiigi
Copy link

The permission of the files in git depends on the umask during the checkout (except for the executable bit that is tracked in git). So there are no good solutions here. We could make it configurable so at least the action matches the behavior of actions/checkout (not sure if it is configurable there). Currently looks like umask is 0 in one side and 022 in the other.

@buchdag
Copy link
Member

buchdag commented Sep 9, 2021

Thanks @crazy-max, I'll do the same on the other images (acme-companion and docker-gen).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type/build PR that affect the build system or external dependencies type/ci PR that change the CI configuration files and scripts type/fix PR for a bug fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bad permissions: nginx-proxy image on dockerhub has world writable files in /app
4 participants
@crazy-max @agmorey @tonistiigi @buchdag