-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support newer docker language syntax and features #802
Comments
The current Dockerfile parsing comes from github.com/cpuguy83/dockercfg which looks like it hasn't been updated in a few years. Is there a Go module available that has parsing for these new formats? |
As far as I understand, and I'm not an expert in this so I'll have to ask a colleague on Monday, buildkit offers it. Possibly either (or both) of these? https://github.com/moby/buildkit/blob/master/frontend/dockerfile/parser/parser.go |
imo we already use the buildkit parser, don't we? https://github.com/open-policy-agent/conftest/blob/master/parser/docker/docker.go#L9 |
Hello, thanks. I built your PR and tried it against a Dockerfile with |
could you paste the content of the dockerfile so we could double-check? |
ARG BUILDER_VERSION
ARG BUILDER_TYPE
ARG GIT_VERSION=2.36.5-r0
### Build from source
FROM my-repo/golang:stable as prep
# Above image runs as non-root by default but we need to add packages
USER 0
ARG GIT_VERSION
## This line is added to test for this issue but would not make a working dockerfile
## Our policies look for ADD without http://, hence this is just a dummy line for testing
ADD --link http://foo.tar.gz /root
RUN apk --quiet --update --no-cache add \
build-base==0.5-r3 \
git=="${GIT_VERSION}" \
&& mkdir /go/.cache \
&& chown 65532:65532 /go/.cache /go/bin /go
USER 65532
FROM prep as deps
USER 65532
WORKDIR /go
ARG GOCACHE=/go/.cache
ARG IMAGE_VERSION
RUN git clone -b "v${IMAGE_VERSION}" --depth 1 https://github.com/some-oss/dummy-project.git \
&& cd dummy-project \
&& go get -u golang.org/x/net@v0.7.0 \
&& go mod tidy \
&& go mod download
FROM deps as builder
USER 65532
ARG GOCACHE=/go/.cache
WORKDIR /go/dummy-project
RUN make build |
well, using the content above, I managed to |
Apologies, you're right. I built it on your master branch instead of the PR branch. When I checked out the correct branch, built it again, and ran |
As per https://www.docker.com/blog/capturing-build-information-buildkit/, it is a best practice to use BuildKit's
docker/dockerfile:v1.4
syntax, however certain features supported in dockerfile v1.4 are not supported by conftest, such as the--link
flag forADD
andCOPY
.Please add support for dockerfile v1.4 syntax and features.
Right now when trying to parse a Dockerfile using
ADD --link
orCOPY --link
conftest returns the following:The text was updated successfully, but these errors were encountered: