Add bindings option for image building

[scottfrederick]

Add support for binding host paths or volumes into the build container used to build images with the CNB buildpacks.

In the Maven plugin image configuration, the option could look like this:

<configuration>
	<image>
		<bindings>
			<binding>/host/path:/container/path:ro</binding>
			<binding>volume-name:/container/path:rw</binding>
		</bindings>
	</image>
</configuration>

In the Gradle plugin bootBuildImage configuration, the option could look like this:

bootBuildImage {
    bindings = [ "/host/path:/container/path:ro", "volume-name:/container/path:rw" ]
}

Spring Boot will pass the provided strings, unvalidated and unmodified, to the Docker Container Create API when creating the builder container.

Further detail for these fields accepted by the HostConfig/Binds section of the the container config from the Docker API docs are copied below:

---

A list of volume bindings for this container. Each volume binding is a string in one of these forms:

• host-src:container-dest[:options] to bind-mount a host path into the container. Both host-src, and container-dest must be an absolute path.

• volume-name:container-dest[:options] to bind-mount a volume managed by a volume driver into the container. container-dest must be an absolute path.

options is an optional, comma-delimited list of:

• nocopy disables automatic copying of data from the container path to the volume. The nocopy flag only applies to named volumes.

• [ro|rw] mounts a volume read-only or read-write, respectively. If omitted or set to rw, volumes are mounted read-write.

• [z|Z] applies SELinux labels to allow or deny multiple containers to read and write to the same volume.

  • z: a shared content label is applied to the content. This label indicates that multiple containers can share the volume content, for both reading and writing.
  • Z: a private unshared label is applied to the content. This label indicates that only the current container can use a private volume. Labeling systems such as SELinux require proper labels to be placed on volume content that is mounted into a container. Without a label, the security system can prevent a container's processes from using the content. By default, the labels set by the host operating system are not modified.

• [[r]shared|[r]slave|[r]private] specifies mount propagation behavior. This only applies to bind-mounted volumes, not internal volumes or named volumes. Mount propagation requires the source mount point (the location where the source directory is mounted in the host operating system) to have the correct propagation properties. For shared volumes, the source mount point must be set to shared. For slave volumes, the mount must be set to either shared or slave.

[snicoll]

I wonder if we aren't reaching the scope of what the Maven plugin infrastructure offers. Using nested objects like what we have done with image comes at a cost. This isn't well supported with Maven, folks expect that stuff to be exported as a command line property but we need to do something special for that to work, etc.

I am starting to wonder if a separate configuration file wouldn't be more suited to this.

[uqix]

Any plan on this? We desperate for this feature to speed up our CI pipeline

[snicoll]

@uqix the plan is right here on this issue. This is an enhancement scheduled for Spring Boot 2.5.x which is our next feature release.

[uqix]

@snicoll Glad to hear that, thanks! BTW, we use the newer boot maven plugin than the boot version to use the build-image feature, will this bring any side effects?