package builder // This file contains the dispatchers for each command. Note that // `nullDispatch` is not actually a command, but support for commands we parse // but do nothing with. // // See evaluator.go for a higher level discussion of the whole evaluator // package. import ( "fmt" "io/ioutil" "os" "path/filepath" "regexp" "runtime" "sort" "strings" "github.com/Sirupsen/logrus" "github.com/docker/docker/context" derr "github.com/docker/docker/errors" flag "github.com/docker/docker/pkg/mflag" "github.com/docker/docker/pkg/nat" "github.com/docker/docker/pkg/signal" "github.com/docker/docker/pkg/stringutils" "github.com/docker/docker/pkg/system" "github.com/docker/docker/runconfig" ) const ( // NoBaseImageSpecifier is the symbol used by the FROM // command to specify that no base image is to be used. NoBaseImageSpecifier string = "scratch" ) // dispatch with no layer / parsing. This is effectively not a command. func nullDispatch(b *builder, args []string, attributes map[string]bool, original string) error { return nil } // ENV foo bar // // Sets the environment variable foo to bar, also makes interpolation // in the dockerfile available from the next statement on via ${foo}. // func env(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) == 0 { return derr.ErrorCodeAtLeastOneArg.WithArgs("ENV") } if len(args)%2 != 0 { // should never get here, but just in case return derr.ErrorCodeTooManyArgs.WithArgs("ENV") } if err := b.BuilderFlags.Parse(); err != nil { return err } // TODO/FIXME/NOT USED // Just here to show how to use the builder flags stuff within the // context of a builder command. Will remove once we actually add // a builder command to something! /* flBool1 := b.BuilderFlags.AddBool("bool1", false) flStr1 := b.BuilderFlags.AddString("str1", "HI") if err := b.BuilderFlags.Parse(); err != nil { return err } fmt.Printf("Bool1:%v\n", flBool1) fmt.Printf("Str1:%v\n", flStr1) */ commitStr := "ENV" for j := 0; j < len(args); j++ { // name ==> args[j] // value ==> args[j+1] newVar := args[j] + "=" + args[j+1] + "" commitStr += " " + newVar gotOne := false for i, envVar := range b.Config.Env { envParts := strings.SplitN(envVar, "=", 2) if envParts[0] == args[j] { b.Config.Env[i] = newVar gotOne = true break } } if !gotOne { b.Config.Env = append(b.Config.Env, newVar) } j++ } return b.commit(ctx, "", b.Config.Cmd, commitStr) } // MAINTAINER some text // // Sets the maintainer metadata. func maintainer(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return derr.ErrorCodeExactlyOneArg.WithArgs("MAINTAINER") } if err := b.BuilderFlags.Parse(); err != nil { return err } b.maintainer = args[0] return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("MAINTAINER %s", b.maintainer)) } // LABEL some json data describing the image // // Sets the Label variable foo to bar, // func label(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) == 0 { return derr.ErrorCodeAtLeastOneArg.WithArgs("LABEL") } if len(args)%2 != 0 { // should never get here, but just in case return derr.ErrorCodeTooManyArgs.WithArgs("LABEL") } if err := b.BuilderFlags.Parse(); err != nil { return err } commitStr := "LABEL" if b.Config.Labels == nil { b.Config.Labels = map[string]string{} } for j := 0; j < len(args); j++ { // name ==> args[j] // value ==> args[j+1] newVar := args[j] + "=" + args[j+1] + "" commitStr += " " + newVar b.Config.Labels[args[j]] = args[j+1] j++ } return b.commit(ctx, "", b.Config.Cmd, commitStr) } // ADD foo /path // // Add the file 'foo' to '/path'. Tarball and Remote URL (git, http) handling // exist here. If you do not wish to have this automatic handling, use COPY. // func add(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) < 2 { return derr.ErrorCodeAtLeastTwoArgs.WithArgs("ADD") } if err := b.BuilderFlags.Parse(); err != nil { return err } return b.runContextCommand(ctx, args, true, true, "ADD") } // COPY foo /path // // Same as 'ADD' but without the tar and remote url handling. // func dispatchCopy(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) < 2 { return derr.ErrorCodeAtLeastTwoArgs.WithArgs("COPY") } if err := b.BuilderFlags.Parse(); err != nil { return err } return b.runContextCommand(ctx, args, false, false, "COPY") } // FROM imagename // // This sets the image the dockerfile will build on top of. // func from(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return derr.ErrorCodeExactlyOneArg.WithArgs("FROM") } if err := b.BuilderFlags.Parse(); err != nil { return err } name := args[0] // Windows cannot support a container with no base image. if name == NoBaseImageSpecifier { if runtime.GOOS == "windows" { return fmt.Errorf("Windows does not support FROM scratch") } b.image = "" b.noBaseImage = true return nil } image, err := b.Daemon.Repositories().LookupImage(name) if b.Pull { image, err = b.pullImage(ctx, name) if err != nil { return err } } if err != nil { if b.Daemon.Graph().IsNotExist(err, name) { image, err = b.pullImage(ctx, name) } // note that the top level err will still be !nil here if IsNotExist is // not the error. This approach just simplifies the logic a bit. if err != nil { return err } } return b.processImageFrom(ctx, image) } // ONBUILD RUN echo yo // // ONBUILD triggers run when the image is used in a FROM statement. // // ONBUILD handling has a lot of special-case functionality, the heading in // evaluator.go and comments around dispatch() in the same file explain the // special cases. search for 'OnBuild' in internals.go for additional special // cases. // func onbuild(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) == 0 { return derr.ErrorCodeAtLeastOneArg.WithArgs("ONBUILD") } if err := b.BuilderFlags.Parse(); err != nil { return err } triggerInstruction := strings.ToUpper(strings.TrimSpace(args[0])) switch triggerInstruction { case "ONBUILD": return derr.ErrorCodeChainOnBuild case "MAINTAINER", "FROM": return derr.ErrorCodeBadOnBuildCmd.WithArgs(triggerInstruction) } original = regexp.MustCompile(`(?i)^\s*ONBUILD\s*`).ReplaceAllString(original, "") b.Config.OnBuild = append(b.Config.OnBuild, original) return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("ONBUILD %s", original)) } // WORKDIR /tmp // // Set the working directory for future RUN/CMD/etc statements. // func workdir(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return derr.ErrorCodeExactlyOneArg.WithArgs("WORKDIR") } if err := b.BuilderFlags.Parse(); err != nil { return err } // This is from the Dockerfile and will not necessarily be in platform // specific semantics, hence ensure it is converted. workdir := filepath.FromSlash(args[0]) if !system.IsAbs(workdir) { current := filepath.FromSlash(b.Config.WorkingDir) workdir = filepath.Join(string(os.PathSeparator), current, workdir) } b.Config.WorkingDir = workdir return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("WORKDIR %v", workdir)) } // RUN some command yo // // run a command and commit the image. Args are automatically prepended with // 'sh -c' under linux or 'cmd /S /C' under Windows, in the event there is // only one argument. The difference in processing: // // RUN echo hi # sh -c echo hi (Linux) // RUN echo hi # cmd /S /C echo hi (Windows) // RUN [ "echo", "hi" ] # echo hi // func run(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if b.image == "" && !b.noBaseImage { return derr.ErrorCodeMissingFrom } if err := b.BuilderFlags.Parse(); err != nil { return err } args = handleJSONArgs(args, attributes) if !attributes["json"] { if runtime.GOOS != "windows" { args = append([]string{"/bin/sh", "-c"}, args...) } else { args = append([]string{"cmd", "/S", "/C"}, args...) } } runCmd := flag.NewFlagSet("run", flag.ContinueOnError) runCmd.SetOutput(ioutil.Discard) runCmd.Usage = nil config, _, _, err := runconfig.Parse(runCmd, append([]string{b.image}, args...)) if err != nil { return err } // stash the cmd cmd := b.Config.Cmd runconfig.Merge(b.Config, config) // stash the config environment env := b.Config.Env defer func(cmd *stringutils.StrSlice) { b.Config.Cmd = cmd }(cmd) defer func(env []string) { b.Config.Env = env }(env) // derive the net build-time environment for this run. We let config // environment override the build time environment. // This means that we take the b.buildArgs list of env vars and remove // any of those variables that are defined as part of the container. In other // words, anything in b.Config.Env. What's left is the list of build-time env // vars that we need to add to each RUN command - note the list could be empty. // // We don't persist the build time environment with container's config // environment, but just sort and prepend it to the command string at time // of commit. // This helps with tracing back the image's actual environment at the time // of RUN, without leaking it to the final image. It also aids cache // lookup for same image built with same build time environment. cmdBuildEnv := []string{} configEnv := runconfig.ConvertKVStringsToMap(b.Config.Env) for key, val := range b.buildArgs { if !b.isBuildArgAllowed(key) { // skip build-args that are not in allowed list, meaning they have // not been defined by an "ARG" Dockerfile command yet. // This is an error condition but only if there is no "ARG" in the entire // Dockerfile, so we'll generate any necessary errors after we parsed // the entire file (see 'leftoverArgs' processing in evaluator.go ) continue } if _, ok := configEnv[key]; !ok { cmdBuildEnv = append(cmdBuildEnv, fmt.Sprintf("%s=%s", key, val)) } } // derive the command to use for probeCache() and to commit in this container. // Note that we only do this if there are any build-time env vars. Also, we // use the special argument "|#" at the start of the args array. This will // avoid conflicts with any RUN command since commands can not // start with | (vertical bar). The "#" (number of build envs) is there to // help ensure proper cache matches. We don't want a RUN command // that starts with "foo=abc" to be considered part of a build-time env var. saveCmd := config.Cmd if len(cmdBuildEnv) > 0 { sort.Strings(cmdBuildEnv) tmpEnv := append([]string{fmt.Sprintf("|%d", len(cmdBuildEnv))}, cmdBuildEnv...) saveCmd = stringutils.NewStrSlice(append(tmpEnv, saveCmd.Slice()...)...) } b.Config.Cmd = saveCmd hit, err := b.probeCache(ctx) if err != nil { return err } if hit { return nil } // set Cmd manually, this is special case only for Dockerfiles b.Config.Cmd = config.Cmd // set build-time environment for 'run'. b.Config.Env = append(b.Config.Env, cmdBuildEnv...) logrus.Debugf("[BUILDER] Command to be executed: %v", b.Config.Cmd) c, err := b.create(ctx) if err != nil { return err } // Ensure that we keep the container mounted until the commit // to avoid unmounting and then mounting directly again c.Mount(ctx) defer c.Unmount(ctx) err = b.run(ctx, c) if err != nil { return err } // revert to original config environment and set the command string to // have the build-time env vars in it (if any) so that future cache look-ups // properly match it. b.Config.Env = env b.Config.Cmd = saveCmd if err := b.commit(ctx, c.ID, cmd, "run"); err != nil { return err } return nil } // CMD foo // // Set the default command to run in the container (which may be empty). // Argument handling is the same as RUN. // func cmd(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if err := b.BuilderFlags.Parse(); err != nil { return err } cmdSlice := handleJSONArgs(args, attributes) if !attributes["json"] { if runtime.GOOS != "windows" { cmdSlice = append([]string{"/bin/sh", "-c"}, cmdSlice...) } else { cmdSlice = append([]string{"cmd", "/S", "/C"}, cmdSlice...) } } b.Config.Cmd = stringutils.NewStrSlice(cmdSlice...) if err := b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("CMD %q", cmdSlice)); err != nil { return err } if len(args) != 0 { b.cmdSet = true } return nil } // ENTRYPOINT /usr/sbin/nginx // // Set the entrypoint (which defaults to sh -c on linux, or cmd /S /C on Windows) to // /usr/sbin/nginx. Will accept the CMD as the arguments to /usr/sbin/nginx. // // Handles command processing similar to CMD and RUN, only b.Config.Entrypoint // is initialized at NewBuilder time instead of through argument parsing. // func entrypoint(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if err := b.BuilderFlags.Parse(); err != nil { return err } parsed := handleJSONArgs(args, attributes) switch { case attributes["json"]: // ENTRYPOINT ["echo", "hi"] b.Config.Entrypoint = stringutils.NewStrSlice(parsed...) case len(parsed) == 0: // ENTRYPOINT [] b.Config.Entrypoint = nil default: // ENTRYPOINT echo hi if runtime.GOOS != "windows" { b.Config.Entrypoint = stringutils.NewStrSlice("/bin/sh", "-c", parsed[0]) } else { b.Config.Entrypoint = stringutils.NewStrSlice("cmd", "/S", "/C", parsed[0]) } } // when setting the entrypoint if a CMD was not explicitly set then // set the command to nil if !b.cmdSet { b.Config.Cmd = nil } if err := b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("ENTRYPOINT %q", b.Config.Entrypoint)); err != nil { return err } return nil } // EXPOSE 6667/tcp 7000/tcp // // Expose ports for links and port mappings. This all ends up in // b.Config.ExposedPorts for runconfig. // func expose(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { portsTab := args if len(args) == 0 { return derr.ErrorCodeAtLeastOneArg.WithArgs("EXPOSE") } if err := b.BuilderFlags.Parse(); err != nil { return err } if b.Config.ExposedPorts == nil { b.Config.ExposedPorts = make(nat.PortSet) } ports, _, err := nat.ParsePortSpecs(portsTab) if err != nil { return err } // instead of using ports directly, we build a list of ports and sort it so // the order is consistent. This prevents cache burst where map ordering // changes between builds portList := make([]string, len(ports)) var i int for port := range ports { if _, exists := b.Config.ExposedPorts[port]; !exists { b.Config.ExposedPorts[port] = struct{}{} } portList[i] = string(port) i++ } sort.Strings(portList) return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("EXPOSE %s", strings.Join(portList, " "))) } // USER foo // // Set the user to 'foo' for future commands and when running the // ENTRYPOINT/CMD at container run time. // func user(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return derr.ErrorCodeExactlyOneArg.WithArgs("USER") } if err := b.BuilderFlags.Parse(); err != nil { return err } b.Config.User = args[0] return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("USER %v", args)) } // VOLUME /foo // // Expose the volume /foo for use. Will also accept the JSON array form. // func volume(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) == 0 { return derr.ErrorCodeAtLeastOneArg.WithArgs("VOLUME") } if err := b.BuilderFlags.Parse(); err != nil { return err } if b.Config.Volumes == nil { b.Config.Volumes = map[string]struct{}{} } for _, v := range args { v = strings.TrimSpace(v) if v == "" { return derr.ErrorCodeVolumeEmpty } b.Config.Volumes[v] = struct{}{} } if err := b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("VOLUME %v", args)); err != nil { return err } return nil } // STOPSIGNAL signal // // Set the signal that will be used to kill the container. func stopSignal(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return fmt.Errorf("STOPSIGNAL requires exactly one argument") } sig := args[0] _, err := signal.ParseSignal(sig) if err != nil { return err } b.Config.StopSignal = sig return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("STOPSIGNAL %v", args)) } // ARG name[=value] // // Adds the variable foo to the trusted list of variables that can be passed // to builder using the --build-arg flag for expansion/subsitution or passing to 'run'. // Dockerfile author may optionally set a default value of this variable. func arg(ctx context.Context, b *builder, args []string, attributes map[string]bool, original string) error { if len(args) != 1 { return fmt.Errorf("ARG requires exactly one argument definition") } var ( name string value string hasDefault bool ) arg := args[0] // 'arg' can just be a name or name-value pair. Note that this is different // from 'env' that handles the split of name and value at the parser level. // The reason for doing it differently for 'arg' is that we support just // defining an arg and not assign it a value (while 'env' always expects a // name-value pair). If possible, it will be good to harmonize the two. if strings.Contains(arg, "=") { parts := strings.SplitN(arg, "=", 2) name = parts[0] value = parts[1] hasDefault = true } else { name = arg hasDefault = false } // add the arg to allowed list of build-time args from this step on. b.allowedBuildArgs[name] = true // If there is a default value associated with this arg then add it to the // b.buildArgs if one is not already passed to the builder. The args passed // to builder override the defaut value of 'arg'. if _, ok := b.buildArgs[name]; !ok && hasDefault { b.buildArgs[name] = value } return b.commit(ctx, "", b.Config.Cmd, fmt.Sprintf("ARG %s", arg)) }