Skip to content

Commit

Permalink
fix: sort volume args in DOCKER_COMPAT mode
Browse files Browse the repository at this point in the history
Signed-off-by: Ziwen Ning <ningziwe@amazon.com>
  • Loading branch information
ningziwen committed May 26, 2023
1 parent bb1cab2 commit 8023723
Show file tree
Hide file tree
Showing 4 changed files with 207 additions and 0 deletions.
11 changes: 11 additions & 0 deletions .github/workflows/ci-docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,17 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- run: echo "Skipping CI for docs & contrib files"
e2e-tests-for-docker-compat:
strategy:
matrix:
os:
[
[self-hosted, macos, amd64, 13, test],
[self-hosted, macos, arm64, 13, test],
]
runs-on: ${{ matrix.os }}
steps:
- run: echo "Skipping CI for docs & contrib files"
mdlint:
runs-on: ubuntu-latest
steps:
Expand Down
39 changes: 39 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,45 @@ jobs:
shell: zsh {0}
- run: make test-e2e
shell: zsh {0}
e2e-tests-for-docker-compat:
strategy:
fail-fast: false
matrix:
os:
[
[self-hosted, macos, amd64, 13, test],
[self-hosted, macos, arm64, 13, test],
]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
with:
# We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail.
fetch-depth: 0
persist-credentials: false
submodules: true
- name: Clean up previous files
run: |
sudo rm -rf /opt/finch
sudo rm -rf ~/.finch
sudo rm -rf ./_output
if pgrep '^qemu-system'; then
sudo pkill '^qemu-system'
fi
if pgrep '^socket_vmnet'; then
sudo pkill '^socket_vmnet'
fi
- name: Install Rosetta 2
run: echo "A" | softwareupdate --install-rosetta || true
- run: brew install go lz4 automake autoconf libtool
shell: zsh {0}
- name: Build project
run: |
export PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH"
make
shell: zsh {0}
- run: FINCH_DOCKER_COMPAT=1 make test-e2e
shell: zsh {0}
mdlint:
runs-on: ubuntu-latest
steps:
Expand Down
81 changes: 81 additions & 0 deletions cmd/finch/nerdctl.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ package main
import (
"bufio"
"fmt"
"os"
"path/filepath"
"sort"
"strings"

dockerops "github.com/docker/docker/opts"
Expand Down Expand Up @@ -85,8 +87,12 @@ func (nc *nerdctlCommand) run(cmdName string, args []string) error {
var (
nerdctlArgs, envs, fileEnvs []string
skip bool
volumes []string
)

dockerCompat := isDockerCompatEnvSet(nc.systemDeps)
firstVolumeIndex := -1

for i, arg := range args {
// parsing environment values from the command line may pre-fetch and
// consume the next argument; this loop variable will skip these pre-consumed
Expand Down Expand Up @@ -121,10 +127,32 @@ func (nc *nerdctlCommand) run(cmdName string, args []string) error {
arg = fmt.Sprintf("%s%s", arg[0:11], resolvedIP)
}
nerdctlArgs = append(nerdctlArgs, arg)
case strings.HasPrefix(arg, "-v") || strings.HasPrefix(arg, "--volume"):
if dockerCompat {
if firstVolumeIndex == -1 {
firstVolumeIndex = i
}
volume, shouldSkip := getVolume(arg, args[i+1])
volumes = append(volumes, volume)
skip = shouldSkip
} else {
nerdctlArgs = append(nerdctlArgs, arg)
}
default:
nerdctlArgs = append(nerdctlArgs, arg)
}
}

if dockerCompat {
// Need to insert to the middle to prevent messing up the subcommands at the beginning and the image ref at the end.
// The first volume index is a good middle position.
volumes = sortVolumes(volumes)
for i, vol := range volumes {
position := firstVolumeIndex + i*2
nerdctlArgs = append(nerdctlArgs[:position], append([]string{"-v", vol}, nerdctlArgs[position:]...)...)
}
}

// to handle environment variables properly, we add all entries found via
// env-file includes to the map first and then all command line environment
// flags, making sure that command line overrides environment file options,
Expand Down Expand Up @@ -300,6 +328,15 @@ func handleEnvFile(fs afero.Fs, systemDeps NerdctlCommandSystemDeps, arg, arg2 s
return skip, envs, nil
}

func getVolume(arg, nextArg string) (string, bool) {
for _, prefix := range []string{"--volume=", "-v="} {
if strings.HasPrefix(arg, prefix) {
return arg[len(prefix):], false
}
}
return nextArg, true
}

func resolveIP(host string, logger flog.Logger) string {
parts := strings.SplitN(host, ":", 2)
// If the IP Address is a string called "host-gateway", replace this value with the IP address that can be used to
Expand All @@ -313,6 +350,50 @@ func resolveIP(host string, logger flog.Logger) string {
return host
}

func sortVolumes(volumes []string) []string {
type volume struct {
original string
destination string
}

volumeSlices := make([]volume, 0)
for _, vol := range volumes {
splitVol := strings.Split(vol, ":")
if len(splitVol) >= 2 {
volumeSlices = append(volumeSlices, volume{
original: vol,
destination: splitVol[1],
})
} else {
// Still need to put the volume string back if it is in other format.
volumeSlices = append(volumeSlices, volume{
original: vol,
destination: "",
})
}
}
sort.Slice(volumeSlices, func(i, j int) bool {
// Consistent with the less function in Docker.
// /~https://github.com/moby/moby/blob/0db417451313474133c5ed62bbf95e2d3c92444d/daemon/volumes.go#L45
c1 := strings.Count(filepath.Clean(volumeSlices[i].destination), string(os.PathSeparator))
c2 := strings.Count(filepath.Clean(volumeSlices[j].destination), string(os.PathSeparator))
return c1 < c2
})
sortedVolumes := make([]string, 0)
for _, vol := range volumeSlices {
sortedVolumes = append(sortedVolumes, vol.original)
}
return sortedVolumes
}

// isDockerCompatEnvSet checks if the FINCH_DOCKER_COMPAT environment variable is set, so that callers can
// modify behavior to match docker instead of nerdctl.
// Intended to be used for temporary workarounds until changes are merged upstream.
func isDockerCompatEnvSet(systemDeps NerdctlCommandSystemDeps) bool {
_, s := systemDeps.LookupEnv("FINCH_DOCKER_COMPAT")
return s
}

var nerdctlCmds = map[string]string{
"build": "Build an image from Dockerfile",
"builder": "Manage builds",
Expand Down
76 changes: 76 additions & 0 deletions cmd/finch/nerdctl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ func TestNerdctlCommand_runAdaptor(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "info").Return(c)
Expand Down Expand Up @@ -104,6 +105,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "build", "-t", "demo", ".").Return(c)
Expand Down Expand Up @@ -205,6 +207,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
logger.EXPECT().SetLevel(flog.Debug)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
Expand All @@ -229,6 +232,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
c := mocks.NewCommand(ctrl)
ncsd.EXPECT().LookupEnv("ARG2")
ncsd.EXPECT().LookupEnv("ARG3")
Expand All @@ -255,6 +259,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
c := mocks.NewCommand(ctrl)
ncsd.EXPECT().LookupEnv("ARG2")
ncsd.EXPECT().LookupEnv("ARG3").Return("val3", true)
Expand Down Expand Up @@ -284,6 +289,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
c := mocks.NewCommand(ctrl)
ncsd.EXPECT().LookupEnv("ARG2")
ncsd.EXPECT().LookupEnv("NOTSETARG")
Expand Down Expand Up @@ -314,6 +320,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
c := mocks.NewCommand(ctrl)
ncsd.EXPECT().LookupEnv("ARG2").Return("val2", true)
ncsd.EXPECT().LookupEnv("NOTSETARG")
Expand Down Expand Up @@ -341,6 +348,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
},
},
{
Expand All @@ -360,6 +368,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
logger.EXPECT().Debugf(`Resolving special IP "host-gateway" to %q for host %q`, "192.168.5.2", "name")
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
Expand All @@ -385,6 +394,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "run",
Expand All @@ -409,6 +419,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "run",
Expand All @@ -433,6 +444,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
logger.EXPECT().Debugf(`Resolving special IP "host-gateway" to %q for host %q`, "192.168.5.2", "name")
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
Expand All @@ -458,13 +470,72 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "run",
"--rm", "--add-host=name:0.0.0.0", "alpine:latest").Return(c)
c.EXPECT().Run()
},
},
{
name: "with multiple nested volumes",
cmdName: "run",
args: []string{
"--rm", "-v", "/tmp:/tmp1/tmp2:rro", "--volume", "/tmp:/tmp1:rprivate,rro", "-v=/tmp:/tmp1/tmp2/tmp3/tmp4:rro",
"--volume=/tmp:/tmp1/tmp3/tmp4:rshared", "-v", "volume", "alpine:latest",
},
wantErr: nil,
mockSvc: func(
t *testing.T,
lcc *mocks.LimaCmdCreator,
ncsd *mocks.NerdctlCommandSystemDeps,
logger *mocks.Logger,
ctrl *gomock.Controller,
fs afero.Fs,
) {
getVMStatusC := mocks.NewCommand(ctrl)
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("1", true)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "run",
"--rm", "-v", "volume", "-v", "/tmp:/tmp1:rprivate,rro", "-v", "/tmp:/tmp1/tmp2:rro",
"-v", "/tmp:/tmp1/tmp3/tmp4:rshared", "-v", "/tmp:/tmp1/tmp2/tmp3/tmp4:rro", "alpine:latest").Return(c)
c.EXPECT().Run()
},
},
{
name: "with multiple nested volumes with full container run command",
cmdName: "container",
args: []string{
"run", "--rm", "-v", "/tmp:/tmp1/tmp2:rro", "--volume", "/tmp:/tmp1:rprivate,rro",
"-v=/tmp:/tmp1/tmp2/tmp3/tmp4:rro", "--volume=/tmp:/tmp1/tmp3/tmp4:rshared", "-v", "volume", "alpine:latest",
},
wantErr: nil,
mockSvc: func(
t *testing.T,
lcc *mocks.LimaCmdCreator,
ncsd *mocks.NerdctlCommandSystemDeps,
logger *mocks.Logger,
ctrl *gomock.Controller,
fs afero.Fs,
) {
getVMStatusC := mocks.NewCommand(ctrl)
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("1", true)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "container", "run",
"--rm", "-v", "volume", "-v", "/tmp:/tmp1:rprivate,rro", "-v", "/tmp:/tmp1/tmp2:rro",
"-v", "/tmp:/tmp1/tmp3/tmp4:rshared", "-v", "/tmp:/tmp1/tmp2/tmp3/tmp4:rro", "alpine:latest").Return(c)
c.EXPECT().Run()
},
},
{
name: "with --help flag",
cmdName: "pull",
Expand All @@ -482,6 +553,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
lcc.EXPECT().RunWithReplacingStdout(
testStdoutRs, "shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "pull", "test:tag", "--help").Return(nil)
Expand All @@ -504,6 +576,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("", false)
lcc.EXPECT().RunWithReplacingStdout(
testStdoutRs, "shell", limaInstanceName, "sudo", "-E", nerdctlCmdName, "pull", "test:tag", "--help").
Expand All @@ -527,6 +600,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("test", true)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", "COSIGN_PASSWORD=test", nerdctlCmdName,
Expand All @@ -551,6 +625,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("test", true)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", "COSIGN_PASSWORD=test", nerdctlCmdName,
Expand All @@ -575,6 +650,7 @@ func TestNerdctlCommand_run(t *testing.T) {
lcc.EXPECT().CreateWithoutStdio("ls", "-f", "{{.Status}}", limaInstanceName).Return(getVMStatusC)
getVMStatusC.EXPECT().Output().Return([]byte("Running"), nil)
logger.EXPECT().Debugf("Status of virtual machine: %s", "Running")
ncsd.EXPECT().LookupEnv("FINCH_DOCKER_COMPAT").Return("", false)
ncsd.EXPECT().LookupEnv("COSIGN_PASSWORD").Return("test", true)
c := mocks.NewCommand(ctrl)
lcc.EXPECT().Create("shell", limaInstanceName, "sudo", "-E", "COSIGN_PASSWORD=test",
Expand Down

0 comments on commit 8023723

Please sign in to comment.