def testParseFromImage(self): dfobj = parse.get_dockerfile_obj(self.buildpack) image_list = parse.parse_from_image(dfobj) self.assertEqual(image_list, [{'name': 'debian', 'tag': 'jessie', 'digest_type': '', 'digest': ''}]) dfobj = parse.get_dockerfile_obj(self.buildpackpinned) image_list = parse.parse_from_image(dfobj) debian_digest = ('e25703ee6ab5b2fac31510323d959cdae31eebdf48e88891c54' '9e55b25ad7e94') self.assertEqual(image_list, [{'name': 'debian', 'tag': '', 'digest_type': 'sha256', 'digest': debian_digest}])
def execute_dockerfile(args, locking=False): """Execution path for Dockerfiles""" dfile = '' if locking: dfile = args.lock else: dfile = args.dockerfile image_list = [] logger.debug("Parsing Dockerfile...") dfobj = parse.get_dockerfile_obj(dfile) # expand potential ARG values so base image tag is correct parse.expand_arg(dfobj) parse.expand_vars(dfobj) # Store dockerfile path and commands so we can access it during execution lock.load_docker_commands(dfobj) if dfobj.is_multistage: image_list = analyze_multistage_dockerfile(dfobj, args) else: image_list = analyze_single_dockerfile(dfile, args) # generate report based on what images were created if image_list: if not locking: report.report_out(args, *image_list) else: logger.debug('Generating locked Dockerfile...') # we can only lock one image for now locked_dfobj = lock.lock_dockerfile(dfobj, image_list[0]) output = lock.create_locked_dockerfile(locked_dfobj) lock.write_locked_dockerfile(output, args.output_file)
def testExpandArg(self): dfobj = parse.get_dockerfile_obj(self.buildpackarg) parse.expand_arg(dfobj) replace_content = 'FROM debian:jessie\n' replace_value = 'debian:jessie' struct = dfobj.structure[1] self.assertEqual(struct['value'], replace_value) self.assertEqual(struct['content'], replace_content)
def testExpandAddCommand(self): dfobj = parse.get_dockerfile_obj(self.pin_add) self.assertFalse(dfobj.is_none()) parse.expand_add_command(dfobj) content = dfobj.structure[1]['content'] value = dfobj.structure[1]['value'] content_name = content.split(',')[0] value_name = value.split(',')[0] self.assertIn(content_name, ['ADD plain_file /tmp # git project name: project', 'ADD plain_file /tmp # git project name: tern']) self.assertIn(value_name, ['plain_file /tmp # git project name: project', 'plain_file /tmp # git project name: tern'])
def testReplaceEnv(self): dfobj = parse.get_dockerfile_obj(self.golang) envs = {'GOLANG_VERSION': '1.13.6', 'GOPATH': '/go', 'PATH': '/go/bin:/usr/local/go/bin:'} self.assertEqual(dfobj.envs, envs) struct = dfobj.structure[9] parse.replace_env(dfobj.envs, struct) self.assertEqual(struct['content'], 'WORKDIR /go\n') self.assertEqual(struct['value'], '/go') replace_content = ('\n\turl="https://golang.org/dl/go1.13.6.' '${goRelArch}.tar.gz"; ') replace_value = (' \t\turl="https://golang.org/dl/go1.13.6' '.${goRelArch}.tar.gz"') struct = dfobj.structure[5] parse.replace_env(dfobj.envs, struct) self.assertEqual(struct['content'].split('\\')[14], replace_content) self.assertEqual(struct['value'].split(';')[28], replace_value)
def execute_dockerfile(args, locking=False): """Execution path for Dockerfiles""" dfile = '' if locking: dfile = args.lock else: dfile = args.dockerfile logger.debug("Parsing Dockerfile...") dfobj = parse.get_dockerfile_obj(dfile) # expand potential ARG values so base image tag is correct parse.expand_arg(dfobj) parse.expand_vars(dfobj) # Store dockerfile path and commands so we can access it during execution lock.load_docker_commands(dfobj) # attempt to build the image logger.debug('Building Docker image...') image_info = docker_api.build_and_dump(dfile) image_list = [] if image_info: logger.debug('Docker image successfully built. Analyzing...') # analyze the full image image_list = full_image_analysis(dfile, args.redo, args.driver, args.keep_wd, args.extend) else: # cannot build the image logger.warning('Cannot build image') # analyze the base image and any RUN lines in the Dockerfile image_list = base_and_run_analysis(dfile, args.redo, args.driver, args.keep_wd, args.extend) # generate report based on what images were created if image_list: if not locking: report.report_out(args, *image_list) else: logger.debug('Generating locked Dockerfile...') # we can only lock based on a fully built image for now locked_dfobj = lock.lock_dockerfile(dfobj, image_list[0]) output = lock.create_locked_dockerfile(locked_dfobj) lock.write_locked_dockerfile(output, args.output_file)
def testDockerfileParserWithoutEnv(self): dfobj = parse.get_dockerfile_obj(self.buildpack) self.assertFalse(dfobj.is_none()) self.assertEqual(dfobj.parent_images, ['debian:jessie']) structure = [{'instruction': 'FROM', 'startline': 0, 'endline': 0, 'content': 'FROM debian:jessie\n', 'value': 'debian:jessie'}, {'instruction': 'RUN', 'startline': 2, 'endline': 7, 'content': ('RUN apt-get update && apt-get install -y --' 'no-install-recommends \\\n\t\tca-certific' 'ates \\\n\t\tcurl \\\n\t\tnetbase \\\n\t\tw' 'get \\\n\t&& rm -rf /var/lib/apt/lists/*' '\n'), 'value': ('apt-get update && apt-get install -y --no-in' 'stall-recommends \t\tca-certificates \t\tcur' 'l \t\tnetbase \t\twget \t&& rm -rf /var/lib/' 'apt/lists/*')}, {'instruction': 'RUN', 'startline': 9, 'endline': 17, 'content': ('RUN set -ex; \\\n\tif ! command -v gpg > /' 'dev/null; then \\\n\t\tapt-get update; \\' '\n\t\tapt-get install -y --no-install-reco' 'mmends \\\n\t\t\tgnupg \\\n\t\t\tdirmngr \\' '\n\t\t; \\\n\t\trm -rf /var/lib/apt/lists/' '*; \\\n\tfi\n'), 'value': ('set -ex; \tif ! command -v gpg > /dev/null; t' 'hen \t\tapt-get update; \t\tapt-get install -' 'y --no-install-recommends \t\t\tgnupg \t\t\td' 'irmngr \t\t; \t\trm -rf /var/lib/apt/lists/*' '; \tfi')}] self.assertEqual(dfobj.structure, structure) self.assertFalse(dfobj.envs)
def testDockerfileParserWithEnv(self): dfobj = parse.get_dockerfile_obj(self.buildpack, {'buildno': '123abc'}) self.assertFalse(dfobj.is_none()) self.assertEqual(dfobj.prev_env, {'buildno': '123abc'})