def build_image_in_privileged_container(build_image, source, image, target_registries=None, push_buildroot_to=None, target_registries_insecure=False, dont_pull_base_image=False, **kwargs): """ build image from provided dockerfile (specified by `source`) in privileged container by running another docker instance inside the container :param build_image: str, image where target image should be built :param source: dict, where/how to get source code to put in image :param image: str, tag for built image ([registry/]image_name[:tag]) :param target_registries: list of str, list of registries to push image to (might change in future) :param push_buildroot_to: str, repository where buildroot should be pushed :param target_registries_insecure: bool, allow connecting to target registries over plain http :param dont_pull_base_image: bool, don't pull or update base image specified in dockerfile :return: BuildResults """ build_json = _prepare_build_json(image, source, target_registries, target_registries_insecure, dont_pull_base_image, **kwargs) m = PrivilegedBuildManager(build_image, build_json) build_response = m.build() if push_buildroot_to: m.commit_buildroot() m.push_buildroot(push_buildroot_to) return build_response
def build_image_in_privileged_container(build_image, source, image, parent_registry=None, target_registries=None, push_buildroot_to=None, parent_registry_insecure=False, target_registries_insecure=False, dont_pull_base_image=False, **kwargs): """ build image from provided dockerfile (specified by `source`) in privileged image :param build_image: str, image where target image should be built :param source: dict, where/how to get source code to put in image :param image: str, tag for built image ([registry/]image_name[:tag]) :param parent_registry: str, registry to pull base image from :param target_registries: list of str, list of registries to push image to (might change in future) :param push_buildroot_to: str, repository where buildroot should be pushed :param parent_registry_insecure: bool, allow connecting to parent registry over plain http :param target_registries_insecure: bool, allow connecting to target registries over plain http :param dont_pull_base_image: bool, don't pull or update base image specified in dockerfile :return: BuildResults """ build_json = { "image": image, "source": source, "parent_registry": parent_registry, "target_registries": target_registries, "parent_registry_insecure": parent_registry_insecure, "target_registries_insecure": target_registries_insecure, "dont_pull_base_image": dont_pull_base_image, } build_json.update(kwargs) m = PrivilegedBuildManager(build_image, build_json) build_response = m.build() if push_buildroot_to: m.commit_buildroot() m.push_buildroot(push_buildroot_to) return build_response
def test_privileged_build(caplog, source_params): if MOCK: mock_docker() image_name = ImageName(repo=TEST_IMAGE) remote_image = image_name.copy() remote_image.registry = LOCALHOST_REGISTRY m = PrivilegedBuildManager( "buildroot-fedora", { "source": source_params, "image": remote_image.to_str(), "parent_registry": LOCALHOST_REGISTRY, # faster "target_registries_insecure": True, "parent_registry_insecure": True, }, ) results = m.build() dt = DockerTasker() dt.pull_image(remote_image, insecure=True) if source_params["provider"] == "path": assert_source_from_path_mounted_ok(caplog, m.temp_dir) assert len(results.build_logs) > 0 # assert isinstance(results.built_img_inspect, dict) # assert len(results.built_img_inspect.items()) > 0 # assert isinstance(results.built_img_info, dict) # assert len(results.built_img_info.items()) > 0 # assert isinstance(results.base_img_info, dict) # assert len(results.base_img_info.items()) > 0 # assert len(results.base_plugins_output) > 0 # assert len(results.built_img_plugins_output) > 0 dt.remove_container(results.container_id) dt.remove_image(remote_image)
def test_privileged_build(caplog, source_params): if MOCK: mock_docker() image_name = ImageName(repo=TEST_IMAGE) remote_image = image_name.copy() remote_image.registry = LOCALHOST_REGISTRY m = PrivilegedBuildManager( "buildroot-fedora", { "source": source_params, "image": remote_image.to_str(), "parent_registry": LOCALHOST_REGISTRY, # faster "target_registries_insecure": True, "parent_registry_insecure": True, }) results = m.build() dt = DockerTasker() dt.pull_image(remote_image, insecure=True) if source_params['provider'] == 'path': assert_source_from_path_mounted_ok(caplog, m.temp_dir) assert len(results.build_logs) > 0 # assert isinstance(results.built_img_inspect, dict) # assert len(results.built_img_inspect.items()) > 0 # assert isinstance(results.built_img_info, dict) # assert len(results.built_img_info.items()) > 0 # assert isinstance(results.base_img_info, dict) # assert len(results.base_img_info.items()) > 0 # assert len(results.base_plugins_output) > 0 # assert len(results.built_img_plugins_output) > 0 dt.remove_container(results.container_id) dt.remove_image(remote_image)
def test_privileged_gitrepo_build(caplog, source_params): if MOCK: mock_docker() image_name = ImageName(repo="atomic-reactor-test-ssh-image") remote_image = image_name.copy() remote_image.registry = LOCALHOST_REGISTRY m = PrivilegedBuildManager("buildroot-fedora", { "source": source_params, "image": remote_image.to_str(), "parent_registry": LOCALHOST_REGISTRY, # faster "target_registries_insecure": True, "parent_registry_insecure": True, }) results = m.build() dt = DockerTasker() dt.pull_image(remote_image, insecure=True) assert len(results.build_logs) > 0 dt.remove_container(results.container_id) dt.remove_image(remote_image)