Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add pack option to the builder options for cloud native buildpacks #916

Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

Add pack option to the builder options for cloud native buildpacks #916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
897b3b4
Add a pack option to the builder options
nickhammond Aug 28, 2024
826308a
Clean things up via Rubocop
nickhammond Aug 28, 2024
d0ffb85
Utilize repository name for pack name
nickhammond Sep 4, 2024
24f4308
Catch up with main
nickhammond Sep 6, 2024
ae68193
pack arch no longer needed, update builder name in tests
nickhammond Sep 6, 2024
2c5f2a7
Don't need to inspect the builder if pack
nickhammond Sep 6, 2024
548452a
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 17, 2024
85a5a09
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 22, 2024
e252004
Use argumentize for secrets with pack
nickhammond Sep 24, 2024
7174174
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 27, 2024
f7147e0
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 27, 2024
c601241
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 1, 2024
dda8efe
Point to project.toml in docs
nickhammond Oct 1, 2024
5482052
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 2, 2024
89b4415
Ensure build args and secrets are used with pack
nickhammond Oct 2, 2024
1d55c59
Add in pack builder inspect for configured builder
nickhammond Oct 14, 2024
4822a9d
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 14, 2024
d538447
Add validator for buildpack arch
nickhammond Oct 17, 2024
145b73c
Add a no-op remove method for pack
nickhammond Oct 17, 2024
1ebc8b8
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 17, 2024
cde5c7a
Catch up with main
nickhammond Oct 28, 2024
8354fbe
Merge branch 'buildpacks' of github.com:nickhammond/kamal into buildp…
nickhammond Oct 28, 2024
9ac3d57
Add default creation time to now for image
nickhammond Oct 30, 2024
9f6660d
Catch up with main
nickhammond Nov 26, 2024
d249b9a
Merge branch 'basecamp:main' into buildpacks
nickhammond Jan 5, 2025
95b606a
Catch up with main
nickhammond Jan 20, 2025
da26457
Merge branch 'buildpacks' of github.com:nickhammond/kamal into buildp…
nickhammond Jan 20, 2025
f8f7c6e
Catch up with 2.5.1
nickhammond Feb 6, 2025
8c17b1e
Add export_action support for pack
nickhammond Feb 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions lib/kamal/commands/base.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ def docker(*args)
args.compact.unshift :docker
end

def pack(*args)
args.compact.unshift :pack
end

def git(*args, path: nil)
[ :git, *([ "-C", path ] if path), *args.compact ]
end
Expand Down
8 changes: 7 additions & 1 deletion lib/kamal/commands/builder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

class Kamal::Commands::Builder < Kamal::Commands::Base
delegate :create, :remove, :dev, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
delegate :local?, :remote?, :cloud?, to: "config.builder"
delegate :local?, :remote?, :pack?, :cloud?, to: "config.builder"

include Clone

Expand All @@ -17,6 +17,8 @@ def target
else
remote
end
elsif pack?
pack
elsif cloud?
cloud
else
Expand All @@ -36,6 +38,10 @@ def hybrid
@hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
end

def pack
@pack ||= Kamal::Commands::Builder::Pack.new(config)
end

def cloud
@cloud ||= Kamal::Commands::Builder::Cloud.new(config)
end
Expand Down
1 change: 1 addition & 0 deletions lib/kamal/commands/builder/base.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class BuilderError < StandardError; end
delegate :argumentize, to: Kamal::Utils
delegate \
:args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
:pack?, :pack_builder, :pack_buildpacks,
:cache_from, :cache_to, :ssh, :provenance, :sbom, :driver, :docker_driver?,
to: :builder_config

Expand Down
46 changes: 46 additions & 0 deletions lib/kamal/commands/builder/pack.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
class Kamal::Commands::Builder::Pack < Kamal::Commands::Builder::Base
def push(export_action = "registry")
combine \
build,
export(export_action)
end

def remove;end

def info
pack :builder, :inspect, pack_builder
end
alias_method :inspect_builder, :info

private
def build
pack(:build,
config.repository,
"--platform", platform,
"--creation-time", "now",
"--builder", pack_builder,
buildpacks,
"-t", config.absolute_image,
"-t", config.latest_image,
"--env", "BP_IMAGE_LABELS=service=#{config.service}",
*argumentize("--env", args),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With docker, build args are passed as --build-arg and with Kamal you set them via:

  args:
    ENVIRONMENT: production

You'd still set "build args" with pack via the same args section but they ultimately get passed as --env to the pack command. Trying to reduce confusion of when to use env/arg if you're testing out your builds.

*argumentize("--env", secrets, sensitive: true),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is using environment variables the standard way to get secrets into a buildpack?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@djmb Yes, they only have the --env flag.

I just tested building with a few secrets because I was concerned they'd end up in the final image but they don't.

I just found this in the docs site though. TLDR; It's just a build-time env var, they're not available at image runtime. So they're naturally "secret", neat.

https://buildpacks.io/docs/for-platform-operators/how-to/integrate-ci/pack/cli/pack_build/#options

  -e, --env stringArray              Build-time environment variable, in the form 'VAR=VALUE' or 'VAR'.
                                     When using latter value-less form, value will be taken from current
                                       environment at the time this command is executed.
                                     This flag may be specified multiple times and will override
                                       individual values defined by --env-file.
                                     Repeat for each env in order (comma-separated lists not accepted)
                                     NOTE: These are NOT available at image runtime.

"--path", build_context)
end

def export(export_action)
return unless export_action == "registry"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the output option changes from #1357, support needed to be added for an export_action but it's a little different than docker buildx output behavior. I went with supporting a build and push behavior as the default and then if you specify anything other than registry it just doesn't push the image to the registry.

I don't believe there's additional options for the output format since pack build is just outputting the OCI image but @edmorley might have some ideas here.

Docker buildx output options: https://docs.docker.com/reference/cli/docker/buildx/build/#output

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! I'm not sure I quite follow the question (I've only skimmed the comments via email notifications) - but in case it helps, this is the only Pack CLI option relating to how the generated asset is handled:

      --publish                      Publish the application image directly to the container registry specified in <image-name>, instead of the daemon. The run image must also reside in the registry.


combine \
docker(:push, config.absolute_image),
docker(:push, config.latest_image)
end

def platform
"linux/#{local_arches.first}"
end

def buildpacks
(pack_buildpacks << "paketo-buildpacks/image-labels").map { |buildpack| [ "--buildpack", buildpack ] }
end
end
12 changes: 12 additions & 0 deletions lib/kamal/configuration/builder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ def cached?
!!builder_config["cache"]
end

def pack?
!!builder_config["pack"]
end

def args
builder_config["args"] || {}
end
Expand All @@ -85,6 +89,14 @@ def driver
builder_config.fetch("driver", "docker-container")
end

def pack_builder
builder_config["pack"]["builder"] if pack?
end

def pack_buildpacks
builder_config["pack"]["buildpacks"] if pack?
end

def local_disabled?
builder_config["local"] == false
end
Expand Down
14 changes: 13 additions & 1 deletion lib/kamal/configuration/docs/builder.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
#
# Options go under the builder key in the root configuration.
builder:

# Arch
#
# The architectures to build for — you can set an array or just a single value.
Expand All @@ -31,6 +30,19 @@ builder:
# Defaults to true:
local: true

# Buildpack configuration
#
# The build configuration for using pack to build a Cloud Native Buildpack image.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add mention of project.toml to set your excluded options. https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/

Copy link
Contributor Author

@nickhammond nickhammond Oct 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I was thinking about this and removing context: "." it doesn't matter as much since it's using the git clone. The exclusion list is really only relevant when you're using "." as your build context.

#
# For additional buildpack customization options you can create a project descriptor
# file(project.toml) that the Pack CLI will automatically use.
# See https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/ for more information.
pack:
builder: heroku/builder:24
buildpacks:
- heroku/ruby
- heroku/procfile

# Builder cache
#
# The type must be either 'gha' or 'registry'.
Expand Down
2 changes: 2 additions & 0 deletions lib/kamal/configuration/validator/builder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ def validate!

error "Builder arch not set" unless config["arch"].present?

error "buildpacks only support building for one arch" if config["pack"] && config["arch"].is_a?(Array) && config["arch"].size > 1

error "Cannot disable local builds, no remote is set" if config["local"] == false && config["remote"].blank?
end
end
26 changes: 26 additions & 0 deletions test/commands/builder_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,32 @@ class CommandsBuilderTest < ActiveSupport::TestCase
builder.push.join(" ")
end

test "target pack when pack is set" do
builder = new_builder_command(image: "dhh/app", builder: { "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })
assert_equal "pack", builder.name
assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end

test "pack build args passed as env" do
builder = new_builder_command(image: "dhh/app", builder: { "args" => { "a" => 1, "b" => 2 }, "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })

assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --env a=\"1\" --env b=\"2\" --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end

test "pack build secrets as env" do
with_test_secrets("secrets" => "token_a=foo\ntoken_b=bar") do
builder = new_builder_command(image: "dhh/app", builder: { "secrets" => [ "token_a", "token_b" ], "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })

assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --env token_a=\"foo\" --env token_b=\"bar\" --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end
end

test "cloud builder" do
builder = new_builder_command(builder: { "arch" => [ "#{local_arch}" ], "driver" => "cloud docker-org-name/builder-name" })
assert_equal "cloud", builder.name
Expand Down
17 changes: 17 additions & 0 deletions test/configuration/builder_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,23 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
assert_equal false, config.builder.remote?
end

test "pack?" do
assert_not config.builder.pack?
end

test "pack? with pack builder" do
@deploy[:builder] = { "arch" => "arm64", "pack" => { "builder" => "heroku/builder:24" } }

assert config.builder.pack?
end

test "pack details" do
@deploy[:builder] = { "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } }

assert_equal "heroku/builder:24", config.builder.pack_builder
assert_equal [ "heroku/ruby", "heroku/procfile" ], config.builder.pack_buildpacks
end

test "remote" do
assert_nil config.builder.remote
end
Expand Down
1 change: 1 addition & 0 deletions test/configuration/validation_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ class ConfigurationValidationTest < ActiveSupport::TestCase
assert_error "builder/arch: should be an array or a string", builder: { "arch" => {} }
assert_error "builder/args: should be a hash", builder: { "args" => [ "foo" ] }
assert_error "builder/cache/options: should be a string", builder: { "cache" => { "options" => [] } }
assert_error "builder: buildpacks only support building for one arch", builder: { "arch" => [ "amd64", "arm64" ], "pack" => { "builder" => "heroku/builder:24" } }
end

private
Expand Down