Documentation
¶
Overview ¶
Package dockerfile implements utilities related to Dockerfile processing.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadAndResolve ¶
LoadAndResolve implements high-level logic of resolving tags in a Dockerfile using a database loaded from a Pins YAML file.
'dockefile' must point to some existing Dockerfile on disk. It will be loaded, its body passed through Resolve(...) function, and returned.
'pins' should either point to a Pins YAML (see Pins struct), or should be an empty string (in which case the Dockerfile MUST use digests only, so there's nothing to resolve).
func Resolve ¶
Resolve returns a copy of the Dockerfile with image tags resolved to concrete digests.
Understands only the following constructs currently:
- FROM <image> [AS <name>] (assumes "latest" tag)
- FROM <image>[:<tag>] [AS <name>] (resolves the given tag)
- FROM <image>[@<digest>] [AS <name>] (passes the definition through)
In particular does not understand ARGs, e.g. "FROM base:${CODE_VERSION}" is not supported. Returns an error with unrecognized line in this case.
Returns the body of the resolved docker file.
Types ¶
type Pin ¶
type Pin struct {
Comment string `yaml:"comment,omitempty"` // arbitrary string, for humans
Image string `yaml:"image"` // required
Tag string `yaml:"tag,omitempty"` // default is "latest"
Digest string `yaml:"digest"` // required
Freeze string `yaml:"freeze,omitempty"` // if set, don't update in pins-update
}
Pin is a single "(image name, tag) => digest" pin.
func IsMissingPinErr ¶
IsMissingPinErr returns true if 'err' is an error produced by ResolveTag.
It may be wrapped. Returns a pin that ResolveTag was unable to resolve.
func NormalizePin ¶
NormalizePin returns a copy of 'p' with defaults populated.
Expands abbreviated image names into full references,
func PinFromString ¶
PinFromString takes <image>[:<tag>] reference and converts it to Pin struct.
type Pins ¶
type Pins struct {
Pins []Pin `yaml:"pins"`
}
Pins is a mapping (image name, tag) => digest.
func (*Pins) Visit ¶
Visit calls 'cb' concurrently for all pins.
The callback can mutate any pin fields except Image and Tag (doing so will panic).
Calls the callback even for pins that are marked as frozen. The callback should handle this itself (e.g. by logging and skipping them).
Returns a multi-error with all errors that happened.
type Resolver ¶
type Resolver interface {
// ResolveTag resolves a single image tag into a digest.
//
// 'image' and 'tag' here come from "FROM <image>[:<tag>]" line in
// the Dockerfile verbatim, except 'tag' is set to "latest" if using the brief
// "FROM <image>" form and 'image' is never "scratch" ("FROM scratch" lines
// are treated as magical).
//
// The result is expected to be "sha256:<hex>". The "FROM" line will be
// transformed into "FROM <image>@<digest> ...".
ResolveTag(image, tag string) (digest string, err error)
}
Resolver knows how to resolve (image, tag) pairs into an image digest.
Source Files