Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add pack option to the builder options for cloud native buildpacks #916

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
897b3b4
Add a pack option to the builder options
nickhammond Aug 28, 2024
826308a
Clean things up via Rubocop
nickhammond Aug 28, 2024
d0ffb85
Utilize repository name for pack name
nickhammond Sep 4, 2024
24f4308
Catch up with main
nickhammond Sep 6, 2024
ae68193
pack arch no longer needed, update builder name in tests
nickhammond Sep 6, 2024
2c5f2a7
Don't need to inspect the builder if pack
nickhammond Sep 6, 2024
548452a
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 17, 2024
85a5a09
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 22, 2024
e252004
Use argumentize for secrets with pack
nickhammond Sep 24, 2024
7174174
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 27, 2024
f7147e0
Merge branch 'basecamp:main' into buildpacks
nickhammond Sep 27, 2024
c601241
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 1, 2024
dda8efe
Point to project.toml in docs
nickhammond Oct 1, 2024
5482052
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 2, 2024
89b4415
Ensure build args and secrets are used with pack
nickhammond Oct 2, 2024
1d55c59
Add in pack builder inspect for configured builder
nickhammond Oct 14, 2024
4822a9d
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 14, 2024
d538447
Add validator for buildpack arch
nickhammond Oct 17, 2024
145b73c
Add a no-op remove method for pack
nickhammond Oct 17, 2024
1ebc8b8
Merge branch 'basecamp:main' into buildpacks
nickhammond Oct 17, 2024
cde5c7a
Catch up with main
nickhammond Oct 28, 2024
8354fbe
Merge branch 'buildpacks' of github.com:nickhammond/kamal into buildp…
nickhammond Oct 28, 2024
9ac3d57
Add default creation time to now for image
nickhammond Oct 30, 2024
9f6660d
Catch up with main
nickhammond Nov 26, 2024
d249b9a
Merge branch 'basecamp:main' into buildpacks
nickhammond Jan 5, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions lib/kamal/commands/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ def docker(*args)
args.compact.unshift :docker
end

def pack(*args)
args.compact.unshift :pack
end

def git(*args, path: nil)
[ :git, *([ "-C", path ] if path), *args.compact ]
end
Expand Down
7 changes: 6 additions & 1 deletion lib/kamal/commands/builder.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

class Kamal::Commands::Builder < Kamal::Commands::Base
delegate :create, :remove, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
delegate :local?, :remote?, to: "config.builder"
delegate :local?, :remote?, :pack?, to: "config.builder"

include Clone

Expand All @@ -17,6 +17,8 @@ def target
else
remote
end
elsif pack?
pack
else
local
end
Expand All @@ -34,6 +36,9 @@ def hybrid
@hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
end

def pack
@pack ||= Kamal::Commands::Builder::Pack.new(config)
end

def ensure_local_dependencies_installed
if name.native?
Expand Down
1 change: 1 addition & 0 deletions lib/kamal/commands/builder/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class BuilderError < StandardError; end
delegate :argumentize, to: Kamal::Utils
delegate \
:args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
:pack?, :pack_builder, :pack_buildpacks,
:cache_from, :cache_to, :ssh, :provenance, :sbom, :driver, :docker_driver?,
to: :builder_config

Expand Down
35 changes: 35 additions & 0 deletions lib/kamal/commands/builder/pack.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
class Kamal::Commands::Builder::Pack < Kamal::Commands::Builder::Base
def push
combine \
pack(:build,
config.repository,
"--platform", platform,
"--creation-time", "now",
"--builder", pack_builder,
buildpacks,
"-t", config.absolute_image,
"-t", config.latest_image,
"--env", "BP_IMAGE_LABELS=service=#{config.service}",
*argumentize("--env", args),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With docker, build args are passed as --build-arg and with Kamal you set them via:

  args:
    ENVIRONMENT: production

You'd still set "build args" with pack via the same args section but they ultimately get passed as --env to the pack command. Trying to reduce confusion of when to use env/arg if you're testing out your builds.

*argumentize("--env", secrets, sensitive: true),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is using environment variables the standard way to get secrets into a buildpack?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@djmb Yes, they only have the --env flag.

I just tested building with a few secrets because I was concerned they'd end up in the final image but they don't.

I just found this in the docs site though. TLDR; It's just a build-time env var, they're not available at image runtime. So they're naturally "secret", neat.

https://buildpacks.io/docs/for-platform-operators/how-to/integrate-ci/pack/cli/pack_build/#options

  -e, --env stringArray              Build-time environment variable, in the form 'VAR=VALUE' or 'VAR'.
                                     When using latter value-less form, value will be taken from current
                                       environment at the time this command is executed.
                                     This flag may be specified multiple times and will override
                                       individual values defined by --env-file.
                                     Repeat for each env in order (comma-separated lists not accepted)
                                     NOTE: These are NOT available at image runtime.

"--path", build_context),
docker(:push, config.absolute_image),
docker(:push, config.latest_image)
end

def remove;end
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're not actually creating anything with the buildpack setup so there isn't anything to remove. Should we still puts something out to the user?


def info
pack :builder, :inspect, pack_builder
end
alias_method :inspect_builder, :info

private
def platform
"linux/#{local_arches.first}"
Copy link
Contributor Author

@nickhammond nickhammond Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pack only supports building for one platform, make it obvious in docs

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add a validation for this in Kamal::Configuration::Validator::Builder.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@djmb Added a validation for this.

end

def buildpacks
(pack_buildpacks << "paketo-buildpacks/image-labels").map { |buildpack| [ "--buildpack", buildpack ] }
nickhammond marked this conversation as resolved.
Show resolved Hide resolved
end
end
12 changes: 12 additions & 0 deletions lib/kamal/configuration/builder.rb
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ def cached?
!!builder_config["cache"]
end

def pack?
!!builder_config["pack"]
end

def args
builder_config["args"] || {}
end
Expand All @@ -81,6 +85,14 @@ def driver
builder_config.fetch("driver", "docker-container")
end

def pack_builder
builder_config["pack"]["builder"] if pack?
end

def pack_buildpacks
builder_config["pack"]["buildpacks"] if pack?
end

def local_disabled?
builder_config["local"] == false
end
Expand Down
14 changes: 13 additions & 1 deletion lib/kamal/configuration/docs/builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
#
# Options go under the builder key in the root configuration.
builder:

# Arch
#
# The architectures to build for — you can set an array or just a single value.
Expand All @@ -31,6 +30,19 @@ builder:
# Defaults to true:
local: true

# Buildpack configuration
#
# The build configuration for using pack to build a Cloud Native Buildpack image.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add mention of project.toml to set your excluded options. https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/

Copy link
Contributor Author

@nickhammond nickhammond Oct 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I was thinking about this and removing context: "." it doesn't matter as much since it's using the git clone. The exclusion list is really only relevant when you're using "." as your build context.

#
# For additional buildpack customization options you can create a project descriptor
# file(project.toml) that the Pack CLI will automatically use.
# See https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/ for more information.
pack:
builder: heroku/builder:24
buildpacks:
- heroku/ruby
- heroku/procfile

# Builder cache
#
# The type must be either 'gha' or 'registry'.
Expand Down
2 changes: 2 additions & 0 deletions lib/kamal/configuration/validator/builder.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ def validate!

error "Builder arch not set" unless config["arch"].present?

error "buildpacks only support building for one arch" if config["pack"] && config["arch"].is_a?(Array) && config["arch"].size > 1

error "Cannot disable local builds, no remote is set" if config["local"] == false && config["remote"].blank?
end
end
26 changes: 26 additions & 0 deletions test/commands/builder_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,32 @@ class CommandsBuilderTest < ActiveSupport::TestCase
builder.push.join(" ")
end

test "target pack when pack is set" do
builder = new_builder_command(image: "dhh/app", builder: { "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })
assert_equal "pack", builder.name
assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end

test "pack build args passed as env" do
builder = new_builder_command(image: "dhh/app", builder: { "args" => { "a" => 1, "b" => 2 }, "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })

assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --env a=\"1\" --env b=\"2\" --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end

test "pack build secrets as env" do
with_test_secrets("secrets" => "token_a=foo\ntoken_b=bar") do
builder = new_builder_command(image: "dhh/app", builder: { "secrets" => [ "token_a", "token_b" ], "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } })

assert_equal \
"pack build dhh/app --platform linux/amd64 --creation-time now --builder heroku/builder:24 --buildpack heroku/ruby --buildpack heroku/procfile --buildpack paketo-buildpacks/image-labels -t dhh/app:123 -t dhh/app:latest --env BP_IMAGE_LABELS=service=app --env token_a=\"foo\" --env token_b=\"bar\" --path . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end
end

test "build args" do
builder = new_builder_command(builder: { "args" => { "a" => 1, "b" => 2 } })
assert_equal \
Expand Down
17 changes: 17 additions & 0 deletions test/configuration/builder_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,23 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
assert_equal false, config.builder.remote?
end

test "pack?" do
assert_not config.builder.pack?
end

test "pack? with pack builder" do
@deploy[:builder] = { "arch" => "arm64", "pack" => { "builder" => "heroku/builder:24" } }

assert config.builder.pack?
end

test "pack details" do
@deploy[:builder] = { "arch" => "amd64", "pack" => { "builder" => "heroku/builder:24", "buildpacks" => [ "heroku/ruby", "heroku/procfile" ] } }

assert_equal "heroku/builder:24", config.builder.pack_builder
assert_equal [ "heroku/ruby", "heroku/procfile" ], config.builder.pack_buildpacks
end

test "remote" do
assert_nil config.builder.remote
end
Expand Down
1 change: 1 addition & 0 deletions test/configuration/validation_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ class ConfigurationValidationTest < ActiveSupport::TestCase
assert_error "builder/arch: should be an array or a string", builder: { "arch" => {} }
assert_error "builder/args: should be a hash", builder: { "args" => [ "foo" ] }
assert_error "builder/cache/options: should be a string", builder: { "cache" => { "options" => [] } }
assert_error "builder: buildpacks only support building for one arch", builder: { "arch" => [ "amd64", "arm64" ], "pack" => { "builder" => "heroku/builder:24" } }
end

private
Expand Down
Loading