[pull] master from moby:master #4
Open
+927,006
−406,662
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
BoltDB - Fix the freelist.allocs isn't rollbacked when a tx is rollbacked. CMD - Add -gobench-output option for bench command to adapt to benchstat. Other - Bump go version to 1.22.x. - This patch also added dmflakey package, which can be reused by other projects. See #812. full diff: etcd-io/bbolt@v1.3.10...v1.3.11 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: golang/sys@v0.24.0...v0.25.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
no changes in vendored code full diff: golang/text@v0.17.0...v0.18.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: golang/crypto@v0.26.0...v0.27.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
no changes in vendored code full diff: golang/net@v0.28.0...v0.29.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: golang/mod@v0.20.0...v0.21.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: golang/tools@v0.24.0...v0.25.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: cespare/xxhash@v2.2.0...v2.3.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: protocolbuffers/protobuf-go@v1.33.0...v1.34.1 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor assorted dependencies in preparation of BuildKit v0.17
…endency This test was originally used to test the experimental `--stream` option with the classic builder. This feature was removed in Docker 20.10 through 6ca3ec8, which also disabled the test (adding a note to rewrite the test for BuildKit). The above is 5 years ago, and we now run the BuildKit integration tests as part of our CI, which (I assume) should cover this functionality. Removing this test, as it depends on github.com/tonistiigi/fsutil, which does not have a stable API, and frequently cannot be updated independently from BuildKit. Also adding a linter-rule to prevent it from accidentally being imported; errdefs/defs.go:3:8: import 'github.com/tonistiigi/fsutil' is not allowed from list 'main': The fsutil module does not have a stable API, so we should not have a direct dependency unless necessary. (depguard) import _ "github.com/tonistiigi/fsutil" ^ Signed-off-by: Sebastiaan van Stijn <[email protected]>
We had a few "runaway jobs" recently, where the job got stuck, and kept running for 6 hours (in one case even 24 hours, probably due some github outage). Some of those jobs could not be terminated. While running these actions on public repositories doesn't cost us, it's still not desirable to have jobs running for that long (as they can still hold up the queue). This patch adds a blanket "2 hours" time-limit to all jobs that didn't have a limit set. We should look at tweaking those limits to actually expected duration, but having a default at least is a start. Also changed the position of some existing timeouts so that we have a consistent order in which it's set; making it easier to spot locations where no limit is defined. Signed-off-by: Sebastiaan van Stijn <[email protected]>
…WithSession integration/build: remove TestBuildWithSession, and fsutil direct dependency
gha: add guardrails timeouts on all jobs
Accidentally introduced in 6b7e278 Signed-off-by: Sebastiaan van Stijn <[email protected]>
gha: remove stray double empty line
Without containerd store enabled, we were discarding underlying errors,
and instead informing the user that `--platform` is not suported;
docker pull --quiet --platform=linux/riscv64 alpine:latest
docker image push --platform=linux/amd64 alpine:latest
Error response from daemon: graphdriver backed image store doesn't support multiplatform images
However, that's not the case; platform filtering works, but if the image
is not the right platform, the push fails (which is the same as would
happen with the containerd image store enabled).
docker image push --platform=linux/amd64 alpine:latest
Error response from daemon: image with reference docker.io/library/alpine:latest was found but does not match the specified platform: wanted linux/amd64, actual: linux/riscv64
When specifying the platform and that platform matches, it finds the image,
and the push continue;
docker image push --platform=linux/riscv64 alpine:latest
The push refers to repository [docker.io/library/alpine]
3fd4750fd687: Layer already exists
...
(The above example obviously fails because I don't have permissions to
push official images).
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Slightly touching up the error message, because the "wanted/actual" output
felt too much like a assertion failure in a test-case.
- Format the image-reference using "familiar" format, which shows the
image's short name for official images.
- Move the actual and requested platforms to be a part of the sentence,
but within braces.
Before this patch:
docker image push --platform=linux/amd64 alpine:latest
Error response from daemon: image with reference docker.io/library/alpine:latest was found but does not match the specified platform: wanted linux/amd64, actual: linux/riscv64
With this patch:
docker image push --platform=linux/amd64 alpine:latest
Error response from daemon: image with reference alpine:latest was found but its platform (linux/riscv64) does not match the specified platform (linux/amd64)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
TestAttachDisconnectLeak starts its own daemon with iptables disabled, but disabling ip6tables was missed when we enabled ip6tables by default. TestNetworkStateCleanupOnDaemonStart also starts its own daemon, with iptables and ip6tables both enabled. It isn't trying to test anything iptables related. These tests run in parallel, so they both modify ip6tables in the host namespace - and could break each other by adding/removing chains at awkward moments. Disable iptables and ip6tables in both tests. Signed-off-by: Rob Murray <[email protected]>
- Changed "match" to "provide", in an attempt to indicate that the image is
a multi-platform image that doesn't contain the given platform.
- Remove the "wanted" and instead make the requested platforms to be a part
of the sentence, but within braces.
Before this patch:
docker pull --quiet --platform=linux/riscv64 alpine:latest
docker image history --platform=linux/amd64 alpine
Error response from daemon: image with reference alpine:latest was found but does not match the specified platform: wanted linux/nosuch
With this patch:
docker pull --quiet --platform=linux/riscv64 alpine:latest
docker image history --platform=linux/amd64 alpine
Error response from daemon: image with reference alpine:latest was found but does not provide the specified platform (linux/amd64)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…rrors
The platform was printed in its raw format, which didn't produce a very
readable output;
Before this change:
$ docker image save --platform=linux/amd64 -o alpine_amd64.tar alpine:latest
Error response from daemon: no suitable export target found for platform linux/amd64: no suitable image manifest found for platform {amd64 linux [] }
After this change:
$ docker image save --platform=linux/amd64 -o alpine_amd64.tar alpine:latest
Error response from daemon: no suitable export target found: image with reference alpine:latest was found but does not provide the specified platform (linux/amd64)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…n-tests Disable iptables/ip6tables in two tests to remove conflict
Use `pools.Copy` for archive file copy operations
full diff: - moby/buildkit@v0.16.0...v0.17.0-rc1 - tonistiigi/fsutil@91a3fc4...3f140a1 - golang/exp@9b4947d...701f63a Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor: github.com/moby/buildkit v0.17.0-rc1
We had a couple of runs where these jobs got stuck and github actions didn't allow terminating them, so that they were only terminated after 120 minutes. These jobs usually complete in 5 minutes, so let's give them a shorter timeout. 20 minutes should be enough (don't @ me). Signed-off-by: Sebastiaan van Stijn <[email protected]>
internal/safepath: log some unhandled errors, and remove workaround for ECI / Sysbox
Multiple images with the same repository name but different tag caused the `RepoDigests` to contain duplicated entries for each of the image. Deduplicate the slice before setting the `RepoDigests` field. Signed-off-by: Paweł Gronowski <[email protected]>
Signed-off-by: jinjiadu <[email protected]>
volume/mounts: minor linting issues, touch-ups, and improve test-coverage
remove deprecated pkg/longpath.Prefix, pkg/directory
c8d/inspect: Fix duplicate RepoDigests
volume/service: use local driver as default for anonymous volumes
Temporarily remove firewallds jobs. These are actually not running firewalld due to a typo in GHA definitions. Moreover, these new jobs are putting too much load on the CI, causing GHA cache backend to return 429 for many jobs. This slows down build jobs (as they can't use existing cache), and at least one buildkit test is now failing. This reverts commit 4e567e1. Signed-off-by: Albin Kerouanton <[email protected]>
Revert "ci: run integration tests with firewalld enabled"
chore: fix some function names
vendor: go.opentelemetry.io/otel v1.28.0, go.opentelemetry.io/contrib v0.53.0
full diff: kubernetes-sigs/yaml@v1.3.0...v1.4.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
- full diff: microsoft/hcsshim@v0.12.5...v0.12.7 Signed-off-by: Sebastiaan van Stijn <[email protected]>
commit 77fe35b added a warning if the "volumeDriver" option was used in combination with --mount. That change put the warning in the CLI, which should not have to handle this logic. Let's move it to the daemon as we have a warnings response in the container create response. The warning is gated by API version, so that older clients can continue to produce the warning client-side. Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor: github.com/Microsoft/hcsshim v0.12.7
Signed-off-by: Tonis Tiigi <[email protected]>
In 27.x and earlier releases libnetwork's database file was in a sub-directory "network/files" under the daemon's root data dir. That part of the path got lost in commit ed08486 So, libnet data ended up in the daemon's main Bolt db. Then, on upgrade, config in the original file was no longer accessible. libnet doesn't need access to any data outside its sub-dir, so change the meaning of its OptionDataDir - it now points at libnet's sub-dir, so the db will be created in the right place. Also, update other uses of that data dir to match. Signed-off-by: Rob Murray <[email protected]>
Restore 27.x path for libnet's Bolt database
The OCI image spec now has the platform as field, so we can just set it directly now. Signed-off-by: Sebastiaan van Stijn <[email protected]>
vendor: update buildkit to v0.17.0-rc2
full diff: - containerd/containerd@v1.7.22...v1.7.23 - microsoft/hcsshim@v0.12.7...v0.12.8 Signed-off-by: Sebastiaan van Stijn <[email protected]>
It only removed the test host's libnet Bolt db file, and didn't need to do that because the tests use a TempDir for it. Signed-off-by: Rob Murray <[email protected]>
…rectly builder-next: exporter: emptyImageConfig: use platform directly
container create: add warning for volumeDriver together with mounts
hack/unit: Rerun failed flaky libnetwork tests
Remove libnetwork_test.TestMain
Registry host configuration cleanup
Signed-off-by: Tonis Tiigi <[email protected]>
vendor: update buildkit to v0.17.0
vendor: github.com/containerd/containerd v1.7.23, hcsshim v0.12.8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )