Update `DockerApi` and `Builder` to support export of images with a
specified platform. This prevents 'NotFound: content digest sha256:'
errors when building an amd64 image on an arm64 machine.
Fixes gh-46665
Update `DockerApi` so that the URL uses version `v1.50` whenever
possible. Prior to this commit, `v1.24` was often used which breaks
recent Docker installs due to the dropping of API version v1.43 and
below.
If the actual API version running is less than `v1.50`, but greater
than the minimum required for the API call, it will be used instead.
This hopefully means that older versions of Docker will continue to
work as they did previously.
Fixes gh-48050
Prior to this commit, performing a build on a ARM Mac with the default
configuration and then building it again with the image platform set to
`linux/amd64` results in an "Image platform mismatch detected" failure.
This is due to the fact that `docker inspect` returns JSON for the
default platform, regardless of the fact that another architecture
has been pulled.
To solve the issue, the `inspect` API call on Docker 1.49+ can now
accept a platform query parameter which when specified returns platform
specific JSON.
At the time of this commit, the Docker API documentation hasn't been
updated, despite PR https://github.com/moby/moby/pull/49586 being
merged.
In addition to using the correct inspect JSON, we also need to pin
the run image we use to a specific digest. Without doing this,
buildpacks revert back to the default platform image and
"content digest not found" errors are thrown (similar to
https://github.com/buildpacks/docs/issues/818).
See gh-47292
Signed-off-by: hojooo <ghwn5833@gmail.com>
Refine error handling logic so that HTTP 407 (Proxy Authentication
Required) responses from the Docker daemon are treated as plain
text rather than JSON.
See gh-47180
Signed-off-by: Siva Sai Udayagiri <udayagirishivasai@gmail.com>
Before this commit, the credential helper used the serverUrl from
the Map.Entry<String,Auth> as a fallback. However, the helper only uses
the email from the auths.
See gh-45345
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Add `DockerRegistryAuthentication` implementation that uses standard
Docker config to authenticate requests.
Prior to this commit, we only supported username/password and token
based authentication. This commit allows authentication based on
the contents of the Docker configuration file, including support
for executing credential helpers.
See gh-45269
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Co-authored-by: Phillip Webb <phil.webb@broadcom.com>
Update `DockerConfigurationMetadata` with support for `credsStore`,
`credHelpers` and `auth` sections. These values will be required to
support credential helper based authentication.
See gh-45269
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Relate `DockerConfiguration` from `...platform.docker` to
`...platform.build` since it contains build specific concepts.
This commit also refactors a few other areas of the code to make it
easier to support credential helpers in the future.
Closes gh-45283
Update `EphemeralBuilder` so that it adds an additional layer that
containing an empty application (aka workspace) directory owned by
the build user.
Prior to this commit, the directory was only bound. This could cause
issues on Podman where, unlike Docker, the bound directory is owned
by `root`.
Fixes gh-45233
Before this commit, if the status code was 4xx or 500, we tried to read the errors
object, consuming the http entity. When we tried to deserialize the message,
the http entity was already consumed, an IOException has been thrown and null
is returned for the message.
Now, we read the content in a byte[] and deserialize the errors and the message
from that. This ensures that we can read both the errors and the message.
Closes gh-44628
This commit introduces a new constructor in `DockerApi`
that accepts `DockerLogger` as a parameter.
The `DockerLogger` is a pretty simple callback interface used to
provide DockerApi output logging.
See gh-44412
Signed-off-by: Dmytro Nosan <dimanosan@gmail.com>
Phillip Webb
Dmytro Nosan
Stéphane Nicoll
hojooo
SSUday
Vincent Potucek
Andy Wilkinson
Johnny Lim
Moritz Halbritter
Yanming Zhou
youngjin_dev