Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add image user option #1266

Merged
merged 1 commit into from
Oct 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/reference/ko_apply.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ ko apply -f FILENAME [flags]
--image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest.
--image-label strings Which labels (key=value[,key=value]) to add to the image.
--image-refs string Path to file where a list of the published image references will be written.
--image-user string The default user the image should be run as.
--insecure-registry Whether to skip TLS verification on the registry
-j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS)
-L, --local Load into images to local docker daemon.
Expand Down
1 change: 1 addition & 0 deletions docs/reference/ko_build.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ ko build IMPORTPATH... [flags]
--image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest.
--image-label strings Which labels (key=value[,key=value]) to add to the image.
--image-refs string Path to file where a list of the published image references will be written.
--image-user string The default user the image should be run as.
--insecure-registry Whether to skip TLS verification on the registry
-j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS)
-L, --local Load into images to local docker daemon.
Expand Down
1 change: 1 addition & 0 deletions docs/reference/ko_create.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ ko create -f FILENAME [flags]
--image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest.
--image-label strings Which labels (key=value[,key=value]) to add to the image.
--image-refs string Path to file where a list of the published image references will be written.
--image-user string The default user the image should be run as.
--insecure-registry Whether to skip TLS verification on the registry
-j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS)
-L, --local Load into images to local docker daemon.
Expand Down
1 change: 1 addition & 0 deletions docs/reference/ko_resolve.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ ko resolve -f FILENAME [flags]
--image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest.
--image-label strings Which labels (key=value[,key=value]) to add to the image.
--image-refs string Path to file where a list of the published image references will be written.
--image-user string The default user the image should be run as.
--insecure-registry Whether to skip TLS verification on the registry
-j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS)
-L, --local Load into images to local docker daemon.
Expand Down
1 change: 1 addition & 0 deletions docs/reference/ko_run.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ ko run IMPORTPATH [flags]
--image-annotation strings Which annotations (key=value[,key=value]) to add to the OCI manifest.
--image-label strings Which labels (key=value[,key=value]) to add to the image.
--image-refs string Path to file where a list of the published image references will be written.
--image-user string The default user the image should be run as.
--insecure-registry Whether to skip TLS verification on the registry
-j, --jobs int The maximum number of concurrent builds (default GOMAXPROCS)
-L, --local Load into images to local docker daemon.
Expand Down
7 changes: 7 additions & 0 deletions pkg/build/gobuild.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ type gobuild struct {
dir string
labels map[string]string
annotations map[string]string
user string
debug bool
semaphore *semaphore.Weighted

Expand All @@ -129,6 +130,7 @@ type gobuildOpener struct {
platforms []string
labels map[string]string
annotations map[string]string
user string
dir string
jobs int
debug bool
Expand All @@ -151,6 +153,7 @@ func (gbo *gobuildOpener) Open() (Interface, error) {
return &gobuild{
ctx: gbo.ctx,
getBase: gbo.getBase,
user: gbo.user,
creationTime: gbo.creationTime,
kodataCreationTime: gbo.kodataCreationTime,
build: gbo.build,
Expand Down Expand Up @@ -1172,6 +1175,10 @@ func (g *gobuild) buildOne(ctx context.Context, refStr string, base v1.Image, pl
cfg.Config.Labels[k] = v
}

if g.user != "" {
cfg.Config.User = g.user
}

empty := v1.Time{}
if g.creationTime != empty {
cfg.Created = g.creationTime
Expand Down
14 changes: 14 additions & 0 deletions pkg/build/gobuild_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -846,6 +846,7 @@ func TestGoBuild(t *testing.T) {
WithLabel("hello", "world"),
WithAnnotation("fizz", "buzz"),
WithAnnotation("goodbye", "world"),
WithUser("1234:1234"),
WithPlatforms("all"),
)
if err != nil {
Expand Down Expand Up @@ -921,6 +922,19 @@ func TestGoBuild(t *testing.T) {
t.Fatalf("Annotations diff (-got,+want): %s", d)
}
})

t.Run("check user", func(t *testing.T) {
cfg, err := img.ConfigFile()
if err != nil {
t.Fatalf("ConfigFile() = %v", err)
}

want := "1234:1234"
got := cfg.Config.User
if got != want {
t.Fatalf("User: %s != %s", want, got)
}
})
}

func TestGoBuild_Defaults(t *testing.T) {
Expand Down
8 changes: 8 additions & 0 deletions pkg/build/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,14 @@ func WithAnnotation(k, v string) Option {
}
}

// WithUser is a functional option for overriding the user in the image config.
func WithUser(user string) Option {
return func(gbo *gobuildOpener) error {
gbo.user = user
return nil
}
}

// withBuilder is a functional option for overriding the way go binaries
// are built.
func withBuilder(b builder) Option {
Expand Down
3 changes: 3 additions & 0 deletions pkg/commands/options/build.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ type BuildOptions struct {
Platforms []string
Labels []string
Annotations []string
User string
Debug bool
// UserAgent enables overriding the default value of the `User-Agent` HTTP
// request header used when retrieving the base image.
Expand Down Expand Up @@ -98,6 +99,8 @@ func AddBuildOptions(cmd *cobra.Command, bo *BuildOptions) {
"Which labels (key=value[,key=value]) to add to the image.")
cmd.Flags().StringSliceVar(&bo.Annotations, "image-annotation", []string{},
"Which annotations (key=value[,key=value]) to add to the OCI manifest.")
cmd.Flags().StringVar(&bo.User, "image-user", "",
"The default user the image should be run as.")
cmd.Flags().BoolVar(&bo.Debug, "debug", bo.Debug,
"Include Delve debugger into image and wrap around ko-app. This debugger will listen to port 40000.")
bo.Trimpath = true
Expand Down
4 changes: 4 additions & 0 deletions pkg/commands/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,10 @@ func gobuildOptions(bo *options.BuildOptions) ([]build.Option, error) {
opts = append(opts, build.WithAnnotation(k, v))
}

if bo.User != "" {
opts = append(opts, build.WithUser(bo.User))
}

if bo.BuildConfigs != nil {
opts = append(opts, build.WithConfig(bo.BuildConfigs))
}
Expand Down