balena-cli/lib/utils/docker-coffee.coffee
Paulo Castro 225408c57d Add "build secrets" and "build variables" support for push/build/deploy
to/on/via balena devices

Change-type: minor
Signed-off-by: Paulo Castro <paulo@balena.io>
2019-07-15 16:23:35 +01:00

203 lines
6.1 KiB
CoffeeScript

###*
# @license
# Copyright 2017-2019 Balena Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
# Functions to help actions which rely on using docker
Promise = require('bluebird')
_ = require('lodash')
# Use this function to seed an action's list of capitano options
# with the docker options. Using this interface means that
# all functions using docker will expose the same interface
#
# NOTE: Care MUST be taken when using the function, so as to
# not redefine/override options already provided.
exports.appendConnectionOptions = appendConnectionOptions = (opts) ->
opts.concat [
{
signature: 'docker'
parameter: 'docker'
description: 'Path to a local docker socket (e.g. /var/run/docker.sock)'
alias: 'P'
},
{
signature: 'dockerHost'
parameter: 'dockerHost'
description: 'Docker daemon hostname or IP address (dev machine or balena device) '
alias: 'h'
},
{
signature: 'dockerPort'
parameter: 'dockerPort'
description: 'Docker daemon TCP port number (hint: 2375 for balena devices)'
alias: 'p'
},
{
signature: 'ca'
parameter: 'ca'
description: 'Docker host TLS certificate authority file'
},
{
signature: 'cert'
parameter: 'cert'
description: 'Docker host TLS certificate file'
},
{
signature: 'key'
parameter: 'key'
description: 'Docker host TLS key file'
},
]
# Use this function to seed an action's list of capitano options
# with the docker options. Using this interface means that
# all functions using docker will expose the same interface
#
# NOTE: Care MUST be taken when using the function, so as to
# not redefine/override options already provided.
exports.appendOptions = (opts) ->
appendConnectionOptions(opts).concat [
{
signature: 'tag'
parameter: 'tag'
description: 'The alias to the generated image'
alias: 't'
},
{
signature: 'buildArg'
parameter: 'arg'
description: 'Set a build-time variable (eg. "-B \'ARG=value\'"). Can be specified multiple times.'
alias: 'B'
},
{
signature: 'nocache'
description: "Don't use docker layer caching when building"
boolean: true
},
{
signature: 'squash'
description: 'Squash newly built layers into a single new layer'
boolean: true
}
]
generateConnectOpts = (opts) ->
buildDockerodeOpts = require('dockerode-options')
fs = require('mz/fs')
_ = require('lodash')
Promise.try ->
connectOpts = {}
# Firsly need to decide between a local docker socket
# and a host available over a host:port combo
if opts.docker? and not opts.dockerHost?
# good, local docker socket
connectOpts.socketPath = opts.docker
else if opts.dockerHost? and not opts.docker?
# Good a host is provided, and local socket isn't
connectOpts.host = opts.dockerHost
connectOpts.port = opts.dockerPort || 2376
else if opts.docker? and opts.dockerHost?
# Both provided, no obvious way to continue
throw new Error("Both a local docker socket and docker host have been provided. Don't know how to continue.")
else if process.env.DOCKER_HOST
# If no explicit options are provided, use the env
connectOpts = buildDockerodeOpts(process.env.DOCKER_HOST)
else
# No options anywhere, assume default docker local socket
connectOpts.socketPath = '/var/run/docker.sock'
# Now need to check if the user wants to connect over TLS
# to the host
# If any are set...
if (opts.ca? or opts.cert? or opts.key?)
# but not all
if not (opts.ca? and opts.cert? and opts.key?)
throw new Error('You must provide a CA, certificate and key in order to use TLS')
certBodies = {
ca: fs.readFile(opts.ca, 'utf-8')
cert: fs.readFile(opts.cert, 'utf-8')
key: fs.readFile(opts.key, 'utf-8')
}
return Promise.props(certBodies)
.then (toMerge) ->
_.merge(connectOpts, toMerge)
return connectOpts
parseBuildArgs = (args) ->
_ = require('lodash')
if not _.isArray(args)
args = [ args ]
buildArgs = {}
args.forEach (arg) ->
# note: [^] matches any character, including line breaks
pair = /^([^\s]+?)=([^]*)$/.exec(arg)
if pair?
buildArgs[pair[1]] = pair[2] ? ''
else
throw new Error("Could not parse build argument: '#{arg}'")
return buildArgs
exports.generateBuildOpts = (options) ->
opts = {}
if options.tag?
opts.t = options.tag
if options.nocache?
opts.nocache = true
if options.squash?
opts.squash = true
if options.buildArg?
opts.buildargs = parseBuildArgs(options.buildArg)
if not _.isEmpty(options['registry-secrets'])
opts.registryconfig = options['registry-secrets']
return opts
exports.getDocker = (options) ->
generateConnectOpts(options)
.then(createClient)
.tap(ensureDockerSeemsAccessible)
getDockerToolbelt = _.once ->
Docker = require('docker-toolbelt')
Promise.promisifyAll Docker.prototype, {
filter: (name) -> name == 'run'
multiArgs: true
}
Promise.promisifyAll(Docker.prototype)
Promise.promisifyAll(new Docker({}).getImage().constructor.prototype)
Promise.promisifyAll(new Docker({}).getContainer().constructor.prototype)
return Docker
# docker-toolbelt v3 is not backwards compatible as it removes all *Async
# methods that are in wide use in the CLI. The workaround for now is to
# manually promisify the client and replace all `new Docker()` calls with
# this shared function that returns a promisified client.
#
# **New code must not use the *Async methods.**
#
exports.createClient = createClient = (opts) ->
Docker = getDockerToolbelt()
return new Docker(opts)
ensureDockerSeemsAccessible = (docker) ->
{ exitWithExpectedError } = require('./patterns')
docker.ping().catch ->
exitWithExpectedError('Docker seems to be unavailable. Is it installed and running?')