Don't expand RUN heredocs ourselves, let the shell do it

When handling RUN instructions that use heredoc syntax, don't bother interpolating environment variables and argument values, and let the command that's running handle it. Signed-off-by: Nalin Dahyabhai <[email protected]>
containers · Apr 12, 2024 · b25d215 · b25d215
1 parent e6dbe4a
commit b25d215
Show file tree

Hide file tree

Showing 36 changed files with 632 additions and 313 deletions.
diff --git a/docker/types.go b/docker/types.go
@@ -60,9 +60,10 @@ type HealthConfig struct {
  Test []string `json:",omitempty"`
 
  // Zero means to inherit. Durations are expressed as integer nanoseconds.
- Interval time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
- Timeout time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
- StartPeriod time.Duration `json:",omitempty"` // Time to wait after the container starts before running the first check.
+ Interval time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+ Timeout time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+ StartPeriod time.Duration `json:",omitempty"` // Time to wait after the container starts before running the first check.
+ StartInterval time.Duration `json:",omitempty"` // Time to wait between checks during the StartPeriod.
 
  // Retries is the number of consecutive failures needed to consider a container as unhealthy.
  // Zero means inherit.

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/containers/buildah
 
-go 1.20
+go 1.21
 
 require (
  github.com/containerd/containerd v1.7.13
@@ -12,9 +12,9 @@ require (
  github.com/containers/storage v1.53.1-0.20240411065836-1fd0dc1d20e5
  github.com/cyphar/filepath-securejoin v0.2.4
  github.com/docker/distribution v2.8.3+incompatible
- github.com/docker/docker v25.0.5+incompatible
+ github.com/docker/docker v26.0.0+incompatible
  github.com/docker/go-units v0.5.0
- github.com/fsouza/go-dockerclient v1.10.1
+ github.com/fsouza/go-dockerclient v1.11.0
  github.com/hashicorp/go-multierror v1.1.1
  github.com/mattn/go-shellwords v1.0.12
  github.com/moby/buildkit v0.12.5
@@ -26,7 +26,7 @@ require (
  github.com/opencontainers/runtime-spec v1.2.0
  github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc
  github.com/opencontainers/selinux v1.11.0
- github.com/openshift/imagebuilder v1.2.6
+ github.com/openshift/imagebuilder v1.2.9-0.20240412111210-e9038003ac83
  github.com/seccomp/libseccomp-golang v0.10.0
  github.com/sirupsen/logrus v1.9.3
  github.com/spf13/cobra v1.8.0
@@ -88,7 +88,7 @@ require (
  github.com/godbus/dbus/v5 v5.1.0 // indirect
  github.com/gogo/protobuf v1.3.2 // indirect
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
  github.com/google/go-cmp v0.6.0 // indirect
  github.com/google/go-containerregistry v0.19.0 // indirect
  github.com/google/go-intervals v0.0.2 // indirect
@@ -110,6 +110,7 @@ require (
  github.com/miekg/pkcs11 v1.1.1 // indirect
  github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
  github.com/mitchellh/mapstructure v1.5.0 // indirect
+ github.com/moby/docker-image-spec v1.3.1 // indirect
  github.com/moby/patternmatcher v0.6.0 // indirect
  github.com/moby/sys/mountinfo v0.7.1 // indirect
  github.com/moby/sys/sequential v0.5.0 // indirect

diff --git a/go.sum b/go.sum
diff --git a/tests/conformance/conformance_test.go b/tests/conformance/conformance_test.go
@@ -3102,6 +3102,13 @@ var internalTestCases = []testCase{
  contextDir: "multistage/copyback",
  dockerUseBuildKit: true,
  },
+
+ {
+ name: "heredoc-quoting",
+ dockerfile: "Dockerfile.heredoc-quoting",
+ dockerUseBuildKit: true,
+ fsSkip: []string{"(dir):etc:(dir):hostname"}, // buildkit does not create a phantom /etc/hostname
+ },
 }
 
 func TestCommit(t *testing.T) {

diff --git a/tests/conformance/testdata/Dockerfile.heredoc-quoting b/tests/conformance/testdata/Dockerfile.heredoc-quoting
@@ -0,0 +1,215 @@
+FROM busybox
+ARG argA=argvA
+ENV varA=valueA
+
+# An argument, an environment variable, and one set in the heredoc
+RUN <<EOF
+varB=valueB
+touch /run-argA=$argA.unquoted1.txt
+touch /run-varA=$varA.unquoted1.txt
+touch /run-varB=$varB.unquoted1.txt
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+RUN <<EOF
+varB=valueB
+touch /run-argA="$argA".unquoted2.txt
+touch /run-varA="$varA".unquoted2.txt
+touch /run-varB="$varB".unquoted2.txt
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+RUN <<EOF
+varA=valueA2
+varB=valueB
+touch /run-argA="$argA".unquoted3.txt
+touch /run-varA="$varA".unquoted3.txt
+touch /run-varB="$varB".unquoted3.txt
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+RUN <<EOF
+argA=argvA2
+varA=valueA2
+varB=valueB
+touch /run-argA="$argA".unquoted4.txt
+touch /run-varA="$varA".unquoted4.txt
+touch /run-varB="$varB".unquoted4.txt
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+RUN <<"EOF"
+varB=valueB
+touch /run-argA=$argA.quoted1.txt
+touch /run-varA=$varA.quoted1.txt
+touch /run-varB=$varB.quoted1.txt
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+RUN <<"EOF"
+varB=valueB
+touch /run-argA="$argA".quoted2.txt
+touch /run-varA="$varA".quoted2.txt
+touch /run-varB="$varB".quoted2.txt
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+RUN <<"EOF"
+varA=valueA2
+varB=valueB
+touch /run-argA="$argA".quoted3.txt
+touch /run-varA="$varA".quoted3.txt
+touch /run-varB="$varB".quoted3.txt
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+RUN <<"EOF"
+argA=argvA2
+varA=valueA2
+varB=valueB
+touch /run-argA="$argA".quoted4.txt
+touch /run-varA="$varA".quoted4.txt
+touch /run-varB="$varB".quoted4.txt
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+COPY <<EOF /copy-unquoted1.txt
+varB=valueB
+touch /argA=$argA
+touch /varA=$varA
+touch /varB=$varB
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+COPY <<EOF /copy-unquoted2.txt
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+COPY <<EOF /copy-unquoted3.txt
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+COPY <<EOF /copy-unquoted4.txt
+argA=argvA2
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+COPY <<"EOF" /copy-quoted1.txt
+varB=valueB
+argA=$argA
+varA=$varA
+varB=$varB
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+COPY <<"EOF" /copy-quoted2.txt
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+COPY <<"EOF" /copy-quoted3.txt
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+COPY <<"EOF" /copy-quoted4.txt
+argA=argvA2
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+ADD <<EOF /add-unquoted1.txt
+varB=valueB
+touch /argA=$argA
+touch /varA=$varA
+touch /varB=$varB
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+ADD <<EOF /add-unquoted2.txt
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+ADD <<EOF /add-unquoted3.txt
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+ADD <<EOF /add-unquoted4.txt
+argA=argvA2
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+ADD <<"EOF" /add-quoted1.txt
+varB=valueB
+argA=$argA
+varA=$varA
+varB=$varB
+EOF
+
+# An argument, an environment variable, and one set in the heredoc
+ADD <<"EOF" /add-quoted2.txt
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An argument, an environment variable overridden in the heredoc, and one set in the heredoc
+ADD <<"EOF" /add-quoted3.txt
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+# An overridden argument, an environment variable overridden in the heredoc, and one set in the heredoc
+ADD <<"EOF" /add-quoted4.txt
+argA=argvA2
+varA=valueA2
+varB=valueB
+argA="$argA"
+varA="$varA"
+varB="$varB"
+EOF
+
+RUN touch -r /etc/passwd /*.txt
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml