dockerfile-parse icon indicating copy to clipboard operation
dockerfile-parse copied to clipboard

Published 20 hours ago verified publisher icon containerbuildsystem

Support parsing individual commands?

Open PeterJCLaw opened this issue 1 year ago • 1 comments

Thanks for this project, it looks like it could be useful. I found it while looking for something which could parse out the files from the host system which the Dockerfile actually reads. While I can see that this library supports extracting the body of a command from its instruction (i.e: COPY separate from --chmod foo:bar things/ /var/things/) I couldn't see anything beyond that. Is this something which might be in scope for this project in future, or is that layer deliberately left to the user?

PeterJCLaw avatar Jan 22 '24 16:01 PeterJCLaw

Ah, just found https://pypi.org/project/dockerfile/ which might suit my needs better. (Sharing in case others find themselves here)

PeterJCLaw avatar Jan 22 '24 16:01 PeterJCLaw

parse out the files from the host system which the Dockerfile actually reads

@PeterJCLaw did you put together your tool and care to share? I eventually decided to do this for myself entirely in Go, function getDockerfileDeps in scripts/buildinputs/dockerfile.go

  • https://github.com/opendatahub-io/notebooks/pull/800

jiridanek avatar Dec 09 '24 12:12 jiridanek

No, I ended up not parsing the Dockerfile and relying on manually tracking the relevant files. Greater chance of error but simpler overall.

(This was part of https://github.com/PeterJCLaw/lazy-docker-build-push-action in case that's of interest)

PeterJCLaw avatar Dec 09 '24 21:12 PeterJCLaw

manually tracking the relevant files. Greater chance of error but simpler overall.

This can be kept in check with sandboxing. The sandboxed build will fail if you forget to specify a file that is actually used. (BUT. In case a whole directory is being COPYd in the docker build and you specify only some of the necessary files from under that directory, they will be missing in the build and you will get errors at runtime when something needs the individual file. That's the problem with this strategy.)

Here's my reimplementation of Bazel's (https://bazel.build) most trivial sandboxing strategy. It simply copies the files that should be visible in the build context into a temporary directory and runs the build from the temp dir as its new context. https://bazel.build/docs/sandboxing

  • https://github.com/PeterJCLaw/lazy-docker-build-push-action/pull/2

jiridanek avatar Dec 10 '24 13:12 jiridanek

I am sorry for the late response here @PeterJCLaw, project is in the maintenance currently, but it looks like you found a better solution for your case, feel free to close this issue. Thank you

lkolacek avatar Dec 13 '24 13:12 lkolacek