search

containers / buildah

A tool that facilitates building OCI images.
https://buildah.io
Apache License 2.0
7.38k stars 780 forks source link

Heredoc: buildah processes `ARG` and `ENV` in heredoc content while buildkit does not. #5213

Open flouthoc opened 11 months ago

flouthoc commented 11 months ago

From what I can see that buildah correctly process ARG and ENV from --build-arg in heredoc content if variables are not escaped while buildkit does not and this is inconsistent, I'd like to fix this ( looks like easy fix ) but before fixing I think maintainers can give a quick look and share there opinion if buildkit has bug or not.

FROM alpine
ENV 100="Should not show in line"
RUN cat <<\EOF
$100
EOF

Buildah's output

STEP 1/3: FROM alpine
STEP 2/3: ENV 100="Should not show in line"
STEP 3/3: RUN cat <<\EOF
Should not show in line
COMMIT test
Getting image source signatures
Copying blob 9fe9a137fd00 skipped: already exists  
Copying blob 0158acdc0dbc done   | 
Copying config c1e87a88e5 done   | 
Writing manifest to image destination
--> c1e87a88e584
Successfully tagged localhost/test:latest
c1e87a88e584889ad532f709f6439c26cc5ef3f8f7b6db8742d21924b678eb6c

Buildkit's output

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 143B done
#1 DONE 0.1s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.1s

#3 resolve image config for docker.io/docker/dockerfile:1.3-labs
#3 DONE 0.0s

#4 docker-image://docker.io/docker/dockerfile:1.3-labs
#4 CACHED

#5 [internal] load build definition from Dockerfile
#5 DONE 0.0s

#6 [internal] load .dockerignore
#6 DONE 0.0s

#7 [internal] load metadata for docker.io/library/alpine:latest
#7 DONE 0.0s

#8 [1/2] FROM docker.io/library/alpine
#8 CACHED

#9 [2/2] RUN cat <<EOF
#9 0.301 $100
#9 DONE 0.4s

#10 exporting to image
#10 exporting layers
#10 exporting layers 0.5s done
#10 writing image sha256:c9ebabe374e2df3d39386e8cd52f5a6cea699a62841ef06e78bb4475ee98f4bd 0.0s done
#10 naming to docker.io/library/test done

There is a discrepancy, I'm creating this issue to discuss if buildah should match buildkit's output or not. The fix is relatively easy.

eyezak commented 8 months ago

It appears this is an issue in openshift/imagebuilder, and can be seen in both podman and buildah.

TomSweeneyRedHat commented 8 months ago

@flouthoc any thoughts?

flouthoc commented 8 months ago

@TomSweeneyRedHat Yes I created this issue for more visibility as I am confused about which behaviour is more correct here , is it buildah or buildkit. In past we have identified some behaviours as bugs in buildkit so I just want to be sure before I create a fix for this.

@nalind any thoughts on this behavior ?