copy --parents silently ignores nonexistent paths

[blowfishpro]

I didn't see this clearly documented so reporting as an issue.

When using the new COPY --parents option (in labs), it will silently skip over files that do not exist.

Compare the following:

Without --parents:

# syntax=docker/dockerfile:1.7-labs
FROM scratch
COPY ./nonexistent-file /

results in:

ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref 520ef390-e014-48a2-bdd5-b7fb3e850763::43brx8ibsmqfjzdxft4n7es8p: "/nonexistent-file": not found

With --parents:

# syntax=docker/dockerfile:1.7-labs
FROM scratch AS parents
COPY --parents ./nonexistent-file /

Is successful even though the file doesn't exist.

From a quick read of the code, it appears to treat every source as a wildcard pattern with --parents even if it doesn't contain any wildcard characters. Wildcard paths that don't match anything are silently accepted with our without the --parents option. I do see a lot of historical issues and confusion relating to wildcards that don't match anything, but it seems like that aspect is intended behavior.

[tonistiigi]

cc @DYefimov

Looks bit unexpected indeed. It makes more sense with the internal API that is based on include patterns.

In case you would use pivot point COPY --parents a/b/./c/d then the a/b part of the code would be validated.

Additional question is what would happen with multiple paths. Or is the validation that if the pattern is not a wildcard then it needs to match.

Unfortunately, it looks like this requires a new LLB option and can't be fixed by just a frontend update.

[blowfishpro]

Broadly I would expect the same behavior with and without --parents with respect to what is validated.