huoxue1
/
build-push-action
mirror of https://github.com/docker/build-push-action.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #97 from useblacksmith/02-10-_bind_to_localhost_over_TCP_instead_of_using_a_unix_socket 

*: bind to localhost over TCP instead of using a unix socket
This commit is contained in:
Aditya Maru 2025-02-10 23:07:46 -05:00 committed by GitHub
parent 6ff8522817 1390f95565
commit ca7f4ddd0c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 37 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

33
package-lock.json generated
View File

@ -8,7 +8,7 @@
"license": "Apache-2.0",
"dependencies": {
"@actions/core": "^1.10.1",
"@buf/blacksmith_vm-agent.connectrpc_es": "^1.6.1-20241220192643-e85a9caa965d.2",
"@buf/blacksmith_vm-agent.connectrpc_es": "^1.6.1-20250209182455-7d83cfb8ddb1.2",
"@connectrpc/connect": "^1.6.1",
"@connectrpc/connect-node": "^1.6.1",
"@docker/actions-toolkit": "0.37.1",
@ -2304,17 +2304,38 @@
"dev": true
},
"node_modules/@buf/blacksmith_vm-agent.bufbuild_es": {
"version": "1.10.0-20241220192643-e85a9caa965d.1",
"resolved": "https://buf.build/gen/npm/v1/@buf/blacksmith_vm-agent.bufbuild_es/-/blacksmith_vm-agent.bufbuild_es-1.10.0-20241220192643-e85a9caa965d.1.tgz",
"version": "1.10.0-20250209182455-7d83cfb8ddb1.1",
"resolved": "https://buf.build/gen/npm/v1/@buf/blacksmith_vm-agent.bufbuild_es/-/blacksmith_vm-agent.bufbuild_es-1.10.0-20250209182455-7d83cfb8ddb1.1.tgz",
"dependencies": {
"@buf/googleapis_googleapis.bufbuild_es": "1.10.0-20250203201857-83c0f6c19b2f.1"
},
"peerDependencies": {
"@bufbuild/protobuf": "^1.10.0"
}
},
"node_modules/@buf/blacksmith_vm-agent.connectrpc_es": {
"version": "1.6.1-20241220192643-e85a9caa965d.2",
"resolved": "https://buf.build/gen/npm/v1/@buf/blacksmith_vm-agent.connectrpc_es/-/blacksmith_vm-agent.connectrpc_es-1.6.1-20241220192643-e85a9caa965d.2.tgz",
"version": "1.6.1-20250209182455-7d83cfb8ddb1.2",
"resolved": "https://buf.build/gen/npm/v1/@buf/blacksmith_vm-agent.connectrpc_es/-/blacksmith_vm-agent.connectrpc_es-1.6.1-20250209182455-7d83cfb8ddb1.2.tgz",
"dependencies": {
"@buf/blacksmith_vm-agent.bufbuild_es": "1.10.0-20241220192643-e85a9caa965d.1"
"@buf/blacksmith_vm-agent.bufbuild_es": "1.10.0-20250209182455-7d83cfb8ddb1.1",
"@buf/googleapis_googleapis.connectrpc_es": "1.6.1-20250203201857-83c0f6c19b2f.2"
},
"peerDependencies": {
"@connectrpc/connect": "^1.6.1"
}
},
"node_modules/@buf/googleapis_googleapis.bufbuild_es": {
"version": "1.10.0-20250203201857-83c0f6c19b2f.1",
"resolved": "https://buf.build/gen/npm/v1/@buf/googleapis_googleapis.bufbuild_es/-/googleapis_googleapis.bufbuild_es-1.10.0-20250203201857-83c0f6c19b2f.1.tgz",
"peerDependencies": {
"@bufbuild/protobuf": "^1.10.0"
}
},
"node_modules/@buf/googleapis_googleapis.connectrpc_es": {
"version": "1.6.1-20250203201857-83c0f6c19b2f.2",
"resolved": "https://buf.build/gen/npm/v1/@buf/googleapis_googleapis.connectrpc_es/-/googleapis_googleapis.connectrpc_es-1.6.1-20250203201857-83c0f6c19b2f.2.tgz",
"dependencies": {
"@buf/googleapis_googleapis.bufbuild_es": "1.10.0-20250203201857-83c0f6c19b2f.1"
},
"peerDependencies": {
"@connectrpc/connect": "^1.6.1"

2
package.json
View File

@ -27,7 +27,7 @@
"packageManager": "yarn@3.6.3",
"dependencies": {
"@actions/core": "^1.10.1",
"@buf/blacksmith_vm-agent.connectrpc_es": "^1.6.1-20241220192643-e85a9caa965d.2",
"@buf/blacksmith_vm-agent.connectrpc_es": "^1.6.1-20250209182455-7d83cfb8ddb1.2",
"@connectrpc/connect": "^1.6.1",
"@connectrpc/connect-node": "^1.6.1",
"@docker/actions-toolkit": "0.37.1",

30
src/setup_builder.ts
View File

@ -5,6 +5,8 @@ import {promisify} from 'util';
import * as TOML from '@iarna/toml';
import * as reporter from './reporter';
// Constants for configuration.
const BUILDKIT_DAEMON_ADDR = 'tcp://127.0.0.1:1234';
const mountPoint = '/var/lib/buildkit';
const execAsync = promisify(exec);
@ -54,7 +56,7 @@ async function writeBuildkitdTomlFile(parallelism: number): Promise<void> {
const jsonConfig: TOML.JsonMap = {
root: '/var/lib/buildkit',
grpc: {
address: ['unix:///run/buildkit/buildkitd.sock']
address: [BUILDKIT_DAEMON_ADDR]
},
registry: {
'docker.io': {
@ -96,9 +98,7 @@ async function writeBuildkitdTomlFile(parallelism: number): Promise<void> {
async function startBuildkitd(parallelism: number): Promise<string> {
try {
await writeBuildkitdTomlFile(parallelism);
await execAsync('sudo mkdir -p /run/buildkit');
await execAsync('sudo chmod 755 /run/buildkit');
const addr = 'unix:///run/buildkit/buildkitd.sock';
const addr = BUILDKIT_DAEMON_ADDR;
const logStream = fs.createWriteStream('buildkitd.log');
const buildkitd = spawn('sudo', ['buildkitd', '--debug', '--addr', addr, '--allow-insecure-entitlement', 'security.insecure', '--config=buildkitd.toml', '--allow-insecure-entitlement', 'network.host'], {
@ -190,29 +190,13 @@ export async function startAndConfigureBuildkitd(parallelism: number): Promise<s
const buildkitdAddr = await startBuildkitd(parallelism);
core.debug(`buildkitd daemon started at addr ${buildkitdAddr}`);
// Change permissions on the buildkitd socket to allow non-root access
const startTime = Date.now();
const timeout = buildkitdTimeoutMs;
while (Date.now() - startTime < timeout) {
if (fs.existsSync('/run/buildkit/buildkitd.sock')) {
// Change permissions on the buildkitd socket to allow non-root access
await execAsync(`sudo chmod 666 /run/buildkit/buildkitd.sock`);
break;
}
await new Promise(resolve => setTimeout(resolve, 1000)); // Poll every 100ms
}
if (!fs.existsSync('/run/buildkit/buildkitd.sock')) {
throw new Error('buildkitd socket not found after 30s timeout');
}
// Check that buildkit instance is ready by querying workers for up to 30s
const startTimeBuildkitReady = Date.now();
const timeoutBuildkitReady = buildkitdTimeoutMs;
while (Date.now() - startTimeBuildkitReady < timeoutBuildkitReady) {
try {
const {stdout} = await execAsync('sudo buildctl debug workers');
const {stdout} = await execAsync(`sudo buildctl --addr ${BUILDKIT_DAEMON_ADDR} debug workers`);
const lines = stdout.trim().split('\n');
if (lines.length > 1) {
// Check if we have output lines beyond the header
@ -226,7 +210,7 @@ export async function startAndConfigureBuildkitd(parallelism: number): Promise<s
// Final check after timeout.
try {
const {stdout} = await execAsync('sudo buildctl debug workers');
const {stdout} = await execAsync(`sudo buildctl --addr ${BUILDKIT_DAEMON_ADDR} debug workers`);
const lines = stdout.trim().split('\n');
if (lines.length <= 1) {
throw new Error('buildkit workers not ready after 15s timeout');
@ -254,7 +238,7 @@ export async function startAndConfigureBuildkitd(parallelism: number): Promise<s
export async function pruneBuildkitCache(): Promise<void> {
try {
const fourteenDaysInHours = 14 * 24;
await execAsync(`sudo buildctl prune --keep-duration ${fourteenDaysInHours}h --all`);
await execAsync(`sudo buildctl --addr ${BUILDKIT_DAEMON_ADDR} prune --keep-duration ${fourteenDaysInHours}h --all`);
core.debug('Successfully pruned buildkit cache');
} catch (error) {
core.warning(`Error pruning buildkit cache: ${error.message}`);