Merge branch 'main' into mafredri/fix-workspace-folder-clone-path

Author: mafredri

README.md

@@ -82,19 +82,11 @@ docker run -it --rm
 
 You can see all the supported environment variables in [this document](./docs/env-variables.md).
 
-## Unsupported Features
-
 ### Development Containers
 
-The table below keeps track of features we plan to implement. Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you'd like Envbuilder to support a particular feature.
+[This document](./docs/devcontainer-spec-support.md) keeps track of what parts of the Dev Container specification Envbuilder currently supports.
 
-| Name                     | Description                                                                                                   | Known Issues                                           |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
-| Volume mounts            | Volumes are used to persist data and share directories between the host and container.                        | [#220](https://github.com/coder/envbuilder/issues/220) |
-| Port forwarding          | Port forwarding allows exposing container ports to the host, making services accessible.                      | [#48](https://github.com/coder/envbuilder/issues/48)   |
-| Script init & Entrypoint | `init` adds a tiny init process to the container, and `entrypoint` sets a script to run at container startup. | [#221](https://github.com/coder/envbuilder/issues/221) |
-| Customizations           | Product-specific properties, e.g., _VS Code_ settings and extensions.                                         | [#43](https://github.com/coder/envbuilder/issues/43)   |
-| Composefile              | Define multiple containers and services for more complex development environments.                            | [#236](https://github.com/coder/envbuilder/issues/236) |
+Feel free to [create a new issue](https://github.com/coder/envbuilder/issues/new) if you'd like Envbuilder to support a particular feature.
 
 ### Devfile
 

docs/devcontainer-spec-support.md

@@ -18,6 +18,7 @@
 | `--docker-config-base64` | `ENVBUILDER_DOCKER_CONFIG_BASE64` |  | The base64 encoded Docker config file that will be used to pull images from private container registries. When this is set, Docker configuration set via the DOCKER_CONFIG environment variable is ignored. |
 | `--fallback-image` | `ENVBUILDER_FALLBACK_IMAGE` |  | Specifies an alternative image to use when neither an image is declared in the devcontainer.json file nor a Dockerfile is present. If there's a build failure (from a faulty Dockerfile) or a misconfiguration, this image will be the substitute. Set ExitOnBuildFailure to true to halt the container if the build faces an issue. |
 | `--exit-on-build-failure` | `ENVBUILDER_EXIT_ON_BUILD_FAILURE` |  | Terminates the container upon a build failure. This is handy when preferring the FALLBACK_IMAGE in cases where no devcontainer.json or image is provided. However, it ensures that the container stops if the build process encounters an error. |
+| `--exit-on-push-failure` | `ENVBUILDER_EXIT_ON_PUSH_FAILURE` |  | ExitOnPushFailure terminates the container upon a push failure. This is useful if failure to push the built image should abort execution and result in an error. |
 | `--force-safe` | `ENVBUILDER_FORCE_SAFE` |  | Ignores any filesystem safety checks. This could cause serious harm to your system! This is used in cases where bypass is needed to unblock customers. |
 | `--insecure` | `ENVBUILDER_INSECURE` |  | Bypass TLS verification when cloning and pulling from container registries. |
 | `--ignore-paths` | `ENVBUILDER_IGNORE_PATHS` |  | The comma separated list of paths to ignore when building the workspace. |

docs/env-variables.md

@@ -7,3 +7,6 @@ Envbuilder always expects to be run as `root` in its container, as building an i
 Envbuilder will first attempt to switch to the `containerUser` defined `devcontainer.json`.
 If this is not specified, it will look up the last `USER` directive from the specified `Dockerfile` or image.
 If no alternative user is specified, Envbuilder will fallback to `root`.
+
+When installing Devcontainer Features, Envbuilder will add a directive `USER ${remoteUser}` directive directly after the feature installation directives.
+If `remoteUser` is not defined, it will default to `containerUser`.

docs/users.md

@@ -583,10 +583,13 @@ func run(ctx context.Context, opts options.Options, execArgs *execArgsInfo) erro
 			endStage("🏗️ Built image!")
 			if opts.PushImage {
 				endStage = startStage("🏗️ Pushing image...")
-				if err := executor.DoPush(image, kOpts); err != nil {
+				if err := executor.DoPush(image, kOpts); err == nil {
+					endStage("🏗️ Pushed image!")
+				} else if !opts.ExitOnPushFailure {
+					endStage("⚠️️ Failed to push image!")
+				} else {
 					return nil, xerrors.Errorf("do push: %w", err)
 				}
-				endStage("🏗️ Pushed image!")
 			}
 
 			return image, err

envbuilder.go

@@ -1971,9 +1971,10 @@ RUN date --utc > /root/date.txt`, testImageAlpine),
 		_, err = remote.Image(ref, remoteAuthOpt)
 		require.ErrorContains(t, err, "NAME_UNKNOWN", "expected image to not be present before build + push")
 
-		// When: we run envbuilder with PUSH_IMAGE set
+		// When: we run envbuilder with PUSH_IMAGE and EXIT_ON_PUSH_FAILURE set
 		_, err = runEnvbuilder(t, runOpts{env: append(opts,
 			envbuilderEnv("PUSH_IMAGE", "1"),
+			envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
 		)})
 		// Then: it should fail with an Unauthorized error
 		require.ErrorContains(t, err, "401 Unauthorized", "expected unauthorized error using no auth when cache repo requires it")
@@ -2166,7 +2167,7 @@ RUN date --utc > /root/date.txt`, testImageAlpine),
 		require.ErrorContains(t, err, "--cache-repo must be set when using --push-image")
 	})
 
-	t.Run("PushErr", func(t *testing.T) {
+	t.Run("PushErr/ExitOnPushFail", func(t *testing.T) {
 		t.Parallel()
 
 		srv := gittest.CreateGitServer(t, gittest.Options{
@@ -2196,12 +2197,50 @@ RUN date --utc > /root/date.txt`, testImageAlpine),
 			envbuilderEnv("GIT_URL", srv.URL),
 			envbuilderEnv("CACHE_REPO", notRegURL),
 			envbuilderEnv("PUSH_IMAGE", "1"),
+			envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
 		}})
 
 		// Then: envbuilder should fail with a descriptive error
 		require.ErrorContains(t, err, "failed to push to destination")
 	})
 
+	t.Run("PushErr/NoExitOnPushFail", func(t *testing.T) {
+		t.Parallel()
+
+		srv := gittest.CreateGitServer(t, gittest.Options{
+			Files: map[string]string{
+				".devcontainer/Dockerfile": fmt.Sprintf(`FROM %s
+USER root
+ARG WORKDIR=/
+WORKDIR $WORKDIR
+ENV FOO=bar
+RUN echo $FOO > /root/foo.txt
+RUN date --utc > /root/date.txt`, testImageAlpine),
+				".devcontainer/devcontainer.json": `{
+				"name": "Test",
+				"build": {
+					"dockerfile": "Dockerfile"
+				},
+			}`,
+			},
+		})
+
+		// Given: registry is not set up (in this case, not a registry)
+		notRegSrv := httptest.NewServer(http.NotFoundHandler())
+		notRegURL := strings.TrimPrefix(notRegSrv.URL, "http://") + "/test"
+
+		// When: we run envbuilder with PUSH_IMAGE set
+		_, err := runEnvbuilder(t, runOpts{env: []string{
+			envbuilderEnv("GIT_URL", srv.URL),
+			envbuilderEnv("CACHE_REPO", notRegURL),
+			envbuilderEnv("PUSH_IMAGE", "1"),
+			envbuilderEnv("EXIT_ON_PUSH_FAILURE", "0"),
+		}})
+
+		// Then: envbuilder should not fail
+		require.NoError(t, err)
+	})
+
 	t.Run("CacheAndPushDevcontainerFeatures", func(t *testing.T) {
 		t.Parallel()
 
@@ -2443,8 +2482,13 @@ func pushImage(t *testing.T, ref name.Reference, remoteOpt remote.Option, env ..
 	if remoteOpt != nil {
 		remoteOpts = append(remoteOpts, remoteOpt)
 	}
-
-	_, err := runEnvbuilder(t, runOpts{env: append(env, envbuilderEnv("PUSH_IMAGE", "1"))})
+	opts := runOpts{
+		env: append(env,
+			envbuilderEnv("PUSH_IMAGE", "1"),
+			envbuilderEnv("EXIT_ON_PUSH_FAILURE", "1"),
+		),
+	}
+	_, err := runEnvbuilder(t, opts)
 	require.NoError(t, err, "envbuilder push image failed")
 
 	img, err := remote.Image(ref, remoteOpts...)

integration/integration_test.go

@@ -78,6 +78,10 @@ type Options struct {
 	// devcontainer.json or image is provided. However, it ensures that the
 	// container stops if the build process encounters an error.
 	ExitOnBuildFailure bool
+	// ExitOnPushFailure terminates the container upon a push failure. This is
+	// useful if failure to push the built image should abort execution
+	// and result in an error.
+	ExitOnPushFailure bool
 	// ForceSafe ignores any filesystem safety checks. This could cause serious
 	// harm to your system! This is used in cases where bypass is needed to
 	// unblock customers.
@@ -308,6 +312,14 @@ func (o *Options) CLI() serpent.OptionSet {
 				"no devcontainer.json or image is provided. However, it ensures " +
 				"that the container stops if the build process encounters an error.",
 		},
+		{
+			Flag:  "exit-on-push-failure",
+			Env:   WithEnvPrefix("EXIT_ON_PUSH_FAILURE"),
+			Value: serpent.BoolOf(&o.ExitOnPushFailure),
+			Description: "ExitOnPushFailure terminates the container upon a push failure. " +
+				"This is useful if failure to push the built image should abort execution " +
+				"and result in an error.",
+		},
 		{
 			Flag:  "force-safe",
 			Env:   WithEnvPrefix("FORCE_SAFE"),

options/options.go

@@ -66,6 +66,11 @@ OPTIONS:
           image is provided. However, it ensures that the container stops if the
           build process encounters an error.
 
+      --exit-on-push-failure bool, $ENVBUILDER_EXIT_ON_PUSH_FAILURE
+          ExitOnPushFailure terminates the container upon a push failure. This
+          is useful if failure to push the built image should abort execution
+          and result in an error.
+
       --export-env-file string, $ENVBUILDER_EXPORT_ENV_FILE
           Optional file path to a .env file where envbuilder will dump
           environment variables from devcontainer.json and the built container