Adding base image info as labels DockerV0 (#14788)

jcfiorenzano · ajinkya599 · web-flow · commit cdc83bb17057 · 2021-05-13T10:44:13.000+05:30
* Adding base image info as labels

* Simplifying testing

* Removed debugging message

* Using the the commons functions to annotate the base image info

* Fixed bad merge

* Removed unused import

* Updated the setup for tests

Co-authored-by: Ajinkya &lt;11447401+ajinkya599@users.noreply.github.com&gt;
diff --git a/Tasks/DockerV0/Strings/resources.resjson/en-US/resources.resjson b/Tasks/DockerV0/Strings/resources.resjson/en-US/resources.resjson
@@ -16,6 +16,8 @@
   "loc.input.help.action": "Select a Docker action.",
   "loc.input.label.dockerFile": "Docker File",
   "loc.input.help.dockerFile": "Path to the Dockerfile.",
+  "loc.input.label.addBaseImageData": "Add base image metadata to image(s)",
+  "loc.input.help.addBaseImageData": "By default base image data like base image name and digest are added which helps with traceability. You can opt out of this default behavior by using this input.",
   "loc.input.label.buildArguments": "Build Arguments",
   "loc.input.help.buildArguments": "Build-time variables for the Docker file. Specify each name=value pair on a new line.",
   "loc.input.label.defaultContext": "Use Default Build Context",
diff --git a/Tasks/DockerV0/Tests/L0.ts b/Tasks/DockerV0/Tests/L0.ts
@@ -21,6 +21,7 @@ describe('Docker Suite', function() {
         delete process.env[shared.TestEnvVars.additionalImageTags];
         delete process.env[shared.TestEnvVars.enforceDockerNamingConvention];
         delete process.env[shared.TestEnvVars.memory];
+        delete process.env[shared.TestEnvVars.addBaseImageData];
     });
     after(function () {
     });
@@ -29,6 +30,7 @@ describe('Docker Suite', function() {
         let tp = path.join(__dirname, 'TestSetup.js');
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -44,6 +46,7 @@ describe('Docker Suite', function() {
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.memory] = "2GB";
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -60,6 +63,7 @@ describe('Docker Suite', function() {
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.imageName] = 'test/Te st:2';
         process.env[shared.TestEnvVars.enforceDockerNamingConvention] = 'true';
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -76,6 +80,7 @@ describe('Docker Suite', function() {
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.imageName] = 'test/Te st:2';
         process.env[shared.TestEnvVars.enforceDockerNamingConvention] = 'false';
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -93,6 +98,7 @@ describe('Docker Suite', function() {
         process.env[shared.TestEnvVars.imageName] = 'test/Test:2';
         process.env[shared.TestEnvVars.additionalImageTags] = '6';
         process.env[shared.TestEnvVars.enforceDockerNamingConvention] = 'true';
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -109,6 +115,7 @@ describe('Docker Suite', function() {
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.includeLatestTag] = "true";
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -168,6 +175,7 @@ describe('Docker Suite', function() {
         let tp = path.join(__dirname, 'TestSetup.js');
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.pushImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -211,6 +219,7 @@ describe('Docker Suite', function() {
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.containerType] = shared.ContainerTypes.AzureContainerRegistry;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
@@ -227,10 +236,9 @@ describe('Docker Suite', function() {
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
         process.env[shared.TestEnvVars.containerType] = shared.ContainerTypes.AzureContainerRegistry;
         process.env[shared.TestEnvVars.qualifyImageName] = "true";
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
         
-        //console.log(tr.stdout);
-
         assert(tr.invokedToolCount == 1, 'should have invoked tool one times. actual: ' + tr.invokedToolCount);
         assert(tr.stderr.length == 0 || tr.errorIssues.length, 'should not have written to stderr');
         assert(tr.succeeded, 'task should have succeeded');
@@ -243,6 +251,7 @@ describe('Docker Suite', function() {
         let tp = path.join(__dirname, 'TestSetup.js');
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         tr.run();
 
         assert(tr.succeeded, 'task should have succeeded');
@@ -255,6 +264,7 @@ describe('Docker Suite', function() {
         let tp = path.join(__dirname, 'TestSetup.js');
         process.env[shared.TestEnvVars.imageName] = "testuser/standardbuild:11";
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         tr.run();
 
@@ -270,6 +280,38 @@ describe('Docker Suite', function() {
         let tp = path.join(__dirname, 'TestSetup.js');
         process.env[shared.TestEnvVars.imageName] = "testuser/buildkit:11";
         process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
+        let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
+        tr.run();
+
+        assert(tr.invokedToolCount == 1, 'should have invoked tool one time. actual: ' + tr.invokedToolCount);
+        assert(tr.stderr.length == 0 || tr.errorIssues.length, 'should not have written to stderr');
+        assert(tr.succeeded, 'task should have succeeded');
+        assert(tr.stdout.indexOf("set DOCKER_TASK_BUILT_IMAGES=6c3ada3eb420") != -1, "docker build should have stored the image id.")
+        console.log(tr.stderr);
+        done();
+    });
+
+    it('Docker build should add labels with base image info', (done:Mocha.Done) => {
+        let tp = path.join(__dirname, 'TestSetup.js');
+        process.env[shared.TestEnvVars.imageName] = "testuser/imagewithannotations:11";
+        process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
+        tr.run();
+
+        assert(tr.invokedToolCount == 3, 'should have invoked tool three time. actual: ' + tr.invokedToolCount);
+        assert(tr.stderr.length == 0 || tr.errorIssues.length, 'should not have written to stderr');
+        assert(tr.succeeded, 'task should have succeeded');
+        assert(tr.stdout.indexOf(`[command]docker build -f ${shared.formatPath("dir1/DockerFile")} -t testuser/imagewithannotations:11 ${shared.DockerCommandArgs.BuildLabels} --label ${shared.BaseImageLabels.name} --label ${shared.BaseImageLabels.digest}`) != -1, "docker build should run");
+        console.log(tr.stderr);
+        done();
+    });
+
+    it('Docker build should store the id of the image that was built with builkit.', (done:Mocha.Done) => {
+        let tp = path.join(__dirname, 'TestSetup.js');
+        process.env[shared.TestEnvVars.imageName] = "testuser/buildkit:11";
+        process.env[shared.TestEnvVars.action] = shared.ActionTypes.buildImage;
+        process.env[shared.TestEnvVars.addBaseImageData] = "false";
         let tr : ttm.MockTestRunner = new ttm.MockTestRunner(tp);
         tr.run();
 
diff --git a/Tasks/DockerV0/Tests/TestSetup.ts b/Tasks/DockerV0/Tests/TestSetup.ts
@@ -6,6 +6,7 @@ import * as shared from './TestShared';
 const DefaultWorkingDirectory: string = shared.formatPath("a/w");
 const ImageNamesPath = shared.formatPath("dir/image_names.txt");
 const DockerFilePath = shared.formatPath('dir1/DockerFile');
+const Dockerfile: string = `FROM ubuntu\nCMD ["echo","Hello World!"]`
 
 let taskPath = path.join(__dirname, '..', 'container.js');
 let tr: tmrm.TaskMockRunner = new tmrm.TaskMockRunner(taskPath);
@@ -24,12 +25,14 @@ tr.setInput('azureContainerRegistry', '{"loginServer":"ajgtestacr1.azurecr.io",
 tr.setInput('additionalImageTags', process.env[shared.TestEnvVars.additionalImageTags] || '');
 tr.setInput('enforceDockerNamingConvention', process.env[shared.TestEnvVars.enforceDockerNamingConvention]);
 tr.setInput('memory', process.env[shared.TestEnvVars.memory] || '');
+tr.setInput ('addBaseImageData', process.env[shared.TestEnvVars.addBaseImageData] || "true");
 
 console.log("Inputs have been set");
 
+process.env["SYSTEM_HOSTTYPE"] = "__hostType__";
 process.env["RELEASE_RELEASENAME"] = "Release-1";
 process.env["SYSTEM_DEFAULTWORKINGDIRECTORY"] =  DefaultWorkingDirectory;
-process.env["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"] = "https://abc.visualstudio.com/";
+process.env["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"] = shared.teamFoundationCollectionURI;
 process.env["SYSTEM_SERVERTYPE"] = "hosted";
 process.env["ENDPOINT_AUTH_dockerhubendpoint"] = "{\"parameters\":{\"username\":\"test\", \"password\":\"regpassword\", \"email\":\"test@microsoft.com\",\"registry\":\"https://index.docker.io/v1/\"},\"scheme\":\"UsernamePassword\"}";
 process.env["ENDPOINT_AUTH_SCHEME_AzureRMSpn"] = "ServicePrincipal";
@@ -76,27 +79,27 @@ let a = {
 // Add extra answer definitions that need to be dynamically generated
 a.exist[DockerFilePath] = true;
 
-a.exec[`docker build -f ${DockerFilePath} -t test/test:2`] = {
+a.exec[`docker build -f ${DockerFilePath} -t test/test:2 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "successfully build test/test:2 image"
 };
-a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -m 2GB`] = {
+a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -m 2GB ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "successfully build test/test:2 image"
 };
-a.exec[`docker build -f ${DockerFilePath} -t test/Te st:2`] = {
+a.exec[`docker build -f ${DockerFilePath} -t test/Te st:2 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 1,
     "stdout": "test/Te st:2 not valid imagename"
 };
-a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -t test/test`] = {
+a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -t test/test ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "successfully build test/test image with latest tag"
 };
-a.exec[`docker build -f ${DockerFilePath} -t ajgtestacr1.azurecr.io/test/test:2`] = {
+a.exec[`docker build -f ${DockerFilePath} -t ajgtestacr1.azurecr.io/test/test:2 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "successfully build ajgtestacr1.azurecr.io/test/test image with latest tag"
 };
-a.exec[`docker build -f ${DockerFilePath} -t ${shared.ImageNamesFileImageName}`] = {
+a.exec[`docker build -f ${DockerFilePath} -t ${shared.ImageNamesFileImageName} ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0
 };
 a.exec[`docker tag test/test:2 ajgtestacr1.azurecr.io/test/test:2`] = {
@@ -111,19 +114,38 @@ a.exec[`docker run --rm ${shared.ImageNamesFileImageName}`] = {
 a.exec[`docker push ${shared.ImageNamesFileImageName}:latest`] = {
     "code": 0
 };
-a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -t test/test:6`] = {
+a.exec[`docker build -f ${DockerFilePath} -t test/test:2 -t test/test:6 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "successfully build test/test:2 and test/test:6 image"
 };
-a.exec[`docker build -f ${DockerFilePath} -t testuser/standardbuild:11`] = {
+a.exec[`docker build -f ${DockerFilePath} -t testuser/standardbuild:11 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": "Successfully built c834e0094587\n Successfully tagged testuser/testrepo:11."
 };
-
-a.exec[`docker build -f ${DockerFilePath} -t testuser/buildkit:11`] = {
+a.exec[`docker build -f ${DockerFilePath} -t testuser/buildkit:11 ${shared.DockerCommandArgs.BuildLabels}`] = {
     "code": 0,
     "stdout": " => => writing image sha256:6c3ada3eb42094510e0083bba6ae805540e36c96871d7be0c926b2f8cbeea68c\n => => naming to docker.io/library/testuser/buildkit:11"
 };
+a.exec[`docker build -f ${DockerFilePath} -t testuser/imagewithannotations:11 ${shared.DockerCommandArgs.BuildLabels} --label ${shared.BaseImageLabels.name} --label ${shared.BaseImageLabels.digest}`] = {
+    "code": 0,
+    "stdout": "successfully built image and tagged testuser/imagewithannotations:11."
+};
+a.exec[`docker pull ${shared.BaseImageName}`] = {
+    "code":0,
+    "stdout": "Pull complete"
+};
+a.exec[`docker inspect ${shared.BaseImageName}`] = {
+    "code":0,
+    "stdout": `[{
+        "Id": "sha256:302aba9ce190db9e247d710f4794cc303b169035de2048e76b82c9edbddbef4e",
+        "RepoTags": [
+            "alpine:latest"
+        ],
+        "RepoDigests": [
+            "ubuntu@sha256:826f70e0ac33e99a72cf20fb0571245a8fee52d68cb26d8bc58e53bfa65dcdfa"
+        ]
+    }]`
+};
 tr.setAnswers(<any>a);
 
 // Create mock for fs module
@@ -133,6 +155,8 @@ fsClone.readFileSync = function(filePath, options) {
     switch (filePath) {
         case ImageNamesPath:
             return shared.ImageNamesFileImageName;
+        case DockerFilePath:
+            return Dockerfile;
         default:
             return fs.readFileSync(filePath, options);
     }
diff --git a/Tasks/DockerV0/Tests/TestShared.ts b/Tasks/DockerV0/Tests/TestShared.ts
@@ -9,7 +9,8 @@ export let TestEnvVars = {
     imageName: "__imageName__",
     additionalImageTags: "__additionalImageTags__",
     enforceDockerNamingConvention: "__enforceDockerNamingConvention__",
-    memory: "__memory__"
+    memory: "__memory__",
+    addBaseImageData: "__addBaseImageData__"
 };
 
 export let OperatingSystems = {
@@ -32,7 +33,17 @@ export let ContainerTypes = {
 }
 
 export let ImageNamesFileImageName = "test_image";
+export let BaseImageName = "ubuntu";
+export let BaseImageLabels = {
+    name:"image.base.ref.name=ubuntu",
+    digest:"image.base.digest=sha256:826f70e0ac33e99a72cf20fb0571245a8fee52d68cb26d8bc58e53bfa65dcdfa"
+};
+
+export let teamFoundationCollectionURI = "https://abc.visualstudio.com/";
 
+export let DockerCommandArgs = {
+    BuildLabels: `--label com.visualstudio.abc.image.system.teamfoundationcollectionuri=${teamFoundationCollectionURI}`,
+}
 /**
  * Formats the given path to be appropriate for the operating system.
  * @param canonicalPath A non-rooted path using a forward slash (/) as a directory separator.
diff --git a/Tasks/DockerV0/containerbuild.ts b/Tasks/DockerV0/containerbuild.ts
@@ -1,8 +1,8 @@
 "use strict";
-
 import * as path from "path";
 import * as tl from "azure-pipelines-task-lib/task";
 import ContainerConnection from "azure-pipelines-tasks-docker-common-v2/containerconnection";
+import * as pipelineUtils from "azure-pipelines-tasks-docker-common-v2/pipelineutils";
 import * as fileUtils from "azure-pipelines-tasks-docker-common-v2/fileutils";
 import * as sourceUtils from "azure-pipelines-tasks-docker-common-v2/sourceutils";
 import * as imageUtils from "azure-pipelines-tasks-docker-common-v2/containerimageutils";
@@ -14,8 +14,8 @@ export function run(connection: ContainerConnection): any {
 
     var dockerfilepath = tl.getInput("dockerFile", true);
     let dockerFile = fileUtils.findDockerFile(dockerfilepath);
-    
-    if(!tl.exist(dockerFile)) {
+
+    if (!tl.exist(dockerFile)) {
         throw new Error(tl.loc('ContainerDockerFileNotFound', dockerfilepath));
     }
 
@@ -25,7 +25,7 @@ export function run(connection: ContainerConnection): any {
         command.arg(["--build-arg", buildArgument]);
     });
 
-    var imageName = utils.getImageName(); 
+    var imageName = utils.getImageName();
     var qualifyImageName = tl.getBoolInput("qualifyImageName");
     if (qualifyImageName) {
         imageName = connection.getQualifiedImageNameIfRequired(imageName);
@@ -55,13 +55,21 @@ export function run(connection: ContainerConnection): any {
         command.arg(["-m", memory]);
     }
 
+    const addBaseImageInfo = tl.getBoolInput("addBaseImageData");
+    const labelsArgument = pipelineUtils.getDefaultLabels(false, addBaseImageInfo, dockerFile, connection);
+
+    labelsArgument.forEach(label => {
+        command.arg(["--label", label]);
+    });
+
     var context: string;
     var defaultContext = tl.getBoolInput("defaultContext");
     if (defaultContext) {
         context = path.dirname(dockerFile);
     } else {
         context = tl.getPathInput("context");
     }
+
     command.arg(context);
 
     let output: string = "";
diff --git a/Tasks/DockerV0/task.json b/Tasks/DockerV0/task.json
@@ -94,6 +94,14 @@
             "visibleRule": "action = Build an image",
             "helpMarkDown": "Path to the Dockerfile."
         },
+        {
+            "name": "addBaseImageData",
+            "type": "boolean",
+            "label": "Add base image metadata to image(s)",
+            "groupName": "commands",
+            "defaultValue": "true",
+            "helpMarkDown": "By default base image data like base image name and digest are added which helps with traceability. You can opt out of this default behavior by using this input."
+        },
         {
             "name": "buildArguments",
             "type": "multiLine",
diff --git a/Tasks/DockerV0/task.loc.json b/Tasks/DockerV0/task.loc.json
@@ -94,6 +94,14 @@
       "visibleRule": "action = Build an image",
       "helpMarkDown": "ms-resource:loc.input.help.dockerFile"
     },
+    {
+      "name": "addBaseImageData",
+      "type": "boolean",
+      "label": "ms-resource:loc.input.label.addBaseImageData",
+      "groupName": "commands",
+      "defaultValue": "true",
+      "helpMarkDown": "ms-resource:loc.input.help.addBaseImageData"
+    },
     {
       "name": "buildArguments",
       "type": "multiLine",
