Validate the build image

Kamal needs images to have the service label so it can track them for
pruning. Images built by Kamal will have the label, but externally built
ones may not.

Without it images will build up over time. The worst case is an outage
if all the hosts disks fill up at the same time.

We'll add a check for the label and halt if it is not there.
This commit is contained in:
Donal McBreen
2023-09-12 10:45:01 +01:00
parent d96e086945
commit 66291a2aea
5 changed files with 13 additions and 1 deletions

View File

@@ -50,6 +50,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
execute *KAMAL.builder.pull
execute *KAMAL.builder.validate_image
end
end
end

View File

@@ -1,7 +1,7 @@
require "active_support/core_ext/string/filters"
class Kamal::Commands::Builder < Kamal::Commands::Base
delegate :create, :remove, :push, :clean, :pull, :info, to: :target
delegate :create, :remove, :push, :clean, :pull, :info, :validate_image, to: :target
def name
target.class.to_s.remove("Kamal::Commands::Builder::").underscore.inquiry

View File

@@ -21,6 +21,12 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
config.builder.context
end
def validate_image
pipe \
docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
[:grep, "-x", config.service, "||", "(echo \"Image #{config.absolute_image} is missing the `service` label\" && exit 1)"]
end
private
def build_tags

View File

@@ -57,6 +57,7 @@ class CliBuildTest < CliTestCase
run_command("pull").tap do |output|
assert_match /docker image rm --force dhh\/app:999/, output
assert_match /docker pull dhh\/app:999/, output
assert_match "docker inspect -f '{{ .Config.Labels.service }}' dhh/app:999 | grep -x app || (echo \"Image dhh/app:999 is missing the `service` label\" && exit 1)", output
end
end

View File

@@ -103,6 +103,10 @@ class CommandsBuilderTest < ActiveSupport::TestCase
builder.push.join(" ")
end
test "validate image" do
assert_equal "docker inspect -f '{{ .Config.Labels.service }}' dhh/app:123 | grep -x app || (echo \"Image dhh/app:123 is missing the `service` label\" && exit 1)", new_builder_command.validate_image.join(" ")
end
private
def new_builder_command(additional_config = {})
Kamal::Commands::Builder.new(Kamal::Configuration.new(@config.merge(additional_config), version: "123"))