diff --git a/docs/md/melange_build.md b/docs/md/melange_build.md index 623323d46..09dbea6ba 100644 --- a/docs/md/melange_build.md +++ b/docs/md/melange_build.md @@ -31,7 +31,6 @@ melange build [flags] --apk-cache-dir string directory used for cached apk packages (default is system-defined cache directory) --arch strings architectures to build for (e.g., x86_64,ppc64le,arm64) -- default is all, unless specified in config --build-date string date used for the timestamps of the files inside the image - --build-option strings build options to enable --cache-dir string directory used for cached inputs (default "./melange-cache/") --cache-source string directory or bucket used for preloading the cache --cleanup when enabled, the temp dir used for the guest will be cleaned up after completion (default true) @@ -54,7 +53,7 @@ melange build [flags] -k, --keyring-append strings path to extra keys to include in the build environment keyring --license string license to use for the build config file itself (default "NOASSERTION") --lint-require strings linters that must pass (default [dev,infodir,tempdir,varempty]) - --lint-warn strings linters that will generate warnings (default [object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite]) + --lint-warn strings linters that will generate warnings (default [empty,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite]) --memory string default memory resources to use for builds --namespace string namespace to use in package URLs in SBOM (eg wolfi, alpine) (default "unknown") --out-dir string directory where packages will be output (default "./packages/") diff --git a/docs/md/melange_compile.md b/docs/md/melange_compile.md index 3f488f6aa..1415148f8 100644 --- a/docs/md/melange_compile.md +++ b/docs/md/melange_compile.md @@ -31,7 +31,6 @@ melange compile [flags] --apk-cache-dir string directory used for cached apk packages (default is system-defined cache directory) --arch string architectures to compile for --build-date string date used for the timestamps of the files inside the image - --build-option strings build options to enable --cache-dir string directory used for cached inputs (default "./melange-cache/") --cache-source string directory or bucket used for preloading the cache --cpu string default CPU resources to use for builds diff --git a/docs/md/melange_lint.md b/docs/md/melange_lint.md index 8ab0659ec..371c46ffb 100644 --- a/docs/md/melange_lint.md +++ b/docs/md/melange_lint.md @@ -30,7 +30,7 @@ melange lint [flags] ``` -h, --help help for lint --lint-require strings linters that must pass (default [dev,infodir,tempdir,varempty]) - --lint-warn strings linters that will generate warnings (default [object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite]) + --lint-warn strings linters that will generate warnings (default [empty,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite]) ``` ### Options inherited from parent commands diff --git a/pkg/build/build.go b/pkg/build/build.go index 99f9cf9fb..49629d69e 100644 --- a/pkg/build/build.go +++ b/pkg/build/build.go @@ -141,8 +141,6 @@ type Build struct { Auth map[string]options.Auth IgnoreSignatures bool - EnabledBuildOptions []string - // Initialized in New and mutated throughout the build process as we gain // visibility into our packages' (including subpackages') composition. This is // how we get "build-time" SBOMs! @@ -257,17 +255,6 @@ func New(ctx context.Context, opts ...Option) (*Build, error) { return nil, fmt.Errorf("unable to run containers using %s, specify --runner and one of %s", b.Runner.Name(), GetAllRunners()) } - // Apply build options to the context. - for _, optName := range b.EnabledBuildOptions { - log.Infof("applying configuration patches for build option %s", optName) - - if opt, ok := b.Configuration.Options[optName]; ok { - if err := b.applyBuildOption(opt); err != nil { - return nil, err - } - } - } - return &b, nil } @@ -412,37 +399,6 @@ func copyFile(base, src, dest string, perm fs.FileMode) error { return nil } -// applyBuildOption applies a patch described by a BuildOption to a package build. -func (b *Build) applyBuildOption(bo config.BuildOption) error { - // Patch the variables block. - if b.Configuration.Vars == nil { - b.Configuration.Vars = make(map[string]string) - } - - for k, v := range bo.Vars { - b.Configuration.Vars[k] = v - } - - // Patch the build environment configuration. - lo := bo.Environment.Contents.Packages - b.Configuration.Environment.Contents.Packages = append(b.Configuration.Environment.Contents.Packages, lo.Add...) - - for _, pkg := range lo.Remove { - pkgList := b.Configuration.Environment.Contents.Packages - - for pos, ppkg := range pkgList { - if pkg == ppkg { - pkgList[pos] = pkgList[len(pkgList)-1] - pkgList = pkgList[:len(pkgList)-1] - } - } - - b.Configuration.Environment.Contents.Packages = pkgList - } - - return nil -} - func (b *Build) loadIgnoreRules(ctx context.Context) ([]*xignore.Pattern, error) { log := clog.FromContext(ctx) ignorePath := filepath.Join(b.SourceDir, b.WorkspaceIgnore) diff --git a/pkg/build/compile.go b/pkg/build/compile.go index 4c77fb1e7..d71aed0b7 100644 --- a/pkg/build/compile.go +++ b/pkg/build/compile.go @@ -39,7 +39,7 @@ func (t *Test) Compile(ctx context.Context) error { // TODO: Make this parameter go away when we revisit subtitutions. flavor := "gnu" - sm, err := NewSubstitutionMap(&cfg, t.Arch, flavor, nil) + sm, err := NewSubstitutionMap(&cfg, t.Arch, flavor) if err != nil { return err } @@ -116,7 +116,7 @@ func (t *Test) Compile(ctx context.Context) error { // Compile compiles all configuration, including tests, by loading any pipelines and substituting all variables. func (b *Build) Compile(ctx context.Context) error { cfg := b.Configuration - sm, err := NewSubstitutionMap(&cfg, b.Arch, b.buildFlavor(), b.EnabledBuildOptions) + sm, err := NewSubstitutionMap(&cfg, b.Arch, "gnu") if err != nil { return err } diff --git a/pkg/build/options.go b/pkg/build/options.go index 16926008f..b2fdfde5f 100644 --- a/pkg/build/options.go +++ b/pkg/build/options.go @@ -274,17 +274,6 @@ func WithNamespace(namespace string) Option { } } -// WithEnabledBuildOptions takes an array of strings representing enabled build -// options. These options are referenced in the options block of the Configuration, -// and represent patches to the configured build process which are optionally -// applied. -func WithEnabledBuildOptions(enabledBuildOptions []string) Option { - return func(b *Build) error { - b.EnabledBuildOptions = enabledBuildOptions - return nil - } -} - // WithCreateBuildLog indicates whether to generate a package.log file containing the // list of packages that were built. Some packages may have been skipped // during the build if , so it can be hard to know exactly which packages were built diff --git a/pkg/build/pipeline.go b/pkg/build/pipeline.go index 2707e9310..ca2d58e13 100644 --- a/pkg/build/pipeline.go +++ b/pkg/build/pipeline.go @@ -74,7 +74,7 @@ func (sm *SubstitutionMap) Subpackage(subpkg *config.Subpackage) *SubstitutionMa return &SubstitutionMap{nw} } -func NewSubstitutionMap(cfg *config.Configuration, arch apkoTypes.Architecture, flavor string, buildOpts []string) (*SubstitutionMap, error) { +func NewSubstitutionMap(cfg *config.Configuration, arch apkoTypes.Architecture, flavor string) (*SubstitutionMap, error) { pkg := cfg.Package nw := map[string]string{ @@ -122,16 +122,6 @@ func NewSubstitutionMap(cfg *config.Configuration, arch apkoTypes.Architecture, nw[k] = fmt.Sprintf("/home/build/melange-out/%s", pn) } - for k := range cfg.Options { - nk := fmt.Sprintf("${{options.%s.enabled}}", k) - nw[nk] = "false" - } - - for _, opt := range buildOpts { - nk := fmt.Sprintf("${{options.%s.enabled}}", opt) - nw[nk] = "true" - } - return &SubstitutionMap{nw}, nil } diff --git a/pkg/build/pipeline_test.go b/pkg/build/pipeline_test.go index a28113c89..b3f03c985 100644 --- a/pkg/build/pipeline_test.go +++ b/pkg/build/pipeline_test.go @@ -66,7 +66,7 @@ func Test_substitutionMap(t *testing.T) { }, }, } - m, err := NewSubstitutionMap(&cfg, "", "", nil) + m, err := NewSubstitutionMap(&cfg, "", "") require.NoError(t, err) require.Equal(t, tt.expected, m.Substitutions["${{vars.mangled-package-version}}"]) }) @@ -92,7 +92,7 @@ func Test_MutateWith(t *testing.T) { Epoch: tc.epoch, }, } - sm, err := NewSubstitutionMap(&cfg, "", "", nil) + sm, err := NewSubstitutionMap(&cfg, "", "") require.NoError(t, err) got, err := sm.MutateWith(map[string]string{}) if err != nil { @@ -128,7 +128,7 @@ func Test_substitutionNeedPackages(t *testing.T) { pipelineDirs := []string{"pipelines"} c := &Compiled{PipelineDirs: pipelineDirs} - sm, err := NewSubstitutionMap(&cfg, "", "", nil) + sm, err := NewSubstitutionMap(&cfg, "", "") require.NoError(t, err) err = c.CompilePipelines(ctx, sm, cfg.Pipeline) diff --git a/pkg/build/pipelines/cargo/README.md b/pkg/build/pipelines/cargo/README.md index 3c4c0e516..e2a41203c 100755 --- a/pkg/build/pipelines/cargo/README.md +++ b/pkg/build/pipelines/cargo/README.md @@ -16,7 +16,9 @@ Compile an auditable rust binary with Cargo | modroot | false | Top directory of the rust package, this is where the target package lives. Before building, the cargo pipeline wil cd into this directory. Defaults to current working directory | . | | opts | false | Options to pass to cargo build. Defaults to release | --release | | output | false | Filename to use when writing the binary. The final install location inside the apk will be in prefix / install-dir / output | | +| output-dir | false | Directory where the binaris will be placed after building. Defaults to target/release | target/release | | prefix | false | Installation prefix. Defaults to usr | usr | +| rustflags | false | Rustc flags to be passed to pass to all compiler invocations that Cargo performs. In contrast with cargo rustc, this is useful for passing a flag to all compiler instances. This string is split by whitespace. | | \ No newline at end of file diff --git a/pkg/cli/build.go b/pkg/cli/build.go index e6b0cab58..27867fbf3 100644 --- a/pkg/cli/build.go +++ b/pkg/cli/build.go @@ -64,7 +64,6 @@ func buildCmd() *cobra.Command { var envFile string var varsFile string var purlNamespace string - var buildOption []string var createBuildLog bool var debug bool var debugRunner bool @@ -172,7 +171,6 @@ func buildCmd() *cobra.Command { build.WithEnvFile(envFile), build.WithVarsFile(varsFile), build.WithNamespace(purlNamespace), - build.WithEnabledBuildOptions(buildOption), build.WithCreateBuildLog(createBuildLog), build.WithDebug(debug), build.WithDebugRunner(debugRunner), @@ -240,7 +238,6 @@ func buildCmd() *cobra.Command { cmd.Flags().StringVar(&purlNamespace, "namespace", "unknown", "namespace to use in package URLs in SBOM (eg wolfi, alpine)") cmd.Flags().StringSliceVar(&archstrs, "arch", nil, "architectures to build for (e.g., x86_64,ppc64le,arm64) -- default is all, unless specified in config") cmd.Flags().StringVar(&libc, "override-host-triplet-libc-substitution-flavor", "gnu", "override the flavor of libc for ${{host.triplet.*}} substitutions (e.g. gnu,musl) -- default is gnu") - cmd.Flags().StringSliceVar(&buildOption, "build-option", []string{}, "build options to enable") cmd.Flags().StringVar(&runner, "runner", "", fmt.Sprintf("which runner to use to enable running commands, default is based on your platform. Options are %q", build.GetAllRunners())) cmd.Flags().StringSliceVarP(&extraKeys, "keyring-append", "k", []string{}, "path to extra keys to include in the build environment keyring") cmd.Flags().StringSliceVarP(&extraRepos, "repository-append", "r", []string{}, "path to extra repositories to include in the build environment") diff --git a/pkg/cli/compile.go b/pkg/cli/compile.go index 76a9dd780..20d82b713 100644 --- a/pkg/cli/compile.go +++ b/pkg/cli/compile.go @@ -52,7 +52,6 @@ func compile() *cobra.Command { var envFile string var varsFile string var purlNamespace string - var buildOption []string var logPolicy []string var createBuildLog bool var debug bool @@ -128,7 +127,6 @@ func compile() *cobra.Command { build.WithEnvFile(envFile), build.WithVarsFile(varsFile), build.WithNamespace(purlNamespace), - build.WithEnabledBuildOptions(buildOption), build.WithCreateBuildLog(createBuildLog), build.WithDebug(debug), build.WithDebugRunner(debugRunner), @@ -192,7 +190,6 @@ func compile() *cobra.Command { cmd.Flags().StringVar(&dependencyLog, "dependency-log", "", "log dependencies to a specified file") cmd.Flags().StringVar(&overlayBinSh, "overlay-binsh", "", "use specified file as /bin/sh overlay in build environment") cmd.Flags().StringVar(&purlNamespace, "namespace", "unknown", "namespace to use in package URLs in SBOM (eg wolfi, alpine)") - cmd.Flags().StringSliceVar(&buildOption, "build-option", []string{}, "build options to enable") cmd.Flags().StringSliceVar(&logPolicy, "log-policy", []string{"builtin:stderr"}, "logging policy to use") cmd.Flags().StringVar(&runner, "runner", "", fmt.Sprintf("which runner to use to enable running commands, default is based on your platform. Options are %q", build.GetAllRunners())) cmd.Flags().StringSliceVarP(&extraKeys, "keyring-append", "k", []string{}, "path to extra keys to include in the build environment keyring") diff --git a/pkg/config/build_option.go b/pkg/config/build_option.go index dd93ec307..d05e7be4b 100644 --- a/pkg/config/build_option.go +++ b/pkg/config/build_option.go @@ -26,14 +26,3 @@ type ListOption struct { type ContentsOption struct { Packages ListOption `yaml:"packages,omitempty"` } - -// EnvironmentOption describes an optional deviation to an apko environment. -type EnvironmentOption struct { - Contents ContentsOption `yaml:"contents,omitempty"` -} - -// BuildOption describes an optional deviation to a package build. -type BuildOption struct { - Vars map[string]string `yaml:"vars,omitempty"` - Environment EnvironmentOption `yaml:"environment,omitempty"` -} diff --git a/pkg/config/config.go b/pkg/config/config.go index 3b556a14e..e8def36e4 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -636,8 +636,6 @@ type Configuration struct { // Optional: A list of transformations to create for the builtin template // variables VarTransforms []VarTransforms `json:"var-transforms,omitempty" yaml:"var-transforms,omitempty"` - // Optional: Deviations to the build - Options map[string]BuildOption `json:"options,omitempty" yaml:"options,omitempty"` // Test section for the main package. Test *Test `json:"test,omitempty" yaml:"test,omitempty"` diff --git a/pkg/config/schema.json b/pkg/config/schema.json index 61a9feb40..828b7a153 100644 --- a/pkg/config/schema.json +++ b/pkg/config/schema.json @@ -15,25 +15,26 @@ "additionalProperties": false, "type": "object" }, - "BuildOption": { + "Capabilities": { "properties": { - "Vars": { - "additionalProperties": { + "add": { + "items": { "type": "string" }, - "type": "object" + "type": "array", + "description": "Linux process capabilities to add to the pipeline container." }, - "Environment": { - "$ref": "#/$defs/EnvironmentOption" + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Linux process capabilities to drop from the pipeline container." } }, "additionalProperties": false, "type": "object", - "required": [ - "Vars", - "Environment" - ], - "description": "BuildOption describes an optional deviation to a package build." + "description": "Capabilities is the configuration for Linux capabilities for the runner." }, "Checks": { "properties": { @@ -58,6 +59,10 @@ "$ref": "#/$defs/ImageConfiguration", "description": "The specification for the packages build environment" }, + "capabilities": { + "$ref": "#/$defs/Capabilities", + "description": "Optional: Linux capabilities configuration to apply to the melange runner." + }, "pipeline": { "items": { "$ref": "#/$defs/Pipeline" @@ -97,13 +102,6 @@ "type": "array", "description": "Optional: A list of transformations to create for the builtin template\nvariables" }, - "options": { - "additionalProperties": { - "$ref": "#/$defs/BuildOption" - }, - "type": "object", - "description": "Optional: Deviations to the build" - }, "test": { "$ref": "#/$defs/Test", "description": "Test section for the main package." @@ -115,20 +113,7 @@ "package", "environment" ], - "description": "The root melange configuration" - }, - "ContentsOption": { - "properties": { - "Packages": { - "$ref": "#/$defs/ListOption" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Packages" - ], - "description": "ContentsOption describes an optional deviation to an apko environment's contents block." + "description": "Configuration is the root melange configuration." }, "Copyright": { "properties": { @@ -194,24 +179,15 @@ "replaces-priority": { "type": "string", "description": "Optional: An integer string compared against other equal package provides used to\ndetermine priority of file replacements" + }, + "install-if": { + "type": "string", + "description": "Optional: Expression indicating conditions under which to also install this package." } }, "additionalProperties": false, "type": "object" }, - "EnvironmentOption": { - "properties": { - "Contents": { - "$ref": "#/$defs/ContentsOption" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Contents" - ], - "description": "EnvironmentOption describes an optional deviation to an apko environment." - }, "GitHubMonitor": { "properties": { "identifier": { @@ -430,7 +406,7 @@ "properties": { "description": { "type": "string", - "description": "Optional: The human readable description of the input" + "description": "Optional: The human-readable description of the input" }, "default": { "type": "string", @@ -444,29 +420,6 @@ "additionalProperties": false, "type": "object" }, - "ListOption": { - "properties": { - "Add": { - "items": { - "type": "string" - }, - "type": "array" - }, - "Remove": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Add", - "Remove" - ], - "description": "ListOption describes an optional deviation to a list, for example, a list of packages." - }, "Needs": { "properties": { "Packages": { @@ -499,7 +452,7 @@ }, "description": { "type": "string", - "description": "A human readable description of the package" + "description": "A human-readable description of the package" }, "url": { "type": "string", @@ -608,6 +561,10 @@ }, "Pipeline": { "properties": { + "if": { + "type": "string", + "description": "Optional: A condition to evaluate before running the pipeline" + }, "name": { "type": "string", "description": "Optional: A user defined name for the pipeline" @@ -632,7 +589,7 @@ "$ref": "#/$defs/Pipeline" }, "type": "array", - "description": "Optional: The list of pipelines to run.\n\nEach pipeline runs in it's own context that is not shared between other\npipelines. To share context between pipelines, nest a pipeline within an\nexisting pipeline. This can be useful when you wish to share common\nconfiguration, such as an alternative `working-directory`." + "description": "Optional: The list of pipelines to run.\n\nEach pipeline runs in its own context that is not shared between other\npipelines. To share context between pipelines, nest a pipeline within an\nexisting pipeline. This can be useful when you wish to share common\nconfiguration, such as an alternative `working-directory`." }, "inputs": { "additionalProperties": { @@ -649,10 +606,6 @@ "type": "string", "description": "Optional: Labels to apply to the pipeline" }, - "if": { - "type": "string", - "description": "Optional: A condition to evaluate before running the pipeline" - }, "assertions": { "$ref": "#/$defs/PipelineAssertions", "description": "Optional: Assertions to evaluate whether the pipeline was successful" @@ -733,6 +686,9 @@ "cpu": { "type": "string" }, + "cpumodel": { + "type": "string" + }, "memory": { "type": "string" }, @@ -898,6 +854,10 @@ "type": "boolean", "description": "Indicates that this package should be manually updated, usually taking\ncare over special version numbers" }, + "require-sequential": { + "type": "boolean", + "description": "Indicates that automated pull requests should be merged in order rather than superseding and closing previous unmerged PRs" + }, "shared": { "type": "boolean", "description": "Indicate that an update to this package requires an epoch bump of\ndownstream dependencies, e.g. golang, java" diff --git a/pkg/linter/linter.go b/pkg/linter/linter.go index f07449847..3e471f85c 100644 --- a/pkg/linter/linter.go +++ b/pkg/linter/linter.go @@ -159,7 +159,7 @@ var linterMap = map[string]linter{ "empty": { LinterFunc: emptyLinter, Explain: "Verify that this package is supposed to be empty; if it is, disable this linter; otherwise check the build", - defaultBehavior: Ignore, // TODO: Needs to ignore packages that specify no-provides. + defaultBehavior: Warn, }, "python/docs": { LinterFunc: pythonDocsLinter, diff --git a/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk b/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk index 76f402ed1..3a1d93775 100644 Binary files a/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk and b/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk differ