Merge pull request GoogleCloudPlatform#31 from GoogleCloudPlatform/release

Project import generated by Copybara.

Author: bendory

README.md

@@ -25,6 +25,13 @@ gcloud config set project my-project
 ```
 gcloud components install container-builder-local
 ```
+After successful installation, you will have ``container-builder-local`` setup
+on your PATH (as part of the Google Cloud SDK binaries), so you will be able to
+run it with:
+
+```
+$ container-builder-local
+```
 
 ## Download the latest binaries
 

integration_tests/test_script.sh

@@ -16,6 +16,8 @@ container-builder-local --config=cloudbuild_nil.yaml . || exit # happy dryrun ca
 
 # End to end tests.
 container-builder-local --config=cloudbuild_nil.yaml --dryrun=false . || exit
+container-builder-local --config=cloudbuild_nil.yaml --dryrun=false --no-source=true || exit
+container-builder-local --config=cloudbuild_nil.yaml --dryrun=false --no-source=true . && exit
 container-builder-local --config=cloudbuild_dockerfile.yaml --dryrun=false . || exit
 container-builder-local --config=cloudbuild_gcr.yaml --dryrun=false --push=true . || exit
 container-builder-local --config=cloudbuild_big.yaml --dryrun=false --push=true . || exit

localbuilder_main.go

@@ -42,7 +42,7 @@ import (
 
 const (
 	volumeNamePrefix  = "cloudbuild_vol_"
-	gcbDockerVersion  = "17.05-ce"
+	gcbDockerVersion  = "17.06.1-ce"
 	metadataImageName = "gcr.io/cloud-builders/metadata"
 )
 
@@ -51,6 +51,7 @@ var (
 	substitutions = flag.String("substitutions", "", `substitutions key=value pairs separated by comma; for example _FOO=bar,_BAZ=baz`)
 	dryRun        = flag.Bool("dryrun", true, "If true, nothing will be run")
 	push          = flag.Bool("push", false, "If true, the images will be pushed")
+	noSource      = flag.Bool("no-source", false, "Specify that no source should be used for this build.")
 	help          = flag.Bool("help", false, "If true, print the help message")
 	versionFlag   = flag.Bool("version", false, "If true, print the local builder version")
 )
@@ -72,12 +73,25 @@ func main() {
 		return
 	}
 
-	if len(args) == 0 {
+	nbSource := 1
+	if *noSource {
+		nbSource = 0
+	}
+
+	if len(args) < nbSource {
 		exitUsage("Specify a source")
-	} else if len(args) > 1 {
-		exitUsage("There should be only one positional argument. Pass all the flags before the source.")
+	} else if len(args) > nbSource {
+		if nbSource == 1 {
+			exitUsage("There should be only one positional argument. Pass all the flags before the source.")
+		} else {
+			exitUsage("no-source flag can't be used along with source.")
+		}
+	}
+	source := ""
+	if nbSource == 1 {
+		source = args[0]
 	}
-	source := args[0]
+
 	if *configFile == "" {
 		exitUsage("Specify a config file")
 	}
@@ -160,14 +174,16 @@ func run(source string) error {
 		if err := vol.Setup(); err != nil {
 			return fmt.Errorf("Error creating docker volume: %v", err)
 		}
-		// If the source is a directory, only copy the inner content.
-		if isDir, err := isDirectory(source); err != nil {
-			return fmt.Errorf("Error getting directory: %v", err)
-		} else if isDir {
-			source = filepath.Clean(source) + "/."
-		}
-		if err := vol.Copy(source); err != nil {
-			return fmt.Errorf("Error copying source to docker volume: %v", err)
+		if source != "" {
+			// If the source is a directory, only copy the inner content.
+			if isDir, err := isDirectory(source); err != nil {
+				return fmt.Errorf("Error getting directory: %v", err)
+			} else if isDir {
+				source = filepath.Clean(source) + "/."
+			}
+			if err := vol.Copy(source); err != nil {
+				return fmt.Errorf("Error copying source to docker volume: %v", err)
+			}
 		}
 		defer vol.Close()
 	}

metadata/metadata.go

@@ -178,6 +178,11 @@ func (r RealUpdater) SetProjectInfo(b ProjectInfo) error {
 // The container listens on local port 8082, which is where RealUpdater POSTs
 // to.
 func StartLocalServer(r runner.Runner, metadataImage string) error {
+	// Unlike the hosted container builder service, the user's local machine is
+	// not guaranteed to have the latest version, so we explicitly pull it.
+	if err := r.Run([]string{"docker", "pull", metadataImage}, nil, os.Stdout, os.Stderr, ""); err != nil {
+		return err
+	}
 	return startServer(r, metadataImage, false, fixedMetadataIP, metadataLocalSubnet)
 }
 

validate/validate.go

@@ -45,6 +45,7 @@ const (
 	maxNumSubstitutions = 100  // max number of user-defined substitutions.
 	maxSubstKeyLength   = 100  // max length of a substitution key.
 	maxSubstValueLength = 4000 // max length of a substitution value.
+	maxNumSecretEnvs    = 100  // max number of unique secret env values.
 
 	// Name of the permission required to use a key to decrypt data.
 	// Documented at https://cloud.google.com/kms/docs/reference/permissions-and-roles
@@ -396,8 +397,8 @@ func checkSecrets(b *cb.Build) error {
 			return fmt.Errorf("secretEnv %q is defined without being used", defined)
 		}
 	}
-	if len(definedSecretEnvs) > 10 {
-		return errors.New("build defines more than ten secret values")
+	if len(definedSecretEnvs) > maxNumSecretEnvs {
+		return fmt.Errorf("build defines more than %d secret values", maxNumSecretEnvs)
 	}
 
 	// Check secret_env max size.

validate/validate_test.go

@@ -16,6 +16,7 @@ package validate
 
 import (
 	"errors"
+	"fmt"
 	"math/rand"
 	"strings"
 	"testing"
@@ -622,6 +623,21 @@ func makeTestBuild(buildID string) *cb.Build {
 }
 
 func TestCheckSecrets(t *testing.T) {
+	makeSecretEnvs := func(n int) []string {
+		var s []string
+		for i := 0; i < n; i++ {
+			s = append(s, fmt.Sprintf("MY_SECRET_%d", i))
+		}
+		return s
+	}
+	makeSecrets := func(n int) map[string][]byte {
+		m := map[string][]byte{}
+		for i := 0; i < n; i++ {
+			m[fmt.Sprintf("MY_SECRET_%d", i)] = []byte("hunter2")
+		}
+		return m
+	}
+
 	for _, c := range []struct {
 		desc    string
 		b       *cb.Build
@@ -730,29 +746,28 @@ func TestCheckSecrets(t *testing.T) {
 		},
 		wantErr: errors.New(`secretEnv value for "MY_SECRET" cannot exceed 1KB`),
 	}, {
-		desc: "Build with >10 secret values",
+		desc: "Happy case: Build with acceptable secret values",
 		b: &cb.Build{
 			Steps: []*cb.BuildStep{{
-				SecretEnv: []string{"MY_SECRET_1", "MY_SECRET_2", "MY_SECRET_3", "MY_SECRET_4", "MY_SECRET_5", "MY_SECRET_6", "MY_SECRET_7", "MY_SECRET_8", "MY_SECRET_9", "MY_SECRET_10", "MY_SECRET_11"},
+				SecretEnv: makeSecretEnvs(maxNumSecretEnvs),
 			}},
 			Secrets: []*cb.Secret{{
 				KmsKeyName: kmsKeyName,
-				SecretEnv: map[string][]byte{
-					"MY_SECRET_1":  []byte("hunter1"),
-					"MY_SECRET_2":  []byte("hunter1"),
-					"MY_SECRET_3":  []byte("hunter1"),
-					"MY_SECRET_4":  []byte("hunter1"),
-					"MY_SECRET_5":  []byte("hunter1"),
-					"MY_SECRET_6":  []byte("hunter1"),
-					"MY_SECRET_7":  []byte("hunter1"),
-					"MY_SECRET_8":  []byte("hunter1"),
-					"MY_SECRET_9":  []byte("hunter1"),
-					"MY_SECRET_10": []byte("hunter1"),
-					"MY_SECRET_11": []byte("hunter1"),
-				},
+				SecretEnv:  makeSecrets(maxNumSecretEnvs),
+			}},
+		},
+	}, {
+		desc: "Build with too many secret values",
+		b: &cb.Build{
+			Steps: []*cb.BuildStep{{
+				SecretEnv: makeSecretEnvs(maxNumSecretEnvs + 1),
+			}},
+			Secrets: []*cb.Secret{{
+				KmsKeyName: kmsKeyName,
+				SecretEnv:  makeSecrets(maxNumSecretEnvs + 1),
 			}},
 		},
-		wantErr: errors.New("build defines more than ten secret values"),
+		wantErr: errors.New("build defines more than 100 secret values"),
 	}, {
 		desc: "Step has env and secret_env collision",
 		b: &cb.Build{