From 29b4cfe3ad232f8c93e3cc759bc4a42a8d99ffd2 Mon Sep 17 00:00:00 2001 From: Jean-Francois Panisset Date: Mon, 21 Apr 2025 23:33:20 -0700 Subject: [PATCH] Mounting buildx secrets into env var requires Dockerfile 1.10 Mounting buildx secrets into environment variables requires Dockerfile syntax 1.10 or newer. Mark conan-login CLI parameter to aswfdocker as obsolete. Signed-off-by: Jean-Francois Panisset --- ci-base/Dockerfile | 2 +- ci-baseqt/Dockerfile | 2 +- ci-common/Dockerfile | 2 +- ci-materialx/Dockerfile | 2 +- ci-ocio/Dockerfile | 2 +- ci-oiio/Dockerfile | 2 +- ci-opencue/Dockerfile | 2 +- ci-openexr/Dockerfile | 2 +- ci-openrv/Dockerfile | 2 +- ci-openvdb/Dockerfile | 2 +- ci-osl/Dockerfile | 2 +- ci-otio/Dockerfile | 2 +- ci-usd/Dockerfile | 2 +- ci-vfxall/Dockerfile | 2 +- packages/common/Dockerfile | 2 +- python/aswfdocker/builder.py | 7 ++----- python/aswfdocker/cli/aswfdocker.py | 3 +-- python/aswfdocker/data/ci-image-dockerfile.jinja2 | 2 +- python/aswfdocker/tests/test_builder.py | 6 +++--- 19 files changed, 22 insertions(+), 26 deletions(-) diff --git a/ci-base/Dockerfile b/ci-base/Dockerfile index d6934caf..cbecf6fa 100644 --- a/ci-base/Dockerfile +++ b/ci-base/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-baseqt/Dockerfile b/ci-baseqt/Dockerfile index 24e2d593..2a9dd04a 100644 --- a/ci-baseqt/Dockerfile +++ b/ci-baseqt/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-common/Dockerfile b/ci-common/Dockerfile index bb49b684..2494fa28 100644 --- a/ci-common/Dockerfile +++ b/ci-common/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-materialx/Dockerfile b/ci-materialx/Dockerfile index 4c3abcca..e87e4a85 100644 --- a/ci-materialx/Dockerfile +++ b/ci-materialx/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-ocio/Dockerfile b/ci-ocio/Dockerfile index 9cafe548..2c634fb2 100644 --- a/ci-ocio/Dockerfile +++ b/ci-ocio/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-oiio/Dockerfile b/ci-oiio/Dockerfile index 2dfcb8e7..8df84dc6 100644 --- a/ci-oiio/Dockerfile +++ b/ci-oiio/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-opencue/Dockerfile b/ci-opencue/Dockerfile index 7ea29466..e916a826 100644 --- a/ci-opencue/Dockerfile +++ b/ci-opencue/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-openexr/Dockerfile b/ci-openexr/Dockerfile index c05f5fd4..e9337753 100644 --- a/ci-openexr/Dockerfile +++ b/ci-openexr/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-openrv/Dockerfile b/ci-openrv/Dockerfile index 7a8a3c7d..8c24c431 100644 --- a/ci-openrv/Dockerfile +++ b/ci-openrv/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-openvdb/Dockerfile b/ci-openvdb/Dockerfile index ee575d6b..d6dddafa 100644 --- a/ci-openvdb/Dockerfile +++ b/ci-openvdb/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-osl/Dockerfile b/ci-osl/Dockerfile index 7f6c5b3d..3c14bbbd 100644 --- a/ci-osl/Dockerfile +++ b/ci-osl/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-otio/Dockerfile b/ci-otio/Dockerfile index 32b0e43d..0837f800 100644 --- a/ci-otio/Dockerfile +++ b/ci-otio/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-usd/Dockerfile b/ci-usd/Dockerfile index 21113f80..61f7529d 100644 --- a/ci-usd/Dockerfile +++ b/ci-usd/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/ci-vfxall/Dockerfile b/ci-vfxall/Dockerfile index 08a34840..53002cb1 100644 --- a/ci-vfxall/Dockerfile +++ b/ci-vfxall/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/packages/common/Dockerfile b/packages/common/Dockerfile index 14d81c12..e77e2afa 100644 --- a/packages/common/Dockerfile +++ b/packages/common/Dockerfile @@ -1,4 +1,4 @@ -# syntax = docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/python/aswfdocker/builder.py b/python/aswfdocker/builder.py index 60ddd80c..4ee34fa0 100644 --- a/python/aswfdocker/builder.py +++ b/python/aswfdocker/builder.py @@ -131,7 +131,7 @@ def make_bake_dict( }, "tags": tags, "output": ["type=registry,push=true" if self.push else "type=docker"], - "secrets": [ + "secret": [ "id=conan_login_username,env=CONAN_LOGIN_USERNAME", "id=conan_password,env=CONAN_PASSWORD", ], @@ -235,7 +235,6 @@ def _build_conan_package( version, dry_run, progress, - conan_login, bake_jsonfile, ): # pylint: disable=consider-using-f-string @@ -246,7 +245,7 @@ def _build_conan_package( # # "conan remote auth" stores credentials in # # ${CONAN_HOME]/.conan2/credentials.json but we don't have a simple way to persist # # this file between build steps, since instead we will use the secrets mechanism - # # in the buildx bake file to pass the CONNA_LOGIN_USERNAME and CONAN_PASSWORD + # # in the buildx bake file to pass the CONAN_LOGIN_USERNAME and CONAN_PASSWORD # # values as environment variables to allow `conan upload" to authenticate on the fly. # self._run_in_docker( # base_cmd, @@ -307,7 +306,6 @@ def build( progress: str = "", keep_source=False, keep_build=False, - conan_login=False, build_missing=False, ) -> None: images_and_versions = [] @@ -343,6 +341,5 @@ def build( version, dry_run, progress, - conan_login, path, ) diff --git a/python/aswfdocker/cli/aswfdocker.py b/python/aswfdocker/cli/aswfdocker.py index 19d0cc84..588b0c1b 100644 --- a/python/aswfdocker/cli/aswfdocker.py +++ b/python/aswfdocker/cli/aswfdocker.py @@ -168,7 +168,7 @@ def get_group_info(build_info, ci_image_type, groups, versions, full_name, targe "--conan-login", "-cl", is_flag=True, - help="Instruct build to perform a `conan user -p` to login.", + help="[DEPRECATED] This option is no longer used as authentication is now handled via buildx secrets.", ) @click.option( "--build-missing", @@ -212,7 +212,6 @@ def build( progress=progress, keep_source=keep_source, keep_build=keep_build, - conan_login=conan_login, build_missing=build_missing, ) diff --git a/python/aswfdocker/data/ci-image-dockerfile.jinja2 b/python/aswfdocker/data/ci-image-dockerfile.jinja2 index 25d9db72..a4c192e4 100644 --- a/python/aswfdocker/data/ci-image-dockerfile.jinja2 +++ b/python/aswfdocker/data/ci-image-dockerfile.jinja2 @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1.4 +# syntax=docker/dockerfile:1.10 # Copyright (c) Contributors to the aswf-docker Project. All rights reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/python/aswfdocker/tests/test_builder.py b/python/aswfdocker/tests/test_builder.py index 9e59319c..5a8462fb 100644 --- a/python/aswfdocker/tests/test_builder.py +++ b/python/aswfdocker/tests/test_builder.py @@ -194,7 +194,7 @@ def test_image_base_2019clang_dict(self): f"{constants.DOCKER_REGISTRY}/aswflocaltesting/ci-openvdb:{openvdb_version}", ], "output": ["type=docker"], - "secrets": [ + "secret": [ "id=conan_login_username,env=CONAN_LOGIN_USERNAME", "id=conan_password,env=CONAN_PASSWORD", ], @@ -285,7 +285,7 @@ def test_image_base_2019_2020_dict(self): f"{constants.DOCKER_REGISTRY}/aswflocaltesting/ci-base:{base_versions[1]}", ], "output": ["type=docker"], - "secrets": [ + "secret": [ "id=conan_login_username,env=CONAN_LOGIN_USERNAME", "id=conan_password,env=CONAN_PASSWORD", ], @@ -354,7 +354,7 @@ def test_image_base_2019_2020_dict(self): f"{constants.DOCKER_REGISTRY}/aswflocaltesting/ci-base:{base_versions[0]}", ], "output": ["type=docker"], - "secrets": [ + "secret": [ "id=conan_login_username,env=CONAN_LOGIN_USERNAME", "id=conan_password,env=CONAN_PASSWORD", ],