buildkit-client 0.1.4

A Rust client library and CLI for interacting with BuildKit via gRPC, implementing the complete BuildKit session protocol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357

//! BuildKit solve operation implementation

use crate::builder::{BuildConfig, DockerfileSource};
use crate::client::BuildKitClient;
use crate::error::{Error, Result};
use crate::progress::ProgressHandler;
use crate::session::{Session, FileSync};
use crate::proto::moby::buildkit::v1::{
    Exporter, SolveRequest, StatusRequest, CacheOptions, CacheOptionsEntry,
};
use std::collections::HashMap;
use tokio_stream::StreamExt;
use uuid::Uuid;

/// Build result containing the image digest and metadata
#[derive(Debug)]
pub struct BuildResult {
    /// Container image digest
    pub digest: Option<String>,
    /// Export metadata
    pub metadata: HashMap<String, String>,
}

impl BuildKitClient {
    /// Execute a build operation with the given configuration
    ///
    /// # Arguments
    /// * `config` - Build configuration
    /// * `progress_handler` - Optional progress handler for real-time updates
    ///
    /// # Returns
    /// Build result containing digest and metadata
    pub async fn build(
        &mut self,
        config: BuildConfig,
        mut progress_handler: Option<Box<dyn ProgressHandler>>,
    ) -> Result<BuildResult> {
        // Generate unique build reference
        let build_ref = format!("build-{}", Uuid::new_v4());
        tracing::info!("Starting build with ref: {}", build_ref);

        // Create and start session
        let mut session = Session::new();

        // Add file sync for local builds
        if let DockerfileSource::Local { context_path, .. } = &config.source {
            let abs_path = std::fs::canonicalize(context_path)
                .map_err(|e| Error::PathResolution {
                    path: context_path.clone(),
                    source: e,
                })?;
            session.add_file_sync(abs_path).await;
        }

        // Add auth for registry authentication
        if let Some(ref registry_auth) = config.registry_auth {
            let mut auth = crate::session::AuthServer::new();
            auth.add_registry(crate::session::RegistryAuthConfig {
                host: registry_auth.host.clone(),
                username: registry_auth.username.clone(),
                password: registry_auth.password.clone(),
            });
            session.add_auth(auth).await;
        }

        // Add secrets if provided
        if !config.secrets.is_empty() {
            let secrets = crate::session::SecretsServer::from_map(config.secrets.clone())
                .map_err(|e| Error::secrets(format!("Failed to create secrets server: {}", e)))?;
            session.add_secrets(secrets).await;
            tracing::debug!("Added {} secrets to session", config.secrets.len());
        }

        // Start the session by connecting to BuildKit
        session.start(self.control().clone()).await?;

        tracing::info!("Session started: {}", session.get_id());

        // Prepare frontend attributes
        let mut frontend_attrs = HashMap::new();

        // Set dockerfile filename
        match &config.source {
            DockerfileSource::Local { dockerfile_path, .. } => {
                if let Some(path) = dockerfile_path {
                    frontend_attrs.insert(
                        "filename".to_string(),
                        path.to_string_lossy().to_string(),
                    );
                }
            }
            DockerfileSource::GitHub { dockerfile_path, .. } => {
                if let Some(path) = dockerfile_path {
                    frontend_attrs.insert("filename".to_string(), path.clone());
                }
            }
        }

        // Add build args
        for (key, value) in &config.build_args {
            frontend_attrs.insert(format!("build-arg:{}", key), value.clone());
        }

        // Set target stage
        if let Some(target) = &config.target {
            frontend_attrs.insert("target".to_string(), target.clone());
        }

        // Set platforms
        if !config.platforms.is_empty() {
            let platforms_str = config
                .platforms
                .iter()
                .map(|p| p.to_string())
                .collect::<Vec<_>>()
                .join(",");
            frontend_attrs.insert("platform".to_string(), platforms_str);
        }

        // Set no-cache
        if config.no_cache {
            frontend_attrs.insert("no-cache".to_string(), "true".to_string());
        }

        // Set pull
        if config.pull {
            frontend_attrs.insert("image-resolve-mode".to_string(), "pull".to_string());
        }

        // Prepare context source
        let context = self.prepare_context(&config, &session).await?;
        frontend_attrs.insert("context".to_string(), context);

        // Prepare exports (push to registry)
        let mut exports = Vec::new();
        if !config.tags.is_empty() {
            let mut export_attrs = HashMap::new();
            export_attrs.insert("name".to_string(), config.tags.join(","));
            export_attrs.insert("push".to_string(), "true".to_string());

            // Check if registry needs insecure flag based on tag or registry_auth
            let registry_host = if let Some(auth) = &config.registry_auth {
                Some(auth.host.as_str())
            } else {
                // Extract registry host from the first tag (format: host/image:tag or image:tag)
                config.tags.first().and_then(|tag| {
                    let parts: Vec<&str> = tag.split('/').collect();
                    if parts.len() > 1 && (parts[0].contains(':') || parts[0].contains('.') || parts[0] == "localhost") {
                        Some(parts[0])
                    } else {
                        None
                    }
                })
            };

            // Determine if registry is insecure (HTTP instead of HTTPS)
            if let Some(host) = registry_host {
                let is_insecure = host.starts_with("localhost")
                    || host.starts_with("127.0.0.1")
                    || host.starts_with("registry:") // Docker Compose service name
                    || (!host.contains('.') && !host.starts_with("docker.io")); // Simple heuristic for local names

                if is_insecure {
                    export_attrs.insert("registry.insecure".to_string(), "true".to_string());
                }
            }

            exports.push(Exporter {
                r#type: "image".to_string(),
                attrs: export_attrs,
            });
        }

        // Prepare cache imports
        let cache_imports = config
            .cache_from
            .iter()
            .map(|source| {
                let mut attrs = HashMap::new();
                attrs.insert("ref".to_string(), source.clone());
                CacheOptionsEntry {
                    r#type: "registry".to_string(),
                    attrs,
                }
            })
            .collect();

        // Prepare cache exports
        let cache_exports = config
            .cache_to
            .iter()
            .map(|dest| {
                let mut attrs = HashMap::new();
                attrs.insert("ref".to_string(), dest.clone());
                attrs.insert("mode".to_string(), "max".to_string());
                CacheOptionsEntry {
                    r#type: "registry".to_string(),
                    attrs,
                }
            })
            .collect();

        // Debug: Log exporter configuration
        tracing::debug!("Configured {} exporters", exports.len());
        for (i, exporter) in exports.iter().enumerate() {
            tracing::debug!("Exporter {}: type={}, attrs={:?}", i, exporter.r#type, exporter.attrs);
        }

        // Create solve request with session
        let request = SolveRequest {
            r#ref: build_ref.clone(),
            definition: None,
            exporter_deprecated: String::new(),
            exporter_attrs_deprecated: HashMap::new(),
            session: session.get_id(),  // Use session ID
            frontend: "dockerfile.v0".to_string(),
            frontend_attrs,
            cache: Some(CacheOptions {
                export_ref_deprecated: String::new(),
                import_refs_deprecated: vec![],
                export_attrs_deprecated: HashMap::new(),
                exports: cache_exports,
                imports: cache_imports,
            }),
            entitlements: vec![],
            frontend_inputs: HashMap::new(),
            internal: false,
            source_policy: None,
            exporters: exports,
            enable_session_exporter: false,
            // source_policy_session: String::new(),
        };

        // Start the build
        tracing::info!("Sending solve request to buildkit");

        // Create request with session metadata headers
        let mut grpc_request = tonic::Request::new(request);
        let metadata = grpc_request.metadata_mut();

        // Add session metadata headers
        for (key, values) in session.metadata() {
            if let Ok(k) = key.parse::<tonic::metadata::MetadataKey<tonic::metadata::Ascii>>() {
                // Add each value for the key (supports multi-value headers)
                for value in values {
                    if let Ok(v) = value.parse::<tonic::metadata::MetadataValue<tonic::metadata::Ascii>>() {
                        metadata.append(k.clone(), v);
                    }
                }
            }
        }

        let response = self
            .control()
            .solve(grpc_request)
            .await?;

        let solve_response = response.into_inner();

        // Monitor build progress if handler is provided
        if let Some(ref mut handler) = progress_handler {
            self.monitor_progress(&build_ref, handler).await?;
        }

        // Extract digest and metadata
        let digest = solve_response
            .exporter_response
            .get("containerimage.digest")
            .cloned();

        tracing::info!("Build completed successfully");
        if let Some(ref d) = digest {
            tracing::info!("Image digest: {}", d);
        }

        Ok(BuildResult {
            digest,
            metadata: solve_response.exporter_response,
        })
    }

    /// Prepare build context based on source type
    async fn prepare_context(&self, config: &BuildConfig, session: &Session) -> Result<String> {
        match &config.source {
            DockerfileSource::Local { context_path, .. } => {
                // Validate the context path
                let file_sync = FileSync::new(context_path);
                file_sync.validate()?;

                // Use session-based input
                // The format is: input:<name> where name references the session
                Ok(format!("input:{}:context", session.shared_key))
            }
            DockerfileSource::GitHub {
                repo_url,
                git_ref,
                token,
                ..
            } => {
                let mut url = repo_url.clone();

                // Ensure URL ends with .git for Git protocol
                if !url.ends_with(".git") {
                    url.push_str(".git");
                }

                // Add authentication token if provided
                if let Some(token) = token {
                    // Format: https://token@github.com/user/repo.git
                    url = url.replace("https://", &format!("https://{}@", token));
                }

                // Add git reference
                if let Some(git_ref) = git_ref {
                    url = format!("{}#{}", url, git_ref);
                }

                Ok(url)
            }
        }
    }

    /// Monitor build progress and send updates to the handler
    async fn monitor_progress(
        &mut self,
        build_ref: &str,
        handler: &mut Box<dyn ProgressHandler>,
    ) -> Result<()> {
        let status_request = StatusRequest {
            r#ref: build_ref.to_string(),
        };

        let mut stream = self
            .control()
            .status(status_request)
            .await?
            .into_inner();

        handler.on_start()?;

        while let Some(response) = stream.next().await {
            match response {
                Ok(status) => {
                    handler.on_status(status)?;
                }
                Err(e) => {
                    tracing::error!("Status stream error: {}", e);
                    handler.on_error(&e.to_string())?;
                    break;
                }
            }
        }

        handler.on_complete()?;
        Ok(())
    }
}