From 6424bf35739d36120a308475c090558f1dd3567b Mon Sep 17 00:00:00 2001 From: Gerald Pinder Date: Fri, 31 Jan 2025 18:03:53 -0500 Subject: [PATCH] chore: Upgrade comlexr to 1.3.0 --- Cargo.lock | 18 +++- process/drivers/cosign_driver.rs | 165 ++++++++++++++++--------------- process/drivers/docker_driver.rs | 158 ++++++++++++++--------------- process/drivers/podman_driver.rs | 102 +++++++++---------- 4 files changed, 227 insertions(+), 216 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e26b767..ade3ca1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -745,7 +745,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" dependencies = [ "lazy_static", - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] @@ -760,9 +760,19 @@ dependencies = [ [[package]] name = "comlexr" -version = "1.2.0" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c52a48dde2c773a43dcb0129a244daa02486b23fab691b0dcfca3bd5e4967a90" +checksum = "83ea9f8823bb5c2a06db91ce3da3a33ef80fa263963f18dff19974d1111839e5" +dependencies = [ + "comlexr_macro", + "thiserror 1.0.69", +] + +[[package]] +name = "comlexr_macro" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa83196c671d0251387f7d1967623825f38ee2885e8a41d83ab63b56babc435c" dependencies = [ "proc-macro2", "quote", @@ -5306,7 +5316,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] diff --git a/process/drivers/cosign_driver.rs b/process/drivers/cosign_driver.rs index 0460d4b..d2fd7cd 100644 --- a/process/drivers/cosign_driver.rs +++ b/process/drivers/cosign_driver.rs @@ -1,13 +1,13 @@ -use std::{fmt::Debug, fs, io::Write, path::Path, process::Stdio}; +use std::{fmt::Debug, fs, path::Path}; use blue_build_utils::{ constants::{COSIGN_PASSWORD, COSIGN_PUB_PATH, COSIGN_YES}, credentials::Credentials, }; use colored::Colorize; -use comlexr::cmd; +use comlexr::{cmd, pipe}; use log::{debug, trace}; -use miette::{bail, miette, Context, IntoDiagnostic, Result}; +use miette::{bail, Context, IntoDiagnostic, Result}; use crate::drivers::opts::VerifyType; @@ -24,17 +24,21 @@ impl SigningDriver for CosignDriver { fn generate_key_pair(opts: &GenerateKeyPairOpts) -> Result<()> { let path = opts.dir.as_ref().map_or_else(|| Path::new("."), |dir| dir); - let mut command = cmd!( - cd path; - env { - COSIGN_PASSWORD: "", - COSIGN_YES: "true", - }; - "cosign", - "generate-key-pair", - ); - - let status = command.status().into_diagnostic()?; + let status = { + let c = cmd!( + cd path; + env { + COSIGN_PASSWORD: "", + COSIGN_YES: "true", + }; + "cosign", + "generate-key-pair", + ); + trace!("{c:?}"); + c + } + .status() + .into_diagnostic()?; if !status.success() { bail!("Failed to generate cosign key-pair!"); @@ -47,18 +51,21 @@ impl SigningDriver for CosignDriver { let path = opts.dir.as_ref().map_or_else(|| Path::new("."), |dir| dir); let priv_key = get_private_key(path)?; - let mut command = cmd!( - env { - COSIGN_PASSWORD: "", - COSIGN_YES: "true" - }; - "cosign", - "public-key", - format!("--key={priv_key}"), - ); - - trace!("{command:?}"); - let output = command.output().into_diagnostic()?; + let output = { + let c = cmd!( + env { + COSIGN_PASSWORD: "", + COSIGN_YES: "true" + }; + "cosign", + "public-key", + format!("--key={priv_key}"), + ); + trace!("{c:?}"); + c + } + .output() + .into_diagnostic()?; if !output.status.success() { bail!( @@ -90,33 +97,24 @@ impl SigningDriver for CosignDriver { password, }) = Credentials::get() { - let mut command = cmd!( - "cosign", - "login", - "-u", - username, - "--password-stdin", - registry, - ); - command - .stdin(Stdio::piped()) - .stdout(Stdio::piped()) - .stderr(Stdio::piped()); - - trace!("{command:?}"); - let mut child = command.spawn().into_diagnostic()?; - - write!( - child - .stdin - .as_mut() - .ok_or_else(|| miette!("Unable to open pipe to stdin"))?, - "{password}" + let output = pipe!( + stdin = password; + { + let c = cmd!( + "cosign", + "login", + "-u", + username, + "--password-stdin", + registry, + ); + trace!("{c:?}"); + c + } ) + .output() .into_diagnostic()?; - let output = child.wait_with_output().into_diagnostic()?; - if !output.status.success() { let err_out = String::from_utf8_lossy(&output.stderr); bail!("Failed to login for cosign:\n{}", err_out.trim()); @@ -134,19 +132,25 @@ impl SigningDriver for CosignDriver { ); } - let mut command = cmd!( - "cosign", - "sign", - if let Some(ref key) = opts.key => format!("--key={key}"), - "--recursive", - opts.image.to_string(), - // COSIGN_PASSWORD => "", - // COSIGN_YES => "true", - ); - command.env(COSIGN_PASSWORD, "").env(COSIGN_YES, "true"); + let status = { + let c = cmd!( + env { + COSIGN_PASSWORD: "", + COSIGN_YES: "true", + }; + "cosign", + "sign", + if let Some(ref key) = opts.key => format!("--key={key}"), + "--recursive", + opts.image.to_string(), + ); + trace!("{c:?}"); + c + } + .status() + .into_diagnostic()?; - trace!("{command:?}"); - if !command.status().into_diagnostic()?.success() { + if !status.success() { bail!("Failed to sign {}", opts.image.to_string().bold().red()); } @@ -154,23 +158,28 @@ impl SigningDriver for CosignDriver { } fn verify(opts: &VerifyOpts) -> Result<()> { - let mut command = cmd!( - "cosign", - "verify", - match &opts.verify_type { - VerifyType::File(path) => format!("--key={}", path.display()), - VerifyType::Keyless { issuer, identity } => [ - "--certificate-identity-regexp", - &**identity, - "--certificate-oidc-issuer", - &**issuer, - ], - }, - opts.image.to_string(), - ); + let status = { + let c = cmd!( + "cosign", + "verify", + match &opts.verify_type { + VerifyType::File(path) => format!("--key={}", path.display()), + VerifyType::Keyless { issuer, identity } => [ + "--certificate-identity-regexp", + &**identity, + "--certificate-oidc-issuer", + &**issuer, + ], + }, + opts.image.to_string(), + ); + trace!("{c:?}"); + c + } + .status() + .into_diagnostic()?; - trace!("{command:?}"); - if !command.status().into_diagnostic()?.success() { + if !status.success() { bail!("Failed to verify {}", opts.image.to_string().bold().red()); } diff --git a/process/drivers/docker_driver.rs b/process/drivers/docker_driver.rs index 6598c61..cd49316 100644 --- a/process/drivers/docker_driver.rs +++ b/process/drivers/docker_driver.rs @@ -1,8 +1,7 @@ use std::{ env, - io::Write, path::Path, - process::{Command, ExitStatus, Stdio}, + process::{Command, ExitStatus}, sync::Mutex, }; @@ -13,7 +12,7 @@ use blue_build_utils::{ }; use cached::proc_macro::cached; use colored::Colorize; -use comlexr::cmd; +use comlexr::{cmd, pipe}; use log::{debug, info, trace, warn}; use miette::{bail, miette, IntoDiagnostic, Result}; use oci_distribution::Reference; @@ -65,7 +64,6 @@ impl DockerDriver { return Ok(()); } - trace!("docker buildx ls --format={}", "{{.Name}}"); let ls_out = { let c = cmd!("docker", "buildx", "ls", "--format={{.Name}}"); trace!("{c:?}"); @@ -217,33 +215,24 @@ impl BuildDriver for DockerDriver { password, }) = Credentials::get() { - let mut command = cmd!( - "docker", - "login", - "-u", - username, - "--password-stdin", - registry, - ); - command - .stdin(Stdio::piped()) - .stdout(Stdio::piped()) - .stderr(Stdio::piped()); - - trace!("{command:?}"); - let mut child = command.spawn().into_diagnostic()?; - - write!( - child - .stdin - .as_mut() - .ok_or_else(|| miette!("Unable to open pipe to stdin"))?, - "{password}" + let output = pipe!( + stdin = password; + { + let c = cmd!( + "docker", + "login", + "-u", + username, + "--password-stdin", + registry, + ); + trace!("{c:?}"); + c + } ) + .output() .into_diagnostic()?; - let output = child.wait_with_output().into_diagnostic()?; - if !output.status.success() { let err_out = String::from_utf8_lossy(&output.stderr); bail!("Failed to login for docker:\n{}", err_out.trim()); @@ -354,50 +343,50 @@ impl BuildDriver for DockerDriver { let first_image = final_images.first().unwrap(); - let command = cmd!( - "docker", - "buildx", - if run_setup => "--builder=bluebuild", - "build", - ".", - match (opts.image, opts.archive_path.as_deref()) { - (Some(_), None) if opts.push => [ - "--output", - format!( - "type=image,name={first_image},push=true,compression={},oci-mediatypes=true", - opts.compression - ), + let status = { + let c = cmd!( + "docker", + "buildx", + if run_setup => "--builder=bluebuild", + "build", + ".", + match (opts.image, opts.archive_path.as_deref()) { + (Some(_), None) if opts.push => [ + "--output", + format!( + "type=image,name={first_image},push=true,compression={},oci-mediatypes=true", + opts.compression + ), + ], + (Some(_), None) if env::var(GITHUB_ACTIONS).is_err() => "--load", + (None, Some(archive_path)) => [ + "--output", + format!("type=oci,dest={}", archive_path.display()), + ], + _ => [], + }, + "--pull", + if !matches!(opts.platform, Platform::Native) => [ + "--platform", + opts.platform.to_string(), ], - (Some(_), None) if env::var(GITHUB_ACTIONS).is_err() => "--load", - (None, Some(archive_path)) => [ - "--output", - format!("type=oci,dest={}", archive_path.display()), - ], - _ => [], - }, - "--pull", - if !matches!(opts.platform, Platform::Native) => [ - "--platform", - opts.platform.to_string(), - ], - "-f", - &*opts.containerfile, - // https://github.com/moby/buildkit?tab=readme-ov-file#github-actions-cache-experimental - if env::var(BB_BUILDKIT_CACHE_GHA) - .map_or_else(|_| false, |e| e == "true") => [ - "--cache-from", - "type=gha", - "--cache-to", - "type=gha", - ], - ); + "-f", + &*opts.containerfile, + // https://github.com/moby/buildkit?tab=readme-ov-file#github-actions-cache-experimental + if env::var(BB_BUILDKIT_CACHE_GHA) + .map_or_else(|_| false, |e| e == "true") => [ + "--cache-from", + "type=gha", + "--cache-to", + "type=gha", + ], + ); + trace!("{c:?}"); + c + } + .build_status(first_image, "Building Image").into_diagnostic()?; - trace!("{command:?}"); - if command - .build_status(first_image, "Building Image") - .into_diagnostic()? - .success() - { + if status.success() { if opts.push { info!("Successfully built and pushed image {}", first_image); } else { @@ -432,19 +421,22 @@ fn get_metadata_cache(opts: &GetMetadataOpts) -> Result { DockerDriver::setup()?; } - let mut command = cmd!( - "docker", - "buildx", - if run_setup => "--builder=bluebuild", - "imagetools", - "inspect", - "--format", - "{{json .}}", - &image_str, - ); - trace!("{command:?}"); - - let output = command.output().into_diagnostic()?; + let output = { + let c = cmd!( + "docker", + "buildx", + if run_setup => "--builder=bluebuild", + "imagetools", + "inspect", + "--format", + "{{json .}}", + &image_str, + ); + trace!("{c:?}"); + c + } + .output() + .into_diagnostic()?; if output.status.success() { info!("Successfully inspected image {}!", image_str.bold().green()); diff --git a/process/drivers/podman_driver.rs b/process/drivers/podman_driver.rs index 3fe2cb7..8729f50 100644 --- a/process/drivers/podman_driver.rs +++ b/process/drivers/podman_driver.rs @@ -1,15 +1,14 @@ use std::{ collections::HashMap, - io::Write, path::Path, - process::{Command, ExitStatus, Stdio}, + process::{Command, ExitStatus}, time::Duration, }; use blue_build_utils::credentials::Credentials; use cached::proc_macro::cached; use colored::Colorize; -use comlexr::cmd; +use comlexr::{cmd, pipe}; use indicatif::{ProgressBar, ProgressStyle}; use log::{debug, error, info, trace}; use miette::{bail, miette, IntoDiagnostic, Report, Result}; @@ -218,33 +217,24 @@ impl BuildDriver for PodmanDriver { password, }) = Credentials::get() { - let mut command = cmd!( - "podman", - "login", - "-u", - username, - "--password-stdin", - registry - ); - command - .stdin(Stdio::piped()) - .stdout(Stdio::piped()) - .stderr(Stdio::piped()); - - trace!("{command:?}"); - let mut child = command.spawn().into_diagnostic()?; - - write!( - child - .stdin - .as_mut() - .ok_or_else(|| miette!("Unable to open pipe to stdin"))?, - "{password}" + let output = pipe!( + stdin = password; + { + let c = cmd!( + "podman", + "login", + "-u", + username, + "--password-stdin", + registry, + ); + trace!("{c:?}"); + c + } ) + .output() .into_diagnostic()?; - let output = child.wait_with_output().into_diagnostic()?; - if !output.status.success() { let err_out = String::from_utf8_lossy(&output.stderr); bail!("Failed to login for podman:\n{}", err_out.trim()); @@ -258,14 +248,18 @@ impl BuildDriver for PodmanDriver { fn prune(opts: &super::opts::PruneOpts) -> Result<()> { trace!("PodmanDriver::prune({opts:?})"); - let status = cmd!( - "podman", - "system", - "prune", - "--force", - if opts.all => "--all", - if opts.volumes => "--volumes", - ) + let status = { + let c = cmd!( + "podman", + "system", + "prune", + "--force", + if opts.all => "--all", + if opts.volumes => "--volumes", + ); + trace!("{c:?}"); + c + } .message_status("podman system prune", "Pruning Podman System") .into_diagnostic()?; @@ -304,27 +298,33 @@ fn get_metadata_cache(opts: &GetMetadataOpts) -> Result { ); progress.enable_steady_tick(Duration::from_millis(100)); - let mut command = cmd!( - "podman", - "pull", - if !matches!(opts.platform, Platform::Native) => [ - "--platform", - opts.platform.to_string(), - ], - &image_str, - ); - trace!("{command:?}"); - - let output = command.output().into_diagnostic()?; + let output = { + let c = cmd!( + "podman", + "pull", + if !matches!(opts.platform, Platform::Native) => [ + "--platform", + opts.platform.to_string(), + ], + &image_str, + ); + trace!("{c:?}"); + c + } + .output() + .into_diagnostic()?; if !output.status.success() { bail!("Failed to pull {} for inspection!", image_str.bold().red()); } - let mut command = cmd!("podman", "image", "inspect", "--format=json", &image_str); - trace!("{command:?}"); - - let output = command.output().into_diagnostic()?; + let output = { + let c = cmd!("podman", "image", "inspect", "--format=json", &image_str); + trace!("{c:?}"); + c + } + .output() + .into_diagnostic()?; progress.finish_and_clear(); Logger::multi_progress().remove(&progress);