Merge pull request #63 from chmeliik/dfparse-with-envs

chmeliik · web-flow · commit 0c29c901c9e9 · 2026-02-12T12:54:26.000+01:00
image build: add --envs option
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/containerd/platforms v1.0.0-rc.2
 	github.com/containers/image/v5 v5.36.2
 	github.com/keilerkonzept/dockerfile-json v1.2.2
+	github.com/moby/buildkit v0.19.0
 	github.com/onsi/gomega v1.38.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
@@ -25,7 +26,6 @@ require (
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
-	github.com/moby/buildkit v0.19.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.25.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
diff --git a/integration_tests/build_test.go b/integration_tests/build_test.go
@@ -33,6 +33,7 @@ type BuildParams struct {
 	WorkdirMount            string
 	BuildArgs               []string
 	BuildArgsFile           string
+	Envs                    []string
 	ContainerfileJsonOutput string
 	ExtraArgs               []string
 }
@@ -158,6 +159,10 @@ func runBuildWithOutput(container *TestRunnerContainer, buildParams BuildParams)
 	if buildParams.BuildArgsFile != "" {
 		args = append(args, "--build-args-file", buildParams.BuildArgsFile)
 	}
+	if len(buildParams.Envs) > 0 {
+		args = append(args, "--envs")
+		args = append(args, buildParams.Envs...)
+	}
 	if buildParams.ContainerfileJsonOutput != "" {
 		args = append(args, "--containerfile-json-output", buildParams.ContainerfileJsonOutput)
 	}
@@ -201,25 +206,37 @@ func writeContainerfile(contextDir, content string) {
 	Expect(err).ToNot(HaveOccurred())
 }
 
-func getImageLabels(container *TestRunnerContainer, imageRef string) map[string]string {
+type containerImageMeta struct {
+	labels map[string]string
+	envs   map[string]string
+}
+
+func getImageMeta(container *TestRunnerContainer, imageRef string) containerImageMeta {
 	stdout, _, err := container.ExecuteCommandWithOutput("buildah", "inspect", imageRef)
 	Expect(err).ToNot(HaveOccurred())
 
 	var inspect struct {
 		OCIv1 struct {
 			Config struct {
 				Labels map[string]string
+				Env    []string
 			} `json:"config"`
 		}
 	}
 
 	err = json.Unmarshal([]byte(stdout), &inspect)
 	Expect(err).ToNot(HaveOccurred())
 
-	return inspect.OCIv1.Config.Labels
+	envs := make(map[string]string, len(inspect.OCIv1.Config.Env))
+	for _, env := range inspect.OCIv1.Config.Env {
+		key, value, _ := strings.Cut(env, "=")
+		envs[key] = value
+	}
+
+	return containerImageMeta{labels: inspect.OCIv1.Config.Labels, envs: envs}
 }
 
-func getContainerfileLabels(container *TestRunnerContainer, containerfileJsonPath string) map[string]string {
+func getContainerfileMeta(container *TestRunnerContainer, containerfileJsonPath string) containerImageMeta {
 	containerfileJSON, err := container.GetFileContent(containerfileJsonPath)
 	Expect(err).ToNot(HaveOccurred())
 
@@ -232,8 +249,12 @@ func getContainerfileLabels(container *TestRunnerContainer, containerfileJsonPat
 			Commands []struct {
 				Name   string
 				Labels []struct {
-					Key     string
-					Value   string
+					Key   string
+					Value string
+				}
+				Env []struct {
+					Key   string
+					Value string
 				}
 			}
 		}
@@ -243,14 +264,18 @@ func getContainerfileLabels(container *TestRunnerContainer, containerfileJsonPat
 	Expect(err).ToNot(HaveOccurred())
 
 	labels := make(map[string]string)
+	envs := make(map[string]string)
+
 	for _, cmd := range containerfile.Stages[0].Commands {
-		if strings.ToLower(cmd.Name) == "label" {
-			for _, label := range cmd.Labels {
-				labels[label.Key] = label.Value
-			}
+		for _, label := range cmd.Labels {
+			labels[label.Key] = label.Value
+		}
+		for _, env := range cmd.Env {
+			envs[env.Key] = env.Value
 		}
 	}
-	return labels
+
+	return containerImageMeta{labels: labels, envs: envs}
 }
 
 func formatAsKeyValuePairs(m map[string]string) []string {
@@ -562,12 +587,15 @@ LABEL test.label="build-args-test"
 			"undefined-buildarg=",
 		}
 
+		imageMeta := getImageMeta(container, outputRef)
+		containerfileMeta := getContainerfileMeta(container, containerfileJsonPath)
+
 		// Verify image labels
-		imageLabels := formatAsKeyValuePairs(getImageLabels(container, outputRef))
+		imageLabels := formatAsKeyValuePairs(imageMeta.labels)
 		Expect(imageLabels).To(ContainElements(expectedLabels))
 
 		// Verify the parsed Containerfile has the same label values
-		containerfileLabels := formatAsKeyValuePairs(getContainerfileLabels(container, containerfileJsonPath))
+		containerfileLabels := formatAsKeyValuePairs(containerfileMeta.labels)
 		Expect(containerfileLabels).To(ContainElements(expectedLabels))
 	})
 
@@ -614,8 +642,8 @@ LABEL test.label="platform-build-args-test"
 		Expect(err).ToNot(HaveOccurred())
 
 		// Verify platform values match between the parsed Containerfile and the actual image
-		imageLabels := getImageLabels(container, outputRef)
-		containerfileLabels := getContainerfileLabels(container, containerfileJsonPath)
+		imageLabels := getImageMeta(container, outputRef).labels
+		containerfileLabels := getContainerfileMeta(container, containerfileJsonPath).labels
 
 		labelsToCheck := []string{
 			"TARGETPLATFORM",
@@ -698,4 +726,75 @@ LABEL test.label="platform-build-args-test"
   ]
 }`))
 	})
+
+	t.Run("WithEnvs", func(t *testing.T) {
+		contextDir := setupTestContext(t)
+
+		writeContainerfile(contextDir, `
+FROM scratch
+
+LABEL foo=$FOO
+LABEL bar=$BAR
+
+LABEL test.label="envs-test"
+`)
+
+		outputRef := "localhost/test-image-envs:" + GenerateUniqueTag(t)
+		// Also verify that envs are handled properly for Containerfile parsing
+		containerfileJsonPath := "/workspace/parsed-containerfile.json"
+
+		buildParams := BuildParams{
+			Context:                 contextDir,
+			OutputRef:               outputRef,
+			Push:                    false,
+			Envs:                    []string{
+				"FOO=foo-value",
+				"BAR=bar-value",
+				// Corner cases to verify that dockerfile-json and buildah handle them the same way
+				// Should be an env var without a name (causes an error when starting the container)
+				"=noname",
+				// Should be an empty string
+				"NOVALUE=",
+				// Shouldn't be set at all
+				"NOSUCHENV",
+			},
+			ContainerfileJsonOutput: containerfileJsonPath,
+		}
+
+		container := setupBuildContainerWithCleanup(t, buildParams, nil)
+
+		err := runBuild(container, buildParams)
+		Expect(err).ToNot(HaveOccurred())
+
+		expectedEnvs := []string{
+			"FOO=foo-value",
+			"BAR=bar-value",
+			"=noname",
+			"NOVALUE=",
+		}
+		expectedLabels := []string{
+			"foo=foo-value",
+			"bar=bar-value",
+		}
+
+		imageMeta := getImageMeta(container, outputRef)
+		containerfileMeta := getContainerfileMeta(container, containerfileJsonPath)
+
+		// Verify envs
+		imageEnvs := formatAsKeyValuePairs(imageMeta.envs)
+		Expect(imageEnvs).To(ContainElements(expectedEnvs))
+
+		containerfileEnvs := formatAsKeyValuePairs(containerfileMeta.envs)
+		Expect(containerfileEnvs).To(ContainElements(expectedEnvs))
+
+		Expect(imageMeta.envs).ToNot(HaveKey("NOSUCHENV"))
+		Expect(containerfileMeta.envs).ToNot(HaveKey("NOSUCHENV"))
+
+		// Verify labels
+		imageLabels := formatAsKeyValuePairs(imageMeta.labels)
+		Expect(imageLabels).To(ContainElements(expectedLabels))
+
+		containerfileLabels := formatAsKeyValuePairs(containerfileMeta.labels)
+		Expect(containerfileLabels).To(ContainElements(expectedLabels))
+	})
 }
diff --git a/pkg/cliwrappers/buildah.go b/pkg/cliwrappers/buildah.go
@@ -45,6 +45,7 @@ type BuildahBuildArgs struct {
 	Volumes       []BuildahVolume
 	BuildArgs     []string
 	BuildArgsFile string
+	Envs          []string
 	ExtraArgs     []string
 }
 
@@ -159,6 +160,10 @@ func (b *BuildahCli) Build(args *BuildahBuildArgs) error {
 		buildahArgs = append(buildahArgs, "--build-arg-file="+args.BuildArgsFile)
 	}
 
+	for _, env := range args.Envs {
+		buildahArgs = append(buildahArgs, "--env="+env)
+	}
+
 	// Append extra arguments before the context directory
 	buildahArgs = append(buildahArgs, args.ExtraArgs...)
 	// Context directory must be the last argument
diff --git a/pkg/cliwrappers/buildah_test.go b/pkg/cliwrappers/buildah_test.go
@@ -156,6 +156,29 @@ func TestBuildahCli_Build(t *testing.T) {
 		g.Expect(capturedArgs).To(ContainElement("--build-arg-file=/path/to/build-args-file"))
 	})
 
+	t.Run("should turn Envs into --env params", func(t *testing.T) {
+		buildahCli, executor := setupBuildahCli()
+		var capturedArgs []string
+		executor.executeWithOutput = func(command string, args ...string) (string, string, int, error) {
+			g.Expect(command).To(Equal("buildah"))
+			capturedArgs = args
+			return "", "", 0, nil
+		}
+
+		buildArgs := &cliwrappers.BuildahBuildArgs{
+			Containerfile: containerfile,
+			ContextDir:    contextDir,
+			OutputRef:     outputRef,
+			Envs:          []string{"FOO=bar", "BAZ=qux"},
+		}
+
+		err := buildahCli.Build(buildArgs)
+		g.Expect(err).ToNot(HaveOccurred())
+
+		g.Expect(capturedArgs).To(ContainElement("--env=FOO=bar"))
+		g.Expect(capturedArgs).To(ContainElement("--env=BAZ=qux"))
+	})
+
 	t.Run("should append extra args before context directory", func(t *testing.T) {
 		buildahCli, executor := setupBuildahCli()
 		var capturedArgs []string
diff --git a/pkg/commands/build.go b/pkg/commands/build.go
@@ -81,6 +81,13 @@ var BuildParamsConfig = map[string]common.Parameter{
 		TypeKind:   reflect.String,
 		Usage:      "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
 	},
+	"envs": {
+		Name:       "envs",
+		ShortName:  "",
+		EnvVarName: "KBC_BUILD_ENVS",
+		TypeKind:   reflect.Slice,
+		Usage:      "Environment variables to pass to the build using buildah's --env option.",
+	},
 	"containerfile-json-output": {
 		Name:       "containerfile-json-output",
 		ShortName:  "",
@@ -99,6 +106,7 @@ type BuildParams struct {
 	WorkdirMount            string   `paramName:"workdir-mount"`
 	BuildArgs               []string `paramName:"build-args"`
 	BuildArgsFile           string   `paramName:"build-args-file"`
+	Envs                    []string `paramName:"envs"`
 	ContainerfileJsonOutput string   `paramName:"containerfile-json-output"`
 	ExtraArgs               []string // Additional arguments to pass to buildah build
 }
@@ -223,6 +231,9 @@ func (c *Build) logParams() {
 	if c.Params.BuildArgsFile != "" {
 		l.Logger.Infof("[param] BuildArgsFile: %s", c.Params.BuildArgsFile)
 	}
+	if len(c.Params.Envs) > 0 {
+		l.Logger.Infof("[param] Envs: %v", c.Params.Envs)
+	}
 	if c.Params.ContainerfileJsonOutput != "" {
 		l.Logger.Infof("[param] ContainerfileJsonOutput: %s", c.Params.ContainerfileJsonOutput)
 	}
@@ -417,11 +428,14 @@ func (c *Build) parseContainerfile() (*dockerfile.Dockerfile, error) {
 		return nil, fmt.Errorf("failed to parse %s: %w", c.containerfilePath, err)
 	}
 
+	envs := processKeyValueEnvs(c.Params.Envs)
+
 	argExp, err := c.createBuildArgExpander()
 	if err != nil {
 		return nil, fmt.Errorf("failed to process build args: %w", err)
 	}
 
+	containerfile.InjectEnv(envs)
 	containerfile.Expand(argExp)
 	return containerfile, nil
 }
@@ -453,14 +467,8 @@ func (c *Build) createBuildArgExpander() (dockerfile.SingleWordExpander, error)
 	}
 
 	// CLI --build-args take precedence over everything else
-	for _, arg := range c.Params.BuildArgs {
-		key, value, hasValue := strings.Cut(arg, "=")
-		if hasValue {
-			args[key] = value
-		} else if valueFromEnv, ok := os.LookupEnv(key); ok {
-			args[key] = valueFromEnv
-		}
-	}
+	cliArgs := processKeyValueEnvs(c.Params.BuildArgs)
+	maps.Copy(args, cliArgs)
 
 	// Return the kind of "expander" function expected by the dockerfile-json API
 	// (takes the name of a build arg, returns the value or error for undefined build args)
@@ -473,6 +481,21 @@ func (c *Build) createBuildArgExpander() (dockerfile.SingleWordExpander, error)
 	return argExp, nil
 }
 
+// Parse an array of key[=value] args. If '=' is missing, look up the value in
+// environment variables. This is how buildah handles --build-arg and --env values.
+func processKeyValueEnvs(args []string) map[string]string {
+	values := make(map[string]string)
+	for _, arg := range args {
+		key, value, hasValue := strings.Cut(arg, "=")
+		if hasValue {
+			values[key] = value
+		} else if valueFromEnv, ok := os.LookupEnv(key); ok {
+			values[key] = valueFromEnv
+		}
+	}
+	return values
+}
+
 func (c *Build) buildImage() error {
 	l.Logger.Info("Building container image...")
 
@@ -492,6 +515,7 @@ func (c *Build) buildImage() error {
 		Secrets:       c.buildahSecrets,
 		BuildArgs:     c.Params.BuildArgs,
 		BuildArgsFile: c.Params.BuildArgsFile,
+		Envs:          c.Params.Envs,
 		ExtraArgs:     c.Params.ExtraArgs,
 	}
 	if c.Params.WorkdirMount != "" {
diff --git a/pkg/commands/build_test.go b/pkg/commands/build_test.go
