Build check doesn't honor defined platform for FROM lookups
kaidjohnson opened this issue · 1 comments
Contributing guidelines
- I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- ... the documentation does not mention anything about my problem
- ... there are no open or closed issues that are related to my problem
Description
Build checks fail when a platform is specified that is not the native host platform. On an Apple M1, for example, when --platform=linux/amd64 is set or DOCKER_DEFAULT_PLATFORM=linux/amd64 is used, the --check flag will fail to use that platform when checking FROM statements.
The following error is thrown:
[+] Building 0.0s (3/3) FINISHED docker:desktop-linux
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 91B 0.0s
=> ERROR [internal] load metadata for docker.io/test/project-a:0.1 0.0s
=> Verifying build result 0.0s
=> WARN: Requested platform "linux/amd64" does not match result platform "linux/arm64" 0.0s
------
> [internal] load metadata for docker.io/test/project-a:0.1:
------
1 warning found (use docker --debug to expand):
- Requested platform "linux/amd64" does not match result platform "linux/arm64"
ERROR: test/project-a:0.1: failed to resolve source metadata for docker.io/test/project-a:0.1: no match for platform in manifest: not found
Dockerfile:1
--------------------
1 | >>> FROM test/project-a:0.1
2 | COPY example.txt example2.txt
3 |
--------------------
I've created a simple reproduction to demonstrate the issue:
https://github.com/kaidjohnson/buildx-check-platform-bug/tree/main
Expected behaviour
FROM statements should be checked against the defined platform when provided.
Actual behaviour
FROM statements use the native platform, regardless of DOCKER_DEFAULT_PLATFORM setting or --platform flag
Buildx version
github.com/docker/buildx v0.16.2-desktop.1 081c21b9e461293ae243a1ff813a680a4f5f8fb9
Docker info
Client:
Version: 27.2.0
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.2-desktop.1
Path: /Users/kkimberg/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.2-desktop.2
Path: /Users/kkimberg/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.34
Path: /Users/kkimberg/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Alpha) (Docker Inc.)
Version: v0.0.15
Path: /Users/kkimberg/.docker/cli-plugins/docker-desktop
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/kkimberg/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.25
Path: /Users/kkimberg/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: /Users/kkimberg/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.3.0
Path: /Users/kkimberg/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/kkimberg/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.13.0
Path: /Users/kkimberg/.docker/cli-plugins/docker-scout
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 9
Server Version: 27.2.0
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.10.4-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 8
Total Memory: 11.67GiB
Name: docker-desktop
ID: 3bff511b-590f-4b5b-862d-978ee21f1e36
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/kkimberg/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
Builders list
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default docker
\_ default \_ default running v0.15.2 linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64
desktop-linux* docker
\_ desktop-linux \_ desktop-linux running v0.15.2 linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64
Configuration
https://github.com/kaidjohnson/buildx-check-platform-bug/tree/main
Build logs
No response
Additional info
Building works as expected without the --check flag:
docker buildx build --platform=linux/amd64 -t test/project-b:0.1 ./projectB
OR
DOCKER_DEFAULT_PLATFORM=linux/amd64 docker buildx build --check -t test/project-b:0.1 ./projectB
By way of communication, this issue ended up being upstream in buildkit, which was effectively not respecting the --platform flag for the rule checks. A PR for this has been opened ( moby/buildkit#5371 ) and is currently a WIP! :)