mirror of
https://github.com/fluxcd/flux2.git
synced 2026-02-22 23:51:48 +00:00
46ad3b2e7a
When building OCI artifacts from directories containing symlinks (e.g., symlink trees created by Nix), the symlinked files are silently skipped because the underlying archive logic only handles regular files and directories. This results in empty or incomplete artifacts. This change adds a --resolve-symlinks flag to both 'flux build artifact' and 'flux push artifact' commands. When set, symlinks are resolved by copying their target contents into a temporary directory before building the artifact. This approach: - Preserves backward compatibility (default behavior unchanged) - Works with symlinks pointing outside the source directory - Handles symlinked files and directories - Cleans up the temporary directory after the build completes Fixes fluxcd/flux2#5055 Signed-off-by: rohansood10 <rohansood10@users.noreply.github.com>
233 lines
6 KiB
Go
233 lines
6 KiB
Go
/*
|
|
Copyright 2022 The Flux authors
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/fluxcd/pkg/oci"
|
|
"github.com/fluxcd/pkg/sourceignore"
|
|
)
|
|
|
|
var buildArtifactCmd = &cobra.Command{
|
|
Use: "artifact",
|
|
Short: "Build artifact",
|
|
Long: `The build artifact command creates a tgz file with the manifests
|
|
from the given directory or a single manifest file.`,
|
|
Example: ` # Build the given manifests directory into an artifact
|
|
flux build artifact --path ./path/to/local/manifests --output ./path/to/artifact.tgz
|
|
|
|
# Build the given single manifest file into an artifact
|
|
flux build artifact --path ./path/to/local/manifest.yaml --output ./path/to/artifact.tgz
|
|
|
|
# List the files bundled in the artifact
|
|
tar -ztvf ./path/to/artifact.tgz
|
|
`,
|
|
RunE: buildArtifactCmdRun,
|
|
}
|
|
|
|
type buildArtifactFlags struct {
|
|
output string
|
|
path string
|
|
ignorePaths []string
|
|
resolveSymlinks bool
|
|
}
|
|
|
|
var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Split(sourceignore.ExcludeExt, ",")...)
|
|
|
|
var buildArtifactArgs buildArtifactFlags
|
|
|
|
func init() {
|
|
buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.path, "path", "p", "", "Path to the directory where the Kubernetes manifests are located.")
|
|
buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.output, "output", "o", "artifact.tgz", "Path to where the artifact tgz file should be written.")
|
|
buildArtifactCmd.Flags().StringSliceVar(&buildArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format")
|
|
buildArtifactCmd.Flags().BoolVar(&buildArtifactArgs.resolveSymlinks, "resolve-symlinks", false, "resolve symlinks by copying their targets into the artifact")
|
|
|
|
buildCmd.AddCommand(buildArtifactCmd)
|
|
}
|
|
|
|
func buildArtifactCmdRun(cmd *cobra.Command, args []string) error {
|
|
if buildArtifactArgs.path == "" {
|
|
return fmt.Errorf("invalid path %q", buildArtifactArgs.path)
|
|
}
|
|
|
|
path := buildArtifactArgs.path
|
|
var err error
|
|
if buildArtifactArgs.path == "-" {
|
|
path, err = saveReaderToFile(os.Stdin)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defer os.Remove(path)
|
|
}
|
|
|
|
if _, err := os.Stat(path); err != nil {
|
|
return fmt.Errorf("invalid path '%s', must point to an existing directory or file", path)
|
|
}
|
|
|
|
if buildArtifactArgs.resolveSymlinks {
|
|
resolved, err := resolveSymlinks(path)
|
|
if err != nil {
|
|
return fmt.Errorf("resolving symlinks failed: %w", err)
|
|
}
|
|
defer os.RemoveAll(resolved)
|
|
path = resolved
|
|
}
|
|
|
|
logger.Actionf("building artifact from %s", path)
|
|
|
|
ociClient := oci.NewClient(oci.DefaultOptions())
|
|
if err := ociClient.Build(buildArtifactArgs.output, path, buildArtifactArgs.ignorePaths); err != nil {
|
|
return fmt.Errorf("building artifact failed, error: %w", err)
|
|
}
|
|
|
|
logger.Successf("artifact created at %s", buildArtifactArgs.output)
|
|
return nil
|
|
}
|
|
|
|
// resolveSymlinks creates a temporary directory with symlinks resolved to their
|
|
// real file contents. This allows building artifacts from symlink trees (e.g.,
|
|
// those created by Nix) where the actual files live outside the source directory.
|
|
func resolveSymlinks(srcPath string) (string, error) {
|
|
absPath, err := filepath.Abs(srcPath)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
info, err := os.Stat(absPath)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// For a single file, resolve the symlink and return a temp dir containing it
|
|
if !info.IsDir() {
|
|
resolved, err := filepath.EvalSymlinks(absPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("resolving symlink for %s: %w", absPath, err)
|
|
}
|
|
tmpDir, err := os.MkdirTemp("", "flux-artifact-*")
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
dst := filepath.Join(tmpDir, filepath.Base(absPath))
|
|
if err := copyFile(resolved, dst); err != nil {
|
|
os.RemoveAll(tmpDir)
|
|
return "", err
|
|
}
|
|
return tmpDir, nil
|
|
}
|
|
|
|
tmpDir, err := os.MkdirTemp("", "flux-artifact-*")
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
err = filepath.Walk(absPath, func(p string, fi os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
relPath, err := filepath.Rel(absPath, p)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dstPath := filepath.Join(tmpDir, relPath)
|
|
|
|
// Resolve symlinks to get the real file info
|
|
realPath := p
|
|
realInfo := fi
|
|
if fi.Mode()&os.ModeSymlink != 0 {
|
|
realPath, err = filepath.EvalSymlinks(p)
|
|
if err != nil {
|
|
return fmt.Errorf("resolving symlink %s: %w", p, err)
|
|
}
|
|
realInfo, err = os.Stat(realPath)
|
|
if err != nil {
|
|
return fmt.Errorf("stat resolved path %s: %w", realPath, err)
|
|
}
|
|
}
|
|
|
|
if realInfo.IsDir() {
|
|
return os.MkdirAll(dstPath, realInfo.Mode())
|
|
}
|
|
|
|
if !realInfo.Mode().IsRegular() {
|
|
return nil
|
|
}
|
|
|
|
return copyFile(realPath, dstPath)
|
|
})
|
|
|
|
if err != nil {
|
|
os.RemoveAll(tmpDir)
|
|
return "", err
|
|
}
|
|
|
|
return tmpDir, nil
|
|
}
|
|
|
|
func copyFile(src, dst string) error {
|
|
in, err := os.Open(src)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer in.Close()
|
|
|
|
if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
|
|
return err
|
|
}
|
|
|
|
out, err := os.Create(dst)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer out.Close()
|
|
|
|
if _, err := io.Copy(out, in); err != nil {
|
|
return err
|
|
}
|
|
return out.Close()
|
|
}
|
|
|
|
func saveReaderToFile(reader io.Reader) (string, error) {
|
|
b, err := io.ReadAll(bufio.NewReader(reader))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
b = bytes.TrimRight(b, "\r\n")
|
|
f, err := os.CreateTemp("", "*.yaml")
|
|
if err != nil {
|
|
return "", fmt.Errorf("unable to create temp dir for stdin")
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
if _, err := f.Write(b); err != nil {
|
|
return "", fmt.Errorf("error writing stdin to file: %w", err)
|
|
}
|
|
|
|
return f.Name(), nil
|
|
}
|