fix support for build with bake when target docker endpoint requires TLS

Signed-off-by: Nicolas De Loof <[email protected]>

MAINTAINERS

@@ -1,124 +0,0 @@
-# Docker maintainers file
-#
-# This file describes who runs the docker/compose project and how.
-# This is a living document - if you see something out of date or missing, speak up!
-#
-# It is structured to be consumable by both humans and programs.
-# To extract its contents programmatically, use any TOML-compliant
-# parser.
-#
-# This file is compiled into the MAINTAINERS file in docker/opensource.
-#
-[Org]
-
-	[Org."Core maintainers"]
-
-	# The Core maintainers are the ghostbusters of the project: when there's a problem others
-	# can't solve, they show up and fix it with bizarre devices and weaponry.
-	# They have final say on technical implementation and coding style.
-	# They are ultimately responsible for quality in all its forms: usability polish,
-	# bugfixes, performance, stability, etc. When ownership  can cleanly be passed to
-	# a subsystem, they are responsible for doing so and holding the
-	# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
-
-		people = [
-			"glours",
-			"jhrotko",
-			"milas",
-			"ndeloof",
-			"nicksieger",
-			"StefanScherer",
-			"ulyssessouza"
-		]
-
-	[Org."Regular maintainers"]
-	# The Regular maintainers are people who aren't Core maintainers but are around
-	# to help reviewing and fixing bugs, just on a less regular basis than previously.
-	# Most of them were previously Core maintainers of Compose.
-		people = [
-			"aiordache",
-			"chris-crone",
-			"gtardif",
-			"laurazard",
-			"maxcleme",
-			"rumpl",
-			"thaJeztah"
-		]
-
-[people]
-
-# A reference list of all people associated with the project.
-# All other sections should refer to people by their canonical key
-# in the people section.
-
-	# ADD YOURSELF HERE IN ALPHABETICAL ORDER
-
-	[people.aiordache]
-	Name = "Anca Iordache"
-	Email = "[email protected]"
-	GitHub = "aiordache "
-
-	[people.chris-crone]
-	Name = "Christopher Crone"
-	Email = "[email protected]"
-	GitHub = "chris-crone"
-
-	[people.glours]
-	Name = "Guillaume Lours"
-	Email = "[email protected]"
-	GitHub = "glours"
-
-	[people.gtardif]
-	Name = "Guillaume Tardif"
-	Email = "[email protected]"
-	GitHub = "gtardif"
-
-	[people.jhrotko]
-	Name = "Joana Hrotko"
-	Email = "[email protected]"
-	Github = "jhrotko"
-
-	[people.laurazard]
-	Name = "Laura Brehm"
-	Email = "[email protected]"
-	GitHub = "laurazard"
-
-	[people.maxcleme]
-	Name = "Maxime Clement"
-	Email = "[email protected]"
-	GitHub = "maxcleme"
-
-	[people.milas]
-	Name = "Milas Bowman"
-	Email = "[email protected]"
-	GitHub = "milas"
-
-	[people.nicksieger]
-	Name = "Nick Sieger"
-	Email = "[email protected]"
-	GitHub = "nicksieger"
-
-	[people.ndeloof]
-	Name = "Nicolas Deloof"
-	Email = "[email protected]"
-	GitHub = "ndeloof"
-
-	[people.rumpl]
-	Name = "Djordje Lukic"
-	Email = "[email protected]"
-	GitHub = "rumpl"
-
-	[people.thaJeztah]
-	Name = "Sebastiaan van Stijn"
-	Email = "[email protected]"
-	GitHub = "thaJeztah "
-
-	[people.StefanScherer]
-	Name = "Stefan Scherer"
-	Email = "[email protected]"
-	GitHub = "StefanScherer"
-
-	[people.ulyssessouza]
-	Name = "Ulysses Souza"
-	Email = "<[email protected]"
-	Github = "ulyssessouza"

pkg/compose/shellout.go

@@ -65,6 +65,7 @@ func (s *composeService) propagateDockerEndpoint() ([]string, func(), error) {
 			_ = os.RemoveAll(certs)
 		}
 		env[client.EnvOverrideCertPath] = certs
+		env["DOCKER_TLS"] = "1"
 		if !endpoint.SkipTLSVerify {
 			env[client.EnvTLSVerify] = "1"
 		}
@@ -73,7 +74,7 @@ func (s *composeService) propagateDockerEndpoint() ([]string, func(), error) {
 		if err != nil {
 			return nil, cleanup, err
 		}
-		err = os.WriteFile(filepath.Join(certs, flags.DefaultCaFile), endpoint.TLSData.Cert, 0o600)
+		err = os.WriteFile(filepath.Join(certs, flags.DefaultCertFile), endpoint.TLSData.Cert, 0o600)
 		if err != nil {
 			return nil, cleanup, err
 		}

pkg/e2e/build_test.go

@@ -19,6 +19,7 @@ package e2e
 import (
 	"fmt"
 	"net/http"
+	"os"
 	"regexp"
 	"runtime"
 	"strconv"
@@ -29,6 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 func TestLocalComposeBuild(t *testing.T) {
@@ -608,3 +610,38 @@ func TestBuildDependentImageWithProfile(t *testing.T) {
 	out := res.Combined()
 	assert.Check(t, strings.Contains(out, "secret-build-test  Built"))
 }
+
+func TestBuildTLS(t *testing.T) {
+	t.Helper()
+
+	c := NewParallelCLI(t)
+	const dindBuilder = "e2e-dind-builder"
+	tmp := t.TempDir()
+
+	t.Cleanup(func() {
+		c.RunDockerCmd(t, "rm", "-f", dindBuilder)
+		c.RunDockerCmd(t, "context", "rm", dindBuilder)
+	})
+
+	c.RunDockerCmd(t, "run", "--name", dindBuilder, "--privileged", "-p", "2376:2376", "-d", "docker:dind")
+
+	poll.WaitOn(t, func(_ poll.LogT) poll.Result {
+		res := c.RunDockerCmd(t, "logs", dindBuilder)
+		if strings.Contains(res.Combined(), "API listen on [::]:2376") {
+			return poll.Success()
+		}
+		return poll.Continue("waiting for Docker daemon to be running")
+	}, poll.WithTimeout(10*time.Second))
+
+	time.Sleep(1 * time.Second) // wait for dind setup
+	c.RunDockerCmd(t, "cp", dindBuilder+":/certs/client", tmp)
+
+	c.RunDockerCmd(t, "context", "create", dindBuilder, "--docker",
+		fmt.Sprintf("host=tcp://localhost:2376,ca=%s/client/ca.pem,cert=%s/client/cert.pem,key=%s/client/key.pem,skip-tls-verify=1", tmp, tmp, tmp))
+
+	cmd := c.NewDockerComposeCmd(t, "-f", "fixtures/build-test/minimal/compose.yaml", "build")
+	cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+dindBuilder)
+	cmd.Stdout = os.Stdout
+	res := icmd.RunCmd(cmd)
+	res.Assert(t, icmd.Expected{Err: "Built"})
+}

pkg/e2e/fixtures/build-test/minimal/Dockerfile

@@ -0,0 +1,16 @@
+#   Copyright 2020 Docker Compose CLI authors
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+FROM scratch
+COPY . .

pkg/e2e/fixtures/build-test/minimal/compose.yaml

@@ -0,0 +1,3 @@
+services:
+  test:
+    build: .