coder · sreya · Nov 26, 2024 · Nov 26, 2024 · Nov 26, 2024 · Nov 26, 2024
diff --git a/cli/clitest/cli.go b/cli/clitest/cli.go
@@ -35,7 +35,7 @@ func Mounter(ctx context.Context) *mount.FakeMounter {
 func DockerClient(t *testing.T, ctx context.Context) *dockerfake.MockClient {
 	t.Helper()
 
-	client, err := dockerutil.Client(ctx)
+	client, err := dockerutil.ExtractClient(ctx)
 	require.NoError(t, err)
 	//nolint we should panic if this isn't the case.
 	return client.(*dockerfake.MockClient)
@@ -71,7 +71,7 @@ func New(t *testing.T, cmd string, args ...string) (context.Context, *cobra.Comm
 	return ctx, root
 }
 
-func ctx(t *testing.T, fs xunix.FS, ex xunix.Execer, mnt mount.Interface, client dockerutil.DockerClient) context.Context {
+func ctx(t *testing.T, fs xunix.FS, ex xunix.Execer, mnt mount.Interface, client dockerutil.Client) context.Context {
 	t.Helper()
 
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)

diff --git a/cli/clitest/fake.go b/cli/clitest/fake.go
@@ -30,7 +30,7 @@ func NewFakeExecer() *xunixfake.FakeExec {
 	}
 }
 
-func NewFakeDockerClient() dockerutil.DockerClient {
+func NewFakeDockerClient() dockerutil.Client {
 	client := &dockerfake.MockClient{}
 
 	client.ContainerInspectFn = func(_ context.Context, _ string) (dockertypes.ContainerJSON, error) {

diff --git a/cli/docker.go b/cli/docker.go
@@ -13,7 +13,6 @@ import (
 	"strconv"
 	"strings"
 
-	dockertypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/spf13/cobra"
@@ -244,7 +243,7 @@ func dockerCmd() *cobra.Command {
 				return xerrors.Errorf("wait for sysbox-mgr: %w", err)
 			}
 
-			client, err := dockerutil.Client(ctx)
+			client, err := dockerutil.ExtractClient(ctx)
 			if err != nil {
 				return xerrors.Errorf("new docker client: %w", err)
 			}
@@ -388,7 +387,7 @@ func dockerCmd() *cobra.Command {
 	return cmd
 }
 
-func runDockerCVM(ctx context.Context, log slog.Logger, client dockerutil.DockerClient, blog buildlog.Logger, flags flags) error {
+func runDockerCVM(ctx context.Context, log slog.Logger, client dockerutil.Client, blog buildlog.Logger, flags flags) error {
 	fs := xunix.GetFS(ctx)
 
 	// Set our OOM score to something really unfavorable to avoid getting killed
@@ -664,7 +663,7 @@ func runDockerCVM(ctx context.Context, log slog.Logger, client dockerutil.Docker
 	// TODO fix iptables when istio detected.
 
 	blog.Info("Starting up workspace...")
-	err = client.ContainerStart(ctx, containerID, dockertypes.ContainerStartOptions{})
+	err = client.ContainerStart(ctx, containerID, container.StartOptions{})
 	if err != nil {
 		return xerrors.Errorf("start container: %w", err)
 	}

diff --git a/cli/docker_test.go b/cli/docker_test.go
@@ -15,6 +15,7 @@ import (
 
 	dockertypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/network"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/spf13/afero"
@@ -486,7 +487,7 @@ func TestDocker(t *testing.T) {
 		authB64 := base64.URLEncoding.EncodeToString(raw)
 
 		client := clitest.DockerClient(t, ctx)
-		client.ImagePullFn = func(_ context.Context, _ string, options dockertypes.ImagePullOptions) (io.ReadCloser, error) {
+		client.ImagePullFn = func(_ context.Context, _ string, options image.PullOptions) (io.ReadCloser, error) {
 			// Assert that we call the image pull function with the credentials.
 			require.Equal(t, authB64, options.RegistryAuth)
 			return io.NopCloser(bytes.NewReader(nil)), nil

diff --git a/deploy/Dockerfile b/deploy/Dockerfile
@@ -22,7 +22,7 @@ LABEL \
 ARG DEBIAN_FRONTEND=noninteractive
 # Pin docker to avoid any breaking API changes between the Go client and 
 # the server.
-ARG DOCKER_VERSION="5:27.1.2-1~ubuntu.22.04~jammy"
+ARG DOCKER_VERSION="5:27.3.1-1~ubuntu.22.04~jammy"
 #   Ignore other repositories, as some require HTTPS
 RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \
     apt-get upgrade -y && \

diff --git a/dockerutil/client.go b/dockerutil/client.go
@@ -7,23 +7,29 @@ import (
 	"os"
 
 	"github.com/cpuguy83/dockercfg"
-	dockertypes "github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/registry"
 	dockerclient "github.com/docker/docker/client"
 
 	"golang.org/x/xerrors"
 )
 
+type Client interface {
+	dockerclient.SystemAPIClient
+	dockerclient.ContainerAPIClient
+	dockerclient.ImageAPIClient
+}
+
 type clientKey struct{}
 
 // WithClient sets the provided DockerClient on the context.
 // It should only be used for tests.
-func WithClient(ctx context.Context, client DockerClient) context.Context {
+func WithClient(ctx context.Context, client Client) context.Context {
 	return context.WithValue(ctx, clientKey{}, client)
 }
 
-// Client returns the DockerClient set on the context. If one can't be
+// ExtractClient returns the DockerClient set on the context. If one can't be
 // found a default client is returned.
-func Client(ctx context.Context) (DockerClient, error) {
+func ExtractClient(ctx context.Context) (Client, error) {
 	client := ctx.Value(clientKey{})
 	if client == nil {
 		client, err := dockerclient.NewClientWithOpts(dockerclient.FromEnv)
@@ -35,10 +41,10 @@ func Client(ctx context.Context) (DockerClient, error) {
 	}
 
 	//nolint we should panic if this isn't the case.
-	return client.(DockerClient), nil
+	return client.(Client), nil
 }
 
-type AuthConfig dockertypes.AuthConfig
+type AuthConfig registry.AuthConfig
 
 func (a AuthConfig) Base64() (string, error) {
 	authStr, err := json.Marshal(a)
@@ -67,8 +73,8 @@ func AuthConfigFromString(raw string, reg string) (AuthConfig, error) {
 	return parseConfig(cfg, reg)
 }
 
-func parseConfig(cfg dockercfg.Config, registry string) (AuthConfig, error) {
-	hostname := dockercfg.ResolveRegistryHost(registry)
+func parseConfig(cfg dockercfg.Config, reg string) (AuthConfig, error) {
+	hostname := dockercfg.ResolveRegistryHost(reg)
 
 	username, secret, err := cfg.GetRegistryCredentials(hostname)
 	if err != nil {
@@ -87,5 +93,5 @@ func parseConfig(cfg dockercfg.Config, registry string) (AuthConfig, error) {
 		}, nil
 	}
 
-	return AuthConfig{}, xerrors.Errorf("no auth config found for registry %s: %w", registry, os.ErrNotExist)
+	return AuthConfig{}, xerrors.Errorf("no auth config found for registry %s: %w", reg, os.ErrNotExist)
 }
diff --git a/dockerutil/container.go b/dockerutil/container.go
@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/docker/docker/api/types/container"
-	dockerclient "github.com/docker/docker/client"
 	"github.com/spf13/afero"
 	"golang.org/x/xerrors"
 
@@ -25,12 +24,6 @@ const (
 	DefaultCPUPeriod uint64 = 1e5
 )
 
-type DockerClient interface {
-	dockerclient.SystemAPIClient
-	dockerclient.ContainerAPIClient
-	dockerclient.ImageAPIClient
-}
-
 type ContainerConfig struct {
 	Log        slog.Logger
 	Mounts     []xunix.Mount
@@ -48,7 +41,7 @@ type ContainerConfig struct {
 }
 
 // CreateContainer creates a sysbox-runc container.
-func CreateContainer(ctx context.Context, client DockerClient, conf *ContainerConfig) (string, error) {
+func CreateContainer(ctx context.Context, client Client, conf *ContainerConfig) (string, error) {
 	host := &container.HostConfig{
 		Runtime:    runtime,
 		AutoRemove: true,
@@ -106,7 +99,7 @@ type BootstrapConfig struct {
 
 // BoostrapContainer runs a script inside the container as the provided user.
 // If conf.Script is empty then it is a noop.
-func BootstrapContainer(ctx context.Context, client DockerClient, conf BootstrapConfig) error {
+func BootstrapContainer(ctx context.Context, client Client, conf BootstrapConfig) error {
 	if conf.Script == "" {
 		return nil
 	}

diff --git a/dockerutil/daemon.go b/dockerutil/daemon.go
@@ -9,7 +9,7 @@ import (
 
 // WaitForDaemon waits for a Docker daemon to startup. It waits a max
 // of 5m before giving up.
-func WaitForDaemon(ctx context.Context, client DockerClient) error {
+func WaitForDaemon(ctx context.Context, client Client) error {
 	ticker := time.NewTicker(time.Millisecond * 250)
 	defer ticker.Stop()
 

diff --git a/dockerutil/dockerfake/client.go b/dockerutil/dockerfake/client.go
@@ -12,25 +12,26 @@ import (
 	"github.com/docker/docker/api/types/image"
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types/system"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 
 	"github.com/coder/envbox/dockerutil"
 )
 
-var _ dockerutil.DockerClient = MockClient{}
+var _ dockerutil.Client = MockClient{}
 
 // MockClient provides overrides for functions that are called in envbox.
 type MockClient struct {
-	ImagePullFn            func(_ context.Context, ref string, options dockertypes.ImagePullOptions) (io.ReadCloser, error)
+	ImagePullFn            func(_ context.Context, ref string, options image.PullOptions) (io.ReadCloser, error)
 	ContainerCreateFn      func(_ context.Context, config *containertypes.Config, hostConfig *containertypes.HostConfig, networkingConfig *networktypes.NetworkingConfig, _ *specs.Platform, containerName string) (containertypes.CreateResponse, error)
 	ImagePruneFn           func(_ context.Context, pruneFilter filters.Args) (dockertypes.ImagesPruneReport, error)
-	ContainerStartFn       func(_ context.Context, container string, options dockertypes.ContainerStartOptions) error
+	ContainerStartFn       func(_ context.Context, container string, options containertypes.StartOptions) error
 	ContainerExecAttachFn  func(_ context.Context, execID string, config dockertypes.ExecStartCheck) (dockertypes.HijackedResponse, error)
 	ContainerExecCreateFn  func(_ context.Context, container string, config dockertypes.ExecConfig) (dockertypes.IDResponse, error)
 	ContainerExecStartFn   func(_ context.Context, execID string, config dockertypes.ExecStartCheck) error
 	ContainerExecInspectFn func(_ context.Context, execID string) (dockertypes.ContainerExecInspect, error)
 	ContainerInspectFn     func(_ context.Context, container string) (dockertypes.ContainerJSON, error)
-	ContainerRemoveFn      func(_ context.Context, container string, options dockertypes.ContainerRemoveOptions) error
+	ContainerRemoveFn      func(_ context.Context, container string, options containertypes.RemoveOptions) error
 	PingFn                 func(_ context.Context) (dockertypes.Ping, error)
 }
 
@@ -46,42 +47,42 @@ func (MockClient) BuildCancel(_ context.Context, _ string) error {
 	panic("not implemented")
 }
 
-func (MockClient) ImageCreate(_ context.Context, _ string, _ dockertypes.ImageCreateOptions) (io.ReadCloser, error) {
+func (MockClient) ImageCreate(_ context.Context, _ string, _ image.CreateOptions) (io.ReadCloser, error) {
 	panic("not implemented")
 }
 
 func (MockClient) ImageHistory(_ context.Context, _ string) ([]image.HistoryResponseItem, error) {
 	panic("not implemented")
 }
 
-func (MockClient) ImageImport(_ context.Context, _ dockertypes.ImageImportSource, _ string, _ dockertypes.ImageImportOptions) (io.ReadCloser, error) {
+func (MockClient) ImageImport(_ context.Context, _ image.ImportSource, _ string, _ image.ImportOptions) (io.ReadCloser, error) {
 	panic("not implemented")
 }
 
 func (MockClient) ImageInspectWithRaw(_ context.Context, _ string) (dockertypes.ImageInspect, []byte, error) {
 	panic("not implemented")
 }
 
-func (MockClient) ImageList(_ context.Context, _ dockertypes.ImageListOptions) ([]dockertypes.ImageSummary, error) {
+func (MockClient) ImageList(_ context.Context, _ image.ListOptions) ([]image.Summary, error) {
 	panic("not implemented")
 }
 
 func (MockClient) ImageLoad(_ context.Context, _ io.Reader, _ bool) (dockertypes.ImageLoadResponse, error) {
 	panic("not implemented")
 }
 
-func (m MockClient) ImagePull(ctx context.Context, ref string, options dockertypes.ImagePullOptions) (io.ReadCloser, error) {
+func (m MockClient) ImagePull(ctx context.Context, ref string, options image.PullOptions) (io.ReadCloser, error) {
 	if m.ImagePullFn == nil {
 		return io.NopCloser(strings.NewReader("")), nil
 	}
 	return m.ImagePullFn(ctx, ref, options)
 }
 
-func (MockClient) ImagePush(_ context.Context, _ string, _ dockertypes.ImagePushOptions) (io.ReadCloser, error) {
+func (MockClient) ImagePush(_ context.Context, _ string, _ image.PushOptions) (io.ReadCloser, error) {
 	panic("not implemented")
 }
 
-func (MockClient) ImageRemove(_ context.Context, _ string, _ dockertypes.ImageRemoveOptions) ([]dockertypes.ImageDeleteResponseItem, error) {
+func (MockClient) ImageRemove(_ context.Context, _ string, _ image.RemoveOptions) ([]image.DeleteResponse, error) {
 	panic("not implemented")
 }
 
@@ -108,11 +109,11 @@ func (MockClient) Events(_ context.Context, _ dockertypes.EventsOptions) (<-chan
 	panic("not implemented")
 }
 
-func (MockClient) Info(_ context.Context) (dockertypes.Info, error) {
+func (MockClient) Info(_ context.Context) (system.Info, error) {
 	panic("not implemented")
 }
 
-func (MockClient) RegistryLogin(_ context.Context, _ dockertypes.AuthConfig) (registry.AuthenticateOKBody, error) {
+func (MockClient) RegistryLogin(_ context.Context, _ registry.AuthConfig) (registry.AuthenticateOKBody, error) {
 	panic("not implemented")
 }
 
@@ -127,11 +128,11 @@ func (m MockClient) Ping(ctx context.Context) (dockertypes.Ping, error) {
 	return m.PingFn(ctx)
 }
 
-func (MockClient) ContainerAttach(_ context.Context, _ string, _ dockertypes.ContainerAttachOptions) (dockertypes.HijackedResponse, error) {
+func (MockClient) ContainerAttach(_ context.Context, _ string, _ containertypes.AttachOptions) (dockertypes.HijackedResponse, error) {
 	panic("not implemented")
 }
 
-func (MockClient) ContainerCommit(_ context.Context, _ string, _ dockertypes.ContainerCommitOptions) (dockertypes.IDResponse, error) {
+func (MockClient) ContainerCommit(_ context.Context, _ string, _ containertypes.CommitOptions) (dockertypes.IDResponse, error) {
 	panic("not implemented")
 }
 
@@ -142,7 +143,7 @@ func (m MockClient) ContainerCreate(ctx context.Context, config *containertypes.
 	return m.ContainerCreateFn(ctx, config, hostConfig, networkingConfig, pspecs, containerName)
 }
 
-func (MockClient) ContainerDiff(_ context.Context, _ string) ([]containertypes.ContainerChangeResponseItem, error) {
+func (MockClient) ContainerDiff(_ context.Context, _ string) ([]containertypes.FilesystemChange, error) {
 	panic("not implemented")
 }
 
@@ -168,7 +169,7 @@ func (m MockClient) ContainerExecInspect(ctx context.Context, id string) (docker
 	return m.ContainerExecInspectFn(ctx, id)
 }
 
-func (MockClient) ContainerExecResize(_ context.Context, _ string, _ dockertypes.ResizeOptions) error {
+func (MockClient) ContainerExecResize(_ context.Context, _ string, _ containertypes.ResizeOptions) error {
 	panic("not implemented")
 }
 
@@ -198,19 +199,19 @@ func (MockClient) ContainerKill(_ context.Context, _ string, _ string) error {
 	panic("not implemented")
 }
 
-func (MockClient) ContainerList(_ context.Context, _ dockertypes.ContainerListOptions) ([]dockertypes.Container, error) {
+func (MockClient) ContainerList(_ context.Context, _ containertypes.ListOptions) ([]dockertypes.Container, error) {
 	panic("not implemented")
 }
 
-func (MockClient) ContainerLogs(_ context.Context, _ string, _ dockertypes.ContainerLogsOptions) (io.ReadCloser, error) {
+func (MockClient) ContainerLogs(_ context.Context, _ string, _ containertypes.LogsOptions) (io.ReadCloser, error) {
 	panic("not implemented")
 }
 
 func (MockClient) ContainerPause(_ context.Context, _ string) error {
 	panic("not implemented")
 }
 
-func (m MockClient) ContainerRemove(ctx context.Context, name string, options dockertypes.ContainerRemoveOptions) error {
+func (m MockClient) ContainerRemove(ctx context.Context, name string, options containertypes.RemoveOptions) error {
 	if m.ContainerRemoveFn == nil {
 		return nil
 	}
@@ -221,7 +222,7 @@ func (MockClient) ContainerRename(_ context.Context, _ string, _ string) error {
 	panic("not implemented")
 }
 
-func (MockClient) ContainerResize(_ context.Context, _ string, _ dockertypes.ResizeOptions) error {
+func (MockClient) ContainerResize(_ context.Context, _ string, _ containertypes.ResizeOptions) error {
 	panic("not implemented")
 }
 
@@ -237,7 +238,7 @@ func (MockClient) ContainerStats(_ context.Context, _ string, _ bool) (dockertyp
 	panic("not implemented")
 }
 
-func (m MockClient) ContainerStart(ctx context.Context, name string, options dockertypes.ContainerStartOptions) error {
+func (m MockClient) ContainerStart(ctx context.Context, name string, options containertypes.StartOptions) error {
 	if m.ContainerStartFn == nil {
 		return nil
 	}

diff --git a/dockerutil/dockerfake/doc.go b/dockerutil/dockerfake/doc.go
@@ -1,3 +1,5 @@
 // Package dockerfake contains logic for mocking out Docker-related
 // functionality.
+//
+//go:generate mockgen -destination ./mock.go -package dockerfake github.com/coder/envbox/dockerutil/dockerfake Client
 package dockerfake
diff --git a/dockerutil/exec.go b/dockerutil/exec.go
@@ -24,7 +24,7 @@ type ExecConfig struct {
 
 // ExecContainer runs a command in a container. It returns the output and any error.
 // If an error occurs during the execution of the command, the output is appended to the error.
-func ExecContainer(ctx context.Context, client DockerClient, config ExecConfig) ([]byte, error) {
+func ExecContainer(ctx context.Context, client Client, config ExecConfig) ([]byte, error) {
 	exec, err := client.ContainerExecCreate(ctx, config.ContainerID, dockertypes.ExecConfig{
 		Detach:       true,
 		Cmd:          append([]string{config.Cmd}, config.Args...),