Rewrite Dockerfiles for image source references

When an image source has one or more `as` names, replace the exact
equivalents inside of the Dockerfile with resolved DockerImage
references. Stage names are not replaced, but the strategy `from` can be
if a reference exists.

Author: smarterclayton

pkg/build/builder/common.go

@@ -1,6 +1,7 @@
 package builder
 
 import (
+	"bytes"
 	"context"
 	"crypto/sha1"
 	"encoding/json"
@@ -9,28 +10,32 @@ import (
 	"math/rand"
 	"os"
 	"path/filepath"
+	"sort"
+	"strings"
 	"time"
 
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"github.com/docker/distribution/reference"
+	dockercmd "github.com/docker/docker/builder/dockerfile/command"
+	"github.com/docker/docker/builder/dockerfile/parser"
 	"github.com/fsouza/go-dockerclient"
-
+	"github.com/openshift/imagebuilder"
 	s2igit "github.com/openshift/source-to-image/pkg/scm/git"
 	"github.com/openshift/source-to-image/pkg/util"
 
 	buildapiv1 "github.com/openshift/api/build/v1"
+	buildclientv1 "github.com/openshift/client-go/build/clientset/versioned/typed/build/v1"
 	"github.com/openshift/origin/pkg/build/builder/timing"
 	builderutil "github.com/openshift/origin/pkg/build/builder/util"
 	"github.com/openshift/origin/pkg/build/builder/util/dockerfile"
 	buildutil "github.com/openshift/origin/pkg/build/util"
 	"github.com/openshift/origin/pkg/git"
 	imageapi "github.com/openshift/origin/pkg/image/apis/image"
 	utilglog "github.com/openshift/origin/pkg/util/glog"
-
-	buildclientv1 "github.com/openshift/client-go/build/clientset/versioned/typed/build/v1"
 )
 
 // glog is a placeholder until the builders pass an output stream down
@@ -302,8 +307,13 @@ func buildLabels(build *buildapiv1.Build, sourceInfo *git.SourceInfo) []dockerfi
 	addBuildLabels(labels, build)
 
 	kv := make([]dockerfile.KeyValue, 0, len(labels)+len(build.Spec.Output.ImageLabels))
-	for k, v := range labels {
-		kv = append(kv, dockerfile.KeyValue{Key: k, Value: v})
+	keys := make([]string, 0, len(labels))
+	for k := range labels {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	for _, k := range keys {
+		kv = append(kv, dockerfile.KeyValue{Key: k, Value: labels[k]})
 	}
 	// override autogenerated labels with user provided labels
 	for _, lbl := range build.Spec.Output.ImageLabels {
@@ -339,7 +349,12 @@ func readSourceInfo() (*git.SourceInfo, error) {
 // Also append the environment variables and labels in the Dockerfile.
 func addBuildParameters(dir string, build *buildapiv1.Build, sourceInfo *git.SourceInfo) error {
 	dockerfilePath := getDockerfilePath(dir, build)
-	node, err := parseDockerfile(dockerfilePath)
+
+	in, err := ioutil.ReadFile(dockerfilePath)
+	if err != nil {
+		return err
+	}
+	node, err := imagebuilder.ParseDockerfile(bytes.NewBuffer(in))
 	if err != nil {
 		return err
 	}
@@ -358,29 +373,130 @@ func addBuildParameters(dir string, build *buildapiv1.Build, sourceInfo *git.Sou
 	}
 
 	// Append build info as environment variables.
-	err = appendEnv(node, buildEnv(build, sourceInfo))
-	if err != nil {
+	if err := appendEnv(node, buildEnv(build, sourceInfo)); err != nil {
 		return err
 	}
 
 	// Append build labels.
-	err = appendLabel(node, buildLabels(build, sourceInfo))
-	if err != nil {
+	if err := appendLabel(node, buildLabels(build, sourceInfo)); err != nil {
 		return err
 	}
 
 	// Insert environment variables defined in the build strategy.
-	err = insertEnvAfterFrom(node, build.Spec.Strategy.DockerStrategy.Env)
-	if err != nil {
+	if err := insertEnvAfterFrom(node, build.Spec.Strategy.DockerStrategy.Env); err != nil {
 		return err
 	}
 
-	instructions := dockerfile.ParseTreeToDockerfile(node)
+	replaceImagesFromSource(node, build.Spec.Source.Images)
+
+	out := dockerfile.Write(node)
+	glog.V(4).Infof("Replacing dockerfile\n%s\nwith:\n%s", string(in), string(out))
+	return overwriteFile(dockerfilePath, out)
+}
+
+// replaceImagesFromSource updates a single or multi-stage Dockerfile with any replacement
+// image sources ('FROM <name>' and 'COPY --from=<name>'). It operates on exact string matches
+// and performs no interpretation of names from the Dockerfile.
+func replaceImagesFromSource(node *parser.Node, imageSources []buildapiv1.ImageSource) {
+	replacements := make(map[string]string)
+	for _, image := range imageSources {
+		if image.From.Kind != "DockerImage" || len(image.From.Name) == 0 {
+			continue
+		}
+		for _, name := range image.As {
+			replacements[name] = image.From.Name
+		}
+	}
+	names := make(map[string]string)
+	stages := imagebuilder.NewStages(node, imagebuilder.NewBuilder(nil))
+	for _, stage := range stages {
+		for _, child := range stage.Node.Children {
+			switch {
+			case child.Value == dockercmd.From && child.Next != nil:
+				image := child.Next.Value
+				if replacement, ok := replacements[image]; ok {
+					image = replacement
+					child.Next.Value = image
+				}
+				names[stage.Name] = image
+			case child.Value == dockercmd.Copy:
+				if ref, ok := nodeHasFromRef(child); ok {
+					if len(ref) > 0 {
+						if _, ok := names[ref]; !ok {
+							if replacement, ok := replacements[ref]; ok {
+								ref = replacement
+								nodeReplaceFromRef(child, ref)
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
+
+// findReferencedImages returns all qualified images referenced by the Dockerfile, whether the
+// build is a multi-stage build, or returns an error.
+func findReferencedImages(dockerfilePath string) ([]string, bool, error) {
+	if len(dockerfilePath) == 0 {
+		return nil, false, nil
+	}
+	node, err := imagebuilder.ParseFile(dockerfilePath)
+	if err != nil {
+		return nil, false, err
+	}
+	names := make(map[string]string)
+	images := sets.NewString()
+	stages := imagebuilder.NewStages(node, imagebuilder.NewBuilder(nil))
+	for _, stage := range stages {
+		for _, child := range stage.Node.Children {
+			switch {
+			case child.Value == dockercmd.From && child.Next != nil:
+				image := child.Next.Value
+				names[stage.Name] = image
+				images.Insert(image)
+			case child.Value == dockercmd.Copy:
+				if ref, ok := nodeHasFromRef(child); ok {
+					if len(ref) > 0 {
+						if _, ok := names[ref]; !ok {
+							images.Insert(ref)
+						}
+					}
+				}
+			}
+		}
+	}
+	return images.List(), len(stages) > 1, nil
+}
 
-	// Overwrite the Dockerfile.
-	fi, err := os.Stat(dockerfilePath)
+func overwriteFile(name string, out []byte) error {
+	f, err := os.OpenFile(name, os.O_TRUNC|os.O_WRONLY, 0)
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(dockerfilePath, instructions, fi.Mode())
+	if _, err := f.Write(out); err != nil {
+		f.Close()
+		return err
+	}
+	return f.Close()
+}
+
+func nodeHasFromRef(node *parser.Node) (string, bool) {
+	for _, arg := range node.Flags {
+		switch {
+		case strings.HasPrefix(arg, "--from="):
+			from := strings.TrimPrefix(arg, "--from=")
+			return from, true
+		}
+	}
+	return "", false
+}
+
+func nodeReplaceFromRef(node *parser.Node, name string) {
+	for i, arg := range node.Flags {
+		switch {
+		case strings.HasPrefix(arg, "--from="):
+			node.Flags[i] = fmt.Sprintf("--from=%s", name)
+		}
+	}
 }