Merge branch 'll/testing_dev_doc' of https://github.com/crashappsec/c…

…halk into ll/testing_dev_doc

src/commands/cmd_docker.nim

@@ -202,26 +202,12 @@ proc getDefaultPlatformInfo(ctx: DockerInvocation): string =
     return ctx.foundPlatform
 
   let
-    probeFile    = """
+    probeFile      = """
 FROM alpine
 ARG TARGETPLATFORM
 RUN echo "CHALK_TARGET_PLATFORM=$TARGETPLATFORM"
 """
-    randomBinary = secureRand[array[16, char]]()
-  var
-    binStr       = newStringOfCap(16)
-
-  for ch in randomBinary:
-    binStr.add(ch)
-
-  # Base64 gives a mix of upper and lower, but docker only accepts
-  # lower in tags. So we lose some entropy, which is why we use a
-  # pretty long tag to make sure we're way above an accidental
-  # collision boundary.
-
-  let
-    preTag         = binStr.encode(safe=true).replace("-", ".").replace("=","")
-    tmpTag         = preTag.toLowerAscii()
+    tmpTag         = chooseNewTag()
     buildKitKey    = "DOCKER_BUILDKIT"
     buildKitKeySet = existsEnv(buildKitKey)
   var buildKitValue: string
@@ -234,6 +220,8 @@ RUN echo "CHALK_TARGET_PLATFORM=$TARGETPLATFORM"
     stdErr = allOut.getStderr()
     parts  = stdErr.split("CHALK_TARGET_PLATFORM=")
 
+  trace("Probing for current docker build platform:\n" & stdErr)
+
   if buildKitKeySet:
     # key was set before us, so restore whatever the value was
     putEnv(buildKitKey, buildKitValue)

src/docs/core-release-notes.md

@@ -14,6 +14,8 @@
 - Segfault when running chalk operation (e.g. `insert`) in empty
   git repo without any commits.
   [39](https://github.com/crashappsec/chalk/pull/39)
+- Sometimes Docker build would not wrap entrypoint.
+  [45](https://github.com/crashappsec/chalk/pull/45)
 
 ## Known Issues
 
@@ -61,7 +63,7 @@ At release time, here are known issues:
 - Chalk does not yet handle Docker HEREDOCs (which we've found aren't
   yet getting heavy use).
 
-- Chalk currently will refuse to automaticlly wrap or sign
+- Chalk currently will refuse to automatically wrap or sign
   multi-architecture builds. It still will produce the desired
   container with a chalk mark, however.
 
@@ -84,7 +86,7 @@ At release time, here are known issues:
 
 ### Other
 
-- The bash autocomplete script installson a Mac, but because it's not
+- The bash autocomplete script installation a Mac, but because it's not
   a zsh script, it will not autocomplete file arguments, etc.
 
 - The signing functionality does download the `cosign` binary if not
@@ -144,10 +146,10 @@ At release time, here are known issues:
 
 We are actively developing Chalk, and listening closely to the people
 already using it. Below are a number of key items in our backlog that
-we're considering. However, we have made no descisions on the order
+we're considering. However, we have made no decisions on the order
 we'll work on these things, and may add or drop items from the
 list. For a more up-to-date view, please check our issues list in
-Github.
+GitHub.
 
 All of the below are targets for our Open Source; we also will soon be
 releasing services around Chalk (with a free tier).

tests/chalk/runner.py

@@ -132,16 +132,38 @@ def errors(self):
 
     @property
     def reports(self):
+        # strip chalk logs from stdout so we can find just json reports
+        text = "\n".join(
+            [
+                i
+                for i in self.text.splitlines()
+                if not any(
+                    # color ansi is 11 or 13 chars
+                    i.startswith(j) or i[11:].startswith(j) or i[13:].startswith(j)
+                    for j in {"info:", "trace:", "error:"}
+                )
+            ]
+        )
         reports = []
-        text = self.after(match=r"\[\s")
+        # find start of report structure. it should start with either:
+        # * `[{"` - start of report
+        # * `[{}`
+        # with any number of whitespace in-between
+        # the report is either:
+        # * empty object
+        # * has a string key
+        match = r'\[\s+\{\s*["\}]'
+        text = self.after(match=match, text=text)
         while text.strip():
             try:
                 # assume all of text is valid json
                 reports += self.json(text=text, log_level=None)
-            except json.JSONDecodeError as e:
+            except json.JSONDecodeError:
                 next_reports, char = self._valid_json(text=text, everything=False)
                 reports += next_reports
-                text = text[char:]
+                text = self.after(match=match, text=text[char:])
+                if not text.strip().startswith("["):
+                    break
             else:
                 break
         return [ChalkReport(i) for i in reports]
@@ -352,6 +374,7 @@ def docker_build(
         push: bool = False,
         config: Optional[Path] = None,
         buildkit: bool = True,
+        log_level: ChalkLogLevel = "none",
     ) -> tuple[str, ChalkProgram]:
         cwd = cwd or Path(os.getcwd())
         context = context or getattr(dockerfile, "parent", cwd)
@@ -372,7 +395,7 @@ def docker_build(
             self.run(
                 # TODO remove log level but there are error bugs due to --debug
                 # which fail the command validation
-                log_level="none",
+                log_level=log_level,
                 debug=True,
                 virtual=virtual,
                 config=config,

tests/data/configs/docker_heartbeat.conf

@@ -1,3 +1,4 @@
+log_level: "trace"
 unsubscribe("report", "json_console_out")
 custom_report.terminal_chalk_time.enabled: false
 custom_report.terminal_other_op.enabled: false

tests/data/dockerfiles/valid/sleep/Dockerfile

@@ -1,2 +1,3 @@
 FROM ubuntu
-ENTRYPOINT ["/usr/bin/sleep", "5"]
+COPY sleep.sh /sleep.sh
+ENTRYPOINT ["/bin/sh", "/sleep.sh"]

tests/data/dockerfiles/valid/sleep/sleep.sh

@@ -0,0 +1,3 @@
+echo before sleep
+sleep 5
+echo after sleep

tests/test_docker.py

@@ -284,6 +284,7 @@ def test_docker_heartbeat(chalk_copy: Chalk, random_hex: str):
     chalk_copy.docker_build(
         dockerfile=DOCKERFILES / "valid" / "sleep" / "Dockerfile",
         tag=tag,
+        log_level="trace",
     )
 
     _, result = Docker.run(

tests/utils/docker.py

@@ -83,9 +83,14 @@ def with_image_id(build: ProgramType) -> tuple[str, ProgramType]:
                     "writing image",
                     text=build.logs,
                     words=1,  # there is "done" after hash
+                    reverse=True,
                 ).split(":")[1]
             except ValueError:
-                image_id = build.find("Successfully built", words=1)
+                image_id = build.find(
+                    "Successfully built",
+                    words=1,
+                    reverse=True,
+                )
                 # legacy builder returns short id so we figure out longer id
                 image_id = run(
                     ["docker", "inspect", image_id, "--format", "{{ .ID }}"],

tests/utils/os.py

@@ -103,8 +103,17 @@ def error(self) -> CalledProcessError:
             self.exit_code, self.cmd, output=self.stdout, stderr=self.stderr
         )
 
-    def find(self, needle: str, text: Optional[str] = None, words: int = 0) -> str:
-        for line in (text or self.text).splitlines():
+    def find(
+        self,
+        needle: str,
+        text: Optional[str] = None,
+        words: int = 0,
+        reverse: bool = False,
+    ) -> str:
+        lines = (text or self.text).splitlines()
+        if reverse:
+            lines = lines[::-1]
+        for line in lines:
             if needle in line:
                 i = line.find(needle)
                 result = line[i:].replace(needle, "", 1).strip()
@@ -149,7 +158,7 @@ def _valid_json(
         text = self.after(match=after, text=text)
         try:
             return json.loads(text), len(text)
-        except Exception as e:
+        except json.JSONDecodeError as e:
             # if there is extra data we grab valid json until the
             # invalid character
             e_str = str(e)