Log a warning (once) when PACK_VOLUME_KEY is unset and running in a container

Natalie Arellano · Natalie Arellano · commit 331ac6d0e711 · 2024-07-15T16:33:07.000-04:00
Signed-off-by: Natalie Arellano &lt;narellano@vmware.com&gt;
diff --git a/acceptance/acceptance_test.go b/acceptance/acceptance_test.go
@@ -38,6 +38,7 @@ import (
 	"github.com/buildpacks/pack/internal/style"
 	"github.com/buildpacks/pack/pkg/archive"
 	"github.com/buildpacks/pack/pkg/cache"
+	"github.com/buildpacks/pack/pkg/logging"
 	h "github.com/buildpacks/pack/testhelpers"
 )
 
@@ -1162,8 +1163,9 @@ func testAcceptance(
 							ref, err := name.ParseReference(repoName, name.WeakValidation)
 							assert.Nil(err)
 							cacheImage := cache.NewImageCache(ref, dockerCli)
-							buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli)
-							launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli)
+							logger := logging.NewSimpleLogger(&bytes.Buffer{})
+							buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli, logger)
+							launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli, logger)
 							cacheImage.Clear(context.TODO())
 							buildCacheVolume.Clear(context.TODO())
 							launchCacheVolume.Clear(context.TODO())
@@ -1282,8 +1284,9 @@ func testAcceptance(
 					ref, err := name.ParseReference(repoName, name.WeakValidation)
 					assert.Nil(err)
 					cacheImage := cache.NewImageCache(ref, dockerCli)
-					buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli)
-					launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli)
+					logger := logging.NewSimpleLogger(&bytes.Buffer{})
+					buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli, logger)
+					launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli, logger)
 					cacheImage.Clear(context.TODO())
 					buildCacheVolume.Clear(context.TODO())
 					launchCacheVolume.Clear(context.TODO())
@@ -3168,8 +3171,9 @@ include = [ "*.jar", "media/mountain.jpg", "/media/person.png", ]
 					imageManager.CleanupImages(origID, repoName, runBefore)
 					ref, err := name.ParseReference(repoName, name.WeakValidation)
 					assert.Nil(err)
-					buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli)
-					launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli)
+					logger := logging.NewSimpleLogger(&bytes.Buffer{})
+					buildCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "build", dockerCli, logger)
+					launchCacheVolume, _ := cache.NewVolumeCache(ref, cache.CacheInfo{}, "launch", dockerCli, logger)
 					assert.Succeeds(buildCacheVolume.Clear(context.TODO()))
 					assert.Succeeds(launchCacheVolume.Clear(context.TODO()))
 				})
diff --git a/internal/build/lifecycle_execution.go b/internal/build/lifecycle_execution.go
@@ -182,7 +182,7 @@ func (l *LifecycleExecution) Run(ctx context.Context, phaseFactoryCreator PhaseF
 		switch l.opts.Cache.Build.Format {
 		case cache.CacheVolume:
 			var err error
-			buildCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Build, "build", l.docker)
+			buildCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Build, "build", l.docker, l.logger)
 			if err != nil {
 				return err
 			}
@@ -200,7 +200,7 @@ func (l *LifecycleExecution) Run(ctx context.Context, phaseFactoryCreator PhaseF
 		l.logger.Debugf("Build cache %s cleared", style.Symbol(buildCache.Name()))
 	}
 
-	launchCache, err := cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Launch, "launch", l.docker)
+	launchCache, err := cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Launch, "launch", l.docker, l.logger)
 	if err != nil {
 		return err
 	}
@@ -256,7 +256,7 @@ func (l *LifecycleExecution) Run(ctx context.Context, phaseFactoryCreator PhaseF
 			// lifecycle 0.17.0 (introduces support for Platform API 0.12) and above will ensure that
 			// this volume is owned by the CNB user,
 			// and hence the restorer (after dropping privileges) will be able to write to it.
-			kanikoCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Kaniko, "kaniko", l.docker)
+			kanikoCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Kaniko, "kaniko", l.docker, l.logger)
 			if err != nil {
 				return err
 			}
@@ -271,7 +271,7 @@ func (l *LifecycleExecution) Run(ctx context.Context, phaseFactoryCreator PhaseF
 				return fmt.Errorf("build cache must be volume cache when building with extensions")
 			default:
 				// The kaniko cache is unused, so it doesn't matter that it's not usable.
-				kanikoCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Kaniko, "kaniko", l.docker)
+				kanikoCache, err = cache.NewVolumeCache(l.opts.Image, l.opts.Cache.Kaniko, "kaniko", l.docker, l.logger)
 				if err != nil {
 					return err
 				}
diff --git a/pkg/cache/volume_cache.go b/pkg/cache/volume_cache.go
@@ -8,11 +8,13 @@ import (
 	"os"
 	"strings"
 
+	"github.com/GoogleContainerTools/kaniko/pkg/util/proc"
 	"github.com/docker/docker/client"
 	"github.com/google/go-containerregistry/pkg/name"
 
 	"github.com/buildpacks/pack/internal/config"
 	"github.com/buildpacks/pack/internal/paths"
+	"github.com/buildpacks/pack/pkg/logging"
 )
 
 const EnvVolumeKey = "PACK_VOLUME_KEY"
@@ -22,14 +24,14 @@ type VolumeCache struct {
 	volume string
 }
 
-func NewVolumeCache(imageRef name.Reference, cacheType CacheInfo, suffix string, dockerClient DockerClient) (*VolumeCache, error) {
+func NewVolumeCache(imageRef name.Reference, cacheType CacheInfo, suffix string, dockerClient DockerClient, logger logging.Logger) (*VolumeCache, error) {
 	var volumeName string
 	if cacheType.Source == "" {
-		volumeKey, err := getVolumeKey(imageRef)
+		volumeKey, err := getVolumeKey(imageRef, logger)
 		if err != nil {
 			return nil, err
 		}
-		sum := sha256.Sum256([]byte(imageRef.Name() + volumeKey)) // TODO: investigate if there are better ways to do this
+		sum := sha256.Sum256([]byte(imageRef.Name() + volumeKey))
 		vol := paths.FilterReservedNames(fmt.Sprintf("%s-%x", sanitizedRef(imageRef), sum[:6]))
 		volumeName = fmt.Sprintf("pack-cache-%s.%s", vol, suffix)
 	} else {
@@ -42,7 +44,7 @@ func NewVolumeCache(imageRef name.Reference, cacheType CacheInfo, suffix string,
 	}, nil
 }
 
-func getVolumeKey(imageRef name.Reference) (string, error) {
+func getVolumeKey(imageRef name.Reference, logger logging.Logger) (string, error) {
 	var foundKey string
 
 	// first, look for key in env
@@ -70,6 +72,12 @@ func getVolumeKey(imageRef name.Reference) (string, error) {
 
 	// finally, create new key and store it in config
 
+	// if we're running in a container, we should log a warning
+	// so that we don't always re-create the cache
+	if RunningInContainer() {
+		logger.Warnf("%s is unset; set this environment variable to a secret value to avoid creating a new volume cache on every build", EnvVolumeKey)
+	}
+
 	newKey := randString(20)
 	if cfg.VolumeKeys == nil {
 		cfg.VolumeKeys = make(map[string]string)
@@ -118,3 +126,7 @@ func sanitizedRef(ref name.Reference) string {
 	result = strings.ReplaceAll(result, "/", "_")
 	return fmt.Sprintf("%s_%s", result, ref.Identifier())
 }
+
+var RunningInContainer = func() bool {
+	return proc.GetContainerRuntime(0, 0) != proc.RuntimeNotFound
+}
diff --git a/pkg/cache/volume_cache_test.go b/pkg/cache/volume_cache_test.go
