Use BuildKit heredocs

CHANGES.md

@@ -3,6 +3,7 @@ unreleased
 
 - Support BuildKit 1.4 syntax of here-documents in `COPY` instructions. (@MisterDA #99)
 - Support BuildKit 1.4 `--link` flag in `ADD` and `COPY` instructions. (@MisterDA #99)
+- Generate opam images using BuildKit 1.4 syntax for Dockerfiles. (@MisterDA #105)
 
 v8.0.0 2022-07-27 Sydney
 ------------------------

src-opam/dockerfile_linux.ml

@@ -43,7 +43,7 @@ module RPM = struct
     | false -> empty
     | true ->
         let sudofile = "/etc/sudoers.d/"^username in
-        run "echo '%s %s' > %s" username sudo_nopasswd sudofile @@
+        copy_heredoc ~src:[heredoc ~strip:true "\t%s %s" username sudo_nopasswd] ~dst:sudofile () @@
         run "chmod 440 %s" sudofile @@
         run "chown root:root %s" sudofile @@
         run "sed -i.bak 's/^Defaults.*requiretty//g' /etc/sudoers") @@
@@ -72,7 +72,7 @@ module Apt = struct
 
   let dev_packages ?extra () =
     update @@
-    run "echo 'Acquire::Retries \"5\";' > /etc/apt/apt.conf.d/mirror-retry" @@
+    copy_heredoc ~src:[heredoc ~strip:true "\tAcquire::Retries \"5\";"] ~dst:"/etc/apt/apt.conf.d/mirror-retry" () @@
     install "build-essential curl git rsync sudo unzip nano libcap-dev libx11-dev%s"
       (match extra with None -> "" | Some x -> " " ^ x)
 
@@ -84,7 +84,7 @@ module Apt = struct
     | false -> empty
     | true ->
         let sudofile = "/etc/sudoers.d/"^username in
-        run "echo '%s %s' > %s" username sudo_nopasswd sudofile @@
+        copy_heredoc ~src:[heredoc ~strip:true "\t%s %s" username sudo_nopasswd] ~dst:sudofile () @@
         run "chmod 440 %s" sudofile @@
         run "chown root:root %s" sudofile) @@
     run "adduser %s%s--disabled-password --gecos '' %s" uid gid username @@
@@ -123,7 +123,7 @@ module Apk = struct
     | false -> empty
     | true ->
         let sudofile = "/etc/sudoers.d/"^username in
-        run "echo '%s %s' > %s" username sudo_nopasswd sudofile @@
+        copy_heredoc ~src:[heredoc ~strip:true "\t%s %s" username sudo_nopasswd] ~dst:sudofile () @@
         run "chmod 440 %s" sudofile @@
         run "chown root:root %s" sudofile @@
         run "sed -i.bak 's/^Defaults.*requiretty//g' /etc/sudoers") @@
@@ -136,9 +136,15 @@ module Apk = struct
     run "apk add ocaml camlp4"
 
   let add_repository ?tag url =
-    match tag with
-    | None -> run "echo '%s' >> /etc/apk/repositories" url
-    | Some tag -> run "echo '@%s %s' >> /etc/apk/repositories" tag url
+    run "<<-EOF cat >> /etc/apk/repositories\n\t%s\nEOF"
+      (match tag with None -> url | Some tag -> sprintf "@%s %s" tag url)
+
+  let add_repositories repos =
+    let repos =
+      String.concat ""
+        (List.map (function None, url -> url | Some tag, url -> sprintf "\n\t@%s %s" tag url) repos) in
+    run "<<-EOF cat >> /etc/apk/repositories%s\nEOF" repos
+
 end
 
 (* Zypper (opensuse) rules *)
@@ -161,7 +167,7 @@ module Zypper = struct
     | false -> empty
     | true ->
         let sudofile = "/etc/sudoers.d/"^username in
-        run "echo '%s %s' > %s" username sudo_nopasswd sudofile @@
+        copy_heredoc ~src:[heredoc ~strip:true "\t%s %s" username sudo_nopasswd] ~dst:sudofile () @@
         run "chmod 440 %s" sudofile @@
         run "chown root:root %s" sudofile) @@
     user "%s" username @@
@@ -192,7 +198,7 @@ module Pacman = struct
     | false -> empty
     | true ->
         let sudofile = "/etc/sudoers.d/"^username in
-        run "echo '%s %s' > %s" username sudo_nopasswd sudofile @@
+        copy_heredoc ~src:[heredoc ~strip:true "\t%s %s" username sudo_nopasswd] ~dst:sudofile () @@
         run "chmod 440 %s" sudofile @@
         run "chown root:root %s" sudofile) @@
     user "%s" username @@

src-opam/dockerfile_linux.mli

@@ -95,6 +95,9 @@ module Apk : sig
 
   val add_repository : ?tag:string -> string -> t
   (** [add_repository ~tag url] adds "@tag url" to "/etc/apk/repositories". *)
+
+  val add_repositories : (string option * string) list -> t
+  (** [add_repositories repos] adds a list of "@tag url" to "/etc/apk/repositories". *)
 end
 
 (** Rules for Zypper-based distributions such as OpenSUSE *)

src-opam/dockerfile_opam.ml

@@ -81,23 +81,32 @@ let bubblewrap_and_dev_packages distro =
     @@ dev_packages ()
 
 let install_bubblewrap_wrappers =
-  (* Enable bubblewrap *)
-  run "echo 'wrap-build-commands: []' > ~/.opamrc-nosandbox" @@
-  run "echo 'wrap-install-commands: []' >> ~/.opamrc-nosandbox" @@
-  run "echo 'wrap-remove-commands: []' >> ~/.opamrc-nosandbox" @@
-  run "echo 'required-tools: []' >> ~/.opamrc-nosandbox" @@
-  run "echo '#!/bin/sh' > /home/opam/opam-sandbox-disable" @@
-  run "echo 'cp ~/.opamrc-nosandbox ~/.opamrc' >> /home/opam/opam-sandbox-disable" @@
-  run "echo 'echo --- opam sandboxing disabled' >> /home/opam/opam-sandbox-disable" @@
+  let strip = true in
+  let opamrc_sandbox = heredoc ~strip
+{|	wrap-build-commands: ["%%{hooks}%%/sandbox.sh" "build"]
+	wrap-install-commands: ["%%{hooks}%%/sandbox.sh" "install"]
+	wrap-remove-commands: ["%%{hooks}%%/sandbox.sh" "remove"]|} in
+  let opamrc_nosandbox = heredoc ~strip
+{|	wrap-build-commands: []
+	wrap-install-commands: []
+	wrap-remove-commands: []
+	required-tools: []|} in
+  let sandbox_enable = heredoc ~strip
+{|	#!/bin/sh
+	cp ~/.opamrc-sandbox ~/.opamrc
+	echo --- opam sandboxing enabled|} in
+  let sandbox_disable = heredoc ~strip
+{|	#!/bin/sh
+	cp ~/.opamrc-nosandbox ~/.opamrc
+	echo --- opam sandboxing disabled|} in
+  (* Disable bubblewrap *)
+  copy_heredoc ~chown:"opam" ~src:[opamrc_nosandbox] ~dst:"/home/opam/.opamrc-nosandbox" () @@
+  copy_heredoc ~chown:"opam" ~src:[sandbox_disable] ~dst:"/home/opam/opam-sandbox-disable" () @@
   run "chmod a+x /home/opam/opam-sandbox-disable" @@
   run "sudo mv /home/opam/opam-sandbox-disable /usr/bin/opam-sandbox-disable" @@
-  (* Disable bubblewrap *)
-  run "echo 'wrap-build-commands: [\"%%{hooks}%%/sandbox.sh\" \"build\"]' > ~/.opamrc-sandbox" @@
-  run "echo 'wrap-install-commands: [\"%%{hooks}%%/sandbox.sh\" \"install\"]' >> ~/.opamrc-sandbox" @@
-  run "echo 'wrap-remove-commands: [\"%%{hooks}%%/sandbox.sh\" \"remove\"]' >> ~/.opamrc-sandbox" @@
-  run "echo '#!/bin/sh' > /home/opam/opam-sandbox-enable" @@
-  run "echo 'cp ~/.opamrc-sandbox ~/.opamrc' >> /home/opam/opam-sandbox-enable" @@
-  run "echo 'echo --- opam sandboxing enabled' >> /home/opam/opam-sandbox-enable" @@
+  (* Enable bubblewrap *)
+  copy_heredoc ~chown:"opam" ~src:[opamrc_sandbox] ~dst:"/home/opam/.opamrc-sandbox" () @@
+  copy_heredoc ~chown:"opam" ~src:[sandbox_enable] ~dst:"/home/opam/opam-sandbox-enable" () @@
   run "chmod a+x /home/opam/opam-sandbox-enable" @@
   run "sudo mv /home/opam/opam-sandbox-enable /usr/bin/opam-sandbox-enable"
 
@@ -115,16 +124,16 @@ let header ?win10_revision ?arch ?maintainer ?img ?tag d =
     match maintainer with
     | Some t -> Dockerfile.maintainer "%s" t
     | None -> empty in
-  let escape =
+  let parser_directives =
     match D.os_family_of_distro d with
     | `Windows | `Cygwin -> parser_directive (`Escape '`')
-    | _ -> empty in
+    | _ -> parser_directive (`Syntax "docker/dockerfile:1") in
   let img, tag =
     let dimg, dtag = D.base_distro_tag ?win10_revision ?arch d in
     let value default = function None -> default | Some str -> str in
     value dimg img, value dtag tag
   in
-  escape @@
+  parser_directives @@
   comment "Autogenerated by OCaml-Dockerfile scripts" @@
   from ?platform ~tag img
   @@ maintainer
@@ -205,9 +214,11 @@ let apk_opam2 ?(labels=[]) ?arch ~opam_hashes distro () =
   @@ install_opams opam_master_hash opam_branches
   @@ run "strip /usr/local/bin/opam*"
   @@ from ~tag img
-  @@ Linux.Apk.add_repository ~tag:"edge" "https://dl-cdn.alpinelinux.org/alpine/edge/main"
-  @@ Linux.Apk.add_repository ~tag:"edgecommunity" "https://dl-cdn.alpinelinux.org/alpine/edge/community"
-  @@ Linux.Apk.add_repository ~tag:"testing" "https://dl-cdn.alpinelinux.org/alpine/edge/testing"
+  @@ Linux.Apk.add_repositories [
+         Some "edge", "https://dl-cdn.alpinelinux.org/alpine/edge/main";
+         Some "edgecommunity", "https://dl-cdn.alpinelinux.org/alpine/edge/community";
+         Some "testing", "https://dl-cdn.alpinelinux.org/alpine/edge/testing";
+       ]
   @@ bubblewrap_and_dev_packages distro
   @@ copy_opams ~src:"/usr/local/bin" ~dst:"/usr/bin" opam_branches
   @@ Linux.Apk.add_user ~uid:1000 ~gid:1000 ~sudo:true "opam"