Support --chmod argument in COPY and ADD

CHANGES.md

@@ -1,6 +1,8 @@
 unreleased
 ----------
 
+- Support `--chmod` argument in `COPY` and `ADD` Dockerfile
+  instructions. (@MisterDA #174)
 - Add Debian 12 as main distribution. (@MisterDA #172)
 - Add OpenSUSE Leap 15.5 to Tier 2. (@MisterDA #171)
 - Add OpenSUSE Tumbleweed to Tier 2. (@MisterDA #168 #169)

src/dockerfile.ml

@@ -26,6 +26,7 @@ type sources_to_dest =
   * [ `Src of string list ]
   * [ `Dst of string ]
   * [ `Chown of string option ]
+  * [ `Chmod of int option ]
   * [ `Link of bool option ]
 [@@deriving sexp]
 
@@ -48,7 +49,8 @@ type heredoc = {
 }
 [@@deriving sexp]
 
-type heredocs_to_dest = [ `Chown of string option ] * heredoc list * string
+type heredocs_to_dest =
+  [ `Chown of string option ] * [ `Chmod of int option ] * heredoc list * string
 [@@deriving sexp]
 
 type mount_bind = {
@@ -238,25 +240,30 @@ let optional_enum name string_of_val = function
   | Some value -> [ sprintf "--%s=%s" name (string_of_val value) ]
 
 let string_of_sources_to_dest (t : sources_to_dest) =
-  let `From frm, `Src sl, `Dst d, `Chown chown, `Link link = t in
+  let `From frm, `Src sl, `Dst d, `Chown chown, `Chmod chmod, `Link link = t in
   String.concat " "
     (optional_flag "--link" link
-    @ optional "--chown" chown @ optional "--from" frm
+    @ optional "--chown" chown
+    @ optional_int_octal "--chmod" chmod
+    @ optional "--from" frm
     @ [ json_array_of_list (sl @ [ d ]) ])
 
 let string_of_label_list ls =
   List.map (fun (k, v) -> sprintf "%s=%S" k v) ls |> String.concat " "
 
 let string_of_copy_heredoc (t : heredocs_to_dest) =
-  let `Chown chown, heredocs, dst = t in
+  let `Chown chown, `Chmod chmod, heredocs, dst = t in
   let header, docs =
     List.fold_left
       (fun (header, docs) t ->
         ( sprintf "<<%s%s" (if t.strip then "-" else "") t.word :: header,
           sprintf "%s\n%s\n%s" docs t.here_document t.delimiter ))
       ([], "") heredocs
   in
-  String.concat " " (optional "--chown" chown @ List.rev header @ [ dst ])
+  String.concat " "
+    (optional "--chown" chown
+    @ optional_int_octal "--chmod" chmod
+    @ List.rev header @ [ dst ])
   ^ docs
 
 let string_of_mount { typ } =
@@ -409,14 +416,19 @@ let expose_ports p : t = [ `Expose p ]
 let arg ?default a : t = [ `Arg (a, default) ]
 let env e : t = [ `Env e ]
 
-let add ?link ?chown ?from ~src ~dst () : t =
-  [ `Add (`From from, `Src src, `Dst dst, `Chown chown, `Link link) ]
+let add ?link ?chown ?chmod ?from ~src ~dst () : t =
+  [
+    `Add (`From from, `Src src, `Dst dst, `Chown chown, `Chmod chmod, `Link link);
+  ]
 
-let copy ?link ?chown ?from ~src ~dst () : t =
-  [ `Copy (`From from, `Src src, `Dst dst, `Chown chown, `Link link) ]
+let copy ?link ?chown ?chmod ?from ~src ~dst () : t =
+  [
+    `Copy
+      (`From from, `Src src, `Dst dst, `Chown chown, `Chmod chmod, `Link link);
+  ]
 
-let copy_heredoc ?chown ~src ~dst () : t =
-  [ `Copy_heredoc (`Chown chown, src, dst) ]
+let copy_heredoc ?chown ?chmod ~src ~dst () : t =
+  [ `Copy_heredoc (`Chown chown, `Chmod chmod, src, dst) ]
 
 let user fmt = ksprintf (fun u -> [ `User u ]) fmt
 let onbuild t = List.map (fun l -> `Onbuild l) t

src/dockerfile.mli

@@ -203,8 +203,8 @@ val mount_cache :
 
     @param id the cache id: all container builds with same cache id (even from other unrelated builds) will get the same writable directory mounted.
         Defaults to [target] when absent.
-    @param target where to mount the cache inside the container. The [RUN] 
-        command needs to cope with a completely empty cache, and with files from the 
+    @param target where to mount the cache inside the container. The [RUN]
+        command needs to cope with a completely empty cache, and with files from the
         cache being deleted by the container runtime's GC in arbitrary order.
         E.g. a download cache would be suitable here, an entire git repository wouldn't.
         Also make sure that your RUN commands doesn't inadvertently wipe the cache
@@ -309,12 +309,13 @@ val env : (string * string) list -> t
 val add :
   ?link:bool ->
   ?chown:string ->
+  ?chmod:int ->
   ?from:string ->
   src:string list ->
   dst:string ->
   unit ->
   t
-(** [add ?link ?chown ?from ~src ~dst ()] copies new files,
+(** [add ?link ?chown ?chmod ?from ~src ~dst ()] copies new files,
     directories or remote file URLs from [src] and adds them to the
     filesystem of the container at the [dst] path.
 
@@ -343,6 +344,9 @@ val add :
       combination to request specific ownership of the copied
       content.
 
+    @param chmod Specify permissions on the files. Only supported on
+      Linux, with Dockerfile syntax 1.3.
+
     @param from Allows artefacts to be retrieved from multiple
       stages. It can either be an integer number (starting with 0 for
       the first {!from} stage, or a named stage (supplied via [?alias]
@@ -351,6 +355,7 @@ val add :
 val copy :
   ?link:bool ->
   ?chown:string ->
+  ?chmod:int ->
   ?from:string ->
   src:string list ->
   dst:string ->
@@ -369,12 +374,16 @@ val copy :
     @param chown Specify a given username, groupname, or UID/GID
       combination to request specific ownership of the copied content.
 
+    @param chmod Specify permissions on the files. Only supported on
+      Linux, with Dockerfile syntax 1.3.
+
     @param from Allows artefacts to be retrieved from multiple
       stages. It can either be an integer number (starting with 0 for
       the first {!from} stage, or a named stage (supplied via [?alias]
       to the {!from} command). *)
 
-val copy_heredoc : ?chown:string -> src:heredoc list -> dst:string -> unit -> t
+val copy_heredoc :
+  ?chown:string -> ?chmod:int -> src:heredoc list -> dst:string -> unit -> t
 (** [copy_heredoc src dst] creates the file [dst] using the content of
     the here-documents [src].
     Requires 1.4 {!val:buildkit_syntax}.