// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package dockerfile provides functionality to parse a Dockerfile. package dockerfile import ( "encoding/json" "errors" "flag" "fmt" "regexp" "strconv" "strings" "time" "github.com/spf13/afero" ) var exposeRegexPattern = regexp.MustCompile(`(?P<port>\d+)(\/(?P<protocol>\w+))?`) // port and optional protocol, at least 1 time on a line const ( exposeRegexpWholeMatch = 0 exposeRegexpPort = 1 exposeRegexpProtocol = 3 ) const reFindAllMatches = -1 // regexp package uses this as shorthand for "find all matches in string" const ( intervalFlag = "interval" intervalDefault = 10 * time.Second timeoutFlag = "timeout" timeoutDefault = 5 * time.Second startPeriodFlag = "start-period" startPeriodDefault = 0 hcRetriesFlag = "retries" retriesDefault = 2 cmdInstructionPrefix = "CMD " cmdShell = "CMD-SHELL" ) // Port represents an exposed port in a Dockerfile. type Port struct { Port uint16 Protocol string RawString string err error } // String implements the fmt.Stringer interface. func (p *Port) String() string { return p.RawString } // HealthCheck represents container health check options in a Dockerfile. type HealthCheck struct { Interval time.Duration Timeout time.Duration StartPeriod time.Duration Retries int Cmd []string } // Dockerfile represents a parsed Dockerfile. type Dockerfile struct { exposedPorts []Port healthCheck *HealthCheck parsed bool path string fs afero.Fs } // New returns an empty Dockerfile. func New(fs afero.Fs, path string) *Dockerfile { return &Dockerfile{ exposedPorts: []Port{}, healthCheck: nil, fs: fs, path: path, } } // GetExposedPorts returns a uint16 slice of exposed ports found in the Dockerfile. func (df *Dockerfile) GetExposedPorts() ([]Port, error) { if !df.parsed { if err := df.parse(); err != nil { return nil, err } } if len(df.exposedPorts) == 0 { return nil, ErrNoExpose{ Dockerfile: df.path, } } var portsWithoutErrs []Port for _, port := range df.exposedPorts { // ensure we register that there is an error (will only be ErrNoExpose) if // any ports were unparseable or invalid if port.err != nil { return nil, port.err } portsWithoutErrs = append(portsWithoutErrs, port) } return portsWithoutErrs, nil } // GetHealthCheck parses the HEALTHCHECK instruction from the Dockerfile and returns it. // If the HEALTHCHECK is NONE or there is no instruction, returns nil. func (df *Dockerfile) GetHealthCheck() (*HealthCheck, error) { if !df.parsed { if err := df.parse(); err != nil { return nil, err } } return df.healthCheck, nil } // parse takes a Dockerfile and fills in struct members based on methods like parseExpose and parseHealthcheck. func (df *Dockerfile) parse() error { if df.parsed { return nil } file, err := df.fs.Open(df.path) if err != nil { return fmt.Errorf("open Dockerfile: %w", err) } defer file.Close() f, err := afero.ReadFile(df.fs, file.Name()) if err != nil { return fmt.Errorf("read Dockerfile %s error: %w", f, err) } parsedDockerfile, err := parse(file.Name(), string(f)) if err != nil { return err } df.exposedPorts = parsedDockerfile.exposedPorts df.healthCheck = parsedDockerfile.healthCheck df.parsed = true return nil } // parse parses the contents of a Dockerfile into a Dockerfile struct. func parse(name, content string) (*Dockerfile, error) { var df Dockerfile df.exposedPorts = []Port{} lexer := lex(strings.NewReader(content)) for { instr := lexer.next() switch instr.name { case instrErr: return nil, fmt.Errorf("scan Dockerfile %s: %s", name, instr.args) case instrEOF: return &df, nil case instrExpose: currentPorts := parseExpose(instr.args) df.exposedPorts = append(df.exposedPorts, currentPorts...) case instrHealthCheck: hc, err := parseHealthCheck(instr.args) if err != nil { return nil, err } df.healthCheck = hc } } } func parseExpose(line string) []Port { // group 0: whole match // group 1: port // group 2: /protocol // group 3: protocol // matches strings of form <digits>(/<string>)? // for any number of digits and optional protocol string // separated by forward slash matches := exposeRegexPattern.FindAllStringSubmatch(line, reFindAllMatches) // check that there are matches, if not return port with only raw data // there will only ever be length 0 or 4 arrays // TODO implement arg parser regex // https://github.com/aws/copilot-cli/issues/827 if len(matches) == 0 { return []Port{ { RawString: line, err: ErrInvalidPort{ Match: line, }, }, } } var ports []Port for _, match := range matches { var err error // convert the matched port to int and validate // We don't use the validate func in the cli package to avoid a circular dependency extractedPort, err := strconv.Atoi(match[exposeRegexpPort]) if err != nil { ports = append(ports, Port{ err: ErrInvalidPort{ Match: match[0], }, }) continue } var extractedPortUint uint16 if extractedPort >= 1 && extractedPort <= 65535 { extractedPortUint = uint16(extractedPort) } else { err = ErrInvalidPort{Match: match[0]} } ports = append(ports, Port{ RawString: match[exposeRegexpWholeMatch], Protocol: match[exposeRegexpProtocol], Port: extractedPortUint, err: err, }) } return ports } // parseHealthCheck takes a HEALTHCHECK directives and turns into a healthCheck struct. func parseHealthCheck(content string) (*HealthCheck, error) { if strings.ToUpper(strings.TrimSpace(content)) == "NONE" { return nil, nil } if !strings.Contains(content, "CMD") { return nil, errors.New("parse HEALTHCHECK: instruction must contain either CMD or NONE") } var retries int var interval, timeout, startPeriod time.Duration fs := flag.NewFlagSet("flags", flag.ContinueOnError) fs.DurationVar(&interval, intervalFlag, intervalDefault, "") fs.DurationVar(&timeout, timeoutFlag, timeoutDefault, "") fs.DurationVar(&startPeriod, startPeriodFlag, startPeriodDefault, "") fs.IntVar(&retries, hcRetriesFlag, retriesDefault, "") var instrArgs []string for _, arg := range strings.Split(content, " ") { if arg == "" { continue } instrArgs = append(instrArgs, strings.TrimSpace(arg)) } if err := fs.Parse(instrArgs); err != nil { return nil, fmt.Errorf("parse HEALTHCHECK: %w", err) } // if HEALTHCHECK instruction is not "NONE", there must be a "CMD" instruction otherwise will error out. // The CMD instruction can either be in a shell command format: `HEALTHCHECK CMD /bin/check-running` // Or, it can also be an exec array: HEALTHCHECK CMD ["/bin/check-running"] cmdIndex := strings.Index(content, cmdInstructionPrefix) cmdArgs := strings.TrimSpace(content[cmdIndex+len(cmdInstructionPrefix):]) cmdExecutor := "CMD" var args []string if err := json.Unmarshal([]byte(cmdArgs), &args); err != nil { cmdExecutor = cmdShell // In string form, use CMD-SHELL. args = []string{cmdArgs} } return &HealthCheck{ Interval: interval, Timeout: timeout, StartPeriod: startPeriod, Retries: retries, Cmd: append([]string{cmdExecutor}, args...), }, nil }