Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
DockerV2: Task ignores addPipelineData and always sets two labels on build
See original GitHub issueRequired Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Bug
Enter Task Name: DockerV2 https://github.com/microsoft/azure-pipelines-tasks/tree/master/Tasks/DockerV2
Environment
-
Server - Azure Pipelines
-
Agent - Hosted:
- Image: ubuntu-18.04
- Pool: Azure Pipelines
Issue Description
[Include task name(s), screenshots and any other relevant details]
By default the Docker Task (build/push/build and push) sets pipeline metadata as labels. This can be deactivated by setting addPipelineData: false in the pipelines.yml definition.
Unfortunately, even after deactivating this explicitly, two labels remain present in the build result. The labels in question are build.sourceversion and teamfoundationcollectionuri. While I don’t have a problem with the former, the name and address of the Project Collection is not something I would like to pass around as public data.
Right now there dont seem to be any way to remove these labels other than executing another docker build via the CLI and overwriting/erasing the unwanted labels.
Pipeline metadata is disabled:
- task: Docker@2
displayName: 'build docker image'
inputs:
command: build
Dockerfile: $(workdir)/src/web/Dockerfile
buildContext: $(workdir)/src/web
addPipelineData: false
The resulting image metadata contains these two labels:
LABEL com.azure.dev.image.build.sourceversion=....
LABEL com.azure.dev.image.system.teamfoundationcollectionuri=https://dev.azure.com/.../
The issue is that the pipeline task ignores the value of addPipelineData.
Offending line (for teamfoundationcollectionuri):
https://github.com/microsoft/azure-pipelines-tasks/blob/714e68f75c1e56ca699f6514700c5824cd231079/Tasks/Common/docker-common-v2/pipelineutils.ts#L23
The task also sets the build.sourceversion label. This is done in pipelineutils.ts line #31
Task logs
Step 16/17 : LABEL com.azure.dev.image.build.sourceversion=e75b414***************0fdef0388ce7550e
---> Running in c557bf5ded0a
Removing intermediate container c557bf5ded0a
---> 38ee50360568
Step 17/17 : LABEL com.azure.dev.image.system.teamfoundationcollectionuri=https://dev.azure.com/<Project_Collection_Name>/
Expected behavior
I expect that the Task respects my choice and disabling pipeline metadata actually disables pipeline metadata.
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’d be happy to help you out in fixing this bug. You can also use this https://github.com/microsoft/azure-pipelines-tasks/pull/13291 PR for reference.
Is there a workaround for this problem? These labels are causing some security concerns.