bake: handle tilde expansion in filepaths

[dvdksn]

Description

Adds tilde expansion for filepath attributes in bake files.

• ~/path - expands to current user's home directory + path
• ~ - expands to current user's home directory
• ~username/path - expands to specified user's home directory + path

Note on Windows support:

• ~ is equivalent to %USERPROFILE%
• ~username is not supported

Related issues

• Closes bake doesn't handle tilde expansion #1739

[dvdksn]

cc @crazy-max ptal 🙂

[crazy-max]

LGTM thanks!

Was wondering if fs entitlements would still be applied and looks like it as expansion happens when reading targets:

target "default" {
  output = ["~/bake"]
}

docker buildx bake --print
{
  "group": {
    "default": {
      "targets": [
        "default"
      ]
    }
  },
  "target": {
    "default": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "output": [
        {
          "dest": "/home/crazy/bake",
          "type": "local"
        }
      ]
    }
  }
}

docker buildx bake
#0 building with "default" instance using docker driver

#1 [internal] load local bake definitions
#1 reading docker-bake.hcl 43B / 43B done
#1 DONE 0.0s
Your build is requesting privileges for following possibly insecure capabilities:

 - Write access to path /home/crazy

In order to not see this message in the future pass "--allow=fs.write=/home/crazy" to grant requested privileges.

Your full command with requested privileges:

docker buildx bake --allow=fs.write=/home/crazy

To disable filesystem entitlements checks, you can set BUILDX_BAKE_ENTITLEMENTS_FS=0 .

Do you want to grant requested privileges and continue? [y/N]

[thaJeztah]

Slightly concerned if this will start users expecting ~ to work everywhere; I know we had similar cases in the docker cli, where (by design), paths were expected to be absolute in various flags; also having only support on Linux can mean that the bakefile is no longer portable. But now could become a sliding slope, where (e.g.) %APPDIR% and other similar vars are also expected to work.

[dvdksn]

@thaJeztah that's a valid concern. For things like %APPDIR%, that's already supported via variables. There's just on syntactic sugar in the bake file format - you'd have to do $APPDIR, and then it should work (if set, as it would be on win)

I quite like the ~username syntax for things like builds though because it lets you map cache, output, etc without explicitly hardcoding the paths.

[jsternberg]

I agree with @thaJeztah that adding support for a tilde expansion is a bit of a slippery slope. Tilde expansions are generally done as part of the shell program and it isn't supported by most command line tools. This shows up in cases where --path=~/foo doesn't work but --path ~/foo will work because the first gets passed with ~ verbatim.

Recently, @crazy-max added a homedir() function to bake. I think it would be better and more explicit if we suggested something like this:

variable "HOME" {
    default = homedir()
}

Then HOME can be expanded consistently with everything else and we don't have to add any extra code or wade into trying to expand tilde symbols everywhere.

[jsternberg]

Putting a request changes until we have a further discussion on if we want to merge this feature or not.