Support CROSSPLANE_DIFF_DOCKER_NETWORK env var for container networking#255
Open
jtucci wants to merge 2 commits into
Open
Support CROSSPLANE_DIFF_DOCKER_NETWORK env var for container networking#255jtucci wants to merge 2 commits into
jtucci wants to merge 2 commits into
Conversation
jtucci
force-pushed
the
feat/docker-network-env-var
branch
3 times, most recently
from
b733a4a to
8407101
Compare
Author
|
@jcogilvie could you please review this? |
Collaborator
|
Thanks for the submission. Once upstream cuts a new version that includes the linked PR, I'll be able to bump our version and then review your change. |
jcogilvie
force-pushed
the
feat/docker-network-env-var
branch
from
8407101 to
ea91a74
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for running crossplane-diff inside Docker container environments (e.g., GitHub Actions container jobs) by propagating a Docker network selection into the Crossplane render runtime via Function annotations.
Changes:
- Introduces
CROSSPLANE_DIFF_DOCKER_NETWORKenv var support and appliesrender.crossplane.io/runtime-docker-networkto Functions prior to rendering. - Applies the annotation for both
DefaultFunctionProvider(xr) andCachedFunctionProvider(comp) via a shared helper. - Adds unit tests for the annotation-application helper.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| cmd/diff/diffprocessor/function_provider.go | Adds env var + helper to annotate Functions and wires it into both function providers. |
| cmd/diff/diffprocessor/function_provider_test.go | Adds unit tests covering env-set/unset and existing annotations behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
200
to
205
| // Cache for future calls | ||
| p.cache[compName] = fns | ||
|
|
||
| applyDockerNetworkAnnotation(fns, p.logger) | ||
|
|
||
| return fns, nil |
Comment on lines
+600
to
+604
| if tt.envValue != "" { | ||
| t.Setenv(EnvDockerNetwork, tt.envValue) | ||
| } else { | ||
| os.Unsetenv(EnvDockerNetwork) | ||
| } |
Collaborator
|
It looks like this upstream fix hasn't been released on the 2.2 branch, and it isn't in 2.3.0-rc.0. So I'm still waiting on upstream for this. |
jtucci
force-pushed
the
feat/docker-network-env-var
branch
from
ea91a74 to
9e6248d
Compare
jtucci
force-pushed
the
feat/docker-network-env-var
branch
from
9e6248d to
92196c9
Compare
Comment on lines
+715
to
+719
| if tt.envValue != "" { | ||
| t.Setenv(EnvDockerNetwork, tt.envValue) | ||
| } else { | ||
| os.Unsetenv(EnvDockerNetwork) | ||
| } |
Comment on lines
+731
to
+738
| // Verify existing annotations are preserved when env is set | ||
| if tt.wantNetwork != "" { | ||
| for _, fn := range tt.fns { | ||
| if v, ok := fn.Annotations["existing-key"]; ok && v != "existing-value" { | ||
| t.Errorf("existing annotation was modified: got %q, want %q", v, "existing-value") | ||
| } | ||
| } | ||
| } |
4 tasks
Collaborator
|
It looks like in order for this to work, we have to fix crossplane/cli#75 upstream. |
When crossplane-diff runs inside a Docker container (e.g. a GitHub
Actions container job), function containers created via the Docker
socket land on a different Docker network and are unreachable.
This adds support for the CROSSPLANE_DIFF_DOCKER_NETWORK environment
variable. When set, the value is applied as the
render.crossplane.io/runtime-docker-network annotation on all function
resources before they are passed to render.Render(). This tells the
Crossplane render runtime to connect function containers to the
specified Docker network, making them reachable from the caller.
Usage in a GitHub Actions workflow:
env:
CROSSPLANE_DIFF_DOCKER_NETWORK: ${{ job.container.network }}
Depends on: crossplane/crossplane#7216
Signed-off-by: Jon Tucci <jonytucci01@gmail.com>
Address review feedback on PR crossplane-contrib#255: - CachedFunctionProvider.GetFunctionsForComposition now applies the Docker network annotation on every call, including cache hits, so the annotation always reflects the current value of CROSSPLANE_DIFF_DOCKER_NETWORK (rather than whatever was in effect when the entry was first cached). Reorder the cache-miss path to annotate before storing, so cache state is correct independent of slice aliasing. - Tighten TestApplyDockerNetworkAnnotation: use t.Setenv even for the empty case so prior env state is restored on cleanup, and assert the pre-existing annotation key is both present and unchanged (the prior check only failed on a wrong value, not on accidental removal). - Add TestCachedFunctionProvider_DockerNetworkAnnotation_CacheHit as a regression test for the cache-hit path: prime the cache with the env var unset, then set it and request the same composition; the returned cached functions must carry the annotation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Jonathan Ogilvie <jonathan.ogilvie@sumologic.com>
jcogilvie
force-pushed
the
feat/docker-network-env-var
branch
from
92196c9 to
128b592
Compare
Collaborator
|
Pushed an updated branch from a maintainer to get this merge-ready:
Verified locally with |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of your changes
When
crossplane-diffruns inside a Docker container (e.g. a GitHub Actions container job), function containers created via the Docker socket land on the default bridge network, which is isolated from the job container's network. This makes function containers unreachable, causing all compositions to fail with connection errors.This adds support for the
CROSSPLANE_DIFF_DOCKER_NETWORKenvironment variable. When set, the value is applied as therender.crossplane.io/runtime-docker-networkannotation on all Function resources before they are passed torender.Render(). This tells the Crossplane render runtime to connect function containers to the specified Docker network.The annotation is applied in both
DefaultFunctionProvider(used by thexrcommand) andCachedFunctionProvider(used by thecompcommand) via a shared helper function.Depends on crossplane/crossplane#7216 — that upstream PR must be merged first, and then the
go.moddependency in this repo needs to be bumped to pick up the new annotation support.Fixes #254
I have:
earthly -P +reviewableto ensure this PR is ready for review.Added or updated e2e tests.Documented this change as needed.Followed the API promotion workflow if this PR introduces, removes, or promotes an API.