fix support for build with bake when target docker endpoint requires TLS

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

pkg/compose/shellout.go

@@ -65,6 +65,7 @@ func (s *composeService) propagateDockerEndpoint() ([]string, func(), error) {
 			_ = os.RemoveAll(certs)
 		}
 		env[client.EnvOverrideCertPath] = certs
+		env["DOCKER_TLS"] = "1"
 		if !endpoint.SkipTLSVerify {
 			env[client.EnvTLSVerify] = "1"
 		}
@@ -73,7 +74,7 @@ func (s *composeService) propagateDockerEndpoint() ([]string, func(), error) {
 		if err != nil {
 			return nil, cleanup, err
 		}
-		err = os.WriteFile(filepath.Join(certs, flags.DefaultCaFile), endpoint.TLSData.Cert, 0o600)
+		err = os.WriteFile(filepath.Join(certs, flags.DefaultCertFile), endpoint.TLSData.Cert, 0o600)
 		if err != nil {
 			return nil, cleanup, err
 		}

pkg/e2e/build_test.go

@@ -19,6 +19,7 @@ package e2e
 import (
 	"fmt"
 	"net/http"
+	"os"
 	"regexp"
 	"runtime"
 	"strconv"
@@ -29,6 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/icmd"
+	"gotest.tools/v3/poll"
 )
 
 func TestLocalComposeBuild(t *testing.T) {
@@ -608,3 +610,38 @@ func TestBuildDependentImageWithProfile(t *testing.T) {
 	out := res.Combined()
 	assert.Check(t, strings.Contains(out, "secret-build-test  Built"))
 }
+
+func TestBuildTLS(t *testing.T) {
+	t.Helper()
+
+	c := NewParallelCLI(t)
+	const dindBuilder = "e2e-dind-builder"
+	tmp := t.TempDir()
+
+	t.Cleanup(func() {
+		c.RunDockerCmd(t, "rm", "-f", dindBuilder)
+		c.RunDockerCmd(t, "context", "rm", dindBuilder)
+	})
+
+	c.RunDockerCmd(t, "run", "--name", dindBuilder, "--privileged", "-p", "2376:2376", "-d", "docker:dind")
+
+	poll.WaitOn(t, func(_ poll.LogT) poll.Result {
+		res := c.RunDockerCmd(t, "logs", dindBuilder)
+		if strings.Contains(res.Combined(), "API listen on [::]:2376") {
+			return poll.Success()
+		}
+		return poll.Continue("waiting for Docker daemon to be running")
+	}, poll.WithTimeout(10*time.Second))
+
+	time.Sleep(1 * time.Second) // wait for dind setup
+	c.RunDockerCmd(t, "cp", dindBuilder+":/certs/client", tmp)
+
+	c.RunDockerCmd(t, "context", "create", dindBuilder, "--docker",
+		fmt.Sprintf("host=tcp://localhost:2376,ca=%s/client/ca.pem,cert=%s/client/cert.pem,key=%s/client/key.pem,skip-tls-verify=1", tmp, tmp, tmp))
+
+	cmd := c.NewDockerComposeCmd(t, "-f", "fixtures/build-test/minimal/compose.yaml", "build")
+	cmd.Env = append(cmd.Env, "DOCKER_CONTEXT="+dindBuilder)
+	cmd.Stdout = os.Stdout
+	res := icmd.RunCmd(cmd)
+	res.Assert(t, icmd.Expected{Err: "Built"})
+}

pkg/e2e/fixtures/build-test/minimal/Dockerfile

@@ -0,0 +1,16 @@
+#   Copyright 2020 Docker Compose CLI authors
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+FROM scratch
+COPY . .

pkg/e2e/fixtures/build-test/minimal/compose.yaml

@@ -0,0 +1,3 @@
+services:
+  test:
+    build: .