Compare commits

..

6 Commits

Author SHA1 Message Date
CrazyMax
514fbd217b
Merge b0312962ef into f8bc7f4600 2024-04-02 10:58:39 +02:00
CrazyMax
b0312962ef
chore: update generated content
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-04-02 10:58:32 +02:00
CrazyMax
96acf63e4c
handle attests correctly with provenance and sbom inputs
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-04-02 10:54:20 +02:00
CrazyMax
f8bc7f4600
Merge pull request #1088 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.20.0
chore(deps): Bump @docker/actions-toolkit from 0.19.0 to 0.20.0
2024-04-02 10:47:32 +02:00
CrazyMax
c2064be02c
chore: update generated content
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-04-02 10:43:15 +02:00
dependabot[bot]
4f02f34098
chore(deps): Bump @docker/actions-toolkit from 0.19.0 to 0.20.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:41:33 +00:00
6 changed files with 17 additions and 36 deletions

View File

@ -538,7 +538,7 @@ nproc=3`],
[
'build',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', 'type=provenance,false',
'--attest', 'type=provenance,disabled=true',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
@ -742,7 +742,7 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'build',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--attest', `type=sbom,true`,
'--attest', `type=sbom,disabled=false`,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]

4
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -27,8 +27,7 @@
"license": "Apache-2.0",
"dependencies": {
"@actions/core": "^1.10.1",
"@docker/actions-toolkit": "0.19.0",
"csv-parse": "^5.5.5",
"@docker/actions-toolkit": "0.20.0",
"handlebars": "^4.7.7"
},
"devDependencies": {

View File

@ -1,6 +1,5 @@
import * as core from '@actions/core';
import * as handlebars from 'handlebars';
import {parse} from 'csv-parse/sync';
import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
@ -222,7 +221,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (hasAttestationType('provenance', attest)) {
if (BuildxInputs.hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
}
});
@ -230,7 +229,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', `type=provenance,${inputs.provenance}`);
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
@ -246,38 +245,21 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
}
}
if (inputs.sbom) {
args.push('--attest', `type=sbom,${inputs.sbom}`);
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
sbomSet = true;
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!hasAttestationType('provenance', attest) && !hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
} else if (!provenanceSet && hasAttestationType('provenance', attest)) {
if (!BuildxInputs.hasAttestationType('provenance', attest) && !BuildxInputs.hasAttestationType('sbom', attest)) {
args.push('--attest', BuildxInputs.resolveAttestationAttrs(attest));
} else if (!provenanceSet && BuildxInputs.hasAttestationType('provenance', attest)) {
args.push('--attest', BuildxInputs.resolveProvenanceAttrs(attest));
} else if (!sbomSet && hasAttestationType('sbom', attest)) {
} else if (!sbomSet && BuildxInputs.hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
}
});
return args;
}
function hasAttestationType(name: string, attrs: string): boolean {
const attributes = parse(attrs, {
delimiter: ',',
trim: true,
columns: false,
relaxColumnCount: true
});
for (const attr of attributes) {
for (const [key, value] of attr.map((chunk: string) => chunk.split('=').map(item => item.trim()))) {
if (key == 'type' && value == name) {
return true;
}
}
}
return false;
}

View File

@ -765,10 +765,10 @@
dependencies:
"@jridgewell/trace-mapping" "0.3.9"
"@docker/actions-toolkit@0.19.0":
version "0.19.0"
resolved "https://registry.yarnpkg.com/@docker/actions-toolkit/-/actions-toolkit-0.19.0.tgz#3b17d06c46d60142423651ddb9d390f65f109a8c"
integrity sha512-Es08sgfIBOsEBQLfrJQtfgf5mM9Rl4nfZ7byYQ+umbI7VcUEF4AusyNfqsZob7ZRGu+YUw2jJivZysjVCz6LMg==
"@docker/actions-toolkit@0.20.0":
version "0.20.0"
resolved "https://registry.yarnpkg.com/@docker/actions-toolkit/-/actions-toolkit-0.20.0.tgz#9619ff5da7f282e02e22509a5f2f1d707d4437fe"
integrity sha512-oAHSQnWjEyRGmGXePt5A/rZG76U/gddQWF/JmD8lZQOL5WZ7WgfUd2MucOaxq3cd66rMew+iwkfqDzFJQewQQw==
dependencies:
"@actions/cache" "^3.2.4"
"@actions/core" "^1.10.1"