Compare commits

..

3 Commits

Author SHA1 Message Date
CrazyMax
33fd15f6c0
Merge 92318fe975 into 090ca155fc 2024-03-26 14:44:58 +00:00
CrazyMax
92318fe975
chore: update generated content
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-03-26 15:44:50 +01:00
CrazyMax
5bb8c00e8f
handle attests correctly with provenance and sbom inputs
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-03-26 15:44:43 +01:00
6 changed files with 36 additions and 17 deletions

View File

@ -538,7 +538,7 @@ nproc=3`],
[
'build',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', 'type=provenance,disabled=true',
'--attest', 'type=provenance,false',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
@ -742,7 +742,7 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'build',
'--iidfile', path.join(tmpDir, 'iidfile'),
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--attest', `type=sbom,disabled=false`,
'--attest', `type=sbom,true`,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]

4
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@ -27,7 +27,8 @@
"license": "Apache-2.0",
"dependencies": {
"@actions/core": "^1.10.1",
"@docker/actions-toolkit": "0.20.0",
"@docker/actions-toolkit": "0.19.0",
"csv-parse": "^5.5.5",
"handlebars": "^4.7.7"
},
"devDependencies": {

View File

@ -1,5 +1,6 @@
import * as core from '@actions/core';
import * as handlebars from 'handlebars';
import {parse} from 'csv-parse/sync';
import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
@ -221,7 +222,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (BuildxInputs.hasAttestationType('provenance', attest)) {
if (hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
}
});
@ -229,7 +230,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
args.push('--attest', `type=provenance,${inputs.provenance}`);
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
@ -245,21 +246,38 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
}
}
if (inputs.sbom) {
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
args.push('--attest', `type=sbom,${inputs.sbom}`);
sbomSet = true;
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!BuildxInputs.hasAttestationType('provenance', attest) && !BuildxInputs.hasAttestationType('sbom', attest)) {
args.push('--attest', BuildxInputs.resolveAttestationAttrs(attest));
} else if (!provenanceSet && BuildxInputs.hasAttestationType('provenance', attest)) {
if (!hasAttestationType('provenance', attest) && !hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
} else if (!provenanceSet && hasAttestationType('provenance', attest)) {
args.push('--attest', BuildxInputs.resolveProvenanceAttrs(attest));
} else if (!sbomSet && BuildxInputs.hasAttestationType('sbom', attest)) {
} else if (!sbomSet && hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
}
});
return args;
}
function hasAttestationType(name: string, attrs: string): boolean {
const attributes = parse(attrs, {
delimiter: ',',
trim: true,
columns: false,
relaxColumnCount: true
});
for (const attr of attributes) {
for (const [key, value] of attr.map((chunk: string) => chunk.split('=').map(item => item.trim()))) {
if (key == 'type' && value == name) {
return true;
}
}
}
return false;
}

View File

@ -765,10 +765,10 @@
dependencies:
"@jridgewell/trace-mapping" "0.3.9"
"@docker/actions-toolkit@0.20.0":
version "0.20.0"
resolved "https://registry.yarnpkg.com/@docker/actions-toolkit/-/actions-toolkit-0.20.0.tgz#9619ff5da7f282e02e22509a5f2f1d707d4437fe"
integrity sha512-oAHSQnWjEyRGmGXePt5A/rZG76U/gddQWF/JmD8lZQOL5WZ7WgfUd2MucOaxq3cd66rMew+iwkfqDzFJQewQQw==
"@docker/actions-toolkit@0.19.0":
version "0.19.0"
resolved "https://registry.yarnpkg.com/@docker/actions-toolkit/-/actions-toolkit-0.19.0.tgz#3b17d06c46d60142423651ddb9d390f65f109a8c"
integrity sha512-Es08sgfIBOsEBQLfrJQtfgf5mM9Rl4nfZ7byYQ+umbI7VcUEF4AusyNfqsZob7ZRGu+YUw2jJivZysjVCz6LMg==
dependencies:
"@actions/cache" "^3.2.4"
"@actions/core" "^1.10.1"