Skip to content

Commit

Permalink
add provenance and sbom inputs
Browse files Browse the repository at this point in the history 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
  • Loading branch information
@crazy-max
crazy-max committed Dec 21, 2022
1 parent ea6d75b commit 34b0f26
Show file tree
Hide file tree
Showing 6 changed files with 77 additions and 16 deletions.
41 changes: 41 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,47 @@ jobs:
${{ matrix.target }}
push: false # set to true when https://github.com/docker/buildx/issues/179 is fixed

attests:
runs-on: ubuntu-latest
env:
BUILDX_VERSION: v0.10.0-rc2 # TODO: remove when Buildx v0.10.0 is released
BUILDKIT_IMAGE: moby/buildkit:v0.11.0-rc3 # TODO: remove when BuildKit v0.11.0 is released
DESTDIR: /tmp/bake-build
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
workdir: ./test/go
targets: binary
provenance: mode=max,builder-id=https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}
-
name: Check output folder
working-directory: ${{ env.DESTDIR }}
run: |
tree .
-
name: Print provenance
working-directory: ${{ env.DESTDIR }}
run: |
cat provenance.json | jq
-
name: Print SBOM
working-directory: ${{ env.DESTDIR }}
run: |
cat sbom.spdx.json | jq
error-msg:
runs-on: ubuntu-latest
steps:
Expand Down
26 changes: 14 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,18 +80,20 @@ Following inputs can be used as `step.with` keys
> targets: default,release
> ```
| Name | Type | Description |
|------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `workdir` | String | Working directory of execution |
| `targets` | List/CSV | List of bake targets (`default` target used if empty) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
| `load` | Bool | Load is a shorthand for `--set=*.output=type=docker` (default `false`) |
| `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
| `source` | String | [Remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) to build from |
| Name | Type | Description |
|--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `files` | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
| `workdir` | String | Working directory of execution |
| `targets` | List/CSV | List of bake targets (`default` target used if empty) |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `pull` | Bool | Always attempt to pull a newer version of the image (default `false`) |
| `load` | Bool | Load is a shorthand for `--set=*.output=type=docker` (default `false`) |
| `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/provenance/) is a shorthand for `--set=*.attest=type=provenance` |
| `push` | Bool | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
| `sbom` | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom` |
| `set` | List | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
| `source` | String | [Remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) to build from |
### outputs
Expand Down
6 changes: 6 additions & 0 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,16 @@ inputs:
description: "Load is a shorthand for --set=*.output=type=docker"
required: false
default: 'false'
provenance:
description: "Provenance is a shorthand for --set=*.attest=type=provenance"
required: false
push:
description: "Push is a shorthand for --set=*.output=type=registry"
required: false
default: 'false'
sbom:
description: "SBOM is a shorthand for --set=*.attest=type=sbom"
required: false
set:
description: "List of targets values to override (eg. targetpattern.key=value)"
required: false
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index.js.map
View file

Large diffs are not rendered by default.

16 changes: 14 additions & 2 deletions src/context.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ export interface Inputs {
noCache: boolean;
pull: boolean;
load: boolean;
provenance: string;
push: boolean;
sbom: string;
set: string[];
source: string;
}
Expand All @@ -41,7 +43,9 @@ export async function getInputs(): Promise<Inputs> {
noCache: core.getBooleanInput('no-cache'),
pull: core.getBooleanInput('pull'),
load: core.getBooleanInput('load'),
provenance: core.getInput('provenance'),
push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'),
set: getInputList('set', true),
source: core.getInput('source')
};
Expand All @@ -51,7 +55,7 @@ export async function getArgs(inputs: Inputs, buildxVersion: string): Promise<Ar
// prettier-ignore
return [
...await getBakeArgs(inputs, buildxVersion),
...await getCommonArgs(inputs),
...await getCommonArgs(inputs, buildxVersion),
...inputs.targets
];
}
Expand All @@ -73,7 +77,7 @@ async function getBakeArgs(inputs: Inputs, buildxVersion: string): Promise<Array
return args;
}

async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
const args: Array<string> = [];
if (inputs.noCache) {
args.push('--no-cache');
Expand All @@ -90,6 +94,14 @@ async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
if (inputs.push) {
args.push('--push');
}
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
if (inputs.provenance) {
args.push('--provenance', inputs.provenance);
}
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
}
}
return args;
}

Expand Down

0 comments on commit 34b0f26

Please sign in to comment.