mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-15 17:43:52 +08:00
always set builder-id attribute for provenance
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
74f883a069
commit
ee7989df81
@ -162,13 +162,19 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, context: str
|
|||||||
args.push('--platform', inputs.platforms.join(','));
|
args.push('--platform', inputs.platforms.join(','));
|
||||||
}
|
}
|
||||||
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
|
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
|
||||||
|
const prvBuilderID = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
|
||||||
if (inputs.provenance) {
|
if (inputs.provenance) {
|
||||||
args.push('--provenance', inputs.provenance);
|
args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));
|
||||||
} else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {
|
} else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {
|
||||||
if (fromPayload('repository.private') !== false) {
|
if (fromPayload('repository.private') !== false) {
|
||||||
args.push('--provenance', `mode=min,inline-only=true`);
|
// if this is a private repository, we set the default provenance
|
||||||
|
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
||||||
|
// along the builder-id attribute.
|
||||||
|
args.push('--provenance', `mode=min,inline-only=true,builder-id=${prvBuilderID}`);
|
||||||
} else {
|
} else {
|
||||||
args.push('--provenance', `mode=max,builder-id=${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`);
|
// for a public repository, we set max provenance mode and the
|
||||||
|
// builder-id attribute.
|
||||||
|
args.push('--provenance', `mode=max,builder-id=${prvBuilderID}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (inputs.sbom) {
|
if (inputs.sbom) {
|
||||||
@ -288,3 +294,22 @@ function select(obj: any, path: string): any {
|
|||||||
const key = path.slice(0, i);
|
const key = path.slice(0, i);
|
||||||
return select(obj[key], path.slice(i + 1));
|
return select(obj[key], path.slice(i + 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getProvenanceAttrs(input: string, builderID: string): string {
|
||||||
|
const fields = parse(input, {
|
||||||
|
relaxColumnCount: true,
|
||||||
|
skipEmptyLines: true
|
||||||
|
})[0];
|
||||||
|
// check if builder-id attribute exists in the input
|
||||||
|
for (const field of fields) {
|
||||||
|
const parts = field
|
||||||
|
.toString()
|
||||||
|
.split(/(?<=^[^=]+?)=/)
|
||||||
|
.map(item => item.trim());
|
||||||
|
if (parts[0] == 'builder-id') {
|
||||||
|
return input;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// if not add builder-id attribute
|
||||||
|
return `${input},builder-id=${builderID}`;
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user