actions/build-push-action
2
0
Fork 0
mirror of https://github.com/docker/build-push-action.git synced 2025-04-02 02:06:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge 93d7ffa39f into 84ad562665

Browse source
This commit is contained in:
CrazyMax 2025-03-28 10:31:04 +00:00 committed by GitHub
commit 0a98ecde8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 132 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.github/workflows/ci.yml vendored
View file

@ -1542,3 +1542,26 @@ jobs:
echo "::error::Should have failed"
exit 1
fi
no-default-attestations:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
env:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1

135
__tests__/context.test.ts
View file

@ -1,4 +1,4 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
@ -68,6 +68,7 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
});
describe('getArgs', () => {
const originalEnv = process.env;
beforeEach(() => {
process.env = Object.keys(process.env).reduce((object, key) => {
if (!key.startsWith('INPUT_')) {
@ -76,6 +77,9 @@ describe('getArgs', () => {
return object;
}, {});
});
afterEach(() => {
process.env = originalEnv;
});
// prettier-ignore
test.each([
@ -93,7 +97,8 @@ describe('getArgs', () => {
'build',
'--iidfile', imageIDFilePath,
'.'
]
],
undefined
],
[
1,
@ -116,7 +121,8 @@ ccc"`],
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
'--iidfile', imageIDFilePath,
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
2,
@ -134,7 +140,8 @@ ccc"`],
'--tag', 'name/app:7.4',
'--tag', 'name/app:latest',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
3,
@ -154,7 +161,8 @@ ccc"`],
'--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
'--output', 'type=local,dest=./release-out',
'.'
]
],
undefined
],
[
4,
@ -171,7 +179,8 @@ ccc"`],
'build',
'--platform', 'linux/amd64,linux/arm64',
'.'
]
],
undefined
],
[
5,
@ -187,7 +196,8 @@ ccc"`],
'build',
'--iidfile', imageIDFilePath,
'.'
]
],
undefined
],
[
6,
@ -205,7 +215,8 @@ ccc"`],
'--iidfile', imageIDFilePath,
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'.'
]
],
undefined
],
[
7,
@ -223,7 +234,8 @@ ccc"`],
'--output', '.',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
8,
@ -249,7 +261,8 @@ ccc"`],
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
9,
@ -286,7 +299,8 @@ ccc"`],
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
10,
@ -323,7 +337,8 @@ ccc`],
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
11,
@ -349,7 +364,8 @@ ccc`],
'--network', 'host',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
undefined
],
[
12,
@ -369,7 +385,8 @@ ccc`],
'--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
'--output', 'type=local,dest=./release-out',
'.'
]
],
undefined
],
[
13,
@ -395,7 +412,8 @@ ccc`],
'--network', 'host',
'--push',
'.'
]
],
undefined
],
[
14,
@ -425,7 +443,8 @@ nproc=3`],
'--ulimit', 'nproc=3',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
15,
@ -442,7 +461,8 @@ nproc=3`],
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
]
],
undefined
],
[
16,
@ -461,7 +481,8 @@ nproc=3`],
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--metadata-file', metadataJson,
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
]
],
undefined
],
[
17,
@ -479,7 +500,8 @@ nproc=3`],
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
18,
@ -497,7 +519,8 @@ nproc=3`],
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
19,
@ -516,7 +539,8 @@ nproc=3`],
'--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
20,
@ -535,7 +559,8 @@ nproc=3`],
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
21,
@ -554,7 +579,8 @@ nproc=3`],
'--attest', 'type=provenance,disabled=true',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
22,
@ -573,7 +599,8 @@ nproc=3`],
'--attest', 'type=provenance,builder-id=foo',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
23,
@ -592,7 +619,8 @@ nproc=3`],
"--output", 'type=docker',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
24,
@ -610,7 +638,8 @@ nproc=3`],
'--load',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
25,
@ -630,7 +659,8 @@ nproc=3`],
'--load',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
26,
@ -652,7 +682,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--load',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
27,
@ -673,7 +704,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--load',
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
28,
@ -693,7 +725,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
29,
@ -717,7 +750,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
30,
@ -737,7 +771,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
31,
@ -758,7 +793,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=sbom,disabled=false`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
32,
@ -778,7 +814,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
33,
@ -797,11 +834,37 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
'--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--metadata-file', metadataJson,
'.'
]
],
undefined
],
[
34,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false']
]),
[
'build',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'.'
],
new Map<string, string>([
['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
])
],
])(
'[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
if (envs) {
envs.forEach((value: string, name: string) => {
process.env[name] = value;
});
}
inputs.forEach((value: string, name: string) => {
setInput(name, value);
});

2
dist/index.js generated vendored
View file

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View file

File diff suppressed because one or more lines are too long

9
src/context.ts
View file

@ -264,7 +264,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
if (inputs.provenance) {
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
} else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
// version compatible for attestation, set default provenance. Also needs
// to make sure user doesn't want to explicitly load the image to docker.
@ -296,3 +296,10 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
return args;
}
function noDefaultAttestations(): boolean {
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
}
return false;
}