mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-23 11:29:02 +00:00
switch to new Build class
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
parent
68615d5b67
commit
eb3cfeaf00
@ -1,8 +1,9 @@
|
|||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
import * as handlebars from 'handlebars';
|
import * as handlebars from 'handlebars';
|
||||||
|
|
||||||
|
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
|
||||||
import {Context} from '@docker/actions-toolkit/lib/context';
|
import {Context} from '@docker/actions-toolkit/lib/context';
|
||||||
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
||||||
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
|
|
||||||
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
||||||
import {Util} from '@docker/actions-toolkit/lib/util';
|
import {Util} from '@docker/actions-toolkit/lib/util';
|
||||||
|
|
||||||
@ -62,7 +63,7 @@ export async function getInputs(): Promise<Inputs> {
|
|||||||
noCacheFilters: Util.getInputList('no-cache-filters'),
|
noCacheFilters: Util.getInputList('no-cache-filters'),
|
||||||
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
|
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
|
||||||
platforms: Util.getInputList('platforms'),
|
platforms: Util.getInputList('platforms'),
|
||||||
provenance: BuildxInputs.getProvenanceInput('provenance'),
|
provenance: Build.getProvenanceInput('provenance'),
|
||||||
pull: core.getBooleanInput('pull'),
|
pull: core.getBooleanInput('pull'),
|
||||||
push: core.getBooleanInput('push'),
|
push: core.getBooleanInput('push'),
|
||||||
sbom: core.getInput('sbom'),
|
sbom: core.getInput('sbom'),
|
||||||
@ -126,7 +127,7 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
|||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
|
await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretEnv(secretEnv));
|
args.push('--secret', Build.resolveSecretEnv(secretEnv));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
@ -134,8 +135,8 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
|||||||
if (inputs.file) {
|
if (inputs.file) {
|
||||||
args.push('--file', inputs.file);
|
args.push('--file', inputs.file);
|
||||||
}
|
}
|
||||||
if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
|
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
|
||||||
args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
|
args.push('--iidfile', Build.getImageIDFilePath());
|
||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.labels, async label => {
|
await Util.asyncForEach(inputs.labels, async label => {
|
||||||
args.push('--label', label);
|
args.push('--label', label);
|
||||||
@ -156,20 +157,20 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
|||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.secrets, async secret => {
|
await Util.asyncForEach(inputs.secrets, async secret => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
|
args.push('--secret', Build.resolveSecretString(secret));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
await Util.asyncForEach(inputs.secretFiles, async secretFile => {
|
await Util.asyncForEach(inputs.secretFiles, async secretFile => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
|
args.push('--secret', Build.resolveSecretFile(secretFile));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
|
if (inputs.githubToken && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
||||||
}
|
}
|
||||||
if (inputs.shmSize) {
|
if (inputs.shmSize) {
|
||||||
args.push('--shm-size', inputs.shmSize);
|
args.push('--shm-size', inputs.shmSize);
|
||||||
@ -198,7 +199,7 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
|||||||
args.push('--load');
|
args.push('--load');
|
||||||
}
|
}
|
||||||
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
|
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
|
||||||
args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
|
args.push('--metadata-file', Build.getMetadataFilePath());
|
||||||
}
|
}
|
||||||
if (inputs.network) {
|
if (inputs.network) {
|
||||||
args.push('--network', inputs.network);
|
args.push('--network', inputs.network);
|
||||||
@ -221,7 +222,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
|||||||
// check if provenance attestation is set in attests input
|
// check if provenance attestation is set in attests input
|
||||||
let hasAttestProvenance = false;
|
let hasAttestProvenance = false;
|
||||||
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
||||||
if (BuildxInputs.hasAttestationType('provenance', attest)) {
|
if (Build.hasAttestationType('provenance', attest)) {
|
||||||
hasAttestProvenance = true;
|
hasAttestProvenance = true;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@ -229,34 +230,34 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
|||||||
let provenanceSet = false;
|
let provenanceSet = false;
|
||||||
let sbomSet = false;
|
let sbomSet = false;
|
||||||
if (inputs.provenance) {
|
if (inputs.provenance) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
|
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
|
||||||
provenanceSet = true;
|
provenanceSet = true;
|
||||||
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
|
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
|
||||||
// if provenance not specified in provenance or attests inputs and BuildKit
|
// if provenance not specified in provenance or attests inputs and BuildKit
|
||||||
// version compatible for attestation, set default provenance. Also needs
|
// version compatible for attestation, set default provenance. Also needs
|
||||||
// to make sure user doesn't want to explicitly load the image to docker.
|
// to make sure user doesn't want to explicitly load the image to docker.
|
||||||
if (GitHub.context.payload.repository?.private ?? false) {
|
if (GitHub.context.payload.repository?.private ?? false) {
|
||||||
// if this is a private repository, we set the default provenance
|
// if this is a private repository, we set the default provenance
|
||||||
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
||||||
args.push('--attest', `type=provenance,${BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
|
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
|
||||||
} else {
|
} else {
|
||||||
// for a public repository, we set max provenance mode.
|
// for a public repository, we set max provenance mode.
|
||||||
args.push('--attest', `type=provenance,${BuildxInputs.resolveProvenanceAttrs(`mode=max`)}`);
|
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (inputs.sbom) {
|
if (inputs.sbom) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
|
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
|
||||||
sbomSet = true;
|
sbomSet = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// set attests but check if provenance or sbom types already set as
|
// set attests but check if provenance or sbom types already set as
|
||||||
// provenance and sbom inputs take precedence over attests input.
|
// provenance and sbom inputs take precedence over attests input.
|
||||||
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
||||||
if (!BuildxInputs.hasAttestationType('provenance', attest) && !BuildxInputs.hasAttestationType('sbom', attest)) {
|
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(attest));
|
args.push('--attest', Build.resolveAttestationAttrs(attest));
|
||||||
} else if (!provenanceSet && BuildxInputs.hasAttestationType('provenance', attest)) {
|
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
|
||||||
args.push('--attest', BuildxInputs.resolveProvenanceAttrs(attest));
|
args.push('--attest', Build.resolveProvenanceAttrs(attest));
|
||||||
} else if (!sbomSet && BuildxInputs.hasAttestationType('sbom', attest)) {
|
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
|
||||||
args.push('--attest', attest);
|
args.push('--attest', attest);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
15
src/main.ts
15
src/main.ts
@ -3,12 +3,14 @@ import * as path from 'path';
|
|||||||
import * as stateHelper from './state-helper';
|
import * as stateHelper from './state-helper';
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
import * as actionsToolkit from '@docker/actions-toolkit';
|
import * as actionsToolkit from '@docker/actions-toolkit';
|
||||||
|
|
||||||
|
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
|
||||||
import {Context} from '@docker/actions-toolkit/lib/context';
|
import {Context} from '@docker/actions-toolkit/lib/context';
|
||||||
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
|
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
|
||||||
import {Exec} from '@docker/actions-toolkit/lib/exec';
|
import {Exec} from '@docker/actions-toolkit/lib/exec';
|
||||||
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
||||||
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
|
|
||||||
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
||||||
|
|
||||||
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
|
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
|
||||||
|
|
||||||
import * as context from './context';
|
import * as context from './context';
|
||||||
@ -89,9 +91,9 @@ actionsToolkit.run(
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
const imageID = BuildxInputs.resolveBuildImageID();
|
const imageID = Build.resolveImageID();
|
||||||
const metadata = BuildxInputs.resolveBuildMetadata();
|
const metadata = Build.resolveMetadata();
|
||||||
const digest = BuildxInputs.resolveDigest();
|
const digest = Build.resolveDigest();
|
||||||
|
|
||||||
if (imageID) {
|
if (imageID) {
|
||||||
await core.group(`ImageID`, async () => {
|
await core.group(`ImageID`, async () => {
|
||||||
@ -107,8 +109,9 @@ actionsToolkit.run(
|
|||||||
}
|
}
|
||||||
if (metadata) {
|
if (metadata) {
|
||||||
await core.group(`Metadata`, async () => {
|
await core.group(`Metadata`, async () => {
|
||||||
core.info(metadata);
|
const metadatadt = JSON.stringify(metadata, null, 2);
|
||||||
core.setOutput('metadata', metadata);
|
core.info(metadatadt);
|
||||||
|
core.setOutput('metadata', metadatadt);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user