mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-23 11:29:02 +00:00
always set builder-id attribute for provenance
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
74f883a069
commit
ee7989df81
@ -162,13 +162,19 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, context: str
|
||||
args.push('--platform', inputs.platforms.join(','));
|
||||
}
|
||||
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
|
||||
const prvBuilderID = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
|
||||
if (inputs.provenance) {
|
||||
args.push('--provenance', inputs.provenance);
|
||||
args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));
|
||||
} else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {
|
||||
if (fromPayload('repository.private') !== false) {
|
||||
args.push('--provenance', `mode=min,inline-only=true`);
|
||||
// if this is a private repository, we set the default provenance
|
||||
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
||||
// along the builder-id attribute.
|
||||
args.push('--provenance', `mode=min,inline-only=true,builder-id=${prvBuilderID}`);
|
||||
} else {
|
||||
args.push('--provenance', `mode=max,builder-id=${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`);
|
||||
// for a public repository, we set max provenance mode and the
|
||||
// builder-id attribute.
|
||||
args.push('--provenance', `mode=max,builder-id=${prvBuilderID}`);
|
||||
}
|
||||
}
|
||||
if (inputs.sbom) {
|
||||
@ -288,3 +294,22 @@ function select(obj: any, path: string): any {
|
||||
const key = path.slice(0, i);
|
||||
return select(obj[key], path.slice(i + 1));
|
||||
}
|
||||
|
||||
function getProvenanceAttrs(input: string, builderID: string): string {
|
||||
const fields = parse(input, {
|
||||
relaxColumnCount: true,
|
||||
skipEmptyLines: true
|
||||
})[0];
|
||||
// check if builder-id attribute exists in the input
|
||||
for (const field of fields) {
|
||||
const parts = field
|
||||
.toString()
|
||||
.split(/(?<=^[^=]+?)=/)
|
||||
.map(item => item.trim());
|
||||
if (parts[0] == 'builder-id') {
|
||||
return input;
|
||||
}
|
||||
}
|
||||
// if not add builder-id attribute
|
||||
return `${input},builder-id=${builderID}`;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user