docker/bake-action
0
0
Fork 0
mirror of https://github.com/docker/bake-action.git synced 2025-07-14 04:31:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

handle no default attestations env var

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2025-03-28 11:30:28 +01:00
parent fdcf61eb1a
commit 656e858067
3 changed files with 81 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/ci.yml vendored
View File

@ -734,3 +734,19 @@ jobs:
./test/config.hcl
allow: network.host
targets: app-entitlements
no-default-attestations:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Build
uses: ./
with:
source: .
files: |
./test/config.hcl
env:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1

73
__tests__/context.test.ts
View File

@ -1,4 +1,4 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
@ -122,6 +122,7 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
});
describe('getArgs', () => {
const originalEnv = process.env;
beforeEach(() => {
process.env = Object.keys(process.env).reduce((object, key) => {
if (!key.startsWith('INPUT_')) {
@ -130,6 +131,9 @@ describe('getArgs', () => {
return object;
}, {});
});
afterEach(() => {
process.env = originalEnv;
});
// prettier-ignore
test.each([
@ -145,7 +149,8 @@ describe('getArgs', () => {
]),
[
'bake',
]
],
undefined
],
[
1,
@ -160,7 +165,8 @@ describe('getArgs', () => {
[
'bake',
'--metadata-file', metadataJson
]
],
undefined
],
[
2,
@ -177,7 +183,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
'webapp', 'validate'
]
],
undefined
],
[
3,
@ -195,7 +202,8 @@ describe('getArgs', () => {
'--set', '*.cache-from=type=gha',
'--set', '*.cache-to=type=gha',
'--metadata-file', metadataJson
]
],
undefined
],
[
4,
@ -211,7 +219,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
]
],
undefined
],
[
5,
@ -228,7 +237,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
"--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
]
],
undefined
],
[
6,
@ -245,7 +255,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
"--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
]
],
undefined
],
[
7,
@ -262,7 +273,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
"--provenance", 'false'
]
],
undefined
],
[
8,
@ -279,7 +291,8 @@ describe('getArgs', () => {
'bake',
'--metadata-file', metadataJson,
"--provenance", 'builder-id=foo'
]
],
undefined
],
[
9,
@ -300,7 +313,8 @@ describe('getArgs', () => {
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all'
]
],
undefined
],
[
10,
@ -320,7 +334,8 @@ describe('getArgs', () => {
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all'
]
],
undefined
],
[
11,
@ -338,7 +353,8 @@ describe('getArgs', () => {
'--file', './foo.hcl',
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
]
],
undefined
],
[
12,
@ -356,7 +372,8 @@ describe('getArgs', () => {
'--allow', 'network.host',
'--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
]
],
undefined
],
[
13,
@ -375,11 +392,35 @@ describe('getArgs', () => {
'--file', './foo.hcl',
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
]
],
undefined
],
[
14,
'0.15.0',
new Map<string, string>([
['source', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false']
]),
[
'bake',
'--metadata-file', metadataJson
],
new Map<string, string>([
['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
])
],
])(
'[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
if (envs) {
envs.forEach((value: string, name: string) => {
process.env[name] = value;
});
}
inputs.forEach((value: string, name: string) => {
setInput(name, value);
});

9
src/context.ts
View File

@ -103,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
if (inputs.provenance) {
args.push('--provenance', inputs.provenance);
} else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
} else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
// if provenance not specified and BuildKit version compatible for
// attestation, set default provenance. Also needs to make sure user
// doesn't want to explicitly load the image to docker.
@ -155,3 +155,10 @@ function getSourceInput(name: string): string {
}
return source;
}
function noDefaultAttestations(): boolean {
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
}
return false;
}