docker/bake-action
0
0
Fork 0
mirror of https://github.com/docker/bake-action.git synced 2026-01-22 12:22:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

handle no default attestations env var

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2025-03-28 11:30:28 +01:00
parent fdcf61eb1a
commit 656e858067
3 changed files with 81 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/ci.yml vendored
View File

@@ -734,3 +734,19 @@ jobs:
./test/config.hcl ./test/config.hcl
allow: network.host allow: network.host
targets: app-entitlements targets: app-entitlements
no-default-attestations:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Build
uses: ./
with:
source: .
files: |
./test/config.hcl
env:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1

73
__tests__/context.test.ts
View File

@@ -1,4 +1,4 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals'; import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs'; import * as fs from 'fs';
import * as path from 'path'; import * as path from 'path';
@@ -122,6 +122,7 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
}); });
describe('getArgs', () => { describe('getArgs', () => {
const originalEnv = process.env;
beforeEach(() => { beforeEach(() => {
process.env = Object.keys(process.env).reduce((object, key) => { process.env = Object.keys(process.env).reduce((object, key) => {
if (!key.startsWith('INPUT_')) { if (!key.startsWith('INPUT_')) {
@@ -130,6 +131,9 @@ describe('getArgs', () => {
return object; return object;
}, {}); }, {});
}); });
afterEach(() => {
process.env = originalEnv;
});
// prettier-ignore // prettier-ignore
test.each([ test.each([
@@ -145,7 +149,8 @@ describe('getArgs', () => {
]), ]),
[ [
'bake', 'bake',
] ],
undefined
], ],
[ [
1, 1,
@@ -160,7 +165,8 @@ describe('getArgs', () => {
[ [
'bake', 'bake',
'--metadata-file', metadataJson '--metadata-file', metadataJson
] ],
undefined
], ],
[ [
2, 2,
@@ -177,7 +183,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
'webapp', 'validate' 'webapp', 'validate'
] ],
undefined
], ],
[ [
3, 3,
@@ -195,7 +202,8 @@ describe('getArgs', () => {
'--set', '*.cache-from=type=gha', '--set', '*.cache-from=type=gha',
'--set', '*.cache-to=type=gha', '--set', '*.cache-to=type=gha',
'--metadata-file', metadataJson '--metadata-file', metadataJson
] ],
undefined
], ],
[ [
4, 4,
@@ -211,7 +219,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
] ],
undefined
], ],
[ [
5, 5,
@@ -228,7 +237,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1` "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
] ],
undefined
], ],
[ [
6, 6,
@@ -245,7 +255,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1` "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
] ],
undefined
], ],
[ [
7, 7,
@@ -262,7 +273,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", 'false' "--provenance", 'false'
] ],
undefined
], ],
[ [
8, 8,
@@ -279,7 +291,8 @@ describe('getArgs', () => {
'bake', 'bake',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", 'builder-id=foo' "--provenance", 'builder-id=foo'
] ],
undefined
], ],
[ [
9, 9,
@@ -300,7 +313,8 @@ describe('getArgs', () => {
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all' 'image-all'
] ],
undefined
], ],
[ [
10, 10,
@@ -320,7 +334,8 @@ describe('getArgs', () => {
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all' 'image-all'
] ],
undefined
], ],
[ [
11, 11,
@@ -338,7 +353,8 @@ describe('getArgs', () => {
'--file', './foo.hcl', '--file', './foo.hcl',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
] ],
undefined
], ],
[ [
12, 12,
@@ -356,7 +372,8 @@ describe('getArgs', () => {
'--allow', 'network.host', '--allow', 'network.host',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1` "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
] ],
undefined
], ],
[ [
13, 13,
@@ -375,11 +392,35 @@ describe('getArgs', () => {
'--file', './foo.hcl', '--file', './foo.hcl',
'--metadata-file', metadataJson, '--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`, '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
] ],
undefined
],
[
14,
'0.15.0',
new Map<string, string>([
['source', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false']
]),
[
'bake',
'--metadata-file', metadataJson
],
new Map<string, string>([
['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
])
], ],
])( ])(
'[%d] given %p with %p as inputs, returns %p', '[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => { async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
if (envs) {
envs.forEach((value: string, name: string) => {
process.env[name] = value;
});
}
inputs.forEach((value: string, name: string) => { inputs.forEach((value: string, name: string) => {
setInput(name, value); setInput(name, value);
}); });

9
src/context.ts
View File

@@ -103,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) { if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
if (inputs.provenance) { if (inputs.provenance) {
args.push('--provenance', inputs.provenance); args.push('--provenance', inputs.provenance);
} else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) { } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
// if provenance not specified and BuildKit version compatible for // if provenance not specified and BuildKit version compatible for
// attestation, set default provenance. Also needs to make sure user // attestation, set default provenance. Also needs to make sure user
// doesn't want to explicitly load the image to docker. // doesn't want to explicitly load the image to docker.
@@ -155,3 +155,10 @@ function getSourceInput(name: string): string {
} }
return source; return source;
} }
function noDefaultAttestations(): boolean {
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
}
return false;
}