do not set default provenance if user wants to load the image
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>pull/746/head
parent
ee7989df81
commit
0cb700ffba
|
@ -165,7 +165,10 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, context: str
|
||||||
const prvBuilderID = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
|
const prvBuilderID = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
|
||||||
if (inputs.provenance) {
|
if (inputs.provenance) {
|
||||||
args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));
|
args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));
|
||||||
} else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {
|
} else if ((await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) && !hasDockerExport(inputs)) {
|
||||||
|
// if provenance not specified and BuildKit version compatible for
|
||||||
|
// attestation, set default provenance. Also needs to make sure user
|
||||||
|
// doesn't want to explicitly load the image to docker.
|
||||||
if (fromPayload('repository.private') !== false) {
|
if (fromPayload('repository.private') !== false) {
|
||||||
// if this is a private repository, we set the default provenance
|
// if this is a private repository, we set the default provenance
|
||||||
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
||||||
|
@ -313,3 +316,28 @@ function getProvenanceAttrs(input: string, builderID: string): string {
|
||||||
// if not add builder-id attribute
|
// if not add builder-id attribute
|
||||||
return `${input},builder-id=${builderID}`;
|
return `${input},builder-id=${builderID}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function hasDockerExport(inputs: Inputs): boolean {
|
||||||
|
if (inputs.load) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
for (const output of inputs.outputs) {
|
||||||
|
const fields = parse(output, {
|
||||||
|
relaxColumnCount: true,
|
||||||
|
skipEmptyLines: true
|
||||||
|
})[0];
|
||||||
|
for (const field of fields) {
|
||||||
|
const parts = field
|
||||||
|
.toString()
|
||||||
|
.split(/(?<=^[^=]+?)=/)
|
||||||
|
.map(item => item.trim());
|
||||||
|
if (parts.length != 2) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (parts[0] == 'type' && parts[1] == 'docker') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue