Merge pull request #1105 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.22.0
chore(deps): Bump @docker/actions-toolkit from 0.20.0 to 0.22.0pull/1090/head
commit
7f1f43ba33
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
|
@ -27,7 +27,7 @@
|
||||||
"license": "Apache-2.0",
|
"license": "Apache-2.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^1.10.1",
|
"@actions/core": "^1.10.1",
|
||||||
"@docker/actions-toolkit": "0.20.0",
|
"@docker/actions-toolkit": "0.22.0",
|
||||||
"handlebars": "^4.7.7"
|
"handlebars": "^4.7.7"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
import * as handlebars from 'handlebars';
|
import * as handlebars from 'handlebars';
|
||||||
|
|
||||||
|
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
|
||||||
import {Context} from '@docker/actions-toolkit/lib/context';
|
import {Context} from '@docker/actions-toolkit/lib/context';
|
||||||
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
||||||
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
|
|
||||||
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
||||||
import {Util} from '@docker/actions-toolkit/lib/util';
|
import {Util} from '@docker/actions-toolkit/lib/util';
|
||||||
|
|
||||||
|
@ -62,7 +63,7 @@ export async function getInputs(): Promise<Inputs> {
|
||||||
noCacheFilters: Util.getInputList('no-cache-filters'),
|
noCacheFilters: Util.getInputList('no-cache-filters'),
|
||||||
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
|
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
|
||||||
platforms: Util.getInputList('platforms'),
|
platforms: Util.getInputList('platforms'),
|
||||||
provenance: BuildxInputs.getProvenanceInput('provenance'),
|
provenance: Build.getProvenanceInput('provenance'),
|
||||||
pull: core.getBooleanInput('pull'),
|
pull: core.getBooleanInput('pull'),
|
||||||
push: core.getBooleanInput('push'),
|
push: core.getBooleanInput('push'),
|
||||||
sbom: core.getInput('sbom'),
|
sbom: core.getInput('sbom'),
|
||||||
|
@ -126,7 +127,7 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
|
await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretEnv(secretEnv));
|
args.push('--secret', Build.resolveSecretEnv(secretEnv));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
|
@ -134,8 +135,8 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
||||||
if (inputs.file) {
|
if (inputs.file) {
|
||||||
args.push('--file', inputs.file);
|
args.push('--file', inputs.file);
|
||||||
}
|
}
|
||||||
if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
|
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
|
||||||
args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
|
args.push('--iidfile', Build.getImageIDFilePath());
|
||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.labels, async label => {
|
await Util.asyncForEach(inputs.labels, async label => {
|
||||||
args.push('--label', label);
|
args.push('--label', label);
|
||||||
|
@ -156,20 +157,20 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
|
||||||
}
|
}
|
||||||
await Util.asyncForEach(inputs.secrets, async secret => {
|
await Util.asyncForEach(inputs.secrets, async secret => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
|
args.push('--secret', Build.resolveSecretString(secret));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
await Util.asyncForEach(inputs.secretFiles, async secretFile => {
|
await Util.asyncForEach(inputs.secretFiles, async secretFile => {
|
||||||
try {
|
try {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
|
args.push('--secret', Build.resolveSecretFile(secretFile));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.warning(err.message);
|
core.warning(err.message);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
|
if (inputs.githubToken && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
|
||||||
args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
|
||||||
}
|
}
|
||||||
if (inputs.shmSize) {
|
if (inputs.shmSize) {
|
||||||
args.push('--shm-size', inputs.shmSize);
|
args.push('--shm-size', inputs.shmSize);
|
||||||
|
@ -198,7 +199,7 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
||||||
args.push('--load');
|
args.push('--load');
|
||||||
}
|
}
|
||||||
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
|
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
|
||||||
args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
|
args.push('--metadata-file', Build.getMetadataFilePath());
|
||||||
}
|
}
|
||||||
if (inputs.network) {
|
if (inputs.network) {
|
||||||
args.push('--network', inputs.network);
|
args.push('--network', inputs.network);
|
||||||
|
@ -221,7 +222,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
||||||
// check if provenance attestation is set in attests input
|
// check if provenance attestation is set in attests input
|
||||||
let hasAttestProvenance = false;
|
let hasAttestProvenance = false;
|
||||||
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
||||||
if (BuildxInputs.hasAttestationType('provenance', attest)) {
|
if (Build.hasAttestationType('provenance', attest)) {
|
||||||
hasAttestProvenance = true;
|
hasAttestProvenance = true;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -229,34 +230,34 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
||||||
let provenanceSet = false;
|
let provenanceSet = false;
|
||||||
let sbomSet = false;
|
let sbomSet = false;
|
||||||
if (inputs.provenance) {
|
if (inputs.provenance) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
|
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
|
||||||
provenanceSet = true;
|
provenanceSet = true;
|
||||||
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
|
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
|
||||||
// if provenance not specified in provenance or attests inputs and BuildKit
|
// if provenance not specified in provenance or attests inputs and BuildKit
|
||||||
// version compatible for attestation, set default provenance. Also needs
|
// version compatible for attestation, set default provenance. Also needs
|
||||||
// to make sure user doesn't want to explicitly load the image to docker.
|
// to make sure user doesn't want to explicitly load the image to docker.
|
||||||
if (GitHub.context.payload.repository?.private ?? false) {
|
if (GitHub.context.payload.repository?.private ?? false) {
|
||||||
// if this is a private repository, we set the default provenance
|
// if this is a private repository, we set the default provenance
|
||||||
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
||||||
args.push('--attest', `type=provenance,${BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
|
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
|
||||||
} else {
|
} else {
|
||||||
// for a public repository, we set max provenance mode.
|
// for a public repository, we set max provenance mode.
|
||||||
args.push('--attest', `type=provenance,${BuildxInputs.resolveProvenanceAttrs(`mode=max`)}`);
|
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (inputs.sbom) {
|
if (inputs.sbom) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
|
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
|
||||||
sbomSet = true;
|
sbomSet = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// set attests but check if provenance or sbom types already set as
|
// set attests but check if provenance or sbom types already set as
|
||||||
// provenance and sbom inputs take precedence over attests input.
|
// provenance and sbom inputs take precedence over attests input.
|
||||||
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
await Util.asyncForEach(inputs.attests, async (attest: string) => {
|
||||||
if (!BuildxInputs.hasAttestationType('provenance', attest) && !BuildxInputs.hasAttestationType('sbom', attest)) {
|
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
|
||||||
args.push('--attest', BuildxInputs.resolveAttestationAttrs(attest));
|
args.push('--attest', Build.resolveAttestationAttrs(attest));
|
||||||
} else if (!provenanceSet && BuildxInputs.hasAttestationType('provenance', attest)) {
|
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
|
||||||
args.push('--attest', BuildxInputs.resolveProvenanceAttrs(attest));
|
args.push('--attest', Build.resolveProvenanceAttrs(attest));
|
||||||
} else if (!sbomSet && BuildxInputs.hasAttestationType('sbom', attest)) {
|
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
|
||||||
args.push('--attest', attest);
|
args.push('--attest', attest);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
15
src/main.ts
15
src/main.ts
|
@ -3,12 +3,14 @@ import * as path from 'path';
|
||||||
import * as stateHelper from './state-helper';
|
import * as stateHelper from './state-helper';
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
import * as actionsToolkit from '@docker/actions-toolkit';
|
import * as actionsToolkit from '@docker/actions-toolkit';
|
||||||
|
|
||||||
|
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
|
||||||
import {Context} from '@docker/actions-toolkit/lib/context';
|
import {Context} from '@docker/actions-toolkit/lib/context';
|
||||||
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
|
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
|
||||||
import {Exec} from '@docker/actions-toolkit/lib/exec';
|
import {Exec} from '@docker/actions-toolkit/lib/exec';
|
||||||
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
||||||
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
|
|
||||||
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
||||||
|
|
||||||
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
|
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
|
||||||
|
|
||||||
import * as context from './context';
|
import * as context from './context';
|
||||||
|
@ -89,9 +91,9 @@ actionsToolkit.run(
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
const imageID = BuildxInputs.resolveBuildImageID();
|
const imageID = Build.resolveImageID();
|
||||||
const metadata = BuildxInputs.resolveBuildMetadata();
|
const metadata = Build.resolveMetadata();
|
||||||
const digest = BuildxInputs.resolveDigest();
|
const digest = Build.resolveDigest();
|
||||||
|
|
||||||
if (imageID) {
|
if (imageID) {
|
||||||
await core.group(`ImageID`, async () => {
|
await core.group(`ImageID`, async () => {
|
||||||
|
@ -107,8 +109,9 @@ actionsToolkit.run(
|
||||||
}
|
}
|
||||||
if (metadata) {
|
if (metadata) {
|
||||||
await core.group(`Metadata`, async () => {
|
await core.group(`Metadata`, async () => {
|
||||||
core.info(metadata);
|
const metadatadt = JSON.stringify(metadata, null, 2);
|
||||||
core.setOutput('metadata', metadata);
|
core.info(metadatadt);
|
||||||
|
core.setOutput('metadata', metadatadt);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue