Skip to content

Commit

Permalink
buildx(build): resolveProvenance from metadata
Browse files Browse the repository at this point in the history 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
  • Loading branch information
@crazy-max
crazy-max committed Jun 14, 2024
1 parent 1b7201d commit 718ddaa
Show file tree
Hide file tree
Showing 4 changed files with 259 additions and 8 deletions.
20 changes: 13 additions & 7 deletions __tests__/buildx/build.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,11 @@ import * as rimraf from 'rimraf';
import {Context} from '../../src/context';
import {Build} from '../../src/buildx/build';

import {BuildMetadata} from '../../src/types/buildx/build';

const fixturesDir = path.join(__dirname, '..', 'fixtures');
// prettier-ignore
const tmpDir = path.join(process.env.TEMP || '/tmp', 'buildx-inputs-jest');
const tmpName = path.join(tmpDir, '.tmpname-jest');
const metadata: BuildMetadata = {
'buildx.build.ref': 'default/default/n6ibcp9b2pw108rrz7ywdznvo',
'containerimage.config.digest': 'sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd',
'containerimage.digest': 'sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c'
};
const metadata = JSON.parse(fs.readFileSync(path.join(fixturesDir, 'metadata.json'), 'utf-8'));

jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
if (!fs.existsSync(tmpDir)) {
Expand Down Expand Up @@ -78,6 +72,18 @@ describe('resolveRef', () => {
});
});

describe('resolveProvenance', () => {
it('matches', async () => {
const build = new Build();
fs.writeFileSync(build.getMetadataFilePath(), JSON.stringify(metadata));
const provenance = build.resolveProvenance();
expect(provenance).toBeDefined();
expect(provenance?.buildType).toEqual('https://mobyproject.org/buildkit@v1');
expect(provenance?.materials).toBeDefined();
expect(provenance?.materials?.length).toEqual(2);
});
});

describe('resolveDigest', () => {
it('matches', async () => {
const build = new Build();
Expand Down
230 changes: 230 additions & 0 deletions __tests__/fixtures/metadata.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
{
"buildx.build.provenance": {
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{
"uri": "pkg:docker/docker/dockerfile-upstream@master",
"digest": {
"sha256": "70433342168dafa34d11bd7236c3c3fcf448b90539733281711050808f32e835"
}
},
{
"uri": "pkg:docker/busybox@latest?platform=linux%2Famd64",
"digest": {
"sha256": "9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7"
}
}
],
"invocation": {
"configSource": {
"entryPoint": "Dockerfile"
},
"parameters": {
"frontend": "gateway.v0",
"args": {
"cmdline": "docker/dockerfile-upstream:master",
"source": "docker/dockerfile-upstream:master"
},
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"platform": "linux/amd64"
}
}
},
"buildx.build.ref": "default/default/n6ibcp9b2pw108rrz7ywdznvo",
"buildx.build.status": {
"warnings": [
{
"vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
"level": 1,
"short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdmck9NJyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDIp",
"detail": [
"SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
],
"url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
"sourceInfo": {
"filename": "Dockerfile",
"data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
"definition": {
"def": [
"GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
"CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
],
"metadata": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
"description": {
"llb.customname": "[internal] load build definition from Dockerfile"
},
"caps": {
"source.local": true,
"source.local.followpaths": true,
"source.local.sessionid": true,
"source.local.sharedkeyhint": true
}
},
"sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
"caps": {
"constraints": true,
"meta.description": true,
"platform": true
}
}
},
"Source": {
"locations": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
}
}
},
"language": "Dockerfile"
},
"range": [
{
"start": {
"line": 2
},
"end": {
"line": 2
}
}
]
},
{
"vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
"level": 1,
"short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdjT3B5JyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDMp",
"detail": [
"SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
],
"url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
"sourceInfo": {
"filename": "Dockerfile",
"data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
"definition": {
"def": [
"GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
"CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
],
"metadata": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
"description": {
"llb.customname": "[internal] load build definition from Dockerfile"
},
"caps": {
"source.local": true,
"source.local.followpaths": true,
"source.local.sessionid": true,
"source.local.sharedkeyhint": true
}
},
"sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
"caps": {
"constraints": true,
"meta.description": true,
"platform": true
}
}
},
"Source": {
"locations": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
}
}
},
"language": "Dockerfile"
},
"range": [
{
"start": {
"line": 3
},
"end": {
"line": 3
}
}
]
},
{
"vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
"level": 1,
"short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdDT1B5JyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDYp",
"detail": [
"SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
],
"url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
"sourceInfo": {
"filename": "Dockerfile",
"data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
"definition": {
"def": [
"GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
"CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
],
"metadata": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
"description": {
"llb.customname": "[internal] load build definition from Dockerfile"
},
"caps": {
"source.local": true,
"source.local.followpaths": true,
"source.local.sessionid": true,
"source.local.sharedkeyhint": true
}
},
"sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
"caps": {
"constraints": true,
"meta.description": true,
"platform": true
}
}
},
"Source": {
"locations": {
"sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
}
}
},
"language": "Dockerfile"
},
"range": [
{
"start": {
"line": 6
},
"end": {
"line": 6
}
},
{
"start": {
"line": 7
},
"end": {
"line": 7
}
},
{
"start": {
"line": 8
},
"end": {
"line": 8
}
}
]
}
]
},
"containerimage.config.digest": "sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd",
"containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
}
14 changes: 14 additions & 0 deletions src/buildx/build.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import {GitHub} from '../github';
import {Util} from '../util';

import {BuildMetadata} from '../types/buildx/build';
import {ProvenancePredicate} from '../types/intoto/slsa_provenance/v0.2/provenance';

export interface BuildOpts {
buildx?: Buildx;
Expand Down Expand Up @@ -82,6 +83,19 @@ export class Build {
return undefined;
}

public resolveProvenance(metadata?: BuildMetadata): ProvenancePredicate | undefined {
if (!metadata) {
metadata = this.resolveMetadata();
if (!metadata) {
return undefined;
}
}
if ('buildx.build.provenance' in metadata) {
return metadata['buildx.build.provenance'] as ProvenancePredicate;
}
return undefined;
}

public resolveDigest(metadata?: BuildMetadata): string | undefined {
if (!metadata) {
metadata = this.resolveMetadata();
Expand Down
3 changes: 2 additions & 1 deletion src/types/buildx/build.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
*/

export type BuildMetadata = {
[key: string]: string;
// eslint-disable-next-line @typescript-eslint/no-explicit-any
[key: string]: any;
};

0 comments on commit 718ddaa

Please sign in to comment.