From e266e3e984a55d67bb0c6d5854438a95344d536f Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Fri, 14 Jun 2024 12:24:38 +0200
Subject: [PATCH] buildx(build): resolveProvenance from metadata

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 __tests__/buildx/build.test.ts   | 20 +++++++++-----
 __tests__/fixtures/metadata.json | 45 ++++++++++++++++++++++++++++++++
 src/buildx/build.ts              | 14 ++++++++++
 src/types/buildx/build.ts        |  3 ++-
 4 files changed, 74 insertions(+), 8 deletions(-)
 create mode 100644 __tests__/fixtures/metadata.json

diff --git a/__tests__/buildx/build.test.ts b/__tests__/buildx/build.test.ts
index 01070fff..c348a424 100644
--- a/__tests__/buildx/build.test.ts
+++ b/__tests__/buildx/build.test.ts
@@ -22,17 +22,11 @@ import * as rimraf from 'rimraf';
 import {Context} from '../../src/context';
 import {Build} from '../../src/buildx/build';
 
-import {BuildMetadata} from '../../src/types/buildx/build';
-
 const fixturesDir = path.join(__dirname, '..', 'fixtures');
 // prettier-ignore
 const tmpDir = path.join(process.env.TEMP || '/tmp', 'buildx-inputs-jest');
 const tmpName = path.join(tmpDir, '.tmpname-jest');
-const metadata: BuildMetadata = {
-  'buildx.build.ref': 'default/default/n6ibcp9b2pw108rrz7ywdznvo',
-  'containerimage.config.digest': 'sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd',
-  'containerimage.digest': 'sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c'
-};
+const metadata = JSON.parse(fs.readFileSync(path.join(fixturesDir, 'metadata.json'), 'utf-8'));
 
 jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
   if (!fs.existsSync(tmpDir)) {
@@ -78,6 +72,18 @@ describe('resolveRef', () => {
   });
 });
 
+describe('resolveProvenance', () => {
+  it('matches', async () => {
+    const build = new Build();
+    fs.writeFileSync(build.getMetadataFilePath(), JSON.stringify(metadata));
+    const provenance = build.resolveProvenance();
+    expect(provenance).toBeDefined();
+    expect(provenance?.buildType).toEqual('https://mobyproject.org/buildkit@v1');
+    expect(provenance?.materials).toBeDefined();
+    expect(provenance?.materials?.length).toEqual(2);
+  });
+});
+
 describe('resolveDigest', () => {
   it('matches', async () => {
     const build = new Build();
diff --git a/__tests__/fixtures/metadata.json b/__tests__/fixtures/metadata.json
new file mode 100644
index 00000000..1de626af
--- /dev/null
+++ b/__tests__/fixtures/metadata.json
@@ -0,0 +1,45 @@
+{
+  "buildx.build.provenance": {
+    "buildType": "https://mobyproject.org/buildkit@v1",
+    "materials": [
+      {
+        "uri": "pkg:docker/docker/dockerfile-upstream@master",
+        "digest": {
+          "sha256": "70433342168dafa34d11bd7236c3c3fcf448b90539733281711050808f32e835"
+        }
+      },
+      {
+        "uri": "pkg:docker/busybox@latest?platform=linux%2Famd64",
+        "digest": {
+          "sha256": "9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7"
+        }
+      }
+    ],
+    "invocation": {
+      "configSource": {
+        "entryPoint": "Dockerfile"
+      },
+      "parameters": {
+        "frontend": "gateway.v0",
+        "args": {
+          "cmdline": "docker/dockerfile-upstream:master",
+          "source": "docker/dockerfile-upstream:master"
+        },
+        "locals": [
+          {
+            "name": "context"
+          },
+          {
+            "name": "dockerfile"
+          }
+        ]
+      },
+      "environment": {
+        "platform": "linux/amd64"
+      }
+    }
+  },
+  "buildx.build.ref": "default/default/n6ibcp9b2pw108rrz7ywdznvo",
+  "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd",
+  "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
+}
diff --git a/src/buildx/build.ts b/src/buildx/build.ts
index 9d4c71bd..796e36e4 100644
--- a/src/buildx/build.ts
+++ b/src/buildx/build.ts
@@ -25,6 +25,7 @@ import {GitHub} from '../github';
 import {Util} from '../util';
 
 import {BuildMetadata} from '../types/buildx/build';
+import {ProvenancePredicate} from '../types/intoto/slsa_provenance/v0.2/provenance';
 
 export interface BuildOpts {
   buildx?: Buildx;
@@ -82,6 +83,19 @@ export class Build {
     return undefined;
   }
 
+  public resolveProvenance(metadata?: BuildMetadata): ProvenancePredicate | undefined {
+    if (!metadata) {
+      metadata = this.resolveMetadata();
+      if (!metadata) {
+        return undefined;
+      }
+    }
+    if ('buildx.build.provenance' in metadata) {
+      return metadata['buildx.build.provenance'] as ProvenancePredicate;
+    }
+    return undefined;
+  }
+
   public resolveDigest(metadata?: BuildMetadata): string | undefined {
     if (!metadata) {
       metadata = this.resolveMetadata();
diff --git a/src/types/buildx/build.ts b/src/types/buildx/build.ts
index 44662200..e31470c2 100644
--- a/src/types/buildx/build.ts
+++ b/src/types/buildx/build.ts
@@ -15,5 +15,6 @@
  */
 
 export type BuildMetadata = {
-  [key: string]: string;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  [key: string]: any;
 };