feat: adding support for AUX_REPOSITORY to send sboms

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
ko-build · Sep 12, 2022 · 90691ad · 90691ad
1 parent bb84aa3
commit 90691ad
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 5 deletions.
diff --git a/pkg/commands/resolver.go b/pkg/commands/resolver.go
@@ -209,7 +209,7 @@ func makePublisher(po *options.PublishOptions) (publish.Interface, error) {
 		if po.Push {
 			dp, err := publish.NewDefault(repoName,
 				publish.WithUserAgent(userAgent),
-				publish.WithAuthFromKeychain(keychain),
+				publish.WithKeyChain(keychain),
 				publish.WithNamer(namer),
 				publish.WithTags(po.Tags),
 				publish.WithTagOnly(po.TagOnly),

diff --git a/pkg/publish/default.go b/pkg/publish/default.go
@@ -40,8 +40,9 @@ type defalt struct {
 	base      string
 	t         http.RoundTripper
 	userAgent string
-	auth      authn.Authenticator
 	namer     Namer
+	auth      authn.Authenticator
+	keychain  authn.Keychain
 	tags      []string
 	tagOnly   bool
 	insecure  bool
@@ -55,6 +56,7 @@ type defaultOpener struct {
 	t         http.RoundTripper
 	userAgent string
 	auth      authn.Authenticator
+	keychain  authn.Keychain
 	namer     Namer
 	tags      []string
 	tagOnly   bool
@@ -67,8 +69,9 @@ type Namer func(string, string) string
 
 // identity is the default namer, so import paths are affixed as-is under the repository
 // name for maximum clarity, e.g.
-//   gcr.io/foo/github.com/bar/baz/cmd/blah
-//   ^--base--^ ^-------import path-------^
+
+//	gcr.io/foo/github.com/bar/baz/cmd/blah
+//	^--base--^ ^-------import path-------^
 func identity(base, in string) string { return path.Join(base, in) }
 
 // As some registries do not support pushing an image by digest, the default tag for pushing
@@ -90,6 +93,7 @@ func (do *defaultOpener) Open() (Interface, error) {
 		t:         do.t,
 		userAgent: do.userAgent,
 		auth:      do.auth,
+		keychain:  do.keychain,
 		namer:     do.namer,
 		tags:      do.tags,
 		tagOnly:   do.tagOnly,
@@ -105,6 +109,7 @@ func NewDefault(base string, options ...Option) (Interface, error) {
 		t:         http.DefaultTransport,
 		userAgent: "ko",
 		auth:      authn.Anonymous,
+		keychain:  authn.DefaultKeychain,
 		namer:     identity,
 		tags:      defaultTags,
 	}
@@ -203,7 +208,7 @@ func (d *defalt) Publish(ctx context.Context, br build.Result, s string) (name.R
 	// https://github.com/google/go-containerregistry/issues/212
 	s = strings.ToLower(s)
 
-	ro := []remote.Option{remote.WithAuth(d.auth), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)}
+	ro := []remote.Option{remote.WithAuthFromKeychain(d.keychain), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)}
 	no := []name.Option{}
 	if d.insecure {
 		no = append(no, name.Insecure)

diff --git a/pkg/publish/options.go b/pkg/publish/options.go
@@ -78,6 +78,15 @@ func WithAuthFromKeychain(keys authn.Keychain) Option {
 	}
 }
 
+// WithKeyChain is a functional option for overriding the default
+// authenticator on a default publisher using an authn.Keychain
+func WithKeyChain(keys authn.Keychain) Option {
+	return func(i *defaultOpener) error {
+		i.keychain = keys
+		return nil
+	}
+}
+
 // WithNamer is a functional option for overriding the image naming behavior
 // in our default publisher.
 func WithNamer(n Namer) Option {