feat: adding support for AUX_REPOSITORY to send sboms

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
ko-build · Sep 12, 2022 · b5a430b · b5a430b
1 parent bb84aa3
commit b5a430b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 28 deletions.
diff --git a/pkg/publish/default.go b/pkg/publish/default.go
@@ -40,8 +40,9 @@ type defalt struct {
 	base      string
 	t         http.RoundTripper
 	userAgent string
-	auth      authn.Authenticator
 	namer     Namer
+	auth      authn.Authenticator
+	keychain  authn.Keychain
 	tags      []string
 	tagOnly   bool
 	insecure  bool
@@ -55,6 +56,7 @@ type defaultOpener struct {
 	t         http.RoundTripper
 	userAgent string
 	auth      authn.Authenticator
+	keychain  authn.Keychain
 	namer     Namer
 	tags      []string
 	tagOnly   bool
@@ -67,8 +69,8 @@ type Namer func(string, string) string
 
 // identity is the default namer, so import paths are affixed as-is under the repository
 // name for maximum clarity, e.g.
-//   gcr.io/foo/github.com/bar/baz/cmd/blah
-//   ^--base--^ ^-------import path-------^
+//	 gcr.io/foo/github.com/bar/baz/cmd/blah
+//	 ^--base--^ ^-------import path-------^
 func identity(base, in string) string { return path.Join(base, in) }
 
 // As some registries do not support pushing an image by digest, the default tag for pushing
@@ -90,6 +92,7 @@ func (do *defaultOpener) Open() (Interface, error) {
 		t:         do.t,
 		userAgent: do.userAgent,
 		auth:      do.auth,
+		keychain:  do.keychain,
 		namer:     do.namer,
 		tags:      do.tags,
 		tagOnly:   do.tagOnly,
@@ -105,6 +108,7 @@ func NewDefault(base string, options ...Option) (Interface, error) {
 		t:         http.DefaultTransport,
 		userAgent: "ko",
 		auth:      authn.Anonymous,
+		keychain:  authn.DefaultKeychain,
 		namer:     identity,
 		tags:      defaultTags,
 	}
@@ -203,7 +207,7 @@ func (d *defalt) Publish(ctx context.Context, br build.Result, s string) (name.R
 	// https://github.com/google/go-containerregistry/issues/212
 	s = strings.ToLower(s)
 
-	ro := []remote.Option{remote.WithAuth(d.auth), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)}
+	ro := []remote.Option{remote.WithAuthFromKeychain(d.keychain), remote.WithTransport(d.t), remote.WithContext(ctx), remote.WithUserAgent(d.userAgent)}
 	no := []name.Option{}
 	if d.insecure {
 		no = append(no, name.Insecure)

diff --git a/pkg/publish/options.go b/pkg/publish/options.go
@@ -16,12 +16,8 @@ package publish
 
 import (
 	"crypto/tls"
-	"log"
-	"net/http"
-	"path"
-
 	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/name"
+	"net/http"
 )
 
 // WithTransport is a functional option for overriding the default transport
@@ -55,25 +51,7 @@ func WithAuth(auth authn.Authenticator) Option {
 // authenticator on a default publisher using an authn.Keychain
 func WithAuthFromKeychain(keys authn.Keychain) Option {
 	return func(i *defaultOpener) error {
-		// We parse this lazily because it is a repository prefix, which
-		// means that docker.io/mattmoor actually gets interpreted as
-		// docker.io/library/mattmoor, which gets tricky when we start
-		// appending things to it in the publisher.
-		//
-		// We append a fake path "ko" to KO_DOCKER_REPO in order to
-		// make parsing out the registry easier.
-		repo, err := name.NewRepository(path.Join(i.base, "ko"))
-		if err != nil {
-			return err
-		}
-		auth, err := keys.Resolve(repo.Registry)
-		if err != nil {
-			return err
-		}
-		if auth == authn.Anonymous {
-			log.Println("No matching credentials were found, falling back on anonymous")
-		}
-		i.auth = auth
+		i.keychain = keys
 		return nil
 	}
 }