Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: improve dockerfile verify subcommand #3264

Merged
merged 1 commit into from
Oct 16, 2023
Merged

feat: improve dockerfile verify subcommand #3264

merged 1 commit into from
Oct 16, 2023

Conversation

BobyMCbobs
Copy link
Contributor

support images resolved from ENV, ARG and COPY --from

resolves: #3260

Summary

cosign dockerfile verify does not interpolate variables in FROM statements, instead just panics.
Adds the ability to load key-value pairs from ENV and ARG to interpolate in FROM and COPY --from statements.

Release Note

Improved discoverability for images in Dockerfiles

@BobyMCbobs BobyMCbobs force-pushed the improve-dockerfile-verify branch 2 times, most recently from 443ba73 to e6eadee Compare September 28, 2023 07:59
@codecov
Copy link

codecov bot commented Sep 28, 2023
edited
Loading

Codecov Report

Merging #3264 (76858d7) into main (0044432) will increase coverage by 0.35%.
Report is 17 commits behind head on main.
The diff coverage is 80.51%.

@@            Coverage Diff             @@
##             main    #3264      +/-   ##
==========================================
+ Coverage   30.32%   30.67%   +0.35%     
==========================================
  Files         155      155              
  Lines        9853     9923      +70     
==========================================
+ Hits         2988     3044      +56     
- Misses       6418     6429      +11     
- Partials      447      450       +3
Files Coverage Δ
cmd/cosign/cli/dockerfile/verify.go 64.40% <80.51%> (+22.74%) ⬆️

@BobyMCbobs BobyMCbobs force-pushed the improve-dockerfile-verify branch 3 times, most recently from dc68327 to 58b51bd Compare September 29, 2023 06:55
cpanato
cpanato requested changes Oct 5, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
just a small nit

thanks for adding tests as well

cmd/cosign/cli/dockerfile/verify_test.go Outdated
{
name: "gauntlet",
fileContents: `FROM gcr.io/${TEST_IMAGE_REPO_PATH}/one AS one
RUN script1
FROM gcr.io/$TEST_IMAGE_REPO_PATH/${TEST_SUBREPO}:latest
RUN script2
FROM --platform=linux/amd64 gcr.io/${TEST_IMAGE_REPO_PATH}/$TEST_RUNTIME_SUBREPO
COPY --from=gcr.io/someorg/someimage /etc/config /app/etc/config
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks a bit off, can you check the indentation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 76858d7

@BobyMCbobs
feat: improve dockerfile verify subcommand
76858d7 
support images resolved from ENV, ARG and COPY --from

Signed-off-by: Caleb Woodbine <calebwoodbine.public@gmail.com>
@BobyMCbobs
Copy link
Contributor Author

lgtm just a small nit

@cpanato , updated the indent and fixed the tests in 76858d7

thanks for adding tests as well

Absolutely!

cpanato
cpanato approved these changes Oct 10, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
thank you

hectorj2f
hectorj2f approved these changes Oct 11, 2023
View reviewed changes
Copy link
Contributor

@hectorj2f hectorj2f left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

haydentherapper
haydentherapper approved these changes Oct 16, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool! Thanks for the tests too!

@haydentherapper haydentherapper merged commit 1b58b16 into sigstore:main Oct 16, 2023
28 checks passed
@github-actions github-actions bot added this to the v2.3.0 milestone Oct 16, 2023
@BobyMCbobs
Copy link
Contributor Author

Wooohoooo! Thank you for the merge @haydentherapper @hectorj2f @cpanato!

@cpanato cpanato modified the milestones: v2.3.0, v2.2.1 Nov 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f hectorj2f approved these changes

@cpanato cpanato cpanato approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.2.1
Development

Successfully merging this pull request may close these issues.

Improve dockerfile verify
4 participants
@BobyMCbobs @hectorj2f @cpanato @haydentherapper