Home Explore Help
Register Sign In
Apq
/
docker-compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

add --provenance and --sbom flag to generated bake command line,
also add attestation per-service configuration to generated bake target

Signed-off-by: Guillaume Lours <[email protected]>

Guillaume Lours 3 months ago
parent
c2cb0aef6b
commit
f266715dd0
1 changed files with 32 additions and 0 deletions
Split View Show Diff Stats
  1. 32 0
      pkg/compose/build_bake.go

+ 32 - 0
pkg/compose/build_bake.go
View File 

@@ -119,6 +119,7 @@ type bakeTarget struct {
 
 	Entitlements     []string          `json:"entitlements,omitempty"`
 
 	ExtraHosts       map[string]string `json:"extra-hosts,omitempty"`
 
 	Outputs          []string          `json:"output,omitempty"`
 
+	Attest           []string          `json:"attest,omitempty"`
 
 }
 
 
 type bakeMetadata map[string]buildStatus
 
@@ -255,6 +256,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
 
 
 			Outputs: outputs,
 
 			Call:    call,
 
+			Attest:  toBakeAttest(build),
 
 		}
 
 	}
 
 
@@ -308,6 +310,12 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
 
 			args = append(args, "--allow", "security.insecure")
 
 		}
 
 	}
 
+	if options.SBOM != "" {
 
+		args = append(args, "--sbom="+options.SBOM)
 
+	}
 
+	if options.Provenance != "" {
 
+		args = append(args, "--provenance="+options.Provenance)
 
+	}
 
 
 	if options.Builder != "" {
 
 		args = append(args, "--builder", options.Builder)
 
@@ -458,6 +466,30 @@ func toBakeSecrets(project *types.Project, secrets []types.ServiceSecretConfig)
 
 	return s
 
 }
 
 
+func toBakeAttest(build types.BuildConfig) []string {
 
+	var attests []string
 
+
 
+	// Handle per-service provenance configuration (only from build config, not global options)
 
+	if build.Provenance != "" {
 
+		if build.Provenance == "true" {
 
+			attests = append(attests, "type=provenance")
 
+		} else if build.Provenance != "false" {
 
+			attests = append(attests, fmt.Sprintf("type=provenance,%s", build.Provenance))
 
+		}
 
+	}
 
+
 
+	// Handle per-service SBOM configuration (only from build config, not global options)
 
+	if build.SBOM != "" {
 
+		if build.SBOM == "true" {
 
+			attests = append(attests, "type=sbom")
 
+		} else if build.SBOM != "false" {
 
+			attests = append(attests, fmt.Sprintf("type=sbom,%s", build.SBOM))
 
+		}
 
+	}
 
+
 
+	return attests
 
+}
 
+
 
 func dockerFilePath(ctxName string, dockerfile string) string {
 
 	if dockerfile == "" {
 
 		return ""