Compare commits
7 Commits
d4b6ff3a5c
...
3408ef69f5
| Author | SHA1 | Date | |
|---|---|---|---|
|
3408ef69f5 | ||
|
|
7fd488955d | ||
|
|
0b822a4f19 | ||
|
|
e56956c850 | ||
|
|
14487ce63c | ||
|
|
1c198f4467 | ||
|
|
288d9e2e4a |
23
.github/workflows/ci.yml
vendored
23
.github/workflows/ci.yml
vendored
@ -1571,3 +1571,26 @@ jobs:
|
||||
echo "::error::Should have failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
no-default-attestations:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: action
|
||||
-
|
||||
name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
|
||||
driver-opts: |
|
||||
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
|
||||
-
|
||||
name: Build
|
||||
uses: ./action
|
||||
with:
|
||||
file: ./test/Dockerfile
|
||||
env:
|
||||
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
|
||||
import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
|
||||
import * as fs from 'fs';
|
||||
import * as path from 'path';
|
||||
|
||||
@ -68,6 +68,7 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
|
||||
});
|
||||
|
||||
describe('getArgs', () => {
|
||||
const originalEnv = process.env;
|
||||
beforeEach(() => {
|
||||
process.env = Object.keys(process.env).reduce((object, key) => {
|
||||
if (!key.startsWith('INPUT_')) {
|
||||
@ -76,6 +77,9 @@ describe('getArgs', () => {
|
||||
return object;
|
||||
}, {});
|
||||
});
|
||||
afterEach(() => {
|
||||
process.env = originalEnv;
|
||||
});
|
||||
|
||||
// prettier-ignore
|
||||
test.each([
|
||||
@ -93,7 +97,8 @@ describe('getArgs', () => {
|
||||
'build',
|
||||
'--iidfile', imageIDFilePath,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
1,
|
||||
@ -116,7 +121,8 @@ ccc"`],
|
||||
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
|
||||
'--iidfile', imageIDFilePath,
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
2,
|
||||
@ -134,7 +140,8 @@ ccc"`],
|
||||
'--tag', 'name/app:7.4',
|
||||
'--tag', 'name/app:latest',
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
3,
|
||||
@ -154,7 +161,8 @@ ccc"`],
|
||||
'--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
|
||||
'--output', 'type=local,dest=./release-out',
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
4,
|
||||
@ -171,7 +179,8 @@ ccc"`],
|
||||
'build',
|
||||
'--platform', 'linux/amd64,linux/arm64',
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
5,
|
||||
@ -187,7 +196,8 @@ ccc"`],
|
||||
'build',
|
||||
'--iidfile', imageIDFilePath,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
6,
|
||||
@ -205,7 +215,8 @@ ccc"`],
|
||||
'--iidfile', imageIDFilePath,
|
||||
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
7,
|
||||
@ -223,7 +234,8 @@ ccc"`],
|
||||
'--output', '.',
|
||||
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
8,
|
||||
@ -249,7 +261,8 @@ ccc"`],
|
||||
'--builder', 'builder-git-context-2',
|
||||
'--push',
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
9,
|
||||
@ -286,7 +299,8 @@ ccc"`],
|
||||
'--builder', 'builder-git-context-2',
|
||||
'--push',
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
10,
|
||||
@ -323,7 +337,8 @@ ccc`],
|
||||
'--builder', 'builder-git-context-2',
|
||||
'--push',
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
11,
|
||||
@ -349,7 +364,8 @@ ccc`],
|
||||
'--network', 'host',
|
||||
'--push',
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
12,
|
||||
@ -369,7 +385,8 @@ ccc`],
|
||||
'--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
|
||||
'--output', 'type=local,dest=./release-out',
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
13,
|
||||
@ -395,7 +412,8 @@ ccc`],
|
||||
'--network', 'host',
|
||||
'--push',
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
14,
|
||||
@ -425,7 +443,8 @@ nproc=3`],
|
||||
'--ulimit', 'nproc=3',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
15,
|
||||
@ -442,7 +461,8 @@ nproc=3`],
|
||||
'--iidfile', imageIDFilePath,
|
||||
'--metadata-file', metadataJson,
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
16,
|
||||
@ -461,7 +481,8 @@ nproc=3`],
|
||||
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
|
||||
'--metadata-file', metadataJson,
|
||||
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
17,
|
||||
@ -479,7 +500,8 @@ nproc=3`],
|
||||
'--iidfile', imageIDFilePath,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
18,
|
||||
@ -497,7 +519,8 @@ nproc=3`],
|
||||
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
19,
|
||||
@ -516,7 +539,8 @@ nproc=3`],
|
||||
'--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
20,
|
||||
@ -535,7 +559,8 @@ nproc=3`],
|
||||
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
21,
|
||||
@ -554,7 +579,8 @@ nproc=3`],
|
||||
'--attest', 'type=provenance,disabled=true',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
22,
|
||||
@ -573,7 +599,8 @@ nproc=3`],
|
||||
'--attest', 'type=provenance,builder-id=foo',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
23,
|
||||
@ -592,7 +619,8 @@ nproc=3`],
|
||||
"--output", 'type=docker',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
24,
|
||||
@ -610,7 +638,8 @@ nproc=3`],
|
||||
'--load',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
25,
|
||||
@ -630,7 +659,8 @@ nproc=3`],
|
||||
'--load',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
26,
|
||||
@ -652,7 +682,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--load',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
27,
|
||||
@ -673,7 +704,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--load',
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
28,
|
||||
@ -693,7 +725,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
29,
|
||||
@ -717,7 +750,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
30,
|
||||
@ -737,7 +771,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
31,
|
||||
@ -758,7 +793,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=sbom,disabled=false`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
32,
|
||||
@ -778,7 +814,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
33,
|
||||
@ -797,11 +834,37 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
|
||||
'--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
]
|
||||
],
|
||||
undefined
|
||||
],
|
||||
[
|
||||
34,
|
||||
'0.13.1',
|
||||
new Map<string, string>([
|
||||
['context', '.'],
|
||||
['load', 'false'],
|
||||
['no-cache', 'false'],
|
||||
['push', 'false'],
|
||||
['pull', 'false']
|
||||
]),
|
||||
[
|
||||
'build',
|
||||
'--iidfile', imageIDFilePath,
|
||||
'--metadata-file', metadataJson,
|
||||
'.'
|
||||
],
|
||||
new Map<string, string>([
|
||||
['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
|
||||
])
|
||||
],
|
||||
])(
|
||||
'[%d] given %p with %p as inputs, returns %p',
|
||||
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
|
||||
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
|
||||
if (envs) {
|
||||
envs.forEach((value: string, name: string) => {
|
||||
process.env[name] = value;
|
||||
});
|
||||
}
|
||||
inputs.forEach((value: string, name: string) => {
|
||||
setInput(name, value);
|
||||
});
|
||||
|
||||
4
dist/index.js
generated
vendored
4
dist/index.js
generated
vendored
File diff suppressed because one or more lines are too long
2
dist/index.js.map
generated
vendored
2
dist/index.js.map
generated
vendored
File diff suppressed because one or more lines are too long
@ -27,7 +27,7 @@
|
||||
"packageManager": "yarn@3.6.3",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.11.1",
|
||||
"@docker/actions-toolkit": "0.60.0",
|
||||
"@docker/actions-toolkit": "0.61.0",
|
||||
"handlebars": "^4.7.7"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
||||
@ -245,7 +245,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
||||
if (inputs.provenance) {
|
||||
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
|
||||
provenanceSet = true;
|
||||
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
|
||||
} else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
|
||||
// if provenance not specified in provenance or attests inputs and BuildKit
|
||||
// version compatible for attestation, set default provenance. Also needs
|
||||
// to make sure user doesn't want to explicitly load the image to docker.
|
||||
@ -277,3 +277,10 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
|
||||
|
||||
return args;
|
||||
}
|
||||
|
||||
function noDefaultAttestations(): boolean {
|
||||
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
|
||||
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
10
yarn.lock
10
yarn.lock
@ -1072,9 +1072,9 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"@docker/actions-toolkit@npm:0.60.0":
|
||||
version: 0.60.0
|
||||
resolution: "@docker/actions-toolkit@npm:0.60.0"
|
||||
"@docker/actions-toolkit@npm:0.61.0":
|
||||
version: 0.61.0
|
||||
resolution: "@docker/actions-toolkit@npm:0.61.0"
|
||||
dependencies:
|
||||
"@actions/artifact": ^2.3.2
|
||||
"@actions/cache": ^4.0.3
|
||||
@ -1097,7 +1097,7 @@ __metadata:
|
||||
semver: ^7.7.1
|
||||
tar-stream: ^3.1.7
|
||||
tmp: ^0.2.3
|
||||
checksum: dc7d15b00b8e935b2e4813a0db08b67d4fb6817f6455fd7be1c51cb56a5beeec692c86b2f333437f6dafe81a74e08a38fcff5300384182c733f8a2cfa322f07b
|
||||
checksum: 60cc6c8f5bde8221a3d6a40c15258d44a468950353098f1814d8af3a14131df9c41df5b87298cd82f5c77aa4e36e262c15a5bb0cc03ea2857bea18c9e0952d80
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@ -3143,7 +3143,7 @@ __metadata:
|
||||
resolution: "docker-build-push@workspace:."
|
||||
dependencies:
|
||||
"@actions/core": ^1.11.1
|
||||
"@docker/actions-toolkit": 0.60.0
|
||||
"@docker/actions-toolkit": 0.61.0
|
||||
"@types/node": ^20.12.12
|
||||
"@typescript-eslint/eslint-plugin": ^7.9.0
|
||||
"@typescript-eslint/parser": ^7.9.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user