tyler.durden/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2025-09-25 18:48:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

add --provenance and --sbom flag to generated bake command line,

Browse Source 
also add attestation per-service configuration to generated bake target

Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
This commit is contained in:
Guillaume Lours 2025-08-12 11:00:24 +02:00
parent c2cb0aef6b
commit f266715dd0
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pkg/compose/build_bake.go
View File

@ -119,6 +119,7 @@ type bakeTarget struct {
Entitlements []string `json:"entitlements,omitempty"` Entitlements []string `json:"entitlements,omitempty"`
ExtraHosts map[string]string `json:"extra-hosts,omitempty"` ExtraHosts map[string]string `json:"extra-hosts,omitempty"`
Outputs []string `json:"output,omitempty"` Outputs []string `json:"output,omitempty"`
Attest []string `json:"attest,omitempty"`
} }
type bakeMetadata map[string]buildStatus type bakeMetadata map[string]buildStatus
@ -255,6 +256,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
Outputs: outputs, Outputs: outputs,
Call: call, Call: call,
Attest: toBakeAttest(build),
} }
} }
@ -308,6 +310,12 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
args = append(args, "--allow", "security.insecure") args = append(args, "--allow", "security.insecure")
} }
} }
if options.SBOM != "" {
args = append(args, "--sbom="+options.SBOM)
}
if options.Provenance != "" {
args = append(args, "--provenance="+options.Provenance)
}
if options.Builder != "" { if options.Builder != "" {
args = append(args, "--builder", options.Builder) args = append(args, "--builder", options.Builder)
@ -458,6 +466,30 @@ func toBakeSecrets(project *types.Project, secrets []types.ServiceSecretConfig)
return s return s
} }
func toBakeAttest(build types.BuildConfig) []string {
var attests []string
// Handle per-service provenance configuration (only from build config, not global options)
if build.Provenance != "" {
if build.Provenance == "true" {
attests = append(attests, "type=provenance")
} else if build.Provenance != "false" {
attests = append(attests, fmt.Sprintf("type=provenance,%s", build.Provenance))
}
}
// Handle per-service SBOM configuration (only from build config, not global options)
if build.SBOM != "" {
if build.SBOM == "true" {
attests = append(attests, "type=sbom")
} else if build.SBOM != "false" {
attests = append(attests, fmt.Sprintf("type=sbom,%s", build.SBOM))
}
}
return attests
}
func dockerFilePath(ctxName string, dockerfile string) string { func dockerFilePath(ctxName string, dockerfile string) string {
if dockerfile == "" { if dockerfile == "" {
return "" return ""