actions/build-push-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use methods from toolkit to handle provenance attrs

Browse Source 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2023-03-12 23:34:24 +01:00
parent 80def7c74e
commit b3435979d1
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7
4 changed files with 11 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
__tests__/context.test.ts
View File

@ -4,7 +4,7 @@ import * as path from 'path';
import {Builder} from '@docker/actions-toolkit/lib/buildx/builder'; import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx'; import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder'; import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder';
@ -42,9 +42,9 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
lastActivity: new Date('2023-01-16 09:45:23 +0000 UTC'), lastActivity: new Date('2023-01-16 09:45:23 +0000 UTC'),
nodes: [ nodes: [
{ {
buildkitVersion: 'v0.11.0', buildkit: 'v0.11.0',
buildkitdFlags: '--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host', 'buildkitd-flags': '--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
driverOpts: ['BUILDKIT_STEP_LOG_MAX_SIZE=10485760', 'BUILDKIT_STEP_LOG_MAX_SPEED=10485760', 'JAEGER_TRACE=localhost:6831', 'image=moby/buildkit:latest', 'network=host'], 'driver-opts': ['BUILDKIT_STEP_LOG_MAX_SIZE=10485760', 'BUILDKIT_STEP_LOG_MAX_SPEED=10485760', 'JAEGER_TRACE=localhost:6831', 'image=moby/buildkit:latest', 'network=host'],
endpoint: 'unix:///var/run/docker.sock', endpoint: 'unix:///var/run/docker.sock',
name: 'builder20', name: 'builder20',
platforms: 'linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6', platforms: 'linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6',
@ -609,7 +609,7 @@ nproc=3`],
jest.spyOn(Buildx.prototype, 'version').mockImplementation(async (): Promise<string> => { jest.spyOn(Buildx.prototype, 'version').mockImplementation(async (): Promise<string> => {
return buildxVersion; return buildxVersion;
}); });
const inp = await context.getInputs(); const inp = await context.getInputs(toolkit);
const res = await context.getArgs(inp, toolkit); const res = await context.getArgs(inp, toolkit);
expect(res).toEqual(expected); expect(res).toEqual(expected);
} }

1
package.json
View File

@ -30,7 +30,6 @@
"dependencies": { "dependencies": {
"@actions/core": "^1.10.0", "@actions/core": "^1.10.0",
"@docker/actions-toolkit": "^0.1.0-beta.19", "@docker/actions-toolkit": "^0.1.0-beta.19",
"csv-parse": "^5.3.5",
"handlebars": "^4.7.7" "handlebars": "^4.7.7"
}, },
"devDependencies": { "devDependencies": {

43
src/context.ts
View File

@ -1,5 +1,4 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import {parse} from 'csv-parse/sync';
import * as handlebars from 'handlebars'; import * as handlebars from 'handlebars';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
@ -40,7 +39,7 @@ export interface Inputs {
githubToken: string; githubToken: string;
} }
export async function getInputs(): Promise<Inputs> { export async function getInputs(toolkit: Toolkit): Promise<Inputs> {
return { return {
addHosts: Util.getInputList('add-hosts'), addHosts: Util.getInputList('add-hosts'),
allow: Util.getInputList('allow'), allow: Util.getInputList('allow'),
@ -60,7 +59,7 @@ export async function getInputs(): Promise<Inputs> {
noCacheFilters: Util.getInputList('no-cache-filters'), noCacheFilters: Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true}), outputs: Util.getInputList('outputs', {ignoreComma: true}),
platforms: Util.getInputList('platforms'), platforms: Util.getInputList('platforms'),
provenance: getProvenanceInput('provenance'), provenance: toolkit.buildx.inputs.getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'), pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'), push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'), sbom: core.getInput('sbom'),
@ -145,10 +144,10 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
if (GitHub.context.payload.repository?.private ?? false) { if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance // if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603 // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--provenance', getProvenanceAttrs(`mode=min,inline-only=true`)); args.push('--provenance', toolkit.buildx.inputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
} else { } else {
// for a public repository, we set max provenance mode. // for a public repository, we set max provenance mode.
args.push('--provenance', getProvenanceAttrs(`mode=max`)); args.push('--provenance', toolkit.buildx.inputs.resolveProvenanceAttrs(`mode=max`));
} }
} }
if (inputs.sbom) { if (inputs.sbom) {
@ -215,37 +214,3 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
} }
return args; return args;
} }
function getProvenanceInput(name: string): string {
const input = core.getInput(name);
if (!input) {
// if input is not set, default values will be set later.
return input;
}
try {
return core.getBooleanInput(name) ? `builder-id=${Context.provenanceBuilderID()}` : 'false';
} catch (err) {
// not a valid boolean, so we assume it's a string
return getProvenanceAttrs(input);
}
}
function getProvenanceAttrs(input: string): string {
// parse attributes from input
const fields = parse(input, {
relaxColumnCount: true,
skipEmptyLines: true
})[0];
// check if builder-id attribute exists in the input
for (const field of fields) {
const parts = field
.toString()
.split(/(?<=^[^=]+?)=/)
.map(item => item.trim());
if (parts[0] == 'builder-id') {
return input;
}
}
// if not add builder-id attribute
return `${input},builder-id=${Context.provenanceBuilderID()}`;
}

4
src/main.ts
View File

@ -3,7 +3,7 @@ import * as stateHelper from './state-helper';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit'; import * as actionsToolkit from '@docker/actions-toolkit';
import {Context} from '@docker/actions-toolkit/lib/context'; import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker'; import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec'; import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github'; import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
@ -13,8 +13,8 @@ import * as context from './context';
actionsToolkit.run( actionsToolkit.run(
// main // main
async () => { async () => {
const inputs: context.Inputs = await context.getInputs();
const toolkit = new Toolkit(); const toolkit = new Toolkit();
const inputs: context.Inputs = await context.getInputs(toolkit);
await core.group(`GitHub Actions runtime token ACs`, async () => { await core.group(`GitHub Actions runtime token ACs`, async () => {
try { try {