Merge pull request #2280 from crazy-max/provenance-metadata

build: set record provenance in response

vendor/github.com/moby/buildkit/executor/resources/types/systypes.go

@@ -0,0 +1,72 @@
+package types
+
+import (
+	"encoding/json"
+	"math"
+	"time"
+)
+
+type SysCPUStat struct {
+	User      float64 `json:"user"`
+	Nice      float64 `json:"nice"`
+	System    float64 `json:"system"`
+	Idle      float64 `json:"idle"`
+	Iowait    float64 `json:"iowait"`
+	IRQ       float64 `json:"irq"`
+	SoftIRQ   float64 `json:"softirq"`
+	Steal     float64 `json:"steal"`
+	Guest     float64 `json:"guest"`
+	GuestNice float64 `json:"guestNice"`
+}
+
+type sysCPUStatAlias SysCPUStat // avoid recursion of MarshalJSON
+
+func (s SysCPUStat) MarshalJSON() ([]byte, error) {
+	return json.Marshal(sysCPUStatAlias{
+		User:      math.Round(s.User*1000) / 1000,
+		Nice:      math.Round(s.Nice*1000) / 1000,
+		System:    math.Round(s.System*1000) / 1000,
+		Idle:      math.Round(s.Idle*1000) / 1000,
+		Iowait:    math.Round(s.Iowait*1000) / 1000,
+		IRQ:       math.Round(s.IRQ*1000) / 1000,
+		SoftIRQ:   math.Round(s.SoftIRQ*1000) / 1000,
+		Steal:     math.Round(s.Steal*1000) / 1000,
+		Guest:     math.Round(s.Guest*1000) / 1000,
+		GuestNice: math.Round(s.GuestNice*1000) / 1000,
+	})
+}
+
+type ProcStat struct {
+	ContextSwitches  uint64 `json:"contextSwitches"`
+	ProcessCreated   uint64 `json:"processCreated"`
+	ProcessesRunning uint64 `json:"processesRunning"`
+}
+
+type SysMemoryStat struct {
+	Total     *uint64 `json:"total"`
+	Free      *uint64 `json:"free"`
+	Available *uint64 `json:"available"`
+	Buffers   *uint64 `json:"buffers"`
+	Cached    *uint64 `json:"cached"`
+	Active    *uint64 `json:"active"`
+	Inactive  *uint64 `json:"inactive"`
+	Swap      *uint64 `json:"swap"`
+	Dirty     *uint64 `json:"dirty"`
+	Writeback *uint64 `json:"writeback"`
+	Slab      *uint64 `json:"slab"`
+}
+
+type SysSample struct {
+	//nolint
+	Timestamp_     time.Time      `json:"timestamp"`
+	CPUStat        *SysCPUStat    `json:"cpuStat,omitempty"`
+	ProcStat       *ProcStat      `json:"procStat,omitempty"`
+	MemoryStat     *SysMemoryStat `json:"memoryStat,omitempty"`
+	CPUPressure    *Pressure      `json:"cpuPressure,omitempty"`
+	MemoryPressure *Pressure      `json:"memoryPressure,omitempty"`
+	IOPressure     *Pressure      `json:"ioPressure,omitempty"`
+}
+
+func (s *SysSample) Timestamp() time.Time {
+	return s.Timestamp_
+}

vendor/github.com/moby/buildkit/executor/resources/types/types.go

@@ -0,0 +1,113 @@
+package types
+
+import (
+	"context"
+	"time"
+)
+
+type Recorder interface {
+	Start()
+	Close()
+	CloseAsync(func(context.Context) error) error
+	Wait() error
+	Samples() (*Samples, error)
+}
+
+type Samples struct {
+	Samples    []*Sample   `json:"samples,omitempty"`
+	SysCPUStat *SysCPUStat `json:"sysCPUStat,omitempty"`
+}
+
+// Sample represents a wrapper for sampled data of cgroupv2 controllers
+type Sample struct {
+	//nolint
+	Timestamp_ time.Time      `json:"timestamp"`
+	CPUStat    *CPUStat       `json:"cpuStat,omitempty"`
+	MemoryStat *MemoryStat    `json:"memoryStat,omitempty"`
+	IOStat     *IOStat        `json:"ioStat,omitempty"`
+	PIDsStat   *PIDsStat      `json:"pidsStat,omitempty"`
+	NetStat    *NetworkSample `json:"netStat,omitempty"`
+}
+
+func (s *Sample) Timestamp() time.Time {
+	return s.Timestamp_
+}
+
+type NetworkSample struct {
+	RxBytes   int64 `json:"rxBytes,omitempty"`
+	RxPackets int64 `json:"rxPackets,omitempty"`
+	RxErrors  int64 `json:"rxErrors,omitempty"`
+	RxDropped int64 `json:"rxDropped,omitempty"`
+	TxBytes   int64 `json:"txBytes,omitempty"`
+	TxPackets int64 `json:"txPackets,omitempty"`
+	TxErrors  int64 `json:"txErrors,omitempty"`
+	TxDropped int64 `json:"txDropped,omitempty"`
+}
+
+// CPUStat represents the sampling state of the cgroupv2 CPU controller
+type CPUStat struct {
+	UsageNanos     *uint64   `json:"usageNanos,omitempty"`
+	UserNanos      *uint64   `json:"userNanos,omitempty"`
+	SystemNanos    *uint64   `json:"systemNanos,omitempty"`
+	NrPeriods      *uint32   `json:"nrPeriods,omitempty"`
+	NrThrottled    *uint32   `json:"nrThrottled,omitempty"`
+	ThrottledNanos *uint64   `json:"throttledNanos,omitempty"`
+	Pressure       *Pressure `json:"pressure,omitempty"`
+}
+
+// MemoryStat represents the sampling state of the cgroupv2 memory controller
+type MemoryStat struct {
+	SwapBytes     *uint64   `json:"swapBytes,omitempty"`
+	Anon          *uint64   `json:"anon,omitempty"`
+	File          *uint64   `json:"file,omitempty"`
+	Kernel        *uint64   `json:"kernel,omitempty"`
+	KernelStack   *uint64   `json:"kernelStack,omitempty"`
+	PageTables    *uint64   `json:"pageTables,omitempty"`
+	Sock          *uint64   `json:"sock,omitempty"`
+	Vmalloc       *uint64   `json:"vmalloc,omitempty"`
+	Shmem         *uint64   `json:"shmem,omitempty"`
+	FileMapped    *uint64   `json:"fileMapped,omitempty"`
+	FileDirty     *uint64   `json:"fileDirty,omitempty"`
+	FileWriteback *uint64   `json:"fileWriteback,omitempty"`
+	Slab          *uint64   `json:"slab,omitempty"`
+	Pgscan        *uint64   `json:"pgscan,omitempty"`
+	Pgsteal       *uint64   `json:"pgsteal,omitempty"`
+	Pgfault       *uint64   `json:"pgfault,omitempty"`
+	Pgmajfault    *uint64   `json:"pgmajfault,omitempty"`
+	Peak          *uint64   `json:"peak,omitempty"`
+	LowEvents     uint64    `json:"lowEvents,omitempty"`
+	HighEvents    uint64    `json:"highEvents,omitempty"`
+	MaxEvents     uint64    `json:"maxEvents,omitempty"`
+	OomEvents     uint64    `json:"oomEvents,omitempty"`
+	OomKillEvents uint64    `json:"oomKillEvents,omitempty"`
+	Pressure      *Pressure `json:"pressure,omitempty"`
+}
+
+// IOStat represents the sampling state of the cgroupv2 IO controller
+type IOStat struct {
+	ReadBytes    *uint64   `json:"readBytes,omitempty"`
+	WriteBytes   *uint64   `json:"writeBytes,omitempty"`
+	DiscardBytes *uint64   `json:"discardBytes,omitempty"`
+	ReadIOs      *uint64   `json:"readIOs,omitempty"`
+	WriteIOs     *uint64   `json:"writeIOs,omitempty"`
+	DiscardIOs   *uint64   `json:"discardIOs,omitempty"`
+	Pressure     *Pressure `json:"pressure,omitempty"`
+}
+
+// PIDsStat represents the sampling state of the cgroupv2 PIDs controller
+type PIDsStat struct {
+	Current *uint64 `json:"current,omitempty"`
+}
+
+// Pressure represents the sampling state of pressure files
+type Pressure struct {
+	Some *PressureValues `json:"some"`
+	Full *PressureValues `json:"full"`
+}
+
+type PressureValues struct {
+	Avg10  *float64 `json:"avg10"`
+	Avg60  *float64 `json:"avg60"`
+	Avg300 *float64 `json:"avg300"`
+	Total  *uint64  `json:"total"`
+}

vendor/github.com/moby/buildkit/solver/llbsolver/provenance/types/types.go

@@ -0,0 +1,116 @@
+package types
+
+import (
+	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	resourcestypes "github.com/moby/buildkit/executor/resources/types"
+	"github.com/moby/buildkit/solver/pb"
+	digest "github.com/opencontainers/go-digest"
+	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+const (
+	BuildKitBuildType = "https://mobyproject.org/buildkit@v1"
+)
+
+type BuildConfig struct {
+	Definition    []BuildStep              `json:"llbDefinition,omitempty"`
+	DigestMapping map[digest.Digest]string `json:"digestMapping,omitempty"`
+}
+
+type BuildStep struct {
+	ID            string                  `json:"id,omitempty"`
+	Op            pb.Op                   `json:"op,omitempty"`
+	Inputs        []string                `json:"inputs,omitempty"`
+	ResourceUsage *resourcestypes.Samples `json:"resourceUsage,omitempty"`
+}
+
+type Source struct {
+	Locations map[string]*pb.Locations `json:"locations,omitempty"`
+	Infos     []SourceInfo             `json:"infos,omitempty"`
+}
+
+type SourceInfo struct {
+	Filename      string                   `json:"filename,omitempty"`
+	Language      string                   `json:"language,omitempty"`
+	Data          []byte                   `json:"data,omitempty"`
+	Definition    []BuildStep              `json:"llbDefinition,omitempty"`
+	DigestMapping map[digest.Digest]string `json:"digestMapping,omitempty"`
+}
+
+type ImageSource struct {
+	Ref      string
+	Platform *ocispecs.Platform
+	Digest   digest.Digest
+	Local    bool
+}
+
+type GitSource struct {
+	URL    string
+	Commit string
+}
+
+type HTTPSource struct {
+	URL    string
+	Digest digest.Digest
+}
+
+type LocalSource struct {
+	Name string `json:"name"`
+}
+
+type Secret struct {
+	ID       string `json:"id"`
+	Optional bool   `json:"optional,omitempty"`
+}
+
+type SSH struct {
+	ID       string `json:"id"`
+	Optional bool   `json:"optional,omitempty"`
+}
+
+type Sources struct {
+	Images []ImageSource
+	Git    []GitSource
+	HTTP   []HTTPSource
+	Local  []LocalSource
+}
+
+type ProvenancePredicate struct {
+	slsa02.ProvenancePredicate
+	Invocation  ProvenanceInvocation `json:"invocation,omitempty"`
+	BuildConfig *BuildConfig         `json:"buildConfig,omitempty"`
+	Metadata    *ProvenanceMetadata  `json:"metadata,omitempty"`
+}
+
+type ProvenanceInvocation struct {
+	ConfigSource slsa02.ConfigSource `json:"configSource,omitempty"`
+	Parameters   Parameters          `json:"parameters,omitempty"`
+	Environment  Environment         `json:"environment,omitempty"`
+}
+
+type Parameters struct {
+	Frontend string            `json:"frontend,omitempty"`
+	Args     map[string]string `json:"args,omitempty"`
+	Secrets  []*Secret         `json:"secrets,omitempty"`
+	SSH      []*SSH            `json:"ssh,omitempty"`
+	Locals   []*LocalSource    `json:"locals,omitempty"`
+	// TODO: select export attributes
+	// TODO: frontend inputs
+}
+
+type Environment struct {
+	Platform string `json:"platform"`
+}
+
+type ProvenanceMetadata struct {
+	slsa02.ProvenanceMetadata
+	BuildKitMetadata BuildKitMetadata `json:"https://mobyproject.org/buildkit@v1#metadata,omitempty"`
+	Hermetic         bool             `json:"https://mobyproject.org/buildkit@v1#hermetic,omitempty"`
+}
+
+type BuildKitMetadata struct {
+	VCS      map[string]string                  `json:"vcs,omitempty"`
+	Source   *Source                            `json:"source,omitempty"`
+	Layers   map[string][][]ocispecs.Descriptor `json:"layers,omitempty"`
+	SysUsage []*resourcestypes.SysSample        `json:"sysUsage,omitempty"`
+}