build: set provenance vcs details

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-07-10 05:27:07 +08:00 · 2022-12-13 11:20:04 +01:00
parent 5f4d463780
commit 6ad5e2fcf3
6 changed files with 451 additions and 174 deletions
--- a/build/git.go
+++ b/build/git.go
@ -3,23 +3,41 @@ package build
 import (
 	"context"
 	"os"
-	"os/exec"
 	"path/filepath"
+	"strconv"
 	"strings"

-	ocispecs "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/pkg/errors"
+	"github.com/docker/buildx/util/gitutil"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/sirupsen/logrus"
 )

 const DockerfileLabel = "com.docker.image.source.entrypoint"

-func addGitProvenance(ctx context.Context, contextPath string, dockerfilePath string) (map[string]string, error) {
-	v := os.Getenv("BUILDX_GIT_LABELS")
-	if (v != "1" && v != "full") || contextPath == "" {
-		return nil, nil
+func getGitAttributes(ctx context.Context, contextPath string, dockerfilePath string) (res map[string]string) {
+	res = make(map[string]string)
+	if contextPath == "" {
+		return
+	}
+
+	setGitLabels := false
+	if v, ok := os.LookupEnv("BUILDX_GIT_LABELS"); ok {
+		if v == "full" { // backward compatibility with old "full" mode
+			setGitLabels = true
+		} else if v, _ := strconv.ParseBool(v); v {
+			setGitLabels = v
+		}
+	}
+	setGitInfo := true
+	if v, ok := os.LookupEnv("BUILDX_GIT_INFO"); ok {
+		if v, _ := strconv.ParseBool(v); v {
+			setGitInfo = v
+		}
+	}
+
+	if !setGitLabels && !setGitInfo {
+		return
 	}
-	labels := make(map[string]string, 0)

 	// figure out in which directory the git command needs to run in
 	var wd string
@ -30,69 +48,62 @@ func addGitProvenance(ctx context.Context, contextPath string, dockerfilePath st
 		wd, _ = filepath.Abs(filepath.Join(cwd, contextPath))
 	}

-	// check if inside git working tree
-	cmd := exec.CommandContext(ctx, "git", "rev-parse", "--is-inside-work-tree")
-	cmd.Dir = wd
-	err := cmd.Run()
-	if err != nil {
+	gitc := gitutil.New(gitutil.WithContext(ctx), gitutil.WithWorkingDir(wd))
+	if !gitc.IsInsideWorkTree() {
 		logrus.Warnf("Unable to determine Git information")
-		return nil, nil
+		return
 	}

-	// obtain Git sha of current HEAD
-	cmd = exec.CommandContext(ctx, "git", "rev-parse", "HEAD")
-	cmd.Dir = wd
-	out, err := cmd.Output()
-	if err != nil {
-		return nil, errors.Wrap(err, "error obtaining git head")
-	}
-	sha := strings.TrimSpace(string(out))
+	var resRevision, resSource, resDockerfilePath string

-	// check if the current HEAD is clean
-	cmd = exec.CommandContext(ctx, "git", "status", "--porcelain", "--ignored")
-	cmd.Dir = wd
-	out, err = cmd.Output()
-	if err != nil {
-		return nil, errors.Wrap(err, "error obtaining git status")
-	}
-	if len(strings.TrimSpace(string(out))) != 0 {
-		sha += "-dirty"
-	}
-	labels[ocispecs.AnnotationRevision] = sha
-
-	// add a remote url if full Git details are requested; if there aren't any remotes don't fail
-	if v == "full" {
-		cmd = exec.CommandContext(ctx, "git", "ls-remote", "--get-url")
-		cmd.Dir = wd
-		out, _ := cmd.Output()
-		if len(out) > 0 {
-			labels[ocispecs.AnnotationSource] = strings.TrimSpace(string(out))
+	if sha, err := gitc.FullCommit(); err == nil && sha != "" {
+		resRevision = sha
+		if gitc.IsDirty() {
+			resRevision += "-dirty"
 		}
 	}

-	// add Dockerfile path; there is no org.opencontainers annotation for this
-	if dockerfilePath == "" {
-		dockerfilePath = filepath.Join(wd, "Dockerfile")
+	if rurl, err := gitc.RemoteURL(); err == nil && rurl != "" {
+		resSource = rurl
 	}

-	// obtain Git root directory
-	cmd = exec.CommandContext(ctx, "git", "rev-parse", "--show-toplevel")
-	cmd.Dir = wd
-	out, err = cmd.Output()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get git root")
-	}
-	root := strings.TrimSpace(string(out))
-
-	// record only Dockerfile paths that are within the Git root
-	if !filepath.IsAbs(dockerfilePath) {
-		cwd, _ := os.Getwd()
-		dockerfilePath = filepath.Join(cwd, dockerfilePath)
-	}
-	dockerfilePath, _ = filepath.Rel(root, dockerfilePath)
-	if !strings.HasPrefix(dockerfilePath, "..") {
-		labels[DockerfileLabel] = dockerfilePath
+	if setGitLabels {
+		if root, err := gitc.RootDir(); err == nil && root != "" {
+			if dockerfilePath == "" {
+				dockerfilePath = filepath.Join(wd, "Dockerfile")
+			}
+			if !filepath.IsAbs(dockerfilePath) {
+				cwd, _ := os.Getwd()
+				dockerfilePath = filepath.Join(cwd, dockerfilePath)
+			}
+			dockerfilePath, _ = filepath.Rel(root, dockerfilePath)
+			if !strings.HasPrefix(dockerfilePath, "..") {
+				resDockerfilePath = dockerfilePath
+			}
+		}
 	}

-	return labels, nil
+	if resSource != "" {
+		if setGitLabels {
+			res["label:"+specs.AnnotationSource] = resSource
+		}
+		if setGitInfo {
+			res["vcs:source"] = resSource
+		}
+	}
+	if resRevision != "" {
+		if setGitLabels {
+			res["label:"+specs.AnnotationRevision] = resRevision
+		}
+		if setGitInfo {
+			res["vcs:revision"] = resRevision
+		}
+	}
+	if resDockerfilePath != "" {
+		if setGitLabels {
+			res["label:"+DockerfileLabel] = resDockerfilePath
+		}
+	}
+
+	return
 }