docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-05-30 01:15:45 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #1501 from tonistiigi/v0.10-picks

Browse Source 
[v0.10] cherry-picks
This commit is contained in:
Tõnis Tiigi 2023-01-09 16:10:12 -08:00 committed by GitHub
commit 8764628976
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 171 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build.yml vendored
View File

@ -21,8 +21,8 @@ on:
- 'docs/**' - 'docs/**'
env: env:
BUILDX_VERSION: "v0.10.0-rc1" BUILDX_VERSION: "v0.10.0-rc3"
BUILDKIT_IMAGE: "moby/buildkit:v0.11.0-rc3" BUILDKIT_IMAGE: "moby/buildkit:v0.11.0"
REPO_SLUG: "docker/buildx-bin" REPO_SLUG: "docker/buildx-bin"
DESTDIR: "./bin" DESTDIR: "./bin"

2
Dockerfile
View File

@ -1,4 +1,4 @@
# syntax=docker/dockerfile-upstream:master # syntax=docker/dockerfile-upstream:1.5.0
ARG GO_VERSION=1.19 ARG GO_VERSION=1.19
ARG XX_VERSION=1.1.2 ARG XX_VERSION=1.1.2

264
docs/reference/buildx_imagetools_inspect.md
View File

@ -287,69 +287,57 @@ $ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manife
Following command provides [SLSA](https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-provenance.md) JSON output: Following command provides [SLSA](https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-provenance.md) JSON output:
```console ```console
$ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SLSA}}" $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .Provenance}}"
``` ```
```json ```json
{ {
"Provenance": { "SLSA": {
"_type": "https://in-toto.io/Statement/v0.1", "builder": {
"predicateType": "https://slsa.dev/provenance/v0.2", "id": ""
"subject": [ },
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{ {
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64", "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1",
"digest": { "digest": {
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55" "sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765"
}
},
{
"uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"digest": {
"sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
} }
} }
], ],
"predicate": { "invocation": {
"builder": { "configSource": {},
"id": "" "parameters": {
}, "frontend": "dockerfile.v0",
"buildType": "https://mobyproject.org/buildkit@v1", "locals": [
"materials": [ {
{ "name": "context"
"uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1", },
"digest": { {
"sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765" "name": "dockerfile"
} }
}, ]
{
"uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"digest": {
"sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
}
}
],
"invocation": {
"configSource": {},
"parameters": {
"frontend": "dockerfile.v0",
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"platform": "linux/amd64"
}
}, },
"metadata": { "environment": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4", "platform": "linux/amd64"
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
} }
},
"metadata": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4",
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
} }
} }
} }
@ -363,32 +351,20 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SB
```json ```json
{ {
"SPDX": { "SPDX": {
"_type": "https://in-toto.io/Statement/v0.1", "SPDXID": "SPDXRef-DOCUMENT",
"predicateType": "https://spdx.dev/Document", "creationInfo": {
"subject": [ "created": "2022-12-01T11:46:48.063400162Z",
{ "creators": [
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64", "Tool: syft-v0.60.3",
"digest": { "Tool: buildkit-1ace2bb",
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55" "Organization: Anchore, Inc"
} ],
} "licenseListVersion": "3.18"
], },
"predicate": { "dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT", "documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"creationInfo": { "files": [...],
"created": "2022-12-01T11:46:48.063400162Z", "spdxVersion": "SPDX-2.2"
"creators": [
"Tool: syft-v0.60.3",
"Tool: buildkit-1ace2bb",
"Organization: Anchore, Inc"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"files": [...],
"spdxVersion": "SPDX-2.2"
}
} }
} }
``` ```
@ -465,97 +441,73 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .}}
} }
] ]
}, },
"SLSA": { "Provenance": {
"Provenance": { "SLSA": {
"_type": "https://in-toto.io/Statement/v0.1", "builder": {
"predicateType": "https://slsa.dev/provenance/v0.2", "id": ""
"subject": [ },
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{ {
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64", "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1",
"digest": { "digest": {
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55" "sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765"
}
},
{
"uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"digest": {
"sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
} }
} }
], ],
"predicate": { "invocation": {
"builder": { "configSource": {},
"id": "" "parameters": {
}, "frontend": "dockerfile.v0",
"buildType": "https://mobyproject.org/buildkit@v1", "locals": [
"materials": [ {
{ "name": "context"
"uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1", },
"digest": { {
"sha256": "b45f1d207e16c3a3a5a10b254ad8ad358d01f7ea090d382b95c6b2ee2b3ef765" "name": "dockerfile"
} }
}, ]
{
"uri": "pkg:docker/alpine@latest?platform=linux%2Famd64",
"digest": {
"sha256": "8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
}
}
],
"invocation": {
"configSource": {},
"parameters": {
"frontend": "dockerfile.v0",
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"platform": "linux/amd64"
}
}, },
"metadata": { "environment": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4", "platform": "linux/amd64"
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
} }
},
"metadata": {
"buildInvocationID": "02tdha2xkbxvin87mz9drhag4",
"buildStartedOn": "2022-12-01T11:50:07.264704131Z",
"buildFinishedOn": "2022-12-01T11:50:08.243788739Z",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
},
"https://mobyproject.org/buildkit@v1#metadata": {}
} }
} }
}, },
"SBOM": { "SBOM": {
"SPDX": { "SPDX": {
"_type": "https://in-toto.io/Statement/v0.1", "SPDXID": "SPDXRef-DOCUMENT",
"predicateType": "https://spdx.dev/Document", "creationInfo": {
"subject": [ "created": "2022-12-01T11:46:48.063400162Z",
{ "creators": [
"name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64", "Tool: syft-v0.60.3",
"digest": { "Tool: buildkit-1ace2bb",
"sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55" "Organization: Anchore, Inc"
} ],
} "licenseListVersion": "3.18"
], },
"predicate": { "dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT", "documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"creationInfo": { "files": [...],
"created": "2022-12-01T11:46:48.063400162Z", "spdxVersion": "SPDX-2.2"
"creators": [
"Tool: syft-v0.60.3",
"Tool: buildkit-1ace2bb",
"Organization: Anchore, Inc"
],
"licenseListVersion": "3.18"
},
"dataLicense": "CC0-1.0",
"documentNamespace": "https://anchore.com/syft/dir/run/src/core-0a4ccc6d-1a72-4c3a-a40e-3df1a2ffca94",
"files": [...],
"spdxVersion": "SPDX-2.2"
}
} }
} }
} }

2
go.mod
View File

@ -16,7 +16,7 @@ require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
github.com/hashicorp/go-cty-funcs v0.0.0-20200930094925-2721b1e36840 github.com/hashicorp/go-cty-funcs v0.0.0-20200930094925-2721b1e36840
github.com/hashicorp/hcl/v2 v2.8.2 github.com/hashicorp/hcl/v2 v2.8.2
github.com/moby/buildkit v0.11.0-rc4 github.com/moby/buildkit v0.11.0
github.com/moby/sys/mountinfo v0.6.2 github.com/moby/sys/mountinfo v0.6.2
github.com/morikuni/aec v1.0.0 github.com/morikuni/aec v1.0.0
github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest v1.0.0

4
go.sum
View File

@ -401,8 +401,8 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/buildkit v0.11.0-rc4 h1:PxvzcqZn2IOrMzIS2nEqRQxk67xeSQnhdYxEj0YQuLM= github.com/moby/buildkit v0.11.0 h1:GqBC/ETDqwdu61g4tCxX1GFZuGWg/nuqFxamb2or1dw=
github.com/moby/buildkit v0.11.0-rc4/go.mod h1:v43oa6H2Fx/cdzc7j0UlUu8p6188yy1P3vrujAs99uw= github.com/moby/buildkit v0.11.0/go.mod h1:v43oa6H2Fx/cdzc7j0UlUu8p6188yy1P3vrujAs99uw=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=

46
util/imagetools/loader.go
View File

@ -46,9 +46,9 @@ type index struct {
} }
type asset struct { type asset struct {
config *ocispec.Image config *ocispec.Image
sbom *sbomStub sbom *sbomStub
slsa *slsaStub provenance *provenanceStub
} }
type result struct { type result struct {
@ -255,7 +255,8 @@ func (l *loader) scanConfig(ctx context.Context, fetcher remotes.Fetcher, desc o
} }
type sbomStub struct { type sbomStub struct {
SPDX json.RawMessage `json:",omitempty"` SPDX interface{} `json:",omitempty"`
AdditionalSPDXs []interface{} `json:",omitempty"`
} }
func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error { func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@ -275,8 +276,18 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
if err != nil { if err != nil {
return err return err
} }
as.sbom = &sbomStub{ var spdx struct {
SPDX: dt, Predicate interface{} `json:"predicate"`
}
if err := json.Unmarshal(dt, &spdx); err != nil {
return err
}
if as.sbom == nil {
as.sbom = &sbomStub{}
as.sbom.SPDX = spdx.Predicate
} else {
as.sbom.AdditionalSPDXs = append(as.sbom.AdditionalSPDXs, spdx.Predicate)
} }
} }
} }
@ -284,8 +295,8 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
return nil return nil
} }
type slsaStub struct { type provenanceStub struct {
Provenance json.RawMessage `json:",omitempty"` SLSA interface{} `json:",omitempty"`
} }
func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error { func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@ -305,9 +316,16 @@ func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r
if err != nil { if err != nil {
return err return err
} }
as.slsa = &slsaStub{ var slsa struct {
Provenance: dt, Predicate interface{} `json:"predicate"`
} }
if err := json.Unmarshal(dt, &slsa); err != nil {
return err
}
as.provenance = &provenanceStub{
SLSA: slsa.Predicate,
}
break
} }
} }
} }
@ -328,16 +346,16 @@ func (r *result) Configs() map[string]*ocispec.Image {
return res return res
} }
func (r *result) SLSA() map[string]slsaStub { func (r *result) Provenance() map[string]provenanceStub {
if len(r.assets) == 0 { if len(r.assets) == 0 {
return nil return nil
} }
res := make(map[string]slsaStub) res := make(map[string]provenanceStub)
for p, a := range r.assets { for p, a := range r.assets {
if a.slsa == nil { if a.provenance == nil {
continue continue
} }
res[p] = *a.slsa res[p] = *a.provenance
} }
return res return res
} }

48
util/imagetools/printers.go
View File

@ -99,7 +99,7 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
} }
imageconfigs := res.Configs() imageconfigs := res.Configs()
slsas := res.SLSA() provenances := res.Provenance()
sboms := res.SBOM() sboms := res.SBOM()
format := tpl.Root.String() format := tpl.Root.String()
@ -143,43 +143,43 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
default: default:
if len(res.platforms) > 1 { if len(res.platforms) > 1 {
return tpl.Execute(out, struct { return tpl.Execute(out, struct {
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"` Manifest interface{} `json:"manifest,omitempty"`
Image map[string]*ocispecs.Image `json:"image,omitempty"` Image map[string]*ocispecs.Image `json:"image,omitempty"`
SLSA map[string]slsaStub `json:"SLSA,omitempty"` Provenance map[string]provenanceStub `json:"Provenance,omitempty"`
SBOM map[string]sbomStub `json:"SBOM,omitempty"` SBOM map[string]sbomStub `json:"SBOM,omitempty"`
}{ }{
Name: p.name, Name: p.name,
Manifest: mfst, Manifest: mfst,
Image: imageconfigs, Image: imageconfigs,
SLSA: slsas, Provenance: provenances,
SBOM: sboms, SBOM: sboms,
}) })
} }
var ic *ocispecs.Image var ic *ocispecs.Image
for _, v := range imageconfigs { for _, v := range imageconfigs {
ic = v ic = v
} }
var slsa slsaStub var provenance provenanceStub
for _, v := range slsas { for _, v := range provenances {
slsa = v provenance = v
} }
var sbom sbomStub var sbom sbomStub
for _, v := range sboms { for _, v := range sboms {
sbom = v sbom = v
} }
return tpl.Execute(out, struct { return tpl.Execute(out, struct {
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"` Manifest interface{} `json:"manifest,omitempty"`
Image *ocispecs.Image `json:"image,omitempty"` Image *ocispecs.Image `json:"image,omitempty"`
SLSA slsaStub `json:"SLSA,omitempty"` Provenance provenanceStub `json:"Provenance,omitempty"`
SBOM sbomStub `json:"SBOM,omitempty"` SBOM sbomStub `json:"SBOM,omitempty"`
}{ }{
Name: p.name, Name: p.name,
Manifest: mfst, Manifest: mfst,
Image: ic, Image: ic,
SLSA: slsa, Provenance: provenance,
SBOM: sbom, SBOM: sbom,
}) })
} }

2
vendor/modules.txt vendored
View File

@ -433,7 +433,7 @@ github.com/mitchellh/go-wordwrap
# github.com/mitchellh/mapstructure v1.5.0 # github.com/mitchellh/mapstructure v1.5.0
## explicit; go 1.14 ## explicit; go 1.14
github.com/mitchellh/mapstructure github.com/mitchellh/mapstructure
# github.com/moby/buildkit v0.11.0-rc4 # github.com/moby/buildkit v0.11.0
## explicit; go 1.18 ## explicit; go 1.18
github.com/moby/buildkit/api/services/control github.com/moby/buildkit/api/services/control
github.com/moby/buildkit/api/types github.com/moby/buildkit/api/types