Support for passing through raw buildkit policies

This adds an env var which can be used to pass in a path to a file to read a buildkit source poliy from. This is applied to any build is executed with the env set. It is also applied to bakes (which are calling build behind the scenes). Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2025-07-09 21:17:09 +08:00 · 2023-02-15 00:37:26 +00:00
parent 41e1693be0
commit 98efe7af10
6 changed files with 171 additions and 117 deletions
--- a/commands/build.go
+++ b/commands/build.go
@ -128,6 +128,11 @@ func (o *buildOptions) toControllerOptions() (*controllerapi.BuildOptions, error
 		}
 	}

+	opts.SourcePolicy, err = build.ReadSourcePolicy()
+	if err != nil {
+		return nil, err
+	}
+
 	inAttests := append([]string{}, o.attests...)
 	if o.provenance != "" {
 		inAttests = append(inAttests, buildflags.CanonicalizeAttest("provenance", o.provenance))