build: add attests flag and sbom/provenance shorthands

Signed-off-by: Justin Chadwell <me@jedevc.com>
2025-11-01 00:23:56 +08:00 · 2022-12-07 18:44:11 +00:00
parent f0262dd10e
commit b270a20274
3 changed files with 99 additions and 1 deletions
--- a/util/buildflags/attests.go
+++ b/util/buildflags/attests.go
@@ -0,0 +1,76 @@
+package buildflags
+
+import (
+	"encoding/csv"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+func CanonicalizeAttest(attestType string, in string) string {
+	if in == "" {
+		return ""
+	}
+	if b, err := strconv.ParseBool(in); err == nil {
+		return fmt.Sprintf("type=%s,enabled=%t", attestType, b)
+	}
+	return fmt.Sprintf("type=%s,%s", attestType, in)
+}
+
+func ParseAttests(in []string) (map[string]*string, error) {
+	out := map[string]*string{}
+	for _, in := range in {
+		in := in
+		attestType, enabled, err := parseAttest(in)
+		if err != nil {
+			return nil, err
+		}
+
+		k := "attest:" + attestType
+		if enabled {
+			out[k] = &in
+		} else {
+			out[k] = nil
+		}
+	}
+	return out, nil
+}
+
+func parseAttest(in string) (string, bool, error) {
+	if in == "" {
+		return "", false, nil
+	}
+
+	csvReader := csv.NewReader(strings.NewReader(in))
+	fields, err := csvReader.Read()
+	if err != nil {
+		return "", false, err
+	}
+
+	attestType := ""
+	enabled := true
+	for _, field := range fields {
+		key, value, ok := strings.Cut(field, "=")
+		if !ok {
+			return "", false, errors.Errorf("invalid value %s", field)
+		}
+		key = strings.TrimSpace(strings.ToLower(key))
+
+		switch key {
+		case "type":
+			attestType = value
+		case "enabled":
+			enabled, err = strconv.ParseBool(value)
+			if err != nil {
+				return "", false, err
+			}
+		}
+	}
+	if attestType == "" {
+		return "", false, errors.Errorf("attestation type not specified")
+	}
+
+	return attestType, enabled, nil
+}