Skip to content

Commit 76f9fa3

Browse files
crazy-maxcrazy-max
authored
Merge pull request #316 from crazy-max/fix-no-default-attest
handle no default attestations env var
2 parents 1c2b736 + f252d74 commit 76f9fa3

File tree

5 files changed

+83
-19
lines changed

5 files changed

+83
-19
lines changed

.github/workflows/ci.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -734,3 +734,19 @@ jobs:
734734
./test/config.hcl
735735
allow: network.host
736736
targets: app-entitlements
737+
738+
no-default-attestations:
739+
runs-on: ubuntu-latest
740+
steps:
741+
-
742+
name: Checkout
743+
uses: actions/checkout@v4
744+
-
745+
name: Build
746+
uses: ./
747+
with:
748+
source: .
749+
files: |
750+
./test/config.hcl
751+
env:
752+
BUILDX_NO_DEFAULT_ATTESTATIONS: 1

__tests__/context.test.ts

Lines changed: 57 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
1+
import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
22
import * as fs from 'fs';
33
import * as path from 'path';
44

@@ -122,6 +122,7 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
122122
});
123123

124124
describe('getArgs', () => {
125+
const originalEnv = process.env;
125126
beforeEach(() => {
126127
process.env = Object.keys(process.env).reduce((object, key) => {
127128
if (!key.startsWith('INPUT_')) {
@@ -130,6 +131,9 @@ describe('getArgs', () => {
130131
return object;
131132
}, {});
132133
});
134+
afterEach(() => {
135+
process.env = originalEnv;
136+
});
133137

134138
// prettier-ignore
135139
test.each([
@@ -145,7 +149,8 @@ describe('getArgs', () => {
145149
]),
146150
[
147151
'bake',
148-
]
152+
],
153+
undefined
149154
],
150155
[
151156
1,
@@ -160,7 +165,8 @@ describe('getArgs', () => {
160165
[
161166
'bake',
162167
'--metadata-file', metadataJson
163-
]
168+
],
169+
undefined
164170
],
165171
[
166172
2,
@@ -177,7 +183,8 @@ describe('getArgs', () => {
177183
'bake',
178184
'--metadata-file', metadataJson,
179185
'webapp', 'validate'
180-
]
186+
],
187+
undefined
181188
],
182189
[
183190
3,
@@ -195,7 +202,8 @@ describe('getArgs', () => {
195202
'--set', '*.cache-from=type=gha',
196203
'--set', '*.cache-to=type=gha',
197204
'--metadata-file', metadataJson
198-
]
205+
],
206+
undefined
199207
],
200208
[
201209
4,
@@ -211,7 +219,8 @@ describe('getArgs', () => {
211219
'bake',
212220
'--metadata-file', metadataJson,
213221
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
214-
]
222+
],
223+
undefined
215224
],
216225
[
217226
5,
@@ -228,7 +237,8 @@ describe('getArgs', () => {
228237
'bake',
229238
'--metadata-file', metadataJson,
230239
"--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
231-
]
240+
],
241+
undefined
232242
],
233243
[
234244
6,
@@ -245,7 +255,8 @@ describe('getArgs', () => {
245255
'bake',
246256
'--metadata-file', metadataJson,
247257
"--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
248-
]
258+
],
259+
undefined
249260
],
250261
[
251262
7,
@@ -262,7 +273,8 @@ describe('getArgs', () => {
262273
'bake',
263274
'--metadata-file', metadataJson,
264275
"--provenance", 'false'
265-
]
276+
],
277+
undefined
266278
],
267279
[
268280
8,
@@ -279,7 +291,8 @@ describe('getArgs', () => {
279291
'bake',
280292
'--metadata-file', metadataJson,
281293
"--provenance", 'builder-id=foo'
282-
]
294+
],
295+
undefined
283296
],
284297
[
285298
9,
@@ -300,7 +313,8 @@ describe('getArgs', () => {
300313
'--metadata-file', metadataJson,
301314
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
302315
'image-all'
303-
]
316+
],
317+
undefined
304318
],
305319
[
306320
10,
@@ -320,7 +334,8 @@ describe('getArgs', () => {
320334
'--metadata-file', metadataJson,
321335
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
322336
'image-all'
323-
]
337+
],
338+
undefined
324339
],
325340
[
326341
11,
@@ -338,7 +353,8 @@ describe('getArgs', () => {
338353
'--file', './foo.hcl',
339354
'--metadata-file', metadataJson,
340355
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
341-
]
356+
],
357+
undefined
342358
],
343359
[
344360
12,
@@ -356,7 +372,8 @@ describe('getArgs', () => {
356372
'--allow', 'network.host',
357373
'--metadata-file', metadataJson,
358374
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
359-
]
375+
],
376+
undefined
360377
],
361378
[
362379
13,
@@ -375,11 +392,35 @@ describe('getArgs', () => {
375392
'--file', './foo.hcl',
376393
'--metadata-file', metadataJson,
377394
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
378-
]
395+
],
396+
undefined
397+
],
398+
[
399+
14,
400+
'0.15.0',
401+
new Map<string, string>([
402+
['source', '.'],
403+
['load', 'false'],
404+
['no-cache', 'false'],
405+
['push', 'false'],
406+
['pull', 'false']
407+
]),
408+
[
409+
'bake',
410+
'--metadata-file', metadataJson
411+
],
412+
new Map<string, string>([
413+
['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
414+
])
379415
],
380416
])(
381417
'[%d] given %p with %p as inputs, returns %p',
382-
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
418+
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
419+
if (envs) {
420+
envs.forEach((value: string, name: string) => {
421+
process.env[name] = value;
422+
});
423+
}
383424
inputs.forEach((value: string, name: string) => {
384425
setInput(name, value);
385426
});

dist/index.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/index.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/context.ts

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
103103
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
104104
if (inputs.provenance) {
105105
args.push('--provenance', inputs.provenance);
106-
} else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
106+
} else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
107107
// if provenance not specified and BuildKit version compatible for
108108
// attestation, set default provenance. Also needs to make sure user
109109
// doesn't want to explicitly load the image to docker.
@@ -155,3 +155,10 @@ function getSourceInput(name: string): string {
155155
}
156156
return source;
157157
}
158+
159+
function noDefaultAttestations(): boolean {
160+
if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
161+
return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
162+
}
163+
return false;
164+
}

0 commit comments

Comments
 (0)