Merge pull request #83 from docker-library/revert-82-no-sbom-gha

tianon · web-flow · commit ad50445168f2 · 2024-09-26T15:02:14.000-07:00
Revert "Temporarily disable SBOMs on GHA"
diff --git a/.test/meta-commands/out.sh b/.test/meta-commands/out.sh
@@ -137,57 +137,6 @@ jq -s '
 	)
 ' temp/index.json > temp/index.json.new
 mv temp/index.json.new temp/index.json
-# </build>
-# <push>
-crane push --index temp 'oisupport/staging-amd64:191402ad0feacf03daf9d52a492207e73ef08b0bd17265043aea13aa27e2bb3f'
-rm -rf temp
-# </push>
-
-# busybox:1.36.1 [arm32v5]
-# <pull>
-
-# </pull>
-# <build>
-export BASHBREW_CACHE="${BASHBREW_CACHE:-${XDG_CACHE_HOME:-$HOME/.cache}/bashbrew}"
-gitCache="$BASHBREW_CACHE/git"
-git init --bare "$gitCache"
-_git() { git -C "$gitCache" "$@"; }
-_git config gc.auto 0
-_commit() { _git rev-parse '7044abc7ee26712d998311b402b975124786e0cf^{commit}'; }
-if ! _commit &> /dev/null; then _git fetch 'https://github.com/docker-library/busybox.git' '7044abc7ee26712d998311b402b975124786e0cf:' || _git fetch 'refs/heads/dist-arm32v5:'; fi
-_commit
-mkdir temp
-_git archive --format=tar '7044abc7ee26712d998311b402b975124786e0cf:latest/glibc/arm32v5/' | tar -xvC temp
-jq -s '
-	if length != 1 then
-		error("unexpected '\''oci-layout'\'' document count: " + length)
-	else .[0] end
-	| if .imageLayoutVersion != "1.0.0" then
-		error("unsupported imageLayoutVersion: " + .imageLayoutVersion)
-	else . end
-' temp/oci-layout > /dev/null
-jq -s '
-	if length != 1 then
-		error("unexpected '\''index.json'\'' document count: " + length)
-	else .[0] end
-	| if .schemaVersion != 2 then
-		error("unsupported schemaVersion: " + .schemaVersion)
-	else . end
-	| if .manifests | length != 1 then
-		error("expected only one manifests entry, not " + (.manifests | length))
-	else . end
-	| .manifests[0] |= (
-		if .mediaType != "application/vnd.oci.image.manifest.v1+json" then
-			error("unsupported descriptor mediaType: " + .mediaType)
-		else . end
-		| if .size < 0 then
-			error("invalid descriptor size: " + .size)
-		else . end
-		| del(.annotations, .urls)
-		| .annotations = {"org.opencontainers.image.source":"https://github.com/docker-library/busybox.git","org.opencontainers.image.revision":"7044abc7ee26712d998311b402b975124786e0cf","org.opencontainers.image.created":"2024-02-28T00:44:18Z","org.opencontainers.image.version":"1.36.1","org.opencontainers.image.url":"https://hub.docker.com/_/busybox","com.docker.official-images.bashbrew.arch":"arm32v5","org.opencontainers.image.base.name":"scratch"}
-	)
-' temp/index.json > temp/index.json.new
-mv temp/index.json.new temp/index.json
 # SBOM
 originalImageManifest="$(jq -r '.manifests[0].digest' temp/index.json)"
 SOURCE_DATE_EPOCH=1709081058 \
@@ -197,7 +146,7 @@ SOURCE_DATE_EPOCH=1709081058 \
 	--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=all \
 	--sbom=generator="$BASHBREW_BUILDKIT_SBOM_GENERATOR" \
 	--output 'type=oci,tar=false,dest=sbom' \
-	--platform 'linux/arm/v5' \
+	--platform 'linux/amd64' \
 	--build-context "fake=oci-layout://$PWD/temp@$originalImageManifest" \
 	- <<<'FROM fake'
 sbomIndex="$(jq -r '.manifests[0].digest' sbom/index.json)"
@@ -226,6 +175,6 @@ jq -r --argjson sbomManifestDesc "$sbomManifestDesc" '.manifests += [ $sbomManif
 mv temp/index.json.new temp/index.json
 # </build>
 # <push>
-crane push --index temp 'oisupport/staging-arm32v5:6dad189d12c5b50de48dab19c13869fdf25219dc430fc1d4c8a8dcc7bc893e69'
+crane push --index temp 'oisupport/staging-amd64:191402ad0feacf03daf9d52a492207e73ef08b0bd17265043aea13aa27e2bb3f'
 rm -rf temp
 # </push>
diff --git a/.test/meta-commands/test.jq b/.test/meta-commands/test.jq
@@ -1,10 +1,8 @@
 include "meta";
-include "doi"; # TODO remove this
 [
 	first(.[] | select(normalized_builder == "buildkit")),
 	first(.[] | select(normalized_builder == "classic")),
 	first(.[] | select(normalized_builder == "oci-import")),
-	first(.[] | select(normalized_builder == "oci-import" and build_should_sbom)), # TODO remove this
 	empty
 ]
 | map(
diff --git a/doi.jq b/doi.jq
@@ -168,8 +168,6 @@ def build_should_sbom:
 			| index($i)
 		)
 	)
-	# TODO once we solve the issues with GHA and SBOM generation ("docker/scout-sbom-indexer" returning zero results), remove this added constraint
-	and (.build.arch as $arch | ["amd64","i386","windows-amd64"] | index($arch) | not) # see also GHA arches in Jenkinsfile.trigger
 ;
 
 # input: "build" object (with "buildId" top level key)

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,8 @@`
`1`	`1`	`include "meta";`
`2`		`-include "doi"; # TODO remove this`
`3`	`2`	`[`
`4`	`3`	`first(.[] \| select(normalized_builder == "buildkit")),`
`5`	`4`	`first(.[] \| select(normalized_builder == "classic")),`
`6`	`5`	`first(.[] \| select(normalized_builder == "oci-import")),`
`7`		`- first(.[] \| select(normalized_builder == "oci-import" and build_should_sbom)), # TODO remove this`
`8`	`6`	`empty`
`9`	`7`	`]`
`10`	`8`	`\| map(`
Original file line number	Diff line number	Diff line change
`@@ -168,8 +168,6 @@ def build_should_sbom:`
`168`	`168`	`\| index($i)`
`169`	`169`	`)`
`170`	`170`	`)`
`171`		`- # TODO once we solve the issues with GHA and SBOM generation ("docker/scout-sbom-indexer" returning zero results), remove this added constraint`
`172`		`- and (.build.arch as $arch \| ["amd64","i386","windows-amd64"] \| index($arch) \| not) # see also GHA arches in Jenkinsfile.trigger`
`173`	`171`	`;`
`174`	`172`
`175`	`173`	`# input: "build" object (with "buildId" top level key)`