Skip to content

Commit f266715

Browse files
gloursglours
committed
add --provenance and --sbom flag to generated bake command line,
also add attestation per-service configuration to generated bake target Signed-off-by: Guillaume Lours <[email protected]>
1 parent c2cb0ae commit f266715

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

pkg/compose/build_bake.go

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,7 @@ type bakeTarget struct {
119119
Entitlements []string `json:"entitlements,omitempty"`
120120
ExtraHosts map[string]string `json:"extra-hosts,omitempty"`
121121
Outputs []string `json:"output,omitempty"`
122+
Attest []string `json:"attest,omitempty"`
122123
}
123124

124125
type bakeMetadata map[string]buildStatus
@@ -255,6 +256,7 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
255256

256257
Outputs: outputs,
257258
Call: call,
259+
Attest: toBakeAttest(build),
258260
}
259261
}
260262

@@ -308,6 +310,12 @@ func (s *composeService) doBuildBake(ctx context.Context, project *types.Project
308310
args = append(args, "--allow", "security.insecure")
309311
}
310312
}
313+
if options.SBOM != "" {
314+
args = append(args, "--sbom="+options.SBOM)
315+
}
316+
if options.Provenance != "" {
317+
args = append(args, "--provenance="+options.Provenance)
318+
}
311319

312320
if options.Builder != "" {
313321
args = append(args, "--builder", options.Builder)
@@ -458,6 +466,30 @@ func toBakeSecrets(project *types.Project, secrets []types.ServiceSecretConfig)
458466
return s
459467
}
460468

469+
func toBakeAttest(build types.BuildConfig) []string {
470+
var attests []string
471+
472+
// Handle per-service provenance configuration (only from build config, not global options)
473+
if build.Provenance != "" {
474+
if build.Provenance == "true" {
475+
attests = append(attests, "type=provenance")
476+
} else if build.Provenance != "false" {
477+
attests = append(attests, fmt.Sprintf("type=provenance,%s", build.Provenance))
478+
}
479+
}
480+
481+
// Handle per-service SBOM configuration (only from build config, not global options)
482+
if build.SBOM != "" {
483+
if build.SBOM == "true" {
484+
attests = append(attests, "type=sbom")
485+
} else if build.SBOM != "false" {
486+
attests = append(attests, fmt.Sprintf("type=sbom,%s", build.SBOM))
487+
}
488+
}
489+
490+
return attests
491+
}
492+
461493
func dockerFilePath(ctxName string, dockerfile string) string {
462494
if dockerfile == "" {
463495
return ""

0 commit comments

Comments
 (0)