Merge pull request moby#3945 from tonistiigi/fix-missing-provenance

tonistiigi · web-flow · commit 62bdf9689b05 · 2023-06-28T11:27:50.000-07:00
handle missing provenance for non-evaluated result
diff --git a/frontend/dockerfile/dockerfile_provenance_test.go b/frontend/dockerfile/dockerfile_provenance_test.go
@@ -1047,3 +1047,79 @@ ENV FOO=bar
 	}, nil)
 	require.NoError(t, err)
 }
+
+// https://github.com/moby/buildkit/issues/3562
+func testDuplicatePlatformProvenance(t *testing.T, sb integration.Sandbox) {
+	integration.CheckFeatureCompat(t, sb, integration.FeatureProvenance)
+	ctx := sb.Context()
+
+	c, err := client.New(ctx, sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	f := getFrontend(t, sb)
+
+	dockerfile := []byte(`FROM alpine`)
+	dir, err := integration.Tmpdir(
+		t,
+		fstest.CreateFile("Dockerfile", dockerfile, 0600),
+	)
+	require.NoError(t, err)
+
+	_, err = f.Solve(sb.Context(), c, client.SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:provenance": "mode=max",
+			"platform":          "linux/amd64,linux/amd64",
+		},
+		LocalDirs: map[string]string{
+			dockerui.DefaultLocalNameDockerfile: dir,
+			dockerui.DefaultLocalNameContext:    dir,
+		},
+	}, nil)
+	require.NoError(t, err)
+}
+
+// https://github.com/moby/buildkit/issues/3928
+func testDockerIgnoreMissingProvenance(t *testing.T, sb integration.Sandbox) {
+	integration.CheckFeatureCompat(t, sb, integration.FeatureProvenance)
+	c, err := client.New(sb.Context(), sb.Address())
+	require.NoError(t, err)
+	defer c.Close()
+
+	dockerfile := []byte(`FROM alpine`)
+	dirDockerfile, err := integration.Tmpdir(
+		t,
+		fstest.CreateFile("Dockerfile", dockerfile, 0600),
+	)
+	require.NoError(t, err)
+	dirContext, err := integration.Tmpdir(t)
+	require.NoError(t, err)
+
+	frontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) {
+		// remove the directory to simulate the case where the context
+		// directory does not exist, and either no validation checks were run,
+		// or they passed erroneously
+		if err := os.RemoveAll(dirContext); err != nil {
+			return nil, err
+		}
+
+		res, err := c.Solve(ctx, gateway.SolveRequest{
+			Frontend: "dockerfile.v0",
+		})
+		if err != nil {
+			return nil, err
+		}
+		return res, nil
+	}
+
+	_, err = c.Build(sb.Context(), client.SolveOpt{
+		FrontendAttrs: map[string]string{
+			"attest:provenance": "mode=max",
+		},
+		LocalDirs: map[string]string{
+			dockerui.DefaultLocalNameDockerfile: dirDockerfile,
+			dockerui.DefaultLocalNameContext:    dirContext,
+		},
+	}, "", frontend, nil)
+	require.NoError(t, err)
+}
diff --git a/frontend/dockerfile/dockerfile_test.go b/frontend/dockerfile/dockerfile_test.go
@@ -163,6 +163,8 @@ var allTests = integration.TestFuncs(
 	testSecretSSHProvenance,
 	testOCILayoutProvenance,
 	testNilProvenance,
+	testDuplicatePlatformProvenance,
+	testDockerIgnoreMissingProvenance,
 	testSBOMScannerArgs,
 	testMultiPlatformWarnings,
 	testNilContextInSolveGateway,
diff --git a/solver/llbsolver/solver.go b/solver/llbsolver/solver.go
@@ -749,9 +749,6 @@ func getRefProvenance(ref solver.ResultProxy, br *provenanceBridge) (*provenance
 	}
 	p := ref.Provenance()
 	if p == nil {
-		if br.req != nil {
-			return nil, errors.Errorf("missing provenance for %s", ref.ID())
-		}
 		return nil, nil
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -749,9 +749,6 @@ func getRefProvenance(ref solver.ResultProxy, br provenanceBridge) (provenance`
`749`	`749`	`}`
`750`	`750`	`p := ref.Provenance()`
`751`	`751`	`if p == nil {`
`752`		`- if br.req != nil {`
`753`		`- return nil, errors.Errorf("missing provenance for %s", ref.ID())`
`754`		`- }`
`755`	`752`	`return nil, nil`
`756`	`753`	`}`
`757`	`754`