feat: add option to configure provenance attestation (#171)

xoxys · web-flow · commit 13e353b88314 · 2023-01-12T11:28:22.000+01:00
diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml
@@ -255,3 +255,8 @@ properties:
     description: Labels to add to the image.
     type: list
     required: false
+
+  - name: provenance
+    description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`).
+    type: string
+    required: false
diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go
@@ -305,5 +305,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.Labels,
 			Category:    category,
 		},
+		&cli.StringFlag{
+			Name:        "provenance",
+			EnvVars:     []string{"PLUGIN_PROVENANCE"},
+			Usage:       "generates provenance attestation for the build",
+			Destination: &settings.Build.Provenance,
+			Category:    category,
+		},
 	}
 }
diff --git a/plugin/docker.go b/plugin/docker.go
@@ -131,6 +131,10 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd {
 		args = append(args, "--label", arg)
 	}
 
+	if build.Provenance != "" {
+		args = append(args, "--provenance", build.Provenance)
+	}
+
 	return exec.Command(dockerExe, args...)
 }
 
diff --git a/plugin/impl.go b/plugin/impl.go
@@ -63,6 +63,7 @@ type Build struct {
 	Output       string          // Docker build output folder
 	NamedContext cli.StringSlice // Docker build named context
 	Labels       cli.StringSlice // Docker build labels
+	Provenance   string          // Docker build provenance attestation
 }
 
 // Settings for the Plugin.

Original file line number	Diff line number	Diff line change
`@@ -305,5 +305,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {`
`305`	`305`	`Destination: &settings.Build.Labels,`
`306`	`306`	`Category: category,`
`307`	`307`	`},`
	`308`	`+ &cli.StringFlag{`
	`309`	`+ Name: "provenance",`
	`310`	`+ EnvVars: []string{"PLUGIN_PROVENANCE"},`
	`311`	`+ Usage: "generates provenance attestation for the build",`
	`312`	`+ Destination: &settings.Build.Provenance,`
	`313`	`+ Category: category,`
	`314`	`+ },`
`308`	`315`	`}`
`309`	`316`	`}`
Original file line number	Diff line number	Diff line change
`@@ -131,6 +131,10 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd {`
`131`	`131`	`args = append(args, "--label", arg)`
`132`	`132`	`}`
`133`	`133`
	`134`	`+ if build.Provenance != "" {`
	`135`	`+ args = append(args, "--provenance", build.Provenance)`
	`136`	`+ }`
	`137`	`+`
`134`	`138`	`return exec.Command(dockerExe, args...)`
`135`	`139`	`}`
`136`	`140`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ type Build struct {`
`63`	`63`	`Output string // Docker build output folder`
`64`	`64`	`NamedContext cli.StringSlice // Docker build named context`
`65`	`65`	`Labels cli.StringSlice // Docker build labels`
	`66`	`+ Provenance string // Docker build provenance attestation`
`66`	`67`	`}`
`67`	`68`
`68`	`69`	`// Settings for the Plugin.`