buildx(build): resolveProvenance from metadata

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-11-23 03:16:09 +08:00 · 2024-06-14 12:24:38 +02:00 · 2024-06-14 12:24:38 +02:00 · e266e3e984
commit e266e3e984
parent 1b7201d572
4 changed files with 74 additions and 8 deletions
--- a/tests/buildx/build.test.ts
+++ b/tests/buildx/build.test.ts
@ -22,17 +22,11 @@ import * as rimraf from 'rimraf';
 import {Context} from '../../src/context';
 import {Build} from '../../src/buildx/build';

-import {BuildMetadata} from '../../src/types/buildx/build';
-
 const fixturesDir = path.join(__dirname, '..', 'fixtures');
 // prettier-ignore
 const tmpDir = path.join(process.env.TEMP || '/tmp', 'buildx-inputs-jest');
 const tmpName = path.join(tmpDir, '.tmpname-jest');
-const metadata: BuildMetadata = {
-  'buildx.build.ref': 'default/default/n6ibcp9b2pw108rrz7ywdznvo',
-  'containerimage.config.digest': 'sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd',
-  'containerimage.digest': 'sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c'
-};
+const metadata = JSON.parse(fs.readFileSync(path.join(fixturesDir, 'metadata.json'), 'utf-8'));

 jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
  if (!fs.existsSync(tmpDir)) {
@ -78,6 +72,18 @@ describe('resolveRef', () => {
  });
 });

+describe('resolveProvenance', () => {
+  it('matches', async () => {
+    const build = new Build();
+    fs.writeFileSync(build.getMetadataFilePath(), JSON.stringify(metadata));
+    const provenance = build.resolveProvenance();
+    expect(provenance).toBeDefined();
+    expect(provenance?.buildType).toEqual('https://mobyproject.org/buildkit@v1');
+    expect(provenance?.materials).toBeDefined();
+    expect(provenance?.materials?.length).toEqual(2);
+  });
+});
+
 describe('resolveDigest', () => {
  it('matches', async () => {
    const build = new Build();
--- a/tests/fixtures/metadata.json
+++ b/tests/fixtures/metadata.json
@ -0,0 +1,45 @@
+{
+  "buildx.build.provenance": {
+    "buildType": "https://mobyproject.org/buildkit@v1",
+    "materials": [
+      {
+        "uri": "pkg:docker/docker/dockerfile-upstream@master",
+        "digest": {
+          "sha256": "70433342168dafa34d11bd7236c3c3fcf448b90539733281711050808f32e835"
+        }
+      },
+      {
+        "uri": "pkg:docker/busybox@latest?platform=linux%2Famd64",
+        "digest": {
+          "sha256": "9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7"
+        }
+      }
+    ],
+    "invocation": {
+      "configSource": {
+        "entryPoint": "Dockerfile"
+      },
+      "parameters": {
+        "frontend": "gateway.v0",
+        "args": {
+          "cmdline": "docker/dockerfile-upstream:master",
+          "source": "docker/dockerfile-upstream:master"
+        },
+        "locals": [
+          {
+            "name": "context"
+          },
+          {
+            "name": "dockerfile"
+          }
+        ]
+      },
+      "environment": {
+        "platform": "linux/amd64"
+      }
+    }
+  },
+  "buildx.build.ref": "default/default/n6ibcp9b2pw108rrz7ywdznvo",
+  "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd",
+  "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
+}
--- a/src/buildx/build.ts
+++ b/src/buildx/build.ts
@ -25,6 +25,7 @@ import {GitHub} from '../github';
 import {Util} from '../util';

 import {BuildMetadata} from '../types/buildx/build';
+import {ProvenancePredicate} from '../types/intoto/slsa_provenance/v0.2/provenance';

 export interface BuildOpts {
  buildx?: Buildx;
@ -82,6 +83,19 @@ export class Build {
    return undefined;
  }

+  public resolveProvenance(metadata?: BuildMetadata): ProvenancePredicate | undefined {
+    if (!metadata) {
+      metadata = this.resolveMetadata();
+      if (!metadata) {
+        return undefined;
+      }
+    }
+    if ('buildx.build.provenance' in metadata) {
+      return metadata['buildx.build.provenance'] as ProvenancePredicate;
+    }
+    return undefined;
+  }
+
  public resolveDigest(metadata?: BuildMetadata): string | undefined {
    if (!metadata) {
      metadata = this.resolveMetadata();
--- a/src/types/buildx/build.ts
+++ b/src/types/buildx/build.ts
@ -15,5 +15,6 @@
 */

 export type BuildMetadata = {
-  [key: string]: string;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  [key: string]: any;
 };