Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add provenance option #972

Merged
merged 3 commits into from
Oct 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions lib/kamal/commands/builder/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ class BuilderError < StandardError; end
delegate :argumentize, to: Kamal::Utils
delegate \
:args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
:cache_from, :cache_to, :ssh, :driver, :docker_driver?,
:cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?,
to: :builder_config

def clean
Expand Down Expand Up @@ -37,7 +37,7 @@ def inspect_builder
end

def build_options
[ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ]
[ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ]
end

def build_context
Expand Down Expand Up @@ -97,6 +97,10 @@ def build_ssh
argumentize "--ssh", ssh if ssh.present?
end

def builder_provenance
argumentize "--provenance", provenance unless provenance.nil?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
argumentize "--provenance", provenance unless provenance.nil?
argumentize "--provenance", provenance if provenance.present?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intentional design, because if provenance is false, it should output the --provenance false option. It should only skip outputting --provenance … if provenance is nil.

end

def builder_config
config.builder
end
Expand Down
4 changes: 4 additions & 0 deletions lib/kamal/configuration/builder.rb
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,10 @@ def ssh
builder_config["ssh"]
end

def provenance
builder_config["provenance"]
end

def git_clone?
Kamal::Git.used? && builder_config["context"].nil?
end
Expand Down
6 changes: 6 additions & 0 deletions lib/kamal/configuration/docs/builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -104,3 +104,9 @@ builder:
#
# The build driver to use, defaults to `docker-container`
driver: docker

# Provenance
#
# It is used to configure provenance attestations for the build result.
# The value can also be a boolean to enable or disable provenance attestations.
provenance: mode=max
14 changes: 14 additions & 0 deletions test/commands/builder_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,20 @@ class CommandsBuilderTest < ActiveSupport::TestCase
builder.push.join(" ")
end

test "push with provenance" do
builder = new_builder_command(builder: { "provenance" => "mode=max" })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance mode=max .",
builder.push.join(" ")
end

test "push with provenance false" do
builder = new_builder_command(builder: { "provenance" => false })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance false .",
builder.push.join(" ")
end

test "mirror count" do
command = new_builder_command
assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ")
Expand Down
10 changes: 10 additions & 0 deletions test/configuration/builder_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,16 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
assert_equal "default=$SSH_AUTH_SOCK", config.builder.ssh
end

test "provenance" do
assert_nil config.builder.provenance
end

test "setting provenance" do
@deploy[:builder]["provenance"] = "mode=max"

assert_equal "mode=max", config.builder.provenance
end

test "local disabled but no remote set" do
@deploy[:builder]["local"] = false

Expand Down
Loading