Skip to content

Commit e22b5e2

Browse files
tianontianon
authored
Merge pull request #61 from LaurentGoderre/provenance-builder
Specify the builder id for provenance
2 parents 2084a63 + 8937e38 commit e22b5e2

File tree

3 files changed

+8
-2
lines changed

3 files changed

+8
-2
lines changed

.test/meta-commands/out.sh

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
# <build>
66
SOURCE_DATE_EPOCH=1700741054 \
77
docker buildx build --progress=plain \
8-
--provenance=mode=max \
8+
--provenance=mode=max,builder-id='https://github.com/docker-library' \
99
--output '"type=oci","dest=temp.tar"' \
1010
--annotation 'org.opencontainers.image.source=https://github.com/docker-library/docker.git#6d541d27b5dd12639e5a33a675ebca04d3837d74:24/cli' \
1111
--annotation 'org.opencontainers.image.revision=6d541d27b5dd12639e5a33a675ebca04d3837d74' \

doi.jq

+6
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,12 @@ def _sbom_subset:
151151
]
152152
;
153153

154+
# https://github.com/docker-library/meta-scripts/pull/61 (for lack of better documentation for setting this in buildkit)
155+
# https://slsa.dev/provenance/v0.2#builder.id
156+
def buildkit_provenance_builder_id:
157+
"https://github.com/docker-library"
158+
;
159+
154160
# input: "build" object (with "buildId" top level key)
155161
# output: boolean
156162
def build_should_sbom:

meta.jq

+1-1
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ def build_command:
141141
@sh "SOURCE_DATE_EPOCH=\(.source.entry.SOURCE_DATE_EPOCH)",
142142
# TODO EXPERIMENTAL_BUILDKIT_SOURCE_POLICY=<(jq ...)
143143
"docker buildx build --progress=plain",
144-
"--provenance=mode=max",
144+
@sh "--provenance=mode=max,builder-id=\(buildkit_provenance_builder_id)",
145145
if build_should_sbom then
146146
"--sbom=generator=\"$BASHBREW_BUILDKIT_SBOM_GENERATOR\""
147147
else empty end,

0 commit comments

Comments
 (0)