From 13328687d122a3dd28fb5f9aec5a5e82b6a26335 Mon Sep 17 00:00:00 2001 From: Kohki Makimoto Date: Wed, 25 Sep 2024 21:35:39 +0900 Subject: [PATCH 1/3] support the "provenance" option in the "builder" config --- lib/kamal/commands/builder/base.rb | 8 ++++++-- lib/kamal/configuration/builder.rb | 4 ++++ lib/kamal/configuration/docs/builder.yml | 6 ++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/kamal/commands/builder/base.rb b/lib/kamal/commands/builder/base.rb index 636fe4f4b..d551520be 100644 --- a/lib/kamal/commands/builder/base.rb +++ b/lib/kamal/commands/builder/base.rb @@ -6,7 +6,7 @@ class BuilderError < StandardError; end delegate :argumentize, to: Kamal::Utils delegate \ :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote, - :cache_from, :cache_to, :ssh, :driver, :docker_driver?, + :cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?, to: :builder_config def clean @@ -37,7 +37,7 @@ def inspect_builder end def build_options - [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ] + [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ] end def build_context @@ -97,6 +97,10 @@ def build_ssh argumentize "--ssh", ssh if ssh.present? end + def builder_provenance + argumentize "--provenance", provenance unless provenance.nil? + end + def builder_config config.builder end diff --git a/lib/kamal/configuration/builder.rb b/lib/kamal/configuration/builder.rb index a395e2283..d2f244db4 100644 --- a/lib/kamal/configuration/builder.rb +++ b/lib/kamal/configuration/builder.rb @@ -111,6 +111,10 @@ def ssh builder_config["ssh"] end + def provenance + builder_config["provenance"] + end + def git_clone? Kamal::Git.used? && builder_config["context"].nil? end diff --git a/lib/kamal/configuration/docs/builder.yml b/lib/kamal/configuration/docs/builder.yml index cdde194f5..2aefd0067 100644 --- a/lib/kamal/configuration/docs/builder.yml +++ b/lib/kamal/configuration/docs/builder.yml @@ -104,3 +104,9 @@ builder: # # The build driver to use, defaults to `docker-container` driver: docker + + # Provenance + # + # It is used to configure provenance attestations for the build result. + # The value can also be a boolean to enable or disable provenance attestations. + provenance: mode=max From c17bdba61ca1d32a8603e6d9cc1f736c848fc2ed Mon Sep 17 00:00:00 2001 From: Kohki Makimoto Date: Wed, 25 Sep 2024 23:24:37 +0900 Subject: [PATCH 2/3] add tests --- test/commands/builder_test.rb | 7 +++++++ test/configuration/builder_test.rb | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/test/commands/builder_test.rb b/test/commands/builder_test.rb index e5daddfd2..4e5e8046a 100644 --- a/test/commands/builder_test.rb +++ b/test/commands/builder_test.rb @@ -144,6 +144,13 @@ class CommandsBuilderTest < ActiveSupport::TestCase builder.push.join(" ") end + test "push with provenance" do + builder = new_builder_command(builder: { "provenance" => "mode=max" }) + assert_equal \ + "docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance mode=max .", + builder.push.join(" ") + end + test "mirror count" do command = new_builder_command assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ") diff --git a/test/configuration/builder_test.rb b/test/configuration/builder_test.rb index 53740ca84..545273b6a 100644 --- a/test/configuration/builder_test.rb +++ b/test/configuration/builder_test.rb @@ -134,6 +134,16 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase assert_equal "default=$SSH_AUTH_SOCK", config.builder.ssh end + test "provenance" do + assert_nil config.builder.provenance + end + + test "setting provenance" do + @deploy[:builder]["provenance"] = "mode=max" + + assert_equal "mode=max", config.builder.provenance + end + test "local disabled but no remote set" do @deploy[:builder]["local"] = false From 92d82dd1a78061b8992ea949ca81c722ef959aef Mon Sep 17 00:00:00 2001 From: Kohki Makimoto Date: Thu, 26 Sep 2024 05:50:51 +0900 Subject: [PATCH 3/3] test: If the provenance is false, output "--provenance false". --- test/commands/builder_test.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/commands/builder_test.rb b/test/commands/builder_test.rb index 4e5e8046a..be75d6fad 100644 --- a/test/commands/builder_test.rb +++ b/test/commands/builder_test.rb @@ -151,6 +151,13 @@ class CommandsBuilderTest < ActiveSupport::TestCase builder.push.join(" ") end + test "push with provenance false" do + builder = new_builder_command(builder: { "provenance" => false }) + assert_equal \ + "docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance false .", + builder.push.join(" ") + end + test "mirror count" do command = new_builder_command assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ")