docker/bake-action
1
0
Fork 0
mirror of https://git.flexiblyrigid.au/actions/bake-action.git synced 2025-12-06 07:48:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

check provenance attestation set in bake definition before overriding

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2025-11-26 12:02:17 +01:00
parent 41c10f2beb
commit 8ba51ac4ee
5 changed files with 79 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
__tests__/context.test.ts
View File

@@ -218,7 +218,9 @@ describe('getArgs', () => {
[
'bake',
'--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
],
undefined
],
@@ -311,7 +313,9 @@ describe('getArgs', () => {
'--set', '*.platform=linux/amd64,linux/ppc64le,linux/s390x',
'--set', `*.output=type=image,"name=moby/buildkit:v0.11.0,moby/buildkit:latest",push=true`,
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all'
],
undefined
@@ -332,7 +336,9 @@ describe('getArgs', () => {
'bake',
'--set', `*.labels.foo=bar=#baz`,
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'image-all'
],
undefined
@@ -352,7 +358,9 @@ describe('getArgs', () => {
'https://github.com/docker/build-push-action.git#refs/heads/master',
'--file', './foo.hcl',
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
],
undefined
],
@@ -371,7 +379,9 @@ describe('getArgs', () => {
'bake',
'--allow', 'network.host',
'--metadata-file', metadataJson,
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
],
undefined
],
@@ -391,7 +401,9 @@ describe('getArgs', () => {
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
'--file', './foo.hcl',
'--metadata-file', metadataJson,
'--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
'--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
],
undefined
],