From 13e353b883140310c9c4d143118b9176a7659f35 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 12 Jan 2023 11:28:22 +0100 Subject: [PATCH] feat: add option to configure provenance attestation (#171) --- _docs/data/data.yaml | 5 +++++ cmd/drone-docker-buildx/config.go | 7 +++++++ plugin/docker.go | 4 ++++ plugin/impl.go | 1 + 4 files changed, 17 insertions(+) diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml index 3d4b8ef..fc341e2 100644 --- a/_docs/data/data.yaml +++ b/_docs/data/data.yaml @@ -255,3 +255,8 @@ properties: description: Labels to add to the image. type: list required: false + + - name: provenance + description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`). + type: string + required: false diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go index c51f39e..04db420 100644 --- a/cmd/drone-docker-buildx/config.go +++ b/cmd/drone-docker-buildx/config.go @@ -305,5 +305,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag { Destination: &settings.Build.Labels, Category: category, }, + &cli.StringFlag{ + Name: "provenance", + EnvVars: []string{"PLUGIN_PROVENANCE"}, + Usage: "generates provenance attestation for the build", + Destination: &settings.Build.Provenance, + Category: category, + }, } } diff --git a/plugin/docker.go b/plugin/docker.go index 7e08116..c505248 100644 --- a/plugin/docker.go +++ b/plugin/docker.go @@ -131,6 +131,10 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd { args = append(args, "--label", arg) } + if build.Provenance != "" { + args = append(args, "--provenance", build.Provenance) + } + return exec.Command(dockerExe, args...) } diff --git a/plugin/impl.go b/plugin/impl.go index cfd826a..2cb10bf 100644 --- a/plugin/impl.go +++ b/plugin/impl.go @@ -63,6 +63,7 @@ type Build struct { Output string // Docker build output folder NamedContext cli.StringSlice // Docker build named context Labels cli.StringSlice // Docker build labels + Provenance string // Docker build provenance attestation } // Settings for the Plugin.