feat: add option to configure provenance attestation (#171)

_docs/data/data.yaml

@@ -255,3 +255,8 @@ properties:
     description: Labels to add to the image.
     type: list
     required: false
+
+  - name: provenance
+    description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`).
+    type: string
+    required: false

cmd/drone-docker-buildx/config.go

@@ -305,5 +305,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.Labels,
 			Category:    category,
 		},
+		&cli.StringFlag{
+			Name:        "provenance",
+			EnvVars:     []string{"PLUGIN_PROVENANCE"},
+			Usage:       "generates provenance attestation for the build",
+			Destination: &settings.Build.Provenance,
+			Category:    category,
+		},
 	}
 }

plugin/docker.go

@@ -131,6 +131,10 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd {
 		args = append(args, "--label", arg)
 	}
 
+	if build.Provenance != "" {
+		args = append(args, "--provenance", build.Provenance)
+	}
+
 	return exec.Command(dockerExe, args...)
 }
 

plugin/impl.go

@@ -63,6 +63,7 @@ type Build struct {
 	Output       string          // Docker build output folder
 	NamedContext cli.StringSlice // Docker build named context
 	Labels       cli.StringSlice // Docker build labels
+	Provenance   string          // Docker build provenance attestation
 }
 
 // Settings for the Plugin.