mirror of
https://github.com/docker/build-push-action.git
synced 2024-11-22 08:10:59 -05:00
provenance: set mode max and builder-id for public repos by default
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
ed2672fc33
commit
26ce4f3617
2 changed files with 23 additions and 3 deletions
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
|
@ -529,9 +529,7 @@ jobs:
|
||||||
file: ./test/go/Dockerfile
|
file: ./test/go/Dockerfile
|
||||||
target: ${{ matrix.target }}
|
target: ${{ matrix.target }}
|
||||||
outputs: ${{ matrix.output }}
|
outputs: ${{ matrix.output }}
|
||||||
attests: |
|
sbom: true
|
||||||
type=sbom
|
|
||||||
type=provenance,mode=max,builder-id=https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}
|
|
||||||
cache-from: type=gha,scope=attests-${{ matrix.target }}
|
cache-from: type=gha,scope=attests-${{ matrix.target }}
|
||||||
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
|
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
|
||||||
-
|
-
|
||||||
|
|
|
@ -164,6 +164,10 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, context: str
|
||||||
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
|
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
|
||||||
if (inputs.provenance) {
|
if (inputs.provenance) {
|
||||||
args.push('--provenance', inputs.provenance);
|
args.push('--provenance', inputs.provenance);
|
||||||
|
} else if (fromPayload('repository.private') !== false) {
|
||||||
|
args.push('--provenance', `mode=min,inline-only=true`);
|
||||||
|
} else {
|
||||||
|
args.push('--provenance', `mode=max,builder-id=${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`);
|
||||||
}
|
}
|
||||||
if (inputs.sbom) {
|
if (inputs.sbom) {
|
||||||
args.push('--sbom', inputs.sbom);
|
args.push('--sbom', inputs.sbom);
|
||||||
|
@ -264,3 +268,21 @@ export const asyncForEach = async (array, callback) => {
|
||||||
await callback(array[index], index, array);
|
await callback(array[index], index, array);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||||
|
function fromPayload(path: string): any {
|
||||||
|
return select(github.context.payload, path);
|
||||||
|
}
|
||||||
|
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||||
|
function select(obj: any, path: string): any {
|
||||||
|
if (!obj) {
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
|
const i = path.indexOf('.');
|
||||||
|
if (i < 0) {
|
||||||
|
return obj[path];
|
||||||
|
}
|
||||||
|
const key = path.slice(0, i);
|
||||||
|
return select(obj[key], path.slice(i + 1));
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue