Merge pull request #1501 from tonistiigi/v0.10-picks

[v0.10] cherry-picks
2 years ago · 8764628976
parent 7fcea64eb4 583fe71740
commit 8764628976
8 changed files with 171 additions and 201 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -21,8 +21,8 @@ on:
      - 'docs/**'
 env:
-  BUILDX_VERSION: "v0.10.0-rc1"
+  BUILDX_VERSION: "v0.10.0-rc3"
-  BUILDKIT_IMAGE: "moby/buildkit:v0.11.0-rc3"
+  BUILDKIT_IMAGE: "moby/buildkit:v0.11.0"
  REPO_SLUG: "docker/buildx-bin"
  DESTDIR: "./bin"
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-# syntax=docker/dockerfile-upstream:master
+# syntax=docker/dockerfile-upstream:1.5.0
 ARG GO_VERSION=1.19
 ARG XX_VERSION=1.1.2
--- a/docs/reference/buildx_imagetools_inspect.md
+++ b/docs/reference/buildx_imagetools_inspect.md
@ -287,22 +287,11 @@ $ docker buildx imagetools inspect moby/buildkit:master --format "{{json .Manife
 Following command provides [SLSA](https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-provenance.md) JSON output:
 ```console
-$ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SLSA}}"
+$ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .Provenance}}"
 ```
 ```json
 {
-  "Provenance": {
+  "SLSA": {
    "_type": "https://in-toto.io/Statement/v0.1",
    "predicateType": "https://slsa.dev/provenance/v0.2",
    "subject": [
      {
        "name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
        "digest": {
          "sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
        }
      }
    ],
    "predicate": {
    "builder": {
      "id": ""
    },
@ -352,7 +341,6 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SL
    }
  }
 }
 }
 ```
 Following command provides [SBOM](https://github.com/moby/buildkit/blob/master/docs/attestations/sbom.md) JSON output:
@ -363,17 +351,6 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SB
 ```json
 {
  "SPDX": {
    "_type": "https://in-toto.io/Statement/v0.1",
    "predicateType": "https://spdx.dev/Document",
    "subject": [
      {
        "name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
        "digest": {
          "sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
        }
      }
    ],
    "predicate": {
    "SPDXID": "SPDXRef-DOCUMENT",
    "creationInfo": {
      "created": "2022-12-01T11:46:48.063400162Z",
@ -390,7 +367,6 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .SB
    "spdxVersion": "SPDX-2.2"
  }
 }
 }
 ```
 ```console
@ -465,19 +441,8 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .}}
      }
    ]
  },
  "SLSA": {
  "Provenance": {
-      "_type": "https://in-toto.io/Statement/v0.1",
+    "SLSA": {
      "predicateType": "https://slsa.dev/provenance/v0.2",
      "subject": [
        {
          "name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
          "digest": {
            "sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
          }
        }
      ],
      "predicate": {
      "builder": {
        "id": ""
      },
@ -526,21 +491,9 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .}}
        "https://mobyproject.org/buildkit@v1#metadata": {}
      }
    }
    }
  },
  "SBOM": {
    "SPDX": {
      "_type": "https://in-toto.io/Statement/v0.1",
      "predicateType": "https://spdx.dev/Document",
      "subject": [
        {
          "name": "pkg:docker/crazymax/buildkit@attest?platform=linux%2Famd64",
          "digest": {
            "sha256": "fbd10fe50b4b174bb9ea273e2eb9827fa8bf5c88edd8635a93dc83e0d1aecb55"
          }
        }
      ],
      "predicate": {
      "SPDXID": "SPDXRef-DOCUMENT",
      "creationInfo": {
        "created": "2022-12-01T11:46:48.063400162Z",
@ -558,7 +511,6 @@ $ docker buildx imagetools inspect crazymax/buildkit:attest --format "{{json .}}
    }
  }
 }
 }
 ```
 #### Multi-platform
--- a/go.mod
+++ b/go.mod
@ -16,7 +16,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/hashicorp/go-cty-funcs v0.0.0-20200930094925-2721b1e36840
 	github.com/hashicorp/hcl/v2 v2.8.2
-	github.com/moby/buildkit v0.11.0-rc4
+	github.com/moby/buildkit v0.11.0
 	github.com/moby/sys/mountinfo v0.6.2
 	github.com/morikuni/aec v1.0.0
 	github.com/opencontainers/go-digest v1.0.0
--- a/go.sum
+++ b/go.sum
@ -401,8 +401,8 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/moby/buildkit v0.11.0-rc4 h1:PxvzcqZn2IOrMzIS2nEqRQxk67xeSQnhdYxEj0YQuLM=
+github.com/moby/buildkit v0.11.0 h1:GqBC/ETDqwdu61g4tCxX1GFZuGWg/nuqFxamb2or1dw=
-github.com/moby/buildkit v0.11.0-rc4/go.mod h1:v43oa6H2Fx/cdzc7j0UlUu8p6188yy1P3vrujAs99uw=
+github.com/moby/buildkit v0.11.0/go.mod h1:v43oa6H2Fx/cdzc7j0UlUu8p6188yy1P3vrujAs99uw=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
--- a/util/imagetools/loader.go
+++ b/util/imagetools/loader.go
@ -48,7 +48,7 @@ type index struct {
 type asset struct {
 	config     *ocispec.Image
 	sbom       *sbomStub
-	slsa   *slsaStub
+	provenance *provenanceStub
 }
 type result struct {
@ -255,7 +255,8 @@ func (l *loader) scanConfig(ctx context.Context, fetcher remotes.Fetcher, desc o
 }
 type sbomStub struct {
-	SPDX json.RawMessage `json:",omitempty"`
+	SPDX            interface{}   `json:",omitempty"`
 	AdditionalSPDXs []interface{} `json:",omitempty"`
 }
 func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@ -275,8 +276,18 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
 				if err != nil {
 					return err
 				}
-				as.sbom = &sbomStub{
+				var spdx struct {
-					SPDX: dt,
+					Predicate interface{} `json:"predicate"`
 				}
 				if err := json.Unmarshal(dt, &spdx); err != nil {
 					return err
 				}
 				if as.sbom == nil {
 					as.sbom = &sbomStub{}
 					as.sbom.SPDX = spdx.Predicate
 				} else {
 					as.sbom.AdditionalSPDXs = append(as.sbom.AdditionalSPDXs, spdx.Predicate)
 				}
 			}
 		}
@ -284,8 +295,8 @@ func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *resul
 	return nil
 }
-type slsaStub struct {
+type provenanceStub struct {
-	Provenance json.RawMessage `json:",omitempty"`
+	SLSA interface{} `json:",omitempty"`
 }
 func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
@ -305,9 +316,16 @@ func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r
 				if err != nil {
 					return err
 				}
-				as.slsa = &slsaStub{
+				var slsa struct {
-					Provenance: dt,
+					Predicate interface{} `json:"predicate"`
 				}
 				if err := json.Unmarshal(dt, &slsa); err != nil {
 					return err
 				}
 				as.provenance = &provenanceStub{
 					SLSA: slsa.Predicate,
 				}
 				break
 			}
 		}
 	}
@ -328,16 +346,16 @@ func (r *result) Configs() map[string]*ocispec.Image {
 	return res
 }
-func (r *result) SLSA() map[string]slsaStub {
+func (r *result) Provenance() map[string]provenanceStub {
 	if len(r.assets) == 0 {
 		return nil
 	}
-	res := make(map[string]slsaStub)
+	res := make(map[string]provenanceStub)
 	for p, a := range r.assets {
-		if a.slsa == nil {
+		if a.provenance == nil {
 			continue
 		}
-		res[p] = *a.slsa
+		res[p] = *a.provenance
 	}
 	return res
 }
--- a/util/imagetools/printers.go
+++ b/util/imagetools/printers.go
@ -99,7 +99,7 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
 	}
 	imageconfigs := res.Configs()
-	slsas := res.SLSA()
+	provenances := res.Provenance()
 	sboms := res.SBOM()
 	format := tpl.Root.String()
@ -146,13 +146,13 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
 				Name       string                     `json:"name,omitempty"`
 				Manifest   interface{}                `json:"manifest,omitempty"`
 				Image      map[string]*ocispecs.Image `json:"image,omitempty"`
-				SLSA     map[string]slsaStub        `json:"SLSA,omitempty"`
+				Provenance map[string]provenanceStub  `json:"Provenance,omitempty"`
 				SBOM       map[string]sbomStub        `json:"SBOM,omitempty"`
 			}{
 				Name:       p.name,
 				Manifest:   mfst,
 				Image:      imageconfigs,
-				SLSA:     slsas,
+				Provenance: provenances,
 				SBOM:       sboms,
 			})
 		}
@ -160,9 +160,9 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
 		for _, v := range imageconfigs {
 			ic = v
 		}
-		var slsa slsaStub
+		var provenance provenanceStub
-		for _, v := range slsas {
+		for _, v := range provenances {
-			slsa = v
+			provenance = v
 		}
 		var sbom sbomStub
 		for _, v := range sboms {
@ -172,13 +172,13 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
 			Name       string          `json:"name,omitempty"`
 			Manifest   interface{}     `json:"manifest,omitempty"`
 			Image      *ocispecs.Image `json:"image,omitempty"`
-			SLSA     slsaStub        `json:"SLSA,omitempty"`
+			Provenance provenanceStub  `json:"Provenance,omitempty"`
 			SBOM       sbomStub        `json:"SBOM,omitempty"`
 		}{
 			Name:       p.name,
 			Manifest:   mfst,
 			Image:      ic,
-			SLSA:     slsa,
+			Provenance: provenance,
 			SBOM:       sbom,
 		})
 	}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -433,7 +433,7 @@ github.com/mitchellh/go-wordwrap
 # github.com/mitchellh/mapstructure v1.5.0
 ## explicit; go 1.14
 github.com/mitchellh/mapstructure
-# github.com/moby/buildkit v0.11.0-rc4
+# github.com/moby/buildkit v0.11.0
 ## explicit; go 1.18
 github.com/moby/buildkit/api/services/control
 github.com/moby/buildkit/api/types