publicWagsHome
/
buildx
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

build: error on attests on non-multiplatform driver

Browse Source 
On drivers that do not support multi-platform builds (the default
`docker` driver), we do not support building attestations (unless using
the containerd store).

We need to check this feature before attempting to build using
attestations.

Also adds a test to ensure that attestations can be pushed to registries
at all, and that it adequately fails on the docker driver.

Signed-off-by: Justin Chadwell <me@jedevc.com>
pull/1988/head
Justin Chadwell 1 year ago
parent 13ec635988
commit e206c585bb
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
build/build.go
Unescape Escape View File

@ -454,7 +454,7 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt Op
attests[k] = *v attests[k] = *v
} }
} }
supportsAttestations := bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) supportsAttestations := bopts.LLBCaps.Contains(apicaps.CapID("exporter.image.attestations")) && nodeDriver.Features(ctx)[driver.MultiPlatform]
if len(attests) > 0 { if len(attests) > 0 {
if !supportsAttestations { if !supportsAttestations {
return nil, nil, errors.Errorf("attestations are not supported by the current buildkitd") return nil, nil, errors.Errorf("attestations are not supported by the current buildkitd")

35
tests/build.go
Unescape Escape View File

@ -35,6 +35,7 @@ var buildTests = []func(t *testing.T, sb integration.Sandbox){
testImageIDOutput, testImageIDOutput,
testBuildLocalExport, testBuildLocalExport,
testBuildRegistryExport, testBuildRegistryExport,
testBuildRegistryExportAttestations,
testBuildTarExport, testBuildTarExport,
testBuildMobyFromLocalImage, testBuildMobyFromLocalImage,
testBuildDetailsLink, testBuildDetailsLink,
@ -96,6 +97,40 @@ func testBuildRegistryExport(t *testing.T, sb integration.Sandbox) {
require.Equal(t, img.Layers[0]["bar"].Data, []byte("foo")) require.Equal(t, img.Layers[0]["bar"].Data, []byte("foo"))
} }
func testBuildRegistryExportAttestations(t *testing.T, sb integration.Sandbox) {
dir := createTestProject(t)
registry, err := sb.NewRegistry()
if errors.Is(err, integration.ErrRequirements) {
t.Skip(err.Error())
}
require.NoError(t, err)
target := registry + "/buildx/registry:latest"
out, err := buildCmd(sb, withArgs(fmt.Sprintf("--output=type=image,name=%s,push=true", target), "--provenance=true", dir))
if sb.Name() == "docker" {
require.Error(t, err)
require.Contains(t, out, "attestations are not supported")
return
}
require.NoError(t, err, string(out))
desc, provider, err := contentutil.ProviderFromRef(target)
require.NoError(t, err)
imgs, err := testutil.ReadImages(sb.Context(), provider, desc)
require.NoError(t, err)
pk := platforms.Format(platforms.Normalize(platforms.DefaultSpec()))
img := imgs.Find(pk)
require.NotNil(t, img)
require.Len(t, img.Layers, 1)
require.Equal(t, img.Layers[0]["bar"].Data, []byte("foo"))
att := imgs.FindAttestation(pk)
require.NotNil(t, att)
require.Len(t, att.Layers, 1)
}
func testImageIDOutput(t *testing.T, sb integration.Sandbox) { func testImageIDOutput(t *testing.T, sb integration.Sandbox) {
dockerfile := []byte(`FROM busybox:latest`) dockerfile := []byte(`FROM busybox:latest`)

Write Preview
Loading…
Cancel
Save