Skip to content

Conversation

@willmurphyscode
Copy link
Contributor

When doing local dev on this repo, I find myself wanting to use a locally built syft. Previously, --pull always was passed to docker, meaning that my locally build anchore/syft:latest would get overridden. I could edit the taskfile to use a different image, but then I have local git diff that's part of my workflow that I don't mean to commit, and I hate doing that.

here's what I've been using to regenerate capabilities sections, but the critical portion:

# Use local Syft build and enable experimental cataloger info command
export DOCKER_PULL_POLICY=never
export SYFT_EXP_CAPABILITIES=true

doesn't work without this change.

#!/usr/bin/env bash
set -euo pipefail

# This script regenerates ONLY the capability documentation tables
# using the locally built Syft image with experimental features enabled.
#
# The capability tables document:
# - Package capabilities (license detection, dependencies, file listings, etc.)
# - Vulnerability capabilities (match types, data sources, etc.)

SYFT_DIR="../syft"
OSS_DOCS_DIR="$(pwd)"

echo "=========================================="
echo "Rebuilding Syft from source..."
echo "=========================================="

cd "$SYFT_DIR"

# Build syft binary for Linux arm64 only (much faster than building all platforms)
echo "Running: task clean-snapshot"
task clean-snapshot

# Ensure old binary is deleted
rm -f snapshot/syft

echo "Building Linux arm64 binary..."
VERSION=$(git describe --tags --always --dirty)
COMMIT=$(git rev-parse HEAD)
BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)

GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build \
  -ldflags="-w -s -X main.version=${VERSION} -X main.gitCommit=${COMMIT} -X main.buildDate=${BUILD_DATE}" \
  -o snapshot/syft ./cmd/syft

echo "Built version: ${VERSION}"

# Build docker image for arm64 (--no-cache ensures fresh binary is used)
echo "Building Docker image for arm64..."
docker build --no-cache --platform linux/arm64 -t anchore/syft:latest -f Dockerfile \
  --build-arg BUILD_DATE="${BUILD_DATE}" \
  --build-arg BUILD_VERSION="${VERSION}" \
  --build-arg VCS_REF="${COMMIT}" \
  --build-arg VCS_URL="https://github.com/anchore/syft" \
  snapshot

echo "Docker image built successfully as anchore/syft:latest"

echo ""
echo "=========================================="
echo "Regenerating capability documentation..."
echo "=========================================="
echo ""
echo "This will update files in:"
echo "  - content/docs/capabilities/snippets/"
echo ""

cd "$OSS_DOCS_DIR"

# Use local Syft build and enable experimental cataloger info command
export DOCKER_PULL_POLICY=never
export SYFT_EXP_CAPABILITIES=true

# Regenerate package capability tables
echo "Generating package capability tables..."
uv run ./src/generate_capability_package_tables.py --update

# Regenerate vulnerability capability tables
echo "Generating vulnerability capability tables..."
uv run ./src/generate_capability_vulnerability_tables.py --update

echo ""
echo "=========================================="
echo "Done!"
echo "=========================================="
echo ""
echo "Files updated. Review changes with:"
echo "  git diff content/docs/capabilities/"

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants