feat: add option to configure provenance

gperdomor · Mar 21, 2024 · 914b361 · 914b361
1 parent 6afafb1
commit 914b361
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 0 deletions.
diff --git a/packages/nx-container/src/executors/build/context.ts b/packages/nx-container/src/executors/build/context.ts
@@ -29,6 +29,7 @@ export interface Inputs {
   noCacheFilters: string[];
   outputs: string[];
   platforms: string[];
+  provenance: string;
   pull: boolean;
   push: boolean;
   secretFiles: string[];
@@ -85,6 +86,7 @@ export async function getInputs(
     noCacheFilters: await getInputList('no-cache-filters', prefix, options['no-cache-filters']),
     outputs: await getInputList('outputs', prefix, options.outputs, true),
     platforms: await getInputList('platforms', prefix, options.platforms),
+    provenance: core.getInput('provenance'),
     pull: core.getBooleanInput('pull', { fallback: `${options.pull || false}` }),
     push: core.getBooleanInput('push', { fallback: `${options.push || false}` }),
     secretFiles: await getInputList('secret-files', prefix, options['secret-files'], true),

diff --git a/packages/nx-container/src/executors/build/engines/docker/docker.engine.ts b/packages/nx-container/src/executors/build/engines/docker/docker.engine.ts
@@ -161,6 +161,9 @@ export class Docker extends EngineAdapter {
     if (inputs.platforms.length > 0) {
       args.push('--platform', inputs.platforms.join(','));
     }
+    if (inputs.provenance) {
+      args.push('--provenance', inputs.provenance);
+    }
     await asyncForEach(inputs.secrets, async (secret) => {
       try {
         args.push('--secret', await buildx.getSecretString(secret));

diff --git a/packages/nx-container/src/executors/build/schema.d.ts b/packages/nx-container/src/executors/build/schema.d.ts
@@ -68,6 +68,10 @@ export interface DockerBuildSchema {
    * List of target platforms for build
    */
   platforms?: string[];
+  /**
+   * Change or disable provenance attestations for the build result
+   */
+  provenance?: string;
   /**
    * Always attempt to pull a newer version of the image (default false)
    */

diff --git a/packages/nx-container/src/executors/build/schema.json b/packages/nx-container/src/executors/build/schema.json
@@ -116,6 +116,10 @@
       },
       "description": "List of target platforms for build"
     },
+    "provenance": {
+      "type": "string",
+      "description": "Change or disable provenance attestations for the build result"
+    },
     "pull": {
       "type": "boolean",
       "description": "Always attempt to pull a newer version of the image (default false)",