solver: infer builder id from user input for provenance in build record #4833

crazy-max · 2024-04-11T13:26:05Z

Provenance set in build record does not currently set any builder id even if set through attestation attribute:

{
  "builder": {
    "id": ""
  },
  "buildType": "https://mobyproject.org/buildkit@v1",
  "materials": [
    {
      "uri": "pkg:docker/docker/dockerfile@1",
      "digest": {
        "sha256": "ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021"
      }
    },
    {
      "uri": "pkg:docker/golang@1.21-alpine?platform=linux%2Famd64",
      "digest": {
        "sha256": "cd5189337d797eac9e2299dc07096c598cd4f4f73f068a033402f3ded7a51714"
      }
    },
    {
      "uri": "pkg:docker/tonistiigi/xx@1.4.0?platform=linux%2Famd64",
      "digest": {
        "sha256": "0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4"
      }
    }
  ]
}

I think we can infer this value from user input and set it for the provenance in build record.

Tested in docker/buildx#2280:

docker buildx --builder builder bake binaries --provenance=mode=max,builder-id=foo --metadata-file md.json

{
  "binaries": {
    "buildx.build.provenance": {
      "builder": {
        "id": "foo"
      },
      "buildType": "https://mobyproject.org/buildkit@v1",
      "materials": [
        {
          "uri": "pkg:docker/docker/dockerfile@1",
          "digest": {
            "sha256": "dbbd5e059e8a07ff7ea6233b213b36aa516b4c53c645f1817a4dd18b83cbea56"
          }
        },
        {
          "uri": "pkg:docker/golang@1.21-alpine?platform=linux%2Famd64",
          "digest": {
            "sha256": "ed8ce6c22dd111631c062218989d17ab4b46b503cbe9a9cfce1517836e65298a"
          }
        },
        {
          "uri": "pkg:docker/tonistiigi/xx@1.4.0?platform=linux%2Famd64",
          "digest": {
            "sha256": "0cd3f05c72d6c9b038eb135f91376ee1169ef3a330d34e418e65e2a5c2e9c0d4"
          }
        }
      ],
      "invocation": {
        "configSource": {},
        "parameters": {
          "frontend": "gateway.v0",
          "args": {
            "build-arg:BUILDKIT_CONTEXT_KEEP_GIT_DIR": "1",
            "cmdline": "docker/dockerfile:1",
            "source": "docker/dockerfile:1",
            "target": "binaries"
          },
          "locals": [
            {
              "name": "context"
            },
            {
              "name": "dockerfile"
            }
          ]
        },
        "environment": {
          "platform": "linux/amd64"
        }
      }
    },
    "buildx.build.ref": "builder/builder0/q0t86tpf1cn2tlzzfilcj1qa1"
  }
}

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

solver: infer builder id from user input for provenance in build record

8769cd5

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

crazy-max requested a review from tonistiigi April 11, 2024 13:26

crazy-max marked this pull request as ready for review April 11, 2024 13:26

tonistiigi approved these changes Apr 12, 2024

View reviewed changes

tonistiigi merged commit 3fd813c into moby:master Apr 12, 2024
72 checks passed

crazy-max deleted the provenance-infer-builder-id branch April 12, 2024 21:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

solver: infer builder id from user input for provenance in build record #4833

solver: infer builder id from user input for provenance in build record #4833

crazy-max commented Apr 11, 2024 •

edited

Loading

solver: infer builder id from user input for provenance in build record #4833

solver: infer builder id from user input for provenance in build record #4833

Conversation

crazy-max commented Apr 11, 2024 • edited Loading

crazy-max commented Apr 11, 2024 •

edited

Loading