buildx(bake): funcs to check attest set in bake definition

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-11-26 11:08:57 +01:00
parent 764a608ae0
commit 9c05197992
2 changed files with 140 additions and 0 deletions
--- a/tests/buildx/bake.test.ts
+++ b/tests/buildx/bake.test.ts
@@ -485,3 +485,113 @@ describe('hasGitAuthTokenSecret', () => {
    expect(Bake.hasGitAuthTokenSecret(def)).toEqual(expected);
  });
 });
+
+describe('hasProvenanceAttestation', () => {
+  // prettier-ignore
+  test.each([
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "provenance",
+                "mode": "max"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      true
+    ],
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "sbom"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      false
+    ],
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "sbom"
+              },
+              {
+                "type": "provenance",
+                "mode": "max"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      true
+    ]
+  ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => {
+    expect(Bake.hasProvenanceAttestation(def)).toEqual(expected);
+  });
+});
+
+describe('hasSBOMAttestation', () => {
+  // prettier-ignore
+  test.each([
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "provenance",
+                "mode": "max"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      false
+    ],
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "sbom"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      true
+    ],
+    [
+      {
+        "target": {
+          "build": {
+            "attest": [
+              {
+                "type": "sbom"
+              },
+              {
+                "type": "provenance",
+                "mode": "max"
+              }
+            ]
+          },
+        }
+      } as unknown as BakeDefinition,
+      true
+    ]
+  ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => {
+    expect(Bake.hasSBOMAttestation(def)).toEqual(expected);
+  });
+});
--- a/src/buildx/bake.ts
+++ b/src/buildx/bake.ts
@@ -424,4 +424,34 @@ export class Bake {
    }
    return false;
  }
+
+  public static hasProvenanceAttestation(def: BakeDefinition): boolean {
+    return Bake.hasAttestationType('provenance', Bake.attestations(def));
+  }
+
+  public static hasSBOMAttestation(def: BakeDefinition): boolean {
+    return Bake.hasAttestationType('sbom', Bake.attestations(def));
+  }
+
+  public static hasAttestationType(name: string, attestations: Array<AttestEntry>): boolean {
+    for (const attestation of attestations) {
+      if (attestation.type == name) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  private static attestations(def: BakeDefinition): Array<AttestEntry> {
+    const attestations = new Array<AttestEntry>();
+    for (const key in def.target) {
+      const target = def.target[key];
+      if (target.attest) {
+        for (const attest of target.attest) {
+          attestations.push(Bake.parseAttestEntry(attest));
+        }
+      }
+    }
+    return attestations;
+  }
 }