From 9c0519799216f0173d2a50594f3c8b8e33fc8b81 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 26 Nov 2025 11:08:57 +0100 Subject: [PATCH] buildx(bake): funcs to check attest set in bake definition Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- __tests__/buildx/bake.test.ts | 110 ++++++++++++++++++++++++++++++++++ src/buildx/bake.ts | 30 ++++++++++ 2 files changed, 140 insertions(+) diff --git a/__tests__/buildx/bake.test.ts b/__tests__/buildx/bake.test.ts index 873231a..72ee6cf 100644 --- a/__tests__/buildx/bake.test.ts +++ b/__tests__/buildx/bake.test.ts @@ -485,3 +485,113 @@ describe('hasGitAuthTokenSecret', () => { expect(Bake.hasGitAuthTokenSecret(def)).toEqual(expected); }); }); + +describe('hasProvenanceAttestation', () => { + // prettier-ignore + test.each([ + [ + { + "target": { + "build": { + "attest": [ + { + "type": "provenance", + "mode": "max" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ], + [ + { + "target": { + "build": { + "attest": [ + { + "type": "sbom" + } + ] + }, + } + } as unknown as BakeDefinition, + false + ], + [ + { + "target": { + "build": { + "attest": [ + { + "type": "sbom" + }, + { + "type": "provenance", + "mode": "max" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ] + ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => { + expect(Bake.hasProvenanceAttestation(def)).toEqual(expected); + }); +}); + +describe('hasSBOMAttestation', () => { + // prettier-ignore + test.each([ + [ + { + "target": { + "build": { + "attest": [ + { + "type": "provenance", + "mode": "max" + } + ] + }, + } + } as unknown as BakeDefinition, + false + ], + [ + { + "target": { + "build": { + "attest": [ + { + "type": "sbom" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ], + [ + { + "target": { + "build": { + "attest": [ + { + "type": "sbom" + }, + { + "type": "provenance", + "mode": "max" + } + ] + }, + } + } as unknown as BakeDefinition, + true + ] + ])('given %o returns %p', async (def: BakeDefinition, expected: boolean) => { + expect(Bake.hasSBOMAttestation(def)).toEqual(expected); + }); +}); diff --git a/src/buildx/bake.ts b/src/buildx/bake.ts index 36cc0cd..110a690 100644 --- a/src/buildx/bake.ts +++ b/src/buildx/bake.ts @@ -424,4 +424,34 @@ export class Bake { } return false; } + + public static hasProvenanceAttestation(def: BakeDefinition): boolean { + return Bake.hasAttestationType('provenance', Bake.attestations(def)); + } + + public static hasSBOMAttestation(def: BakeDefinition): boolean { + return Bake.hasAttestationType('sbom', Bake.attestations(def)); + } + + public static hasAttestationType(name: string, attestations: Array): boolean { + for (const attestation of attestations) { + if (attestation.type == name) { + return true; + } + } + return false; + } + + private static attestations(def: BakeDefinition): Array { + const attestations = new Array(); + for (const key in def.target) { + const target = def.target[key]; + if (target.attest) { + for (const attest of target.attest) { + attestations.push(Bake.parseAttestEntry(attest)); + } + } + } + return attestations; + } }