Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
d71b84aad5 | ||
|
|
ea05649ce1 | ||
|
|
012ae0603d | ||
|
|
6194cf96c1 | ||
|
|
e804b694a2 | ||
|
|
d2a882884d | ||
|
|
d820ad4123 | ||
|
|
a5d905690f | ||
|
|
6233293ae6 | ||
|
|
9d10fe0e06 | ||
|
|
a8dc8088d4 | ||
|
|
4bc2c14908 | ||
|
|
ad2312d5f1 | ||
|
|
21e2b75b0b | ||
|
|
4d926d8b7b | ||
|
|
293c3cdcfe | ||
|
|
17071615a7 | ||
|
|
0cc9e68b03 | ||
|
|
b732db2937 | ||
|
|
8696544f14 | ||
|
|
d92ed04680 | ||
|
|
3bb4ae38ea |
2
.github/workflows/publish.yml
vendored
2
.github/workflows/publish.yml
vendored
@@ -53,7 +53,7 @@ jobs:
|
||||
npm publish --provenance --access public
|
||||
-
|
||||
name: Create Release
|
||||
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
|
||||
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
|
||||
with:
|
||||
draft: true
|
||||
generate_release_notes: true
|
||||
|
||||
@@ -22,6 +22,9 @@ import * as rimraf from 'rimraf';
|
||||
|
||||
import {Context} from '../../src/context.js';
|
||||
import {Build} from '../../src/buildx/build.js';
|
||||
import {Buildx} from '../../src/buildx/buildx.js';
|
||||
|
||||
import {GitContextFormat} from '../../src/types/buildx/build.js';
|
||||
|
||||
const fixturesDir = path.join(__dirname, '..', '.fixtures');
|
||||
const tmpDir = fs.mkdtempSync(path.join(process.env.TEMP || os.tmpdir(), 'buildx-build-'));
|
||||
@@ -41,6 +44,88 @@ afterEach(() => {
|
||||
rimraf.sync(tmpDir);
|
||||
});
|
||||
|
||||
describe('gitContext', () => {
|
||||
const originalEnv = process.env;
|
||||
beforeEach(() => {
|
||||
vi.resetModules();
|
||||
process.env = {
|
||||
...originalEnv,
|
||||
DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF: '',
|
||||
BUILDX_SEND_GIT_QUERY_AS_INPUT: ''
|
||||
};
|
||||
});
|
||||
afterEach(() => {
|
||||
process.env = originalEnv;
|
||||
});
|
||||
|
||||
type GitContextTestCase = {
|
||||
ref: string;
|
||||
format: GitContextFormat | undefined;
|
||||
prHeadRef: boolean;
|
||||
sendGitQueryAsInput: boolean;
|
||||
buildxQuerySupport: boolean;
|
||||
subdir?: string;
|
||||
keepGitDir?: boolean;
|
||||
submodules?: boolean;
|
||||
};
|
||||
|
||||
// prettier-ignore
|
||||
const gitContextCases: [GitContextTestCase, string][] = [
|
||||
// no format set (defaults to fragment)
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/merge'],
|
||||
[{ref: 'refs/tags/v1.0.0', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/head'],
|
||||
// no format set (defaults to query only when client-side query resolution is enabled and supported)
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: true, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: false, sendGitQueryAsInput: true, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/merge&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: true, sendGitQueryAsInput: true, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/head&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: true, buildxQuerySupport: false}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&keep-git-dir=true'],
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: false, keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&keep-git-dir=true'],
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
|
||||
[{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: false, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
|
||||
// query format
|
||||
[{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/merge&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/tags/v1.0.0', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/tags/v1.0.0&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: 'query', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/head&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&subdir=subdir'],
|
||||
[{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir', keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&subdir=subdir&keep-git-dir=true'],
|
||||
[{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=true'],
|
||||
[{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
|
||||
// fragment format
|
||||
[{ref: 'refs/heads/master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/merge'],
|
||||
[{ref: 'refs/tags/v1.0.0', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
[{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/head'],
|
||||
[{ref: 'refs/heads/master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37:subdir'],
|
||||
[{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/head:subdir'],
|
||||
];
|
||||
|
||||
test.each(gitContextCases)('given %o should return %o', async (input: GitContextTestCase, expected: string) => {
|
||||
const {ref, format, prHeadRef, sendGitQueryAsInput, buildxQuerySupport, subdir, keepGitDir, submodules} = input;
|
||||
process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF = prHeadRef ? 'true' : '';
|
||||
process.env.BUILDX_SEND_GIT_QUERY_AS_INPUT = sendGitQueryAsInput ? 'true' : '';
|
||||
const buildx = new Buildx();
|
||||
vi.spyOn(buildx, 'versionSatisfies').mockResolvedValue(buildxQuerySupport);
|
||||
const build = new Build({buildx});
|
||||
expect(
|
||||
await build.gitContext({
|
||||
ref,
|
||||
checksum: '860c1904a1ce19322e91ac35af1ab07466440c37',
|
||||
format,
|
||||
subdir,
|
||||
keepGitDir,
|
||||
submodules
|
||||
})
|
||||
).toEqual(expected);
|
||||
});
|
||||
});
|
||||
|
||||
describe('resolveImageID', () => {
|
||||
it('matches', async () => {
|
||||
const imageID = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
|
||||
|
||||
@@ -30,12 +30,12 @@ const maybe = !process.env.GITHUB_ACTIONS || (process.env.GITHUB_ACTIONS === 'tr
|
||||
|
||||
maybe('inspectImage', () => {
|
||||
it('inspect single platform', async () => {
|
||||
const image = await new ImageTools().inspectImage('moby/buildkit:latest@sha256:5769c54b98840147b74128f38fb0b0a049e24b11a75bd81664131edd2854593f');
|
||||
const image = await new ImageTools().inspectImage({name: 'moby/buildkit:latest@sha256:5769c54b98840147b74128f38fb0b0a049e24b11a75bd81664131edd2854593f'});
|
||||
const expectedImage = <Image>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-01.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(image).toEqual(expectedImage);
|
||||
});
|
||||
it('inspect multi platform', async () => {
|
||||
const image = await new ImageTools().inspectImage('moby/buildkit:latest@sha256:86c0ad9d1137c186e9d455912167df20e530bdf7f7c19de802e892bb8ca16552');
|
||||
const image = await new ImageTools().inspectImage({name: 'moby/buildkit:latest@sha256:86c0ad9d1137c186e9d455912167df20e530bdf7f7c19de802e892bb8ca16552'});
|
||||
const expectedImage = <Record<string, Image>>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-02.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(image).toEqual(expectedImage);
|
||||
});
|
||||
@@ -43,12 +43,12 @@ maybe('inspectImage', () => {
|
||||
|
||||
maybe('inspectManifest', () => {
|
||||
it('inspect descriptor', async () => {
|
||||
const manifest = await new ImageTools().inspectManifest('moby/buildkit:latest@sha256:dccc69dd895968c4f21aa9e43e715f25f0cedfce4b17f1014c88c307928e22fc');
|
||||
const manifest = await new ImageTools().inspectManifest({name: 'moby/buildkit:latest@sha256:dccc69dd895968c4f21aa9e43e715f25f0cedfce4b17f1014c88c307928e22fc'});
|
||||
const expectedManifest = <Descriptor>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-03.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(manifest).toEqual(expectedManifest);
|
||||
});
|
||||
it('inspect index', async () => {
|
||||
const manifest = await new ImageTools().inspectManifest('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6');
|
||||
const manifest = await new ImageTools().inspectManifest({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6'});
|
||||
const expectedManifest = <ImageToolsManifest>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-04.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(manifest).toEqual(expectedManifest);
|
||||
});
|
||||
@@ -56,17 +56,17 @@ maybe('inspectManifest', () => {
|
||||
|
||||
maybe('attestationDescriptors', () => {
|
||||
it('returns buildkit attestations descriptors', async () => {
|
||||
const attestations = await new ImageTools().attestationDescriptors('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6');
|
||||
const attestations = await new ImageTools().attestationDescriptors({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6'});
|
||||
const expectedAttestations = <Array<Descriptor>>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-05.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(attestations).toEqual(expectedAttestations);
|
||||
});
|
||||
it('returns buildkit attestations descriptors for linux/amd64', async () => {
|
||||
const attestations = await new ImageTools().attestationDescriptors('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', {os: 'linux', architecture: 'amd64'});
|
||||
const attestations = await new ImageTools().attestationDescriptors({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', platform: {os: 'linux', architecture: 'amd64'}});
|
||||
const expectedAttestations = <Array<Descriptor>>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-06.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(attestations).toEqual(expectedAttestations);
|
||||
});
|
||||
it('returns buildkit attestations descriptors for linux/arm/v7', async () => {
|
||||
const attestations = await new ImageTools().attestationDescriptors('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', {os: 'linux', architecture: 'arm', variant: 'v7'});
|
||||
const attestations = await new ImageTools().attestationDescriptors({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', platform: {os: 'linux', architecture: 'arm', variant: 'v7'}});
|
||||
const expectedAttestations = <Array<Descriptor>>JSON.parse(fs.readFileSync(path.join(fixturesDir, 'imagetools-07.json'), {encoding: 'utf-8'}).trim());
|
||||
expect(attestations).toEqual(expectedAttestations);
|
||||
});
|
||||
@@ -74,7 +74,7 @@ maybe('attestationDescriptors', () => {
|
||||
|
||||
maybe('attestationDigests', () => {
|
||||
it('returns buildkit attestations digests', async () => {
|
||||
const digests = await new ImageTools().attestationDigests('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6');
|
||||
const digests = await new ImageTools().attestationDigests({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6'});
|
||||
// prettier-ignore
|
||||
expect(digests).toEqual([
|
||||
'sha256:2ba4ad6eae1efcafee73a971953093c7c32b6938f2f9fd4998c8bf4d0fbe76f2',
|
||||
@@ -86,11 +86,22 @@ maybe('attestationDigests', () => {
|
||||
]);
|
||||
});
|
||||
it('returns buildkit attestations digests for linux/amd64', async () => {
|
||||
const digests = await new ImageTools().attestationDigests('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', {os: 'linux', architecture: 'amd64'});
|
||||
const digests = await new ImageTools().attestationDigests({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', platform: {os: 'linux', architecture: 'amd64'}});
|
||||
expect(digests).toEqual(['sha256:2ba4ad6eae1efcafee73a971953093c7c32b6938f2f9fd4998c8bf4d0fbe76f2']);
|
||||
});
|
||||
it('returns buildkit attestations digests for linux/arm/v7', async () => {
|
||||
const digests = await new ImageTools().attestationDigests('moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', {os: 'linux', architecture: 'arm', variant: 'v7'});
|
||||
const digests = await new ImageTools().attestationDigests({name: 'moby/buildkit:latest@sha256:79cc6476ab1a3371c9afd8b44e7c55610057c43e18d9b39b68e2b0c2475cc1b6', platform: {os: 'linux', architecture: 'arm', variant: 'v7'}});
|
||||
expect(digests).toEqual(['sha256:0709528fae1747ce17638ad2978ee7936b38a294136eaadaf692e415f64b1e03']);
|
||||
});
|
||||
});
|
||||
|
||||
maybe('create', () => {
|
||||
it('skips create command execution when skipExec is set', async () => {
|
||||
const result = await new ImageTools().create({
|
||||
sources: ['sha256:0709528fae1747ce17638ad2978ee7936b38a294136eaadaf692e415f64b1e03'],
|
||||
tags: ['docker.io/user/app', 'docker.io/user/app2'],
|
||||
skipExec: true
|
||||
});
|
||||
expect(result).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import {afterEach, describe, expect, it, vi} from 'vitest';
|
||||
import {afterEach, beforeEach, describe, expect, it, vi} from 'vitest';
|
||||
import fs from 'fs';
|
||||
import os from 'os';
|
||||
import path from 'path';
|
||||
@@ -38,10 +38,133 @@ vi.spyOn(Context, 'tmpName').mockImplementation((): string => {
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
vi.useRealTimers();
|
||||
vi.clearAllMocks();
|
||||
rimraf.sync(tmpDir);
|
||||
});
|
||||
|
||||
beforeEach(() => {
|
||||
vi.useRealTimers();
|
||||
fs.mkdirSync(tmpDir, {recursive: true});
|
||||
});
|
||||
|
||||
describe('inspectManifest', () => {
|
||||
it('retries transient manifest unknown errors when requested', async () => {
|
||||
vi.useFakeTimers();
|
||||
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
command: 'docker',
|
||||
args: ['buildx', 'imagetools', 'inspect']
|
||||
});
|
||||
const buildx = {getCommand} as unknown as Buildx;
|
||||
const execSpy = vi
|
||||
.spyOn(Exec, 'getExecOutput')
|
||||
.mockResolvedValueOnce({
|
||||
exitCode: 1,
|
||||
stdout: '',
|
||||
stderr: 'ERROR: MANIFEST_UNKNOWN: manifest unknown'
|
||||
})
|
||||
.mockResolvedValueOnce({
|
||||
exitCode: 0,
|
||||
stdout: JSON.stringify({
|
||||
schemaVersion: 2,
|
||||
mediaType: 'application/vnd.oci.image.index.v1+json',
|
||||
manifests: []
|
||||
}),
|
||||
stderr: ''
|
||||
});
|
||||
|
||||
const inspectPromise = new ImageTools({buildx}).inspectManifest({
|
||||
name: 'docker.io/library/alpine:latest',
|
||||
retryOnManifestUnknown: true,
|
||||
retryLimit: 2
|
||||
});
|
||||
|
||||
await vi.runAllTimersAsync();
|
||||
|
||||
expect(await inspectPromise).toEqual({
|
||||
schemaVersion: 2,
|
||||
mediaType: 'application/vnd.oci.image.index.v1+json',
|
||||
manifests: []
|
||||
});
|
||||
expect(getCommand).toHaveBeenCalledWith(['imagetools', 'inspect', 'docker.io/library/alpine:latest', '--format', '{{json .Manifest}}']);
|
||||
expect(execSpy).toHaveBeenCalledTimes(2);
|
||||
});
|
||||
|
||||
it('does not retry non-manifest errors', async () => {
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
command: 'docker',
|
||||
args: ['buildx', 'imagetools', 'inspect']
|
||||
});
|
||||
const buildx = {getCommand} as unknown as Buildx;
|
||||
const execSpy = vi.spyOn(Exec, 'getExecOutput').mockResolvedValue({
|
||||
exitCode: 1,
|
||||
stdout: '',
|
||||
stderr: 'ERROR: unauthorized'
|
||||
});
|
||||
|
||||
const result = await new ImageTools({buildx})
|
||||
.inspectManifest({
|
||||
name: 'docker.io/library/alpine:latest',
|
||||
retryOnManifestUnknown: true
|
||||
})
|
||||
.then(
|
||||
value => ({value, error: undefined}),
|
||||
error => ({value: undefined, error: error as Error})
|
||||
);
|
||||
|
||||
expect(result.value).toBeUndefined();
|
||||
expect(result.error).toBeInstanceOf(Error);
|
||||
expect(result.error?.message).toContain('ERROR: unauthorized');
|
||||
|
||||
expect(execSpy).toHaveBeenCalledTimes(1);
|
||||
});
|
||||
});
|
||||
|
||||
describe('inspectImage', () => {
|
||||
it('retries transient manifest unknown errors when requested', async () => {
|
||||
vi.useFakeTimers();
|
||||
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
command: 'docker',
|
||||
args: ['buildx', 'imagetools', 'inspect']
|
||||
});
|
||||
const buildx = {getCommand} as unknown as Buildx;
|
||||
const execSpy = vi
|
||||
.spyOn(Exec, 'getExecOutput')
|
||||
.mockResolvedValueOnce({
|
||||
exitCode: 1,
|
||||
stdout: '',
|
||||
stderr: 'ERROR: MANIFEST_UNKNOWN: manifest unknown'
|
||||
})
|
||||
.mockResolvedValueOnce({
|
||||
exitCode: 0,
|
||||
stdout: JSON.stringify({
|
||||
config: {
|
||||
digest: 'sha256:test'
|
||||
}
|
||||
}),
|
||||
stderr: ''
|
||||
});
|
||||
|
||||
const inspectPromise = new ImageTools({buildx}).inspectImage({
|
||||
name: 'docker.io/library/alpine:latest',
|
||||
retryOnManifestUnknown: true,
|
||||
retryLimit: 2
|
||||
});
|
||||
|
||||
await vi.runAllTimersAsync();
|
||||
|
||||
expect(await inspectPromise).toEqual({
|
||||
config: {
|
||||
digest: 'sha256:test'
|
||||
}
|
||||
});
|
||||
expect(getCommand).toHaveBeenCalledWith(['imagetools', 'inspect', 'docker.io/library/alpine:latest', '--format', '{{json .Image}}']);
|
||||
expect(execSpy).toHaveBeenCalledTimes(2);
|
||||
});
|
||||
});
|
||||
|
||||
describe('create', () => {
|
||||
it('parses metadata and supports cwd sources', async () => {
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
@@ -70,7 +193,8 @@ describe('create', () => {
|
||||
|
||||
const result = await new ImageTools({buildx}).create({
|
||||
sources: ['cwd://descriptor.json', 'docker.io/library/alpine:latest'],
|
||||
tags: ['docker.io/user/app:latest']
|
||||
tags: ['docker.io/user/app:latest'],
|
||||
silent: true
|
||||
});
|
||||
|
||||
expect(getCommand).toHaveBeenCalledWith(['imagetools', 'create', '--tag', 'docker.io/user/app:latest', '--metadata-file', metadataFile, '--file', 'descriptor.json', 'docker.io/library/alpine:latest']);
|
||||
@@ -104,7 +228,8 @@ describe('create', () => {
|
||||
|
||||
const result = await new ImageTools({buildx}).create({
|
||||
sources: ['docker.io/library/alpine:latest'],
|
||||
dryRun: true
|
||||
dryRun: true,
|
||||
silent: true
|
||||
});
|
||||
|
||||
expect(getCommand).toHaveBeenCalledWith(['imagetools', 'create', '--dry-run', 'docker.io/library/alpine:latest']);
|
||||
@@ -114,4 +239,63 @@ describe('create', () => {
|
||||
});
|
||||
expect(result).toBeUndefined();
|
||||
});
|
||||
|
||||
it('passes annotations to imagetools create', async () => {
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
command: 'docker',
|
||||
args: ['buildx', 'imagetools', 'create']
|
||||
});
|
||||
const buildx = {getCommand} as unknown as Buildx;
|
||||
|
||||
const execSpy = vi.spyOn(Exec, 'getExecOutput').mockResolvedValue({
|
||||
exitCode: 0,
|
||||
stdout: '',
|
||||
stderr: ''
|
||||
});
|
||||
|
||||
const result = await new ImageTools({buildx}).create({
|
||||
sources: ['docker.io/library/alpine:latest'],
|
||||
annotations: ['index:org.opencontainers.image.title=Alpine', 'manifest-descriptor:org.opencontainers.image.description=Base image'],
|
||||
silent: true
|
||||
});
|
||||
|
||||
expect(getCommand).toHaveBeenCalledWith([
|
||||
'imagetools',
|
||||
'create',
|
||||
'--annotation',
|
||||
'index:org.opencontainers.image.title=Alpine',
|
||||
'--annotation',
|
||||
'manifest-descriptor:org.opencontainers.image.description=Base image',
|
||||
'--metadata-file',
|
||||
metadataFile,
|
||||
'docker.io/library/alpine:latest'
|
||||
]);
|
||||
expect(execSpy).toHaveBeenCalledWith('docker', ['buildx', 'imagetools', 'create'], {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
});
|
||||
expect(result).toBeUndefined();
|
||||
});
|
||||
|
||||
it('skips command execution when skipExec is enabled', async () => {
|
||||
const getCommand = vi.fn().mockResolvedValue({
|
||||
command: 'docker',
|
||||
args: ['buildx', 'imagetools', 'create']
|
||||
});
|
||||
const buildx = {getCommand} as unknown as Buildx;
|
||||
const execSpy = vi.spyOn(Exec, 'getExecOutput').mockResolvedValue({
|
||||
exitCode: 0,
|
||||
stdout: '',
|
||||
stderr: ''
|
||||
});
|
||||
|
||||
const result = await new ImageTools({buildx}).create({
|
||||
sources: ['docker.io/library/alpine:latest'],
|
||||
skipExec: true
|
||||
});
|
||||
|
||||
expect(getCommand).toHaveBeenCalledWith(['imagetools', 'create', '--metadata-file', metadataFile, 'docker.io/library/alpine:latest']);
|
||||
expect(execSpy).not.toHaveBeenCalled();
|
||||
expect(result).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import {describe, expect, vi, it, afterEach, beforeEach, test} from 'vitest';
|
||||
import {describe, expect, it, afterEach} from 'vitest';
|
||||
import fs from 'fs';
|
||||
import os from 'os';
|
||||
import path from 'path';
|
||||
@@ -23,57 +23,35 @@ import * as rimraf from 'rimraf';
|
||||
import {Context} from '../src/context.js';
|
||||
|
||||
const tmpDir = fs.mkdtempSync(path.join(process.env.TEMP || os.tmpdir(), 'context-'));
|
||||
const tmpName = path.join(tmpDir, '.tmpname-vi');
|
||||
|
||||
vi.spyOn(Context, 'tmpDir').mockImplementation((): string => {
|
||||
fs.mkdirSync(tmpDir, {recursive: true});
|
||||
return tmpDir;
|
||||
});
|
||||
|
||||
vi.spyOn(Context, 'tmpName').mockImplementation((): string => {
|
||||
return tmpName;
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
rimraf.sync(tmpDir);
|
||||
fs.mkdirSync(tmpDir, {recursive: true});
|
||||
});
|
||||
|
||||
describe('gitRef', () => {
|
||||
it('returns refs/heads/master', async () => {
|
||||
expect(Context.gitRef()).toEqual('refs/heads/master');
|
||||
describe('tmpDir', () => {
|
||||
it('returns an existing directory and keeps it stable', () => {
|
||||
const dir = Context.tmpDir();
|
||||
expect(fs.existsSync(dir)).toBe(true);
|
||||
expect(fs.statSync(dir).isDirectory()).toBe(true);
|
||||
expect(Context.tmpDir()).toEqual(dir);
|
||||
});
|
||||
});
|
||||
|
||||
describe('parseGitRef', () => {
|
||||
const originalEnv = process.env;
|
||||
beforeEach(() => {
|
||||
vi.resetModules();
|
||||
process.env = {
|
||||
...originalEnv,
|
||||
DOCKER_GIT_CONTEXT_PR_HEAD_REF: ''
|
||||
};
|
||||
describe('tmpName', () => {
|
||||
it('returns a path for the provided tmpdir and template', () => {
|
||||
const name = Context.tmpName({
|
||||
tmpdir: tmpDir,
|
||||
template: '.tmpname-XXXXXX'
|
||||
});
|
||||
expect(path.dirname(name)).toEqual(tmpDir);
|
||||
expect(path.basename(name)).toMatch(/^\.tmpname-/);
|
||||
expect(fs.existsSync(name)).toBe(false);
|
||||
});
|
||||
afterEach(() => {
|
||||
process.env = originalEnv;
|
||||
});
|
||||
// prettier-ignore
|
||||
test.each([
|
||||
['refs/heads/master', '860c1904a1ce19322e91ac35af1ab07466440c37', false, '860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
['master', '860c1904a1ce19322e91ac35af1ab07466440c37', false, '860c1904a1ce19322e91ac35af1ab07466440c37'],
|
||||
['refs/pull/15/merge', '860c1904a1ce19322e91ac35af1ab07466440c37', false, 'refs/pull/15/merge'],
|
||||
['refs/heads/master', '', false, 'refs/heads/master'],
|
||||
['master', '', false, 'master'],
|
||||
['refs/tags/v1.0.0', '', false, 'refs/tags/v1.0.0'],
|
||||
['refs/pull/15/merge', '', false, 'refs/pull/15/merge'],
|
||||
['refs/pull/15/merge', '', true, 'refs/pull/15/head'],
|
||||
])('given %o and %o, should return %o', async (ref: string, sha: string, prHeadRef: boolean, expected: string) => {
|
||||
process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF = prHeadRef ? 'true' : '';
|
||||
expect(Context.parseGitRef(ref, sha)).toEqual(expected);
|
||||
});
|
||||
});
|
||||
|
||||
describe('gitContext', () => {
|
||||
it('returns refs/heads/master', async () => {
|
||||
expect(Context.gitContext()).toEqual('https://github.com/docker/actions-toolkit.git#refs/heads/master');
|
||||
it('returns different paths on consecutive calls', () => {
|
||||
const first = Context.tmpName({tmpdir: tmpDir, template: '.tmpname-XXXXXX'});
|
||||
const second = Context.tmpName({tmpdir: tmpDir, template: '.tmpname-XXXXXX'});
|
||||
expect(first).not.toEqual(second);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -315,6 +315,7 @@ describe('hash', () => {
|
||||
// https://github.com/golang/go/blob/f6b93a4c358b28b350dd8fe1780c1f78e520c09c/src/strconv/atob_test.go#L36-L58
|
||||
describe('parseBool', () => {
|
||||
[
|
||||
{input: undefined, expected: false, throwsError: false},
|
||||
{input: '', expected: false, throwsError: true},
|
||||
{input: 'asdf', expected: false, throwsError: true},
|
||||
{input: '0', expected: false, throwsError: false},
|
||||
@@ -342,6 +343,13 @@ describe('parseBool', () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe('parseBoolOrDefault', () => {
|
||||
it('returns default value when input is invalid', () => {
|
||||
expect(Util.parseBoolOrDefault('asdf')).toBe(false);
|
||||
expect(Util.parseBoolOrDefault('asdf', true)).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe('formatFileSize', () => {
|
||||
test('should return "0 Bytes" when given 0 bytes', () => {
|
||||
expect(Util.formatFileSize(0)).toBe('0 Bytes');
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
"registry": "https://registry.npmjs.org/"
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/artifact": "^6.2.0",
|
||||
"@actions/artifact": "^6.2.1",
|
||||
"@actions/cache": "^6.0.0",
|
||||
"@actions/core": "^3.0.0",
|
||||
"@actions/exec": "^3.0.0",
|
||||
@@ -55,7 +55,7 @@
|
||||
"@sigstore/tuf": "^4.0.1",
|
||||
"@sigstore/verify": "^3.1.0",
|
||||
"async-retry": "^1.3.3",
|
||||
"csv-parse": "^6.1.0",
|
||||
"csv-parse": "^6.2.0",
|
||||
"gunzip-maybe": "^1.4.2",
|
||||
"handlebars": "^4.7.8",
|
||||
"he": "^1.2.0",
|
||||
|
||||
@@ -44,6 +44,7 @@ export interface BakeCmdOpts {
|
||||
sbom?: string;
|
||||
source?: string;
|
||||
targets?: Array<string>;
|
||||
vars?: Array<string>;
|
||||
|
||||
githubToken?: string; // for auth with remote definitions on private repos
|
||||
}
|
||||
@@ -138,6 +139,11 @@ export class Bake {
|
||||
args.push('--set', override);
|
||||
}
|
||||
}
|
||||
if (cmdOpts.vars) {
|
||||
for (const v of cmdOpts.vars) {
|
||||
args.push('--var', v);
|
||||
}
|
||||
}
|
||||
if (cmdOpts.allow) {
|
||||
for (const allow of cmdOpts.allow) {
|
||||
args.push('--allow', allow);
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import * as core from '@actions/core';
|
||||
import * as github from '@actions/github';
|
||||
import {parse} from 'csv-parse/sync';
|
||||
|
||||
import {Buildx} from './buildx.js';
|
||||
@@ -24,7 +25,7 @@ import {Context} from '../context.js';
|
||||
import {GitHub} from '../github/github.js';
|
||||
import {Util} from '../util.js';
|
||||
|
||||
import {BuildMetadata} from '../types/buildx/build.js';
|
||||
import {BuildMetadata, GitContextFormat} from '../types/buildx/build.js';
|
||||
import {VertexWarning} from '../types/buildkit/client.js';
|
||||
import {ProvenancePredicate} from '../types/intoto/slsa_provenance/v0.2/provenance.js';
|
||||
|
||||
@@ -37,6 +38,15 @@ export interface ResolveSecretsOpts {
|
||||
redact?: boolean;
|
||||
}
|
||||
|
||||
export interface GitContextOpts {
|
||||
ref?: string;
|
||||
checksum?: string;
|
||||
subdir?: string;
|
||||
keepGitDir?: boolean;
|
||||
submodules?: boolean;
|
||||
format?: GitContextFormat;
|
||||
}
|
||||
|
||||
export class Build {
|
||||
private readonly buildx: Buildx;
|
||||
private readonly iidFilename: string;
|
||||
@@ -48,6 +58,47 @@ export class Build {
|
||||
this.metadataFilename = `build-metadata-${Util.generateRandomString()}.json`;
|
||||
}
|
||||
|
||||
public async gitContext(opts?: GitContextOpts): Promise<string> {
|
||||
const setPullRequestHeadRef = Util.parseBoolOrDefault(process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF);
|
||||
const gitChecksum = opts?.checksum || github.context.sha;
|
||||
let ref = opts?.ref || github.context.ref;
|
||||
if (!ref.startsWith('refs/')) {
|
||||
ref = `refs/heads/${ref}`;
|
||||
} else if (ref.startsWith(`refs/pull/`) && setPullRequestHeadRef) {
|
||||
ref = ref.replace(/\/merge$/g, '/head');
|
||||
}
|
||||
const baseURL = `${GitHub.serverURL}/${github.context.repo.owner}/${github.context.repo.repo}.git`;
|
||||
let format = opts?.format;
|
||||
if (!format) {
|
||||
const sendGitQueryAsInput = Util.parseBoolOrDefault(process.env.BUILDX_SEND_GIT_QUERY_AS_INPUT);
|
||||
if (opts?.keepGitDir || typeof opts?.submodules !== 'undefined') {
|
||||
format = 'query';
|
||||
} else if (sendGitQueryAsInput && (await this.buildx.versionSatisfies('>=0.29.0'))) {
|
||||
format = 'query';
|
||||
} else {
|
||||
format = 'fragment';
|
||||
}
|
||||
}
|
||||
if (format === 'query') {
|
||||
const query = [`ref=${ref}`];
|
||||
if (gitChecksum) {
|
||||
query.push(`checksum=${gitChecksum}`);
|
||||
}
|
||||
if (opts?.subdir) {
|
||||
query.push(`subdir=${opts.subdir}`);
|
||||
}
|
||||
if (typeof opts?.keepGitDir !== 'undefined') {
|
||||
query.push(`keep-git-dir=${opts.keepGitDir}`);
|
||||
}
|
||||
if (typeof opts?.submodules !== 'undefined') {
|
||||
query.push(`submodules=${opts.submodules}`);
|
||||
}
|
||||
return `${baseURL}?${query.join('&')}`;
|
||||
}
|
||||
const fragmentRef = gitChecksum && !ref.startsWith(`refs/pull/`) ? gitChecksum : ref;
|
||||
return `${baseURL}#${fragmentRef}${opts?.subdir ? `:${opts.subdir}` : ''}`;
|
||||
}
|
||||
|
||||
public getImageIDFilePath(): string {
|
||||
return path.join(Context.tmpDir(), this.iidFilename);
|
||||
}
|
||||
|
||||
@@ -15,13 +15,15 @@
|
||||
*/
|
||||
|
||||
import fs from 'fs';
|
||||
import * as core from '@actions/core';
|
||||
|
||||
import {Buildx} from './buildx.js';
|
||||
import {Context} from '../context.js';
|
||||
import {Exec} from '../exec.js';
|
||||
|
||||
import {CreateOpts, CreateResponse, CreateResult, Manifest as ImageToolsManifest} from '../types/buildx/imagetools.js';
|
||||
import {AttestationInspectOpts, CreateOpts, CreateResponse, CreateResult, InspectOpts, Manifest as ImageToolsManifest} from '../types/buildx/imagetools.js';
|
||||
import {Image} from '../types/oci/config.js';
|
||||
import {Descriptor, Platform} from '../types/oci/descriptor.js';
|
||||
import {Descriptor} from '../types/oci/descriptor.js';
|
||||
import {Digest} from '../types/oci/digest.js';
|
||||
|
||||
export interface ImageToolsOpts {
|
||||
@@ -47,16 +49,8 @@ export class ImageTools {
|
||||
return await this.getCommand(['create', ...args]);
|
||||
}
|
||||
|
||||
public async inspectImage(name: string): Promise<Record<string, Image> | Image> {
|
||||
const cmd = await this.getInspectCommand([name, '--format', '{{json .Image}}']);
|
||||
return await Exec.getExecOutput(cmd.command, cmd.args, {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
}).then(res => {
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr.trim());
|
||||
}
|
||||
const parsedOutput = JSON.parse(res.stdout);
|
||||
public async inspectImage(opts: InspectOpts): Promise<Record<string, Image> | Image> {
|
||||
return await this.inspect(opts, '{{json .Image}}', parsedOutput => {
|
||||
if (typeof parsedOutput === 'object' && !Array.isArray(parsedOutput) && parsedOutput !== null) {
|
||||
if (Object.prototype.hasOwnProperty.call(parsedOutput, 'config')) {
|
||||
return <Image>parsedOutput;
|
||||
@@ -68,16 +62,8 @@ export class ImageTools {
|
||||
});
|
||||
}
|
||||
|
||||
public async inspectManifest(name: string): Promise<ImageToolsManifest | Descriptor> {
|
||||
const cmd = await this.getInspectCommand([name, '--format', '{{json .Manifest}}']);
|
||||
return await Exec.getExecOutput(cmd.command, cmd.args, {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
}).then(res => {
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr.trim());
|
||||
}
|
||||
const parsedOutput = JSON.parse(res.stdout);
|
||||
public async inspectManifest(opts: InspectOpts): Promise<ImageToolsManifest | Descriptor> {
|
||||
return await this.inspect(opts, '{{json .Manifest}}', parsedOutput => {
|
||||
if (typeof parsedOutput === 'object' && !Array.isArray(parsedOutput) && parsedOutput !== null) {
|
||||
if (Object.prototype.hasOwnProperty.call(parsedOutput, 'manifests')) {
|
||||
return <ImageToolsManifest>parsedOutput;
|
||||
@@ -89,17 +75,18 @@ export class ImageTools {
|
||||
});
|
||||
}
|
||||
|
||||
public async attestationDescriptors(name: string, platform?: Platform): Promise<Array<Descriptor>> {
|
||||
const manifest = await this.inspectManifest(name);
|
||||
public async attestationDescriptors(opts: AttestationInspectOpts): Promise<Array<Descriptor>> {
|
||||
const manifest = await this.inspectManifest(opts);
|
||||
|
||||
if (typeof manifest !== 'object' || manifest === null || !('manifests' in manifest) || !Array.isArray(manifest.manifests)) {
|
||||
throw new Error(`No descriptor found for ${name}`);
|
||||
throw new Error(`No descriptor found for ${opts.name}`);
|
||||
}
|
||||
|
||||
const attestations = manifest.manifests.filter(m => m.annotations?.['vnd.docker.reference.type'] === 'attestation-manifest');
|
||||
if (!platform) {
|
||||
if (!opts.platform) {
|
||||
return attestations;
|
||||
}
|
||||
const platform = opts.platform;
|
||||
|
||||
const manifestByDigest = new Map<string, Descriptor>();
|
||||
for (const m of manifest.manifests) {
|
||||
@@ -121,8 +108,8 @@ export class ImageTools {
|
||||
});
|
||||
}
|
||||
|
||||
public async attestationDigests(name: string, platform?: Platform): Promise<Array<Digest>> {
|
||||
return (await this.attestationDescriptors(name, platform)).map(attestation => attestation.digest);
|
||||
public async attestationDigests(opts: AttestationInspectOpts): Promise<Array<Digest>> {
|
||||
return (await this.attestationDescriptors(opts)).map(attestation => attestation.digest);
|
||||
}
|
||||
|
||||
public async create(opts: CreateOpts): Promise<CreateResult | undefined> {
|
||||
@@ -151,6 +138,11 @@ export class ImageTools {
|
||||
args.push('--platform', platform);
|
||||
}
|
||||
}
|
||||
if (opts.annotations) {
|
||||
for (const annotation of opts.annotations) {
|
||||
args.push('--annotation', annotation);
|
||||
}
|
||||
}
|
||||
if (opts.dryRun) {
|
||||
args.push('--dry-run');
|
||||
} else {
|
||||
@@ -164,9 +156,15 @@ export class ImageTools {
|
||||
}
|
||||
|
||||
const cmd = await this.getCreateCommand(args);
|
||||
if (opts.skipExec) {
|
||||
core.info(`[command]${cmd.command} ${cmd.args.join(' ')}`);
|
||||
core.info(`Skipped create command`);
|
||||
return undefined;
|
||||
}
|
||||
|
||||
return await Exec.getExecOutput(cmd.command, cmd.args, {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
silent: opts.silent
|
||||
}).then(res => {
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr.trim());
|
||||
@@ -192,4 +190,44 @@ export class ImageTools {
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private async inspect<T>(opts: InspectOpts, format: string, parser: (parsedOutput: unknown) => T): Promise<T> {
|
||||
const cmd = await this.getInspectCommand([opts.name, '--format', format]);
|
||||
if (!opts.retryOnManifestUnknown) {
|
||||
return await this.execInspect(cmd.command, cmd.args, parser);
|
||||
}
|
||||
|
||||
const retries = opts.retryLimit ?? 15;
|
||||
let lastError: Error | undefined;
|
||||
for (let attempt = 0; attempt < retries; attempt++) {
|
||||
try {
|
||||
return await this.execInspect(cmd.command, cmd.args, parser);
|
||||
} catch (err) {
|
||||
lastError = err as Error;
|
||||
if (!ImageTools.isManifestUnknownError(lastError.message) || attempt === retries - 1) {
|
||||
throw lastError;
|
||||
}
|
||||
core.info(`buildx imagetools inspect command failed with MANIFEST_UNKNOWN, retrying attempt ${attempt + 1}/${retries}...\n${lastError.message}`);
|
||||
await new Promise(res => setTimeout(res, Math.pow(2, attempt) * 100));
|
||||
}
|
||||
}
|
||||
|
||||
throw lastError ?? new Error(`ImageTools inspect command failed for ${opts.name}`);
|
||||
}
|
||||
|
||||
private async execInspect<T>(command: string, args: Array<string>, parser: (parsedOutput: unknown) => T): Promise<T> {
|
||||
return await Exec.getExecOutput(command, args, {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
}).then(res => {
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr.trim());
|
||||
}
|
||||
return parser(JSON.parse(res.stdout));
|
||||
});
|
||||
}
|
||||
|
||||
private static isManifestUnknownError(message: string): boolean {
|
||||
return /(MANIFEST_UNKNOWN|manifest unknown|not found: not found)/i.test(message);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,9 +18,6 @@ import fs from 'fs';
|
||||
import os from 'os';
|
||||
import path from 'path';
|
||||
import * as tmp from 'tmp';
|
||||
import * as github from '@actions/github';
|
||||
|
||||
import {GitHub} from './github/github.js';
|
||||
|
||||
export class Context {
|
||||
private static readonly _tmpDir = fs.mkdtempSync(path.join(Context.ensureDirExists(process.env.RUNNER_TEMP || os.tmpdir()), 'docker-actions-toolkit-'));
|
||||
@@ -37,25 +34,4 @@ export class Context {
|
||||
public static tmpName(options?: tmp.TmpNameOptions): string {
|
||||
return tmp.tmpNameSync(options);
|
||||
}
|
||||
|
||||
public static gitRef(): string {
|
||||
return Context.parseGitRef(github.context.ref, github.context.sha);
|
||||
}
|
||||
|
||||
public static parseGitRef(ref: string, sha: string): string {
|
||||
const setPullRequestHeadRef: boolean = !!(process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF && process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF === 'true');
|
||||
if (sha && ref && !ref.startsWith('refs/')) {
|
||||
ref = `refs/heads/${ref}`;
|
||||
}
|
||||
if (sha && !ref.startsWith(`refs/pull/`)) {
|
||||
ref = sha;
|
||||
} else if (ref.startsWith(`refs/pull/`) && setPullRequestHeadRef) {
|
||||
ref = ref.replace(/\/merge$/g, '/head');
|
||||
}
|
||||
return ref;
|
||||
}
|
||||
|
||||
public static gitContext(): string {
|
||||
return `${GitHub.serverURL}/${github.context.repo.owner}/${github.context.repo.repo}.git#${Context.gitRef()}`;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -113,7 +113,11 @@ export class Sigstore {
|
||||
}
|
||||
|
||||
for (const imageName of opts.imageNames) {
|
||||
const attestationDigests = await this.imageTools.attestationDigests(`${imageName}@${opts.imageDigest}`);
|
||||
const attestationDigests = await this.imageTools.attestationDigests({
|
||||
name: `${imageName}@${opts.imageDigest}`,
|
||||
retryOnManifestUnknown: opts.retryOnManifestUnknown,
|
||||
retryLimit: opts.retryLimit
|
||||
});
|
||||
for (const attestationDigest of attestationDigests) {
|
||||
const attestationRef = `${imageName}@${attestationDigest}`;
|
||||
await core.group(`Signing attestation manifest ${attestationRef}`, async () => {
|
||||
@@ -183,7 +187,12 @@ export class Sigstore {
|
||||
public async verifyImageAttestations(image: string, opts: VerifySignedManifestsOpts): Promise<Record<string, VerifySignedManifestsResult>> {
|
||||
const result: Record<string, VerifySignedManifestsResult> = {};
|
||||
|
||||
const attestationDigests = await this.imageTools.attestationDigests(image, opts.platform);
|
||||
const attestationDigests = await this.imageTools.attestationDigests({
|
||||
name: image,
|
||||
platform: opts.platform,
|
||||
retryOnManifestUnknown: opts.retryOnManifestUnknown,
|
||||
retryLimit: opts.retryLimit
|
||||
});
|
||||
if (attestationDigests.length === 0) {
|
||||
throw new Error(`No attestation manifests found for ${image}`);
|
||||
}
|
||||
@@ -237,7 +246,7 @@ export class Sigstore {
|
||||
};
|
||||
}
|
||||
|
||||
const retries = 15;
|
||||
const retries = opts.retryLimit ?? 15;
|
||||
let lastError: Error | undefined;
|
||||
core.info(`[command]cosign ${[...cosignArgs, attestationRef].join(' ')}`);
|
||||
for (let attempt = 0; attempt < retries; attempt++) {
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
export type GitContextFormat = 'fragment' | 'query';
|
||||
|
||||
export type BuildMetadata = {
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
[key: string]: any;
|
||||
|
||||
@@ -15,9 +15,19 @@
|
||||
*/
|
||||
|
||||
import {Versioned} from '../oci/versioned.js';
|
||||
import {Descriptor} from '../oci/descriptor.js';
|
||||
import {Descriptor, Platform} from '../oci/descriptor.js';
|
||||
import {Digest} from '../oci/digest.js';
|
||||
|
||||
export interface InspectOpts {
|
||||
name: string;
|
||||
retryOnManifestUnknown?: boolean;
|
||||
retryLimit?: number;
|
||||
}
|
||||
|
||||
export interface AttestationInspectOpts extends InspectOpts {
|
||||
platform?: Platform;
|
||||
}
|
||||
|
||||
// https://github.com/docker/buildx/blob/62857022a08552bee5cad0c3044a9a3b185f0b32/util/imagetools/printers.go#L109-L123
|
||||
export interface Manifest extends Versioned {
|
||||
mediaType?: string;
|
||||
@@ -32,7 +42,10 @@ export interface CreateOpts {
|
||||
sources: Array<string>;
|
||||
tags?: Array<string>;
|
||||
platforms?: Array<string>;
|
||||
annotations?: Array<string>;
|
||||
dryRun?: boolean;
|
||||
silent?: boolean;
|
||||
skipExec?: boolean;
|
||||
}
|
||||
|
||||
export interface CreateResponse {
|
||||
|
||||
@@ -40,6 +40,8 @@ export interface SignAttestationManifestsOpts {
|
||||
imageNames: Array<string>;
|
||||
imageDigest: string;
|
||||
noTransparencyLog?: boolean;
|
||||
retryOnManifestUnknown?: boolean;
|
||||
retryLimit?: number;
|
||||
}
|
||||
|
||||
export interface SignAttestationManifestsResult extends ParsedBundle {
|
||||
@@ -51,6 +53,7 @@ export interface VerifySignedManifestsOpts {
|
||||
platform?: Platform;
|
||||
noTransparencyLog?: boolean;
|
||||
retryOnManifestUnknown?: boolean;
|
||||
retryLimit?: number;
|
||||
}
|
||||
|
||||
export interface VerifySignedManifestsResult {
|
||||
|
||||
13
src/util.ts
13
src/util.ts
@@ -157,7 +157,10 @@ export class Util {
|
||||
}
|
||||
|
||||
// https://github.com/golang/go/blob/f6b93a4c358b28b350dd8fe1780c1f78e520c09c/src/strconv/atob.go#L7-L18
|
||||
public static parseBool(str: string): boolean {
|
||||
public static parseBool(str: string | undefined): boolean {
|
||||
if (str === undefined) {
|
||||
return false;
|
||||
}
|
||||
switch (str) {
|
||||
case '1':
|
||||
case 't':
|
||||
@@ -178,6 +181,14 @@ export class Util {
|
||||
}
|
||||
}
|
||||
|
||||
public static parseBoolOrDefault(str: string | undefined, defaultValue = false): boolean {
|
||||
try {
|
||||
return this.parseBool(str);
|
||||
} catch {
|
||||
return defaultValue;
|
||||
}
|
||||
}
|
||||
|
||||
public static formatFileSize(bytes: number): string {
|
||||
if (bytes === 0) return '0 Bytes';
|
||||
const k = 1024;
|
||||
|
||||
52
yarn.lock
52
yarn.lock
@@ -12,9 +12,9 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"@actions/artifact@npm:^6.2.0":
|
||||
version: 6.2.0
|
||||
resolution: "@actions/artifact@npm:6.2.0"
|
||||
"@actions/artifact@npm:^6.2.1":
|
||||
version: 6.2.1
|
||||
resolution: "@actions/artifact@npm:6.2.1"
|
||||
dependencies:
|
||||
"@actions/core": "npm:^3.0.0"
|
||||
"@actions/github": "npm:^9.0.0"
|
||||
@@ -30,7 +30,7 @@ __metadata:
|
||||
archiver: "npm:^7.0.1"
|
||||
jwt-decode: "npm:^4.0.0"
|
||||
unzip-stream: "npm:^0.3.1"
|
||||
checksum: 10/fa931b1222c0e08bca85d3cb18c2cd5ae912cce3f09ab3acd4ec3486e864337d65177089a14aef124d9696b9dd5309b273a9251e230172c79c2444af2c43443e
|
||||
checksum: 10/1fad9b079ee2ab07f964b93bf7b4fc594d115199219baed74ac3bf2a8675e0b7ea57252eccbcdaaaa8fc8375742d23585cbd054f3b2d029c091817e0f257ce93
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -370,7 +370,7 @@ __metadata:
|
||||
version: 0.0.0-use.local
|
||||
resolution: "@docker/actions-toolkit@workspace:."
|
||||
dependencies:
|
||||
"@actions/artifact": "npm:^6.2.0"
|
||||
"@actions/artifact": "npm:^6.2.1"
|
||||
"@actions/cache": "npm:^6.0.0"
|
||||
"@actions/core": "npm:^3.0.0"
|
||||
"@actions/exec": "npm:^3.0.0"
|
||||
@@ -395,7 +395,7 @@ __metadata:
|
||||
"@vitest/coverage-v8": "npm:^4.0.18"
|
||||
"@vitest/eslint-plugin": "npm:^1.6.9"
|
||||
async-retry: "npm:^1.3.3"
|
||||
csv-parse: "npm:^6.1.0"
|
||||
csv-parse: "npm:^6.2.0"
|
||||
eslint: "npm:^9.39.3"
|
||||
eslint-config-prettier: "npm:^10.1.8"
|
||||
eslint-plugin-prettier: "npm:^5.5.5"
|
||||
@@ -2178,10 +2178,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"csv-parse@npm:^6.1.0":
|
||||
version: 6.1.0
|
||||
resolution: "csv-parse@npm:6.1.0"
|
||||
checksum: 10/607d92611435fdfb7631242644a2582bfb218fad8c6c6d6416db31647c2e63a3110f16c9837de6baaa3edf318212765cfc6e72d672d99690fd7f565d6c93d6f4
|
||||
"csv-parse@npm:^6.2.0":
|
||||
version: 6.2.0
|
||||
resolution: "csv-parse@npm:6.2.0"
|
||||
checksum: 10/45d0659e11bf2126a2e9b63c2b4206ebaef6ffcaad9b0b98bf4863ad1d94656ad6e00c4cf87c6b0767b5edc1d1dd133d906f7181e689e62fd84b3a9947643eff
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -2655,22 +2655,25 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"fast-xml-builder@npm:^1.0.0":
|
||||
version: 1.0.0
|
||||
resolution: "fast-xml-builder@npm:1.0.0"
|
||||
checksum: 10/06c04d80545e5c9f4d1d6cca00567b5cc09953a92c6328fa48cfb4d7f42630313b8c2bb62e9cb81accee7bb5e1c5312fcae06c3d20dbe52d969a5938233316da
|
||||
"fast-xml-builder@npm:^1.1.4":
|
||||
version: 1.1.4
|
||||
resolution: "fast-xml-builder@npm:1.1.4"
|
||||
dependencies:
|
||||
path-expression-matcher: "npm:^1.1.3"
|
||||
checksum: 10/32937866aaf5a90e69d1f4ee6e15e875248d5b5d2afd70277e9e8323074de4980cef24575a591b8e43c29f405d5f12377b3bad3842dc412b0c5c17a3eaee4b6b
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"fast-xml-parser@npm:^5.0.7":
|
||||
version: 5.4.1
|
||||
resolution: "fast-xml-parser@npm:5.4.1"
|
||||
version: 5.5.6
|
||||
resolution: "fast-xml-parser@npm:5.5.6"
|
||||
dependencies:
|
||||
fast-xml-builder: "npm:^1.0.0"
|
||||
fast-xml-builder: "npm:^1.1.4"
|
||||
path-expression-matcher: "npm:^1.1.3"
|
||||
strnum: "npm:^2.1.2"
|
||||
bin:
|
||||
fxparser: src/cli/cli.js
|
||||
checksum: 10/2b40067c3ad3542ca197d1353bcb0416cd5db20d5c66d74ac176b99af6ff9bd55a6182d36856a2fd477c95b8fc1f07405475f1662a31185480130ba7076c702a
|
||||
checksum: 10/91a42a0cf99c83b0e721ceef9c189509e96c91c1875901c6ce6017f78ad25284f646a77a541e96ee45a15c2f13b7780d090c906c3ec3f262db03e7feb1e62315
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -3897,6 +3900,13 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"path-expression-matcher@npm:^1.1.3":
|
||||
version: 1.1.3
|
||||
resolution: "path-expression-matcher@npm:1.1.3"
|
||||
checksum: 10/9a607d0bf9807cf86b0a29fb4263f0c00285c13bedafb6ad3efc8bc87ae878da2faf657a9138ac918726cb19f147235a0ca695aec3e4ea1ee04641b6520e6c9e
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"path-is-absolute@npm:^1.0.0":
|
||||
version: 1.0.1
|
||||
resolution: "path-is-absolute@npm:1.0.1"
|
||||
@@ -4789,9 +4799,9 @@ __metadata:
|
||||
linkType: hard
|
||||
|
||||
"undici@npm:^6.23.0":
|
||||
version: 6.23.0
|
||||
resolution: "undici@npm:6.23.0"
|
||||
checksum: 10/56950995e7b628e62c996430445d17995ca9b70f6f2afe760a63da54205660d968bd08f0741b6f4fb008f40aa35c69cce979cd96ced399585d8c897a76a4f1d1
|
||||
version: 6.24.1
|
||||
resolution: "undici@npm:6.24.1"
|
||||
checksum: 10/4f84e6045520eef9ba8eabb96360b50c759f59905c1703b12187c2dbcc6d1584c5d7ecddeb45b0ed6cac84ca2d132b21bfd8a38f77fa30378b1ac5d2ae390fd9
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
|
||||
Reference in New Issue
Block a user