2020-10-08 00:52:52 +02:00
|
|
|
import * as core from '@actions/core';
|
2024-01-12 14:15:02 +01:00
|
|
|
import * as handlebars from 'handlebars';
|
2024-04-26 13:12:47 +02:00
|
|
|
|
2023-03-13 14:37:07 +01:00
|
|
|
import {Bake} from '@docker/actions-toolkit/lib/buildx/bake';
|
2024-04-26 13:12:47 +02:00
|
|
|
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
|
2024-01-12 14:15:02 +01:00
|
|
|
import {Context} from '@docker/actions-toolkit/lib/context';
|
2023-03-13 14:37:07 +01:00
|
|
|
import {GitHub} from '@docker/actions-toolkit/lib/github';
|
2023-02-20 23:45:13 +01:00
|
|
|
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
|
|
|
|
|
import {Util} from '@docker/actions-toolkit/lib/util';
|
2024-04-26 13:12:47 +02:00
|
|
|
|
2024-05-27 12:50:16 +02:00
|
|
|
import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
|
2021-09-01 22:22:37 +02:00
|
|
|
|
2020-10-08 00:52:52 +02:00
|
|
|
export interface Inputs {
|
2024-10-02 16:50:35 +02:00
|
|
|
allow: string[];
|
2020-10-08 00:52:52 +02:00
|
|
|
builder: string;
|
|
|
|
|
files: string[];
|
2022-07-08 08:53:34 -04:00
|
|
|
workdir: string;
|
2020-10-08 00:52:52 +02:00
|
|
|
targets: string[];
|
2024-05-02 15:15:36 +02:00
|
|
|
'no-cache': boolean;
|
2020-10-08 00:52:52 +02:00
|
|
|
pull: boolean;
|
|
|
|
|
load: boolean;
|
2023-03-13 14:37:07 +01:00
|
|
|
provenance: string;
|
2020-10-08 00:52:52 +02:00
|
|
|
push: boolean;
|
2023-03-13 14:37:07 +01:00
|
|
|
sbom: string;
|
2020-10-08 00:52:52 +02:00
|
|
|
set: string[];
|
2022-06-24 10:56:51 +02:00
|
|
|
source: string;
|
2024-05-02 15:15:36 +02:00
|
|
|
'github-token': string;
|
2020-10-08 00:52:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export async function getInputs(): Promise<Inputs> {
|
|
|
|
|
return {
|
2024-10-02 16:50:35 +02:00
|
|
|
allow: Util.getInputList('allow'),
|
2020-10-08 00:52:52 +02:00
|
|
|
builder: core.getInput('builder'),
|
2023-02-20 23:45:13 +01:00
|
|
|
files: Util.getInputList('files'),
|
2022-07-08 08:53:34 -04:00
|
|
|
workdir: core.getInput('workdir') || '.',
|
2023-02-20 23:45:13 +01:00
|
|
|
targets: Util.getInputList('targets'),
|
2024-05-02 15:15:36 +02:00
|
|
|
'no-cache': core.getBooleanInput('no-cache'),
|
2021-05-26 15:22:18 +02:00
|
|
|
pull: core.getBooleanInput('pull'),
|
|
|
|
|
load: core.getBooleanInput('load'),
|
2024-04-26 13:12:47 +02:00
|
|
|
provenance: Build.getProvenanceInput('provenance'),
|
2021-05-26 15:22:18 +02:00
|
|
|
push: core.getBooleanInput('push'),
|
2023-03-13 14:37:07 +01:00
|
|
|
sbom: core.getInput('sbom'),
|
2023-04-17 09:56:10 +02:00
|
|
|
set: Util.getInputList('set', {ignoreComma: true, quote: false}),
|
2024-04-13 15:20:19 +02:00
|
|
|
source: getSourceInput('source'),
|
2024-05-02 15:15:36 +02:00
|
|
|
'github-token': core.getInput('github-token')
|
2020-10-08 00:52:52 +02:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-02 13:43:34 +02:00
|
|
|
export function sanitizeInputs(inputs: Inputs) {
|
|
|
|
|
const res = {};
|
|
|
|
|
for (const key of Object.keys(inputs)) {
|
|
|
|
|
if (key === 'github-token') {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
const value: string | string[] | boolean = inputs[key];
|
|
|
|
|
if (typeof value === 'boolean' && value === false) {
|
|
|
|
|
continue;
|
|
|
|
|
} else if (Array.isArray(value) && value.length === 0) {
|
|
|
|
|
continue;
|
|
|
|
|
} else if (!value) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (key === 'workdir' && value === '.') {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
res[key] = value;
|
|
|
|
|
}
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-05 14:25:34 +02:00
|
|
|
export async function getArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
|
2022-03-21 11:28:57 +01:00
|
|
|
// prettier-ignore
|
|
|
|
|
return [
|
2024-04-05 14:25:34 +02:00
|
|
|
...await getBakeArgs(inputs, definition, toolkit),
|
2022-03-21 11:28:57 +01:00
|
|
|
...await getCommonArgs(inputs),
|
|
|
|
|
...inputs.targets
|
|
|
|
|
];
|
2020-10-08 00:52:52 +02:00
|
|
|
}
|
|
|
|
|
|
2024-04-05 14:25:34 +02:00
|
|
|
async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
|
2022-03-21 11:28:57 +01:00
|
|
|
const args: Array<string> = ['bake'];
|
2024-04-05 14:25:34 +02:00
|
|
|
if (inputs.source) {
|
|
|
|
|
args.push(inputs.source);
|
2022-06-24 10:56:51 +02:00
|
|
|
}
|
2024-10-02 16:50:35 +02:00
|
|
|
if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
|
2024-11-22 08:24:48 +01:00
|
|
|
if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
|
|
|
|
|
// allow filesystem entitlements by default
|
|
|
|
|
inputs.allow.push('fs=*');
|
2024-10-02 16:50:35 +02:00
|
|
|
}
|
2024-11-22 08:24:48 +01:00
|
|
|
await Util.asyncForEach(inputs.allow, async allow => {
|
|
|
|
|
args.push('--allow', allow);
|
|
|
|
|
});
|
2024-10-02 16:50:35 +02:00
|
|
|
}
|
2023-02-20 23:45:13 +01:00
|
|
|
await Util.asyncForEach(inputs.files, async file => {
|
2020-10-08 00:52:52 +02:00
|
|
|
args.push('--file', file);
|
|
|
|
|
});
|
2023-02-20 23:45:13 +01:00
|
|
|
await Util.asyncForEach(inputs.set, async set => {
|
2020-10-08 00:52:52 +02:00
|
|
|
args.push('--set', set);
|
|
|
|
|
});
|
2023-02-20 23:45:13 +01:00
|
|
|
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
|
2024-05-14 14:02:37 +02:00
|
|
|
args.push('--metadata-file', toolkit.buildxBake.getMetadataFilePath());
|
2021-09-01 22:22:37 +02:00
|
|
|
}
|
2023-03-13 14:37:07 +01:00
|
|
|
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
|
|
|
|
|
if (inputs.provenance) {
|
|
|
|
|
args.push('--provenance', inputs.provenance);
|
2024-04-05 14:25:34 +02:00
|
|
|
} else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
|
2023-03-13 14:37:07 +01:00
|
|
|
// if provenance not specified and BuildKit version compatible for
|
|
|
|
|
// attestation, set default provenance. Also needs to make sure user
|
|
|
|
|
// doesn't want to explicitly load the image to docker.
|
|
|
|
|
if (GitHub.context.payload.repository?.private ?? false) {
|
|
|
|
|
// if this is a private repository, we set the default provenance
|
|
|
|
|
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
|
2024-04-26 13:12:47 +02:00
|
|
|
args.push('--provenance', Build.resolveProvenanceAttrs(`mode=min,inline-only=true`));
|
2023-03-13 14:37:07 +01:00
|
|
|
} else {
|
|
|
|
|
// for a public repository, we set max provenance mode.
|
2024-04-26 13:12:47 +02:00
|
|
|
args.push('--provenance', Build.resolveProvenanceAttrs(`mode=max`));
|
2023-03-13 14:37:07 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (inputs.sbom) {
|
|
|
|
|
args.push('--sbom', inputs.sbom);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-10-08 00:52:52 +02:00
|
|
|
return args;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
|
2022-03-21 11:28:57 +01:00
|
|
|
const args: Array<string> = [];
|
2024-05-02 15:15:36 +02:00
|
|
|
if (inputs['no-cache']) {
|
2020-10-08 00:52:52 +02:00
|
|
|
args.push('--no-cache');
|
|
|
|
|
}
|
|
|
|
|
if (inputs.builder) {
|
|
|
|
|
args.push('--builder', inputs.builder);
|
|
|
|
|
}
|
|
|
|
|
if (inputs.pull) {
|
|
|
|
|
args.push('--pull');
|
|
|
|
|
}
|
|
|
|
|
if (inputs.load) {
|
|
|
|
|
args.push('--load');
|
|
|
|
|
}
|
|
|
|
|
if (inputs.push) {
|
|
|
|
|
args.push('--push');
|
|
|
|
|
}
|
|
|
|
|
return args;
|
|
|
|
|
}
|
2024-04-05 14:25:34 +02:00
|
|
|
|
|
|
|
|
function getSourceInput(name: string): string {
|
|
|
|
|
let source = handlebars.compile(core.getInput(name))({
|
|
|
|
|
defaultContext: Context.gitContext()
|
|
|
|
|
});
|
2024-06-18 12:03:27 +02:00
|
|
|
if (!source) {
|
|
|
|
|
source = Context.gitContext();
|
|
|
|
|
}
|
2024-04-05 14:25:34 +02:00
|
|
|
if (source === '.') {
|
|
|
|
|
source = '';
|
|
|
|
|
}
|
|
|
|
|
return source;
|
|
|
|
|
}
|
