docker/buildx
1
0
Fork 0
mirror of https://github.com/docker/buildx.git synced 2024-11-22 15:37:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
f7bcafed21
buildx/hack/release
CrazyMax 477200d1f9
ci: generate provenance and sbom for release binaries 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-12-15 19:12:25 +01:00

58 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -eu -o pipefail
: "${GITHUB_ACTIONS=}"
: "${GITHUB_REPOSITORY=}"
: "${GITHUB_RUN_ID=}"
: "${BUILDX_CMD=docker buildx}"
: "${DESTDIR=./bin/release}"
: "${CACHE_FROM=}"
: "${CACHE_TO=}"
: "${PLATFORMS=}"
if [ -n "$CACHE_FROM" ]; then
for cfrom in $CACHE_FROM; do
setFlags+=(--set "*.cache-from=$cfrom")
done
fi
if [ -n "$CACHE_TO" ]; then
for cto in $CACHE_TO; do
setFlags+=(--set "*.cache-to=$cto")
done
fi
if [ -n "$PLATFORMS" ]; then
setFlags+=(--set "*.platform=$PLATFORMS")
fi
if ${BUILDX_CMD} build --help 2>&1 | grep -- '--attest' >/dev/null; then
prvattrs="mode=max"
if [ "$GITHUB_ACTIONS" = "true" ]; then
prvattrs="$prvattrs,builder-id=https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
fi
setFlags+=(--set "*.attest=type=sbom")
setFlags+=(--set "*.attest=type=provenance,$prvattrs")
fi
output=$(mktemp -d -t buildx-output.XXXXXXXXXX)
(
set -x
${BUILDX_CMD} bake "${setFlags[@]}" --set "*.args.BUILDKIT_MULTI_PLATFORM=true" --set "*.output=$output" release
)
for pdir in "${output}"/*/; do
(
cd "$pdir"
binname=$(find . -name 'buildx-*')
filename=$(basename "${binname%.exe}")
mv "provenance.json" "${filename}.provenance.json"
mv "sbom-binaries.spdx.json" "${filename}.sbom.json"
find . -name 'sbom*.json' -exec rm {} \;
)
done
mkdir -p "$DESTDIR"
mv "$output"/**/* "$DESTDIR/"
rm -rf "$output"
Reference in New Issue View Git Blame Copy Permalink