manually verified working report toml for build phase

internal/build/lifecycle_execution.go

@@ -289,6 +289,9 @@ func (l *LifecycleExecution) Create(ctx context.Context, buildCache, launchCache
 		If(l.opts.SBOMDestinationDir != "", WithPostContainerRunOperations(
 			EnsureVolumeAccess(l.opts.Builder.UID(), l.opts.Builder.GID(), l.os, l.layersVolume, l.appVolume),
 			CopyOutTo(l.mountPaths.sbomDir(), l.opts.SBOMDestinationDir))),
+		If(l.opts.ReportDestinationDir != "", WithPostContainerRunOperations(
+			EnsureVolumeAccess(l.opts.Builder.UID(), l.opts.Builder.GID(), l.os, l.layersVolume, l.appVolume),
+			CopyOutTo(l.mountPaths.reportPath(), l.opts.ReportDestinationDir))),
 		If(l.opts.Interactive, WithPostContainerRunOperations(
 			EnsureVolumeAccess(l.opts.Builder.UID(), l.opts.Builder.GID(), l.os, l.layersVolume, l.appVolume),
 			CopyOut(l.opts.Termui.ReadLayers, l.mountPaths.layersDir(), l.mountPaths.appDir()))),

internal/build/lifecycle_executor.go

@@ -67,35 +67,36 @@ func init() {
 }
 
 type LifecycleOptions struct {
-	AppPath            string
-	Image              name.Reference
-	Builder            Builder
-	BuilderImage       string // differs from Builder.Name() and Builder.Image().Name() in that it includes the registry context
-	LifecycleImage     string
-	RunImage           string
-	ProjectMetadata    platform.ProjectMetadata
-	ClearCache         bool
-	Publish            bool
-	TrustBuilder       bool
-	UseCreator         bool
-	Interactive        bool
-	Termui             Termui
-	DockerHost         string
-	Cache              cache.CacheOpts
-	CacheImage         string
-	HTTPProxy          string
-	HTTPSProxy         string
-	NoProxy            string
-	Network            string
-	AdditionalTags     []string
-	Volumes            []string
-	DefaultProcessType string
-	FileFilter         func(string) bool
-	Workspace          string
-	GID                int
-	PreviousImage      string
-	SBOMDestinationDir string
-	CreationTime       *time.Time
+	AppPath              string
+	Image                name.Reference
+	Builder              Builder
+	BuilderImage         string // differs from Builder.Name() and Builder.Image().Name() in that it includes the registry context
+	LifecycleImage       string
+	RunImage             string
+	ProjectMetadata      platform.ProjectMetadata
+	ClearCache           bool
+	Publish              bool
+	TrustBuilder         bool
+	UseCreator           bool
+	Interactive          bool
+	Termui               Termui
+	DockerHost           string
+	Cache                cache.CacheOpts
+	CacheImage           string
+	HTTPProxy            string
+	HTTPSProxy           string
+	NoProxy              string
+	Network              string
+	AdditionalTags       []string
+	Volumes              []string
+	DefaultProcessType   string
+	FileFilter           func(string) bool
+	Workspace            string
+	GID                  int
+	PreviousImage        string
+	ReportDestinationDir string
+	SBOMDestinationDir   string
+	CreationTime         *time.Time
 }
 
 func NewLifecycleExecutor(logger logging.Logger, docker client.CommonAPIClient) *LifecycleExecutor {

internal/build/mount_paths.go

@@ -42,6 +42,10 @@ func (m mountPaths) projectPath() string {
 	return m.join(m.layersDir(), "project-metadata.toml")
 }
 
+func (m mountPaths) reportPath() string {
+	return m.join(m.layersDir(), "report.toml")
+}
+
 func (m mountPaths) appDirName() string {
 	return m.workspace
 }

internal/commands/build.go

@@ -23,32 +23,33 @@ import (
 )
 
 type BuildFlags struct {
-	Publish            bool
-	ClearCache         bool
-	TrustBuilder       bool
-	Interactive        bool
-	DockerHost         string
-	CacheImage         string
-	Cache              cache.CacheOpts
-	AppPath            string
-	Builder            string
-	Registry           string
-	RunImage           string
-	Policy             string
-	Network            string
-	DescriptorPath     string
-	DefaultProcessType string
-	LifecycleImage     string
-	Env                []string
-	EnvFiles           []string
-	Buildpacks         []string
-	Volumes            []string
-	AdditionalTags     []string
-	Workspace          string
-	GID                int
-	PreviousImage      string
-	SBOMDestinationDir string
-	DateTime           string
+	Publish              bool
+	ClearCache           bool
+	TrustBuilder         bool
+	Interactive          bool
+	DockerHost           string
+	CacheImage           string
+	Cache                cache.CacheOpts
+	AppPath              string
+	Builder              string
+	Registry             string
+	RunImage             string
+	Policy               string
+	Network              string
+	DescriptorPath       string
+	DefaultProcessType   string
+	LifecycleImage       string
+	Env                  []string
+	EnvFiles             []string
+	Buildpacks           []string
+	Volumes              []string
+	AdditionalTags       []string
+	Workspace            string
+	GID                  int
+	PreviousImage        string
+	SBOMDestinationDir   string
+	ReportDestinationDir string
+	DateTime             string
 }
 
 // Build an image from source code
@@ -172,6 +173,7 @@ func Build(logger logging.Logger, cfg config.Config, packClient PackClient) *cob
 				PreviousImage:            flags.PreviousImage,
 				Interactive:              flags.Interactive,
 				SBOMDestinationDir:       flags.SBOMDestinationDir,
+				ReportDestinationDir:     flags.ReportDestinationDir,
 				CreationTime:             dateTime,
 			}); err != nil {
 				return errors.Wrap(err, "failed to build")
@@ -239,6 +241,7 @@ This option may set DOCKER_HOST environment variable for the build container if
 	cmd.Flags().IntVar(&buildFlags.GID, "gid", 0, `Override GID of user's group in the stack's build and run images. The provided value must be a positive number`)
 	cmd.Flags().StringVar(&buildFlags.PreviousImage, "previous-image", "", "Set previous image to a particular tag reference, digest reference, or (when performing a daemon build) image ID")
 	cmd.Flags().StringVar(&buildFlags.SBOMDestinationDir, "sbom-output-dir", "", "Path to export SBoM contents.\nOmitting the flag will yield no SBoM content.")
+	cmd.Flags().StringVar(&buildFlags.ReportDestinationDir, "report-output-dir", "", "Path to export build report.toml.\nOmitting the flag yield no report file.")
 	cmd.Flags().BoolVar(&buildFlags.Interactive, "interactive", false, "Launch a terminal UI to depict the build process")
 	if !cfg.Experimental {
 		cmd.Flags().MarkHidden("interactive")

pkg/client/build.go

@@ -50,16 +50,15 @@ const (
 // Implementations of the Lifecycle must execute the following phases by calling the
 // phase-specific lifecycle binary in order:
 //
-//  Detection:         /cnb/lifecycle/detector
-//  Analysis:          /cnb/lifecycle/analyzer
-//  Cache Restoration: /cnb/lifecycle/restorer
-//  Build:             /cnb/lifecycle/builder
-//  Export:            /cnb/lifecycle/exporter
+//	Detection:         /cnb/lifecycle/detector
+//	Analysis:          /cnb/lifecycle/analyzer
+//	Cache Restoration: /cnb/lifecycle/restorer
+//	Build:             /cnb/lifecycle/builder
+//	Export:            /cnb/lifecycle/exporter
 //
 // or invoke the single creator binary:
 //
-//  Creator:            /cnb/lifecycle/creator
-//
+//	Creator:            /cnb/lifecycle/creator
 type LifecycleExecutor interface {
 	// Execute is responsible for invoking each of these binaries
 	// with the desired configuration.
@@ -177,6 +176,9 @@ type BuildOptions struct {
 	// Directory to output any SBOM artifacts
 	SBOMDestinationDir string
 
+	// Directory to output the report.toml metadata artifact
+	ReportDestinationDir string
+
 	// Desired create time in the output image config
 	CreationTime *time.Time
 }
@@ -353,35 +355,36 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error {
 	}
 
 	lifecycleOpts := build.LifecycleOptions{
-		AppPath:            appPath,
-		Image:              imageRef,
-		Builder:            ephemeralBuilder,
-		BuilderImage:       builderRef.Name(),
-		LifecycleImage:     ephemeralBuilder.Name(),
-		RunImage:           runImageName,
-		ProjectMetadata:    projectMetadata,
-		ClearCache:         opts.ClearCache,
-		Publish:            opts.Publish,
-		TrustBuilder:       opts.TrustBuilder(opts.Builder),
-		UseCreator:         false,
-		DockerHost:         opts.DockerHost,
-		Cache:              opts.Cache,
-		CacheImage:         opts.CacheImage,
-		HTTPProxy:          proxyConfig.HTTPProxy,
-		HTTPSProxy:         proxyConfig.HTTPSProxy,
-		NoProxy:            proxyConfig.NoProxy,
-		Network:            opts.ContainerConfig.Network,
-		AdditionalTags:     opts.AdditionalTags,
-		Volumes:            processedVolumes,
-		DefaultProcessType: opts.DefaultProcessType,
-		FileFilter:         fileFilter,
-		Workspace:          opts.Workspace,
-		GID:                opts.GroupID,
-		PreviousImage:      opts.PreviousImage,
-		Interactive:        opts.Interactive,
-		Termui:             termui.NewTermui(imageRef.Name(), ephemeralBuilder, runImageName),
-		SBOMDestinationDir: opts.SBOMDestinationDir,
-		CreationTime:       opts.CreationTime,
+		AppPath:              appPath,
+		Image:                imageRef,
+		Builder:              ephemeralBuilder,
+		BuilderImage:         builderRef.Name(),
+		LifecycleImage:       ephemeralBuilder.Name(),
+		RunImage:             runImageName,
+		ProjectMetadata:      projectMetadata,
+		ClearCache:           opts.ClearCache,
+		Publish:              opts.Publish,
+		TrustBuilder:         opts.TrustBuilder(opts.Builder),
+		UseCreator:           false,
+		DockerHost:           opts.DockerHost,
+		Cache:                opts.Cache,
+		CacheImage:           opts.CacheImage,
+		HTTPProxy:            proxyConfig.HTTPProxy,
+		HTTPSProxy:           proxyConfig.HTTPSProxy,
+		NoProxy:              proxyConfig.NoProxy,
+		Network:              opts.ContainerConfig.Network,
+		AdditionalTags:       opts.AdditionalTags,
+		Volumes:              processedVolumes,
+		DefaultProcessType:   opts.DefaultProcessType,
+		FileFilter:           fileFilter,
+		Workspace:            opts.Workspace,
+		GID:                  opts.GroupID,
+		PreviousImage:        opts.PreviousImage,
+		Interactive:          opts.Interactive,
+		Termui:               termui.NewTermui(imageRef.Name(), ephemeralBuilder, runImageName),
+		ReportDestinationDir: opts.ReportDestinationDir,
+		SBOMDestinationDir:   opts.SBOMDestinationDir,
+		CreationTime:         opts.CreationTime,
 	}
 
 	lifecycleVersion := ephemeralBuilder.LifecycleDescriptor().Info.Version
@@ -666,45 +669,45 @@ func (c *Client) processProxyConfig(config *ProxyConfig) ProxyConfig {
 //
 // Visual examples:
 //
-// 	BUILDER ORDER
-// 	----------
-//  - group:
-//		- A
-//		- B
-//  - group:
-//		- A
+//		BUILDER ORDER
+//		----------
+//	 - group:
+//			- A
+//			- B
+//	 - group:
+//			- A
 //
-//	WITH DECLARED: "from=builder", X
-// 	----------
-// 	- group:
-//		- A
-//		- B
-//		- X
-// 	 - group:
-//		- A
-//		- X
+//		WITH DECLARED: "from=builder", X
+//		----------
+//		- group:
+//			- A
+//			- B
+//			- X
+//		 - group:
+//			- A
+//			- X
 //
-//	WITH DECLARED: X, "from=builder", Y
-// 	----------
-// 	- group:
-//		- X
-//		- A
-//		- B
-//      - Y
-// 	- group:
-//		- X
-//		- A
-//      - Y
+//		WITH DECLARED: X, "from=builder", Y
+//		----------
+//		- group:
+//			- X
+//			- A
+//			- B
+//	     - Y
+//		- group:
+//			- X
+//			- A
+//	     - Y
 //
-//	WITH DECLARED: X
-// 	----------
-//	- group:
-//		- X
+//		WITH DECLARED: X
+//		----------
+//		- group:
+//			- X
 //
-//	WITH DECLARED: A
-// 	----------
-// 	- group:
-//		- A
+//		WITH DECLARED: A
+//		----------
+//		- group:
+//			- A
 func (c *Client) processBuildpacks(ctx context.Context, builderImage imgutil.Image, builderBPs []dist.ModuleInfo, builderOrder dist.Order, stackID string, opts BuildOptions) (fetchedBPs []buildpack.BuildModule, order dist.Order, err error) {
 	pullPolicy := opts.PullPolicy
 	publish := opts.Publish