Skip to content

Commit

Permalink
provenance: set mode max and builder-id for public repos by default
Browse files Browse the repository at this point in the history
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
  • Loading branch information
crazy-max committed Dec 20, 2022
1 parent 3842cfa commit 5b413ac
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 5 deletions.
4 changes: 1 addition & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -529,9 +529,7 @@ jobs:
file: ./test/go/Dockerfile
target: ${{ matrix.target }}
outputs: ${{ matrix.output }}
attests: |
type=sbom
type=provenance,mode=max,builder-id=https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}
sbom: true
cache-from: type=gha,scope=attests-${{ matrix.target }}
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
-
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

20 changes: 20 additions & 0 deletions src/context.ts
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,10 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, context: str
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
if (inputs.provenance) {
args.push('--provenance', inputs.provenance);
} else if (fromPayload('repository.private') !== false) {
args.push('--provenance', `mode=min,inline-only=true`);
} else {
args.push('--provenance', `mode=max,builder-id=${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`);
}
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
Expand Down Expand Up @@ -264,3 +268,19 @@ export const asyncForEach = async (array, callback) => {
await callback(array[index], index, array);
}
};

function fromPayload(path: string): any {
return select(github.context.payload, path);
}

function select(obj: any, path: string): any {
if (!obj) {
return undefined;
}
const i = path.indexOf('.');
if (i < 0) {
return obj[path];
}
const key = path.slice(0, i);
return select(obj[key], path.slice(i + 1));
}

0 comments on commit 5b413ac

Please sign in to comment.