1berry/docker-compose
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

only use attestation when building image outside the development inner loop

Browse Source 
when building a image, by default attestation are generated and modify the image ID which trigger a container recreation on up, run command even if there isn't any changes on the image content itself

Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
This commit is contained in:
Guillaume Lours 2025-05-20 16:00:33 +02:00
parent 4f6cc2a330
commit 0566431c64
5 changed files with 50 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/compose/build.go
View File

@ -46,6 +46,7 @@ type buildOptions struct {
deps bool deps bool
print bool print bool
check bool check bool
provenance string
} }
func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) { func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) {
@ -69,6 +70,12 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions,
if uiMode == ui.ModeJSON { if uiMode == ui.ModeJSON {
uiMode = "rawjson" uiMode = "rawjson"
} }
var provenance *string
// empty when set by up, run or create functions and "none" when set by the user from the build command
if opts.provenance != "" && opts.provenance != "none" {
provenance = &opts.provenance
}
return api.BuildOptions{ return api.BuildOptions{
Pull: opts.pull, Pull: opts.pull,
Push: opts.push, Push: opts.push,
@ -83,6 +90,7 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions,
Check: opts.check, Check: opts.check,
SSHs: SSHKeys, SSHs: SSHKeys,
Builder: builderName, Builder: builderName,
Provenance: provenance,
}, nil }, nil
} }
@ -123,6 +131,7 @@ func buildCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Service)
flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)") flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)")
flags.StringVar(&opts.builder, "builder", "", "Set builder to use") flags.StringVar(&opts.builder, "builder", "", "Set builder to use")
flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)") flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)")
flags.StringVar(&opts.provenance, "provenance", "min", "Set provenance mode (none|min|max)")
flags.Bool("parallel", true, "Build images in parallel. DEPRECATED") flags.Bool("parallel", true, "Build images in parallel. DEPRECATED")
flags.MarkHidden("parallel") //nolint:errcheck flags.MarkHidden("parallel") //nolint:errcheck

1
docs/reference/compose_build.md
View File

@ -22,6 +22,7 @@ run `docker compose build` to rebuild it.
| `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. | | `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. |
| `--no-cache` | `bool` | | Do not use cache when building the image | | `--no-cache` | `bool` | | Do not use cache when building the image |
| `--print` | `bool` | | Print equivalent bake file | | `--print` | `bool` | | Print equivalent bake file |
| `--provenance` | `string` | `max` | Set provenance mode (none\|min\|max) |
| `--pull` | `bool` | | Always attempt to pull a newer version of the image | | `--pull` | `bool` | | Always attempt to pull a newer version of the image |
| `--push` | `bool` | | Push service images | | `--push` | `bool` | | Push service images |
| `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT | | `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT |

10
docs/reference/docker_compose_build.yaml
View File

@ -126,6 +126,16 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: provenance
value_type: string
default_value: max
description: Set provenance mode (none|min|max)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: pull - option: pull
value_type: bool value_type: bool
default_value: "false" default_value: "false"

2
pkg/api/api.go
View File

@ -159,6 +159,8 @@ type BuildOptions struct {
Print bool Print bool
// Check let builder validate build configuration // Check let builder validate build configuration
Check bool Check bool
// Provenance
Provenance *string
} }
// Apply mutates project according to build options // Apply mutates project according to build options

4
pkg/compose/build.go
View File

@ -481,6 +481,9 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se
return build.Options{}, err return build.Options{}, err
} }
attests := map[string]*string{}
attests["provenance"] = options.Provenance
return build.Options{ return build.Options{
Inputs: build.Inputs{ Inputs: build.Inputs{
ContextPath: service.Build.Context, ContextPath: service.Build.Context,
@ -504,6 +507,7 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se
Session: sessionConfig, Session: sessionConfig,
Allow: allow, Allow: allow,
SourcePolicy: sp, SourcePolicy: sp,
Attests: attests,
}, nil }, nil
} }