1berry/docker-compose
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

only use attestation when building image outside the development inner loop

Browse Source 
when building a image, by default attestation are generated and modify the image ID which trigger a container recreation on up, run command even if there isn't any changes on the image content itself

Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
This commit is contained in:
Guillaume Lours 2025-05-20 16:00:33 +02:00
parent 4f6cc2a330
commit 0566431c64
5 changed files with 50 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
cmd/compose/build.go
View File

@ -35,17 +35,18 @@ import (
type buildOptions struct { type buildOptions struct {
*ProjectOptions *ProjectOptions
quiet bool quiet bool
pull bool pull bool
push bool push bool
args []string args []string
noCache bool noCache bool
memory cliopts.MemBytes memory cliopts.MemBytes
ssh string ssh string
builder string builder string
deps bool deps bool
print bool print bool
check bool check bool
provenance string
} }
func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) { func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) {
@ -69,20 +70,27 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions,
if uiMode == ui.ModeJSON { if uiMode == ui.ModeJSON {
uiMode = "rawjson" uiMode = "rawjson"
} }
var provenance *string
// empty when set by up, run or create functions and "none" when set by the user from the build command
if opts.provenance != "" && opts.provenance != "none" {
provenance = &opts.provenance
}
return api.BuildOptions{ return api.BuildOptions{
Pull: opts.pull, Pull: opts.pull,
Push: opts.push, Push: opts.push,
Progress: uiMode, Progress: uiMode,
Args: types.NewMappingWithEquals(opts.args), Args: types.NewMappingWithEquals(opts.args),
NoCache: opts.noCache, NoCache: opts.noCache,
Quiet: opts.quiet, Quiet: opts.quiet,
Services: services, Services: services,
Deps: opts.deps, Deps: opts.deps,
Memory: int64(opts.memory), Memory: int64(opts.memory),
Print: opts.print, Print: opts.print,
Check: opts.check, Check: opts.check,
SSHs: SSHKeys, SSHs: SSHKeys,
Builder: builderName, Builder: builderName,
Provenance: provenance,
}, nil }, nil
} }
@ -123,6 +131,7 @@ func buildCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Service)
flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)") flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)")
flags.StringVar(&opts.builder, "builder", "", "Set builder to use") flags.StringVar(&opts.builder, "builder", "", "Set builder to use")
flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)") flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)")
flags.StringVar(&opts.provenance, "provenance", "min", "Set provenance mode (none|min|max)")
flags.Bool("parallel", true, "Build images in parallel. DEPRECATED") flags.Bool("parallel", true, "Build images in parallel. DEPRECATED")
flags.MarkHidden("parallel") //nolint:errcheck flags.MarkHidden("parallel") //nolint:errcheck

1
docs/reference/compose_build.md
View File

@ -22,6 +22,7 @@ run `docker compose build` to rebuild it.
| `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. | | `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. |
| `--no-cache` | `bool` | | Do not use cache when building the image | | `--no-cache` | `bool` | | Do not use cache when building the image |
| `--print` | `bool` | | Print equivalent bake file | | `--print` | `bool` | | Print equivalent bake file |
| `--provenance` | `string` | `max` | Set provenance mode (none\|min\|max) |
| `--pull` | `bool` | | Always attempt to pull a newer version of the image | | `--pull` | `bool` | | Always attempt to pull a newer version of the image |
| `--push` | `bool` | | Push service images | | `--push` | `bool` | | Push service images |
| `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT | | `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT |

10
docs/reference/docker_compose_build.yaml
View File

@ -126,6 +126,16 @@ options:
experimentalcli: false experimentalcli: false
kubernetes: false kubernetes: false
swarm: false swarm: false
- option: provenance
value_type: string
default_value: max
description: Set provenance mode (none|min|max)
deprecated: false
hidden: false
experimental: false
experimentalcli: false
kubernetes: false
swarm: false
- option: pull - option: pull
value_type: bool value_type: bool
default_value: "false" default_value: "false"

2
pkg/api/api.go
View File

@ -159,6 +159,8 @@ type BuildOptions struct {
Print bool Print bool
// Check let builder validate build configuration // Check let builder validate build configuration
Check bool Check bool
// Provenance
Provenance *string
} }
// Apply mutates project according to build options // Apply mutates project according to build options

4
pkg/compose/build.go
View File

@ -481,6 +481,9 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se
return build.Options{}, err return build.Options{}, err
} }
attests := map[string]*string{}
attests["provenance"] = options.Provenance
return build.Options{ return build.Options{
Inputs: build.Inputs{ Inputs: build.Inputs{
ContextPath: service.Build.Context, ContextPath: service.Build.Context,
@ -504,6 +507,7 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se
Session: sessionConfig, Session: sessionConfig,
Allow: allow, Allow: allow,
SourcePolicy: sp, SourcePolicy: sp,
Attests: attests,
}, nil }, nil
} }