From f2d30fbcb7dadfd68c12f8a581a15ebc6de95389 Mon Sep 17 00:00:00 2001 From: Guillaume Lours <705411+glours@users.noreply.github.com> Date: Tue, 20 May 2025 16:00:33 +0200 Subject: [PATCH 1/2] only use attestation when building image outside the development inner loop when building a image, by default attestation are generated and modify the image ID which trigger a container recreation on up, run command even if there isn't any changes on the image content itself Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com> --- cmd/compose/build.go | 57 ++++++++++++++---------- docs/reference/compose_build.md | 1 + docs/reference/docker_compose_build.yaml | 10 +++++ pkg/api/api.go | 2 + pkg/compose/build.go | 4 ++ 5 files changed, 50 insertions(+), 24 deletions(-) diff --git a/cmd/compose/build.go b/cmd/compose/build.go index f31fbd28ab3..e6a2c6ca3bd 100644 --- a/cmd/compose/build.go +++ b/cmd/compose/build.go @@ -35,17 +35,18 @@ import ( type buildOptions struct { *ProjectOptions - quiet bool - pull bool - push bool - args []string - noCache bool - memory cliopts.MemBytes - ssh string - builder string - deps bool - print bool - check bool + quiet bool + pull bool + push bool + args []string + noCache bool + memory cliopts.MemBytes + ssh string + builder string + deps bool + print bool + check bool + provenance string } func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) { @@ -69,20 +70,27 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, if uiMode == ui.ModeJSON { uiMode = "rawjson" } + var provenance *string + // empty when set by up, run or create functions and "none" when set by the user from the build command + if opts.provenance != "" && opts.provenance != "none" { + provenance = &opts.provenance + } + return api.BuildOptions{ - Pull: opts.pull, - Push: opts.push, - Progress: uiMode, - Args: types.NewMappingWithEquals(opts.args), - NoCache: opts.noCache, - Quiet: opts.quiet, - Services: services, - Deps: opts.deps, - Memory: int64(opts.memory), - Print: opts.print, - Check: opts.check, - SSHs: SSHKeys, - Builder: builderName, + Pull: opts.pull, + Push: opts.push, + Progress: uiMode, + Args: types.NewMappingWithEquals(opts.args), + NoCache: opts.noCache, + Quiet: opts.quiet, + Services: services, + Deps: opts.deps, + Memory: int64(opts.memory), + Print: opts.print, + Check: opts.check, + SSHs: SSHKeys, + Builder: builderName, + Provenance: provenance, }, nil } @@ -123,6 +131,7 @@ func buildCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Service) flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)") flags.StringVar(&opts.builder, "builder", "", "Set builder to use") flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)") + flags.StringVar(&opts.provenance, "provenance", "min", "Set provenance mode (none|min|max)") flags.Bool("parallel", true, "Build images in parallel. DEPRECATED") flags.MarkHidden("parallel") //nolint:errcheck diff --git a/docs/reference/compose_build.md b/docs/reference/compose_build.md index 5589a46934c..0d1d2e95803 100644 --- a/docs/reference/compose_build.md +++ b/docs/reference/compose_build.md @@ -22,6 +22,7 @@ run `docker compose build` to rebuild it. | `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. | | `--no-cache` | `bool` | | Do not use cache when building the image | | `--print` | `bool` | | Print equivalent bake file | +| `--provenance` | `string` | `max` | Set provenance mode (none\|min\|max) | | `--pull` | `bool` | | Always attempt to pull a newer version of the image | | `--push` | `bool` | | Push service images | | `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT | diff --git a/docs/reference/docker_compose_build.yaml b/docs/reference/docker_compose_build.yaml index 1197d5314c4..707b84e4cab 100644 --- a/docs/reference/docker_compose_build.yaml +++ b/docs/reference/docker_compose_build.yaml @@ -126,6 +126,16 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: provenance + value_type: string + default_value: max + description: Set provenance mode (none|min|max) + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: pull value_type: bool default_value: "false" diff --git a/pkg/api/api.go b/pkg/api/api.go index 95ff19931a8..5ff4c4ff0ad 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -159,6 +159,8 @@ type BuildOptions struct { Print bool // Check let builder validate build configuration Check bool + // Provenance + Provenance *string } // Apply mutates project according to build options diff --git a/pkg/compose/build.go b/pkg/compose/build.go index e562a5edb1e..790cb9b74f7 100644 --- a/pkg/compose/build.go +++ b/pkg/compose/build.go @@ -481,6 +481,9 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se return build.Options{}, err } + attests := map[string]*string{} + attests["provenance"] = options.Provenance + return build.Options{ Inputs: build.Inputs{ ContextPath: service.Build.Context, @@ -504,6 +507,7 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se Session: sessionConfig, Allow: allow, SourcePolicy: sp, + Attests: attests, }, nil } From 0225aed82f6352c15fa007747ab0bd8ea68f49a1 Mon Sep 17 00:00:00 2001 From: Guillaume Lours <705411+glours@users.noreply.github.com> Date: Tue, 20 May 2025 17:14:54 +0200 Subject: [PATCH 2/2] remove provenance build flag for now Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com> --- cmd/compose/build.go | 11 +++-------- docs/reference/compose_build.md | 1 - docs/reference/docker_compose_build.yaml | 10 ---------- pkg/api/api.go | 2 +- pkg/compose/build.go | 4 +++- 5 files changed, 7 insertions(+), 21 deletions(-) diff --git a/cmd/compose/build.go b/cmd/compose/build.go index e6a2c6ca3bd..9393745e061 100644 --- a/cmd/compose/build.go +++ b/cmd/compose/build.go @@ -46,7 +46,7 @@ type buildOptions struct { deps bool print bool check bool - provenance string + provenance bool } func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, error) { @@ -70,11 +70,6 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, if uiMode == ui.ModeJSON { uiMode = "rawjson" } - var provenance *string - // empty when set by up, run or create functions and "none" when set by the user from the build command - if opts.provenance != "" && opts.provenance != "none" { - provenance = &opts.provenance - } return api.BuildOptions{ Pull: opts.pull, @@ -90,7 +85,7 @@ func (opts buildOptions) toAPIBuildOptions(services []string) (api.BuildOptions, Check: opts.check, SSHs: SSHKeys, Builder: builderName, - Provenance: provenance, + Provenance: opts.provenance, }, nil } @@ -131,7 +126,6 @@ func buildCommand(p *ProjectOptions, dockerCli command.Cli, backend api.Service) flags.StringVar(&opts.ssh, "ssh", "", "Set SSH authentications used when building service images. (use 'default' for using your default SSH Agent)") flags.StringVar(&opts.builder, "builder", "", "Set builder to use") flags.BoolVar(&opts.deps, "with-dependencies", false, "Also build dependencies (transitively)") - flags.StringVar(&opts.provenance, "provenance", "min", "Set provenance mode (none|min|max)") flags.Bool("parallel", true, "Build images in parallel. DEPRECATED") flags.MarkHidden("parallel") //nolint:errcheck @@ -162,6 +156,7 @@ func runBuild(ctx context.Context, dockerCli command.Cli, backend api.Service, o } apiBuildOptions, err := opts.toAPIBuildOptions(services) + apiBuildOptions.Provenance = true if err != nil { return err } diff --git a/docs/reference/compose_build.md b/docs/reference/compose_build.md index 0d1d2e95803..5589a46934c 100644 --- a/docs/reference/compose_build.md +++ b/docs/reference/compose_build.md @@ -22,7 +22,6 @@ run `docker compose build` to rebuild it. | `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. | | `--no-cache` | `bool` | | Do not use cache when building the image | | `--print` | `bool` | | Print equivalent bake file | -| `--provenance` | `string` | `max` | Set provenance mode (none\|min\|max) | | `--pull` | `bool` | | Always attempt to pull a newer version of the image | | `--push` | `bool` | | Push service images | | `-q`, `--quiet` | `bool` | | Don't print anything to STDOUT | diff --git a/docs/reference/docker_compose_build.yaml b/docs/reference/docker_compose_build.yaml index 707b84e4cab..1197d5314c4 100644 --- a/docs/reference/docker_compose_build.yaml +++ b/docs/reference/docker_compose_build.yaml @@ -126,16 +126,6 @@ options: experimentalcli: false kubernetes: false swarm: false - - option: provenance - value_type: string - default_value: max - description: Set provenance mode (none|min|max) - deprecated: false - hidden: false - experimental: false - experimentalcli: false - kubernetes: false - swarm: false - option: pull value_type: bool default_value: "false" diff --git a/pkg/api/api.go b/pkg/api/api.go index 5ff4c4ff0ad..d4d540be2e2 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -160,7 +160,7 @@ type BuildOptions struct { // Check let builder validate build configuration Check bool // Provenance - Provenance *string + Provenance bool } // Apply mutates project according to build options diff --git a/pkg/compose/build.go b/pkg/compose/build.go index 790cb9b74f7..4666bacb00b 100644 --- a/pkg/compose/build.go +++ b/pkg/compose/build.go @@ -482,7 +482,9 @@ func (s *composeService) toBuildOptions(project *types.Project, service types.Se } attests := map[string]*string{} - attests["provenance"] = options.Provenance + if !options.Provenance { + attests["provenance"] = nil + } return build.Options{ Inputs: build.Inputs{