File tree Expand file tree Collapse file tree 3 files changed +8
-2
lines changed Expand file tree Collapse file tree 3 files changed +8
-2
lines changed Original file line number Diff line number Diff line change 55# <build>
66SOURCE_DATE_EPOCH=1700741054 \
77 docker buildx build --progress=plain \
8- --provenance=mode=max \
8+ --provenance=mode=max,builder-id= ' https://github.com/docker-library '
99 --output ' "type=oci","dest=temp.tar"'
1010 --annotation ' org.opencontainers.image.source=https://github.com/docker-library/docker.git#6d541d27b5dd12639e5a33a675ebca04d3837d74:24/cli'
1111 --annotation ' org.opencontainers.image.revision=6d541d27b5dd12639e5a33a675ebca04d3837d74'
Original file line number Diff line number Diff line change @@ -151,6 +151,12 @@ def _sbom_subset:
151151 ]
152152;
153153
154+ # https://github.com/docker-library/meta-scripts/pull/61 (for lack of better documentation for setting this in buildkit)
155+ # https://slsa.dev/provenance/v0.2#builder.id
156+ def buildkit_provenance_builder_id :
157+ "https://github.com/docker-library"
158+ ;
159+
154160# input: "build" object (with "buildId" top level key)
155161# output: boolean
156162def build_should_sbom :
Original file line number Diff line number Diff line change @@ -141,7 +141,7 @@ def build_command:
141141 @sh "SOURCE_DATE_EPOCH=\( .source.entry.SOURCE_DATE_EPOCH ) ,
142142 # TODO EXPERIMENTAL_BUILDKIT_SOURCE_POLICY=<(jq ...)
143143 "docker buildx build --progress=plain" ,
144- "--provenance=mode=max" ,
144+ @sh "--provenance=mode=max,builder-id= \( buildkit_provenance_builder_id ) ,
145145 if build_should_sbom then
146146 "--sbom=generator=\" $BASHBREW_BUILDKIT_SBOM_GENERATOR\" "
147147 else empty end ,
You can’t perform that action at this time.
0 commit comments