fix(docker/v2): make sbom templateable (#6203)

refs #5786 #6201

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

internal/pipe/docker/v2/docker.go

@@ -71,6 +71,9 @@ func (Base) Default(ctx *context.Context) error {
 		if len(docker.Platforms) == 0 {
 			docker.Platforms = []string{"linux/amd64", "linux/arm64"}
 		}
+		if docker.SBOM == "" {
+			docker.SBOM = "true"
+		}
 		docker.Retry.Attempts = cmp.Or(docker.Retry.Attempts, 10)
 		docker.Retry.Delay = cmp.Or(docker.Retry.Delay, 10*time.Second)
 		docker.Retry.MaxDelay = cmp.Or(docker.Retry.MaxDelay, 5*time.Minute)
@@ -100,14 +103,14 @@ func (p Snapshot) Run(ctx *context.Context) error {
 }
 
 // Publish implements publish.Publisher.
-func (Publish) Publish(ctx *context.Context) error {
+func (p Publish) Publish(ctx *context.Context) error {
 	warnExperimental()
 	g := semerrgroup.NewSkipAware(semerrgroup.New(ctx.Parallelism))
 	for _, d := range ctx.Config.DockersV2 {
 		g.Go(func() error {
-			extraArgs := []string{"--push"}
-			if d.SBOM == nil || *d.SBOM {
-				extraArgs = append(extraArgs, "--attest=type=sbom")
+			extraArgs, err := p.extraArgs(ctx, d)
+			if err != nil {
+				return fmt.Errorf("dockers_v2.sbom: %w", err)
 			}
 			return buildImage(ctx, d, extraArgs...)
 		})
@@ -115,6 +118,18 @@ func (Publish) Publish(ctx *context.Context) error {
 	return g.Wait()
 }
 
+func (Publish) extraArgs(ctx *context.Context, d config.DockerV2) ([]string, error) {
+	sbom, err := tmpl.New(ctx).Bool(d.SBOM)
+	if err != nil {
+		return nil, fmt.Errorf("dockers_v2.sbom: %w", err)
+	}
+	extraArgs := []string{"--push"}
+	if sbom {
+		extraArgs = append(extraArgs, "--attest=type=sbom")
+	}
+	return extraArgs, nil
+}
+
 func buildImage(ctx *context.Context, d config.DockerV2, extraArgs ...string) error {
 	if len(d.Platforms) == 0 {
 		return pipe.Skip("no platforms to build")

internal/pipe/docker/v2/docker_integration_test.go

@@ -179,7 +179,6 @@ func TestPublish(t *testing.T) {
 	testlib.StartRegistry(t, "registry-v2", "5060")
 	testlib.StartRegistry(t, "alt_registry-v2", "5061")
 
-	b := false
 	dist := t.TempDir()
 	ctx := testctx.NewWithCfg(
 		config.Project{
@@ -206,7 +205,7 @@ func TestPublish(t *testing.T) {
 					Dockerfile: "./testdata/Dockerfile.python",
 					Images:     []string{"localhost:5060/python"},
 					Tags:       []string{"latest"},
-					SBOM:       &b,
+					SBOM:       "{{ .IsSnapshot }}",
 				},
 			},
 		},

internal/pipe/docker/v2/docker_test.go

@@ -66,6 +66,7 @@ func TestDefault(t *testing.T) {
 	require.NotEmpty(t, d.Dockerfile)
 	require.NotEmpty(t, d.Tags)
 	require.NotEmpty(t, d.Platforms)
+	require.Equal(t, "true", d.SBOM)
 }
 
 func TestMakeContext(t *testing.T) {
@@ -109,6 +110,31 @@ func TestMakeContext(t *testing.T) {
 	})
 }
 
+func TestPublishExtraArgs(t *testing.T) {
+	ctx := testctx.New()
+
+	t.Run("sbom disabled", func(t *testing.T) {
+		args, err := Publish{}.extraArgs(ctx, config.DockerV2{
+			SBOM: "{{ .IsSnapshot }}",
+		})
+		require.NoError(t, err)
+		require.Equal(t, []string{"--push"}, args)
+	})
+	t.Run("sbom enabled", func(t *testing.T) {
+		args, err := Publish{}.extraArgs(ctx, config.DockerV2{
+			SBOM: "{{ not .IsSnapshot }}",
+		})
+		require.NoError(t, err)
+		require.Equal(t, []string{"--push", "--attest=type=sbom"}, args)
+	})
+	t.Run("tmpl err", func(t *testing.T) {
+		_, err := Publish{}.extraArgs(ctx, config.DockerV2{
+			SBOM: "{{ not .IsSn",
+		})
+		testlib.RequireTemplateError(t, err)
+	})
+}
+
 func TestMakeArgs(t *testing.T) {
 	t.Run("tmpl error", func(t *testing.T) {
 		for name, mod := range map[string]func(d *config.DockerV2){

pkg/config/config.go

@@ -1089,7 +1089,7 @@ type DockerV2 struct {
 	Retry       Retry             `yaml:"retry,omitempty" json:"retry,omitempty"`
 	Flags       []string          `yaml:"flags,omitempty" json:"flags,omitempty"`
 	Disable     string            `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
-	SBOM        *bool             `yaml:"sbom,omitempty" json:"sbom,omitempty"`
+	SBOM        string            `yaml:"sbom,omitempty" json:"sbom,omitempty" jsonschema:"oneof_type=string;boolean"`
 }
 
 // DockerDigest config.

www/docs/customization/dockers_v2.md

@@ -110,10 +110,11 @@ dockers_v2:
     disable: "{{ .IsSnapshot }}"
 
     # Whether to create and attach a SBOM to the image.
-    # Default: true
     #
+    # Default: 'true'
+    # Templates: allowed.
     # <!-- md:inline_version v2.12.7-unreleased -->.
-    sbom: false
+    sbom: "{{ not .IsNightly }}"
 
     # Additional `--build-arg`s to be passed.
     #