1
0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-03-17 20:47:50 +02:00

fix(ko): disable SBOM when sbom is none (#3861)

This commit is contained in:
Maxime Brunet 2023-03-10 18:31:46 -08:00 committed by GitHub
parent 5b9f2a7c0d
commit 53277590f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 76 additions and 6 deletions

View File

@ -195,7 +195,7 @@ func (o *buildOptions) makeBuilder(ctx *context.Context) (*build.Caching, error)
case "go.version-m":
buildOptions = append(buildOptions, build.WithGoVersionSBOM())
case "none":
// don't do anything.
buildOptions = append(buildOptions, build.WithDisabledSBOM())
default:
return nil, fmt.Errorf("unknown sbom type: %q", o.sbom)
}

View File

@ -2,10 +2,13 @@ package ko
import (
"fmt"
"strings"
"testing"
_ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/goreleaser/goreleaser/internal/testctx"
"github.com/goreleaser/goreleaser/internal/testlib"
"github.com/goreleaser/goreleaser/pkg/config"
@ -126,13 +129,14 @@ func TestPublishPipeSuccess(t *testing.T) {
Platforms []string
}{
{
Name: "sbom-spdx",
SBOM: "spdx",
},
{
// Must be first as others add an SBOM for the same image
Name: "sbom-none",
SBOM: "none",
},
{
Name: "sbom-spdx",
SBOM: "spdx",
},
{
Name: "sbom-cyclonedx",
SBOM: "cyclonedx",
@ -151,9 +155,12 @@ func TestPublishPipeSuccess(t *testing.T) {
},
}
repository := fmt.Sprintf("%sgoreleasertest/testapp", registry)
for _, table := range table {
t.Run(table.Name, func(t *testing.T) {
ctx := testctx.NewWithCfg(config.Project{
ProjectName: "test",
Builds: []config.Build{
{
ID: "foo",
@ -170,16 +177,79 @@ func TestPublishPipeSuccess(t *testing.T) {
Build: "foo",
WorkingDir: "./testdata/app/",
BaseImage: table.BaseImage,
Repository: fmt.Sprintf("%s/goreleasertest", registry),
Repository: repository,
Platforms: table.Platforms,
Tags: []string{table.Name},
SBOM: table.SBOM,
Bare: true,
},
},
})
require.NoError(t, Pipe{}.Default(ctx))
require.NoError(t, Pipe{}.Publish(ctx))
ref, err := name.ParseReference(
fmt.Sprintf("%s:%s", repository, table.Name),
name.Insecure,
)
require.NoError(t, err)
index, err := remote.Index(ref)
if len(table.Platforms) > 1 {
require.NoError(t, err)
imf, err := index.IndexManifest()
require.NoError(t, err)
platforms := make([]string, 0, len(imf.Manifests))
for _, mf := range imf.Manifests {
platforms = append(platforms, mf.Platform.String())
}
require.ElementsMatch(t, table.Platforms, platforms)
} else {
require.Error(t, err)
}
image, err := remote.Image(ref)
require.NoError(t, err)
digest, err := image.Digest()
require.NoError(t, err)
sbomRef, err := name.ParseReference(
fmt.Sprintf(
"%s:%s.sbom",
repository,
strings.Replace(digest.String(), ":", "-", 1),
),
name.Insecure,
)
require.NoError(t, err)
sbom, err := remote.Image(sbomRef)
if table.SBOM == "none" {
require.Error(t, err)
} else {
require.NoError(t, err)
layers, err := sbom.Layers()
require.NoError(t, err)
require.NotEmpty(t, layers)
mediaType, err := layers[0].MediaType()
require.NoError(t, err)
switch table.SBOM {
case "spdx", "":
require.Equal(t, "spdx+json", string(mediaType))
case "cyclonedx":
require.Equal(t, "application/vnd.cyclonedx+json", string(mediaType))
case "go.version-m":
require.Equal(t, "application/vnd.go.version-m", string(mediaType))
default:
require.Fail(t, "unknown SBOM type", table.SBOM)
}
}
})
}
}