mirror of
synced 2025-03-21 21:07:19 +02:00
Add support for the newly added annotations and user options in [ko v0.17.0](https://github.com/ko-build/ko/releases/tag/v0.17.0)
496 lines
12 KiB
496 lines
12 KiB
// Package ko implements the pipe interface with the intent of
// building OCI compliant images with ko.
package ko
import (
stdctx "context"
v1 "github.com/google/go-containerregistry/pkg/v1"
const chainguardStatic = "cgr.dev/chainguard/static"
var (
baseImages sync.Map
amazonKeychain authn.Keychain = authn.NewKeychainFromHelper(ecr.NewECRHelper(ecr.WithLogger(io.Discard)))
azureKeychain authn.Keychain = authn.NewKeychainFromHelper(credhelper.NewACRCredentialsHelper())
keychain = authn.NewMultiKeychain(
errNoRepository = errors.New("ko: missing repository: please set either the repository field or a $KO_DOCKER_REPO environment variable")
errInvalidMainPath = errors.New("ko: invalid Main path: ko.main (or build.main if ko.main is not set) should be a relative path")
errInvalidMainGoPath = errors.New("ko: invalid Main path: your path should point to a directory instead of a .go file")
// Pipe that build OCI compliant images with ko.
type Pipe struct{}
func (Pipe) String() string { return "ko" }
func (Pipe) Skip(ctx *context.Context) bool {
return skips.Any(ctx, skips.Ko) || len(ctx.Config.Kos) == 0
// Default sets the Pipes defaults.
func (Pipe) Default(ctx *context.Context) error {
ids := ids.New("kos")
for i := range ctx.Config.Kos {
ko := &ctx.Config.Kos[i]
if ko.ID == "" {
ko.ID = ctx.Config.ProjectName
if ko.Build == "" {
ko.Build = ko.ID
build, err := findBuild(ctx, *ko)
if err != nil {
return err
if len(ko.Ldflags) == 0 {
ko.Ldflags = build.Ldflags
if len(ko.Flags) == 0 {
ko.Flags = build.Flags
if len(ko.Env) == 0 {
ko.Env = build.Env
if ko.Main == "" {
ko.Main = build.Main
if err := validateMainPath(ko.Main); err != nil {
return err
if ko.WorkingDir == "" {
ko.WorkingDir = build.Dir
if ko.BaseImage == "" {
ko.BaseImage = chainguardStatic
if len(ko.Platforms) == 0 {
ko.Platforms = []string{"linux/amd64"}
if len(ko.Tags) == 0 {
ko.Tags = []string{"latest"}
switch ko.SBOM {
case "cyclonedx", "go.version-m":
deprecate.Notice(ctx, "kos.sbom")
ko.SBOM = "none"
case "":
ko.SBOM = "spdx"
if repo := ctx.Env["KO_DOCKER_REPO"]; repo != "" {
ko.Repository = repo
if ko.Repository == "" {
return errNoRepository
return ids.Validate()
func (p Pipe) Run(ctx *context.Context) error {
if ctx.Snapshot {
// publish actually handles pushing to the local docker daemon when
// snapshot is true.
return p.Publish(ctx)
return nil
// Publish executes the Pipe.
func (Pipe) Publish(ctx *context.Context) error {
g := semerrgroup.New(ctx.Parallelism)
for _, ko := range ctx.Config.Kos {
g.Go(doBuild(ctx, ko))
return g.Wait()
type buildOptions struct {
importPath string
main string
flags []string
env []string
imageRepo string
workingDir string
platforms []string
baseImage string
labels map[string]string
annotations map[string]string
user string
tags []string
creationTime *v1.Time
koDataCreationTime *v1.Time
sbom string
ldflags []string
bare bool
preserveImportPaths bool
baseImportPaths bool
func (o *buildOptions) makeBuilder(ctx *context.Context) (*build.Caching, error) {
buildOptions := []build.Option{
o.importPath: {
Ldflags: o.ldflags,
Flags: o.flags,
Main: o.main,
Env: o.env,
build.WithBaseImages(func(_ stdctx.Context, _ string) (name.Reference, build.Result, error) {
ref, err := name.ParseReference(o.baseImage)
if err != nil {
return nil, nil, err
if cached, found := baseImages.Load(o.baseImage); found {
return ref, cached.(build.Result), nil
desc, err := remote.Get(
if err != nil {
return nil, nil, err
if desc.MediaType.IsImage() {
img, err := desc.Image()
baseImages.Store(o.baseImage, img)
return ref, img, err
if desc.MediaType.IsIndex() {
idx, err := desc.ImageIndex()
baseImages.Store(o.baseImage, idx)
return ref, idx, err
return nil, nil, fmt.Errorf("unexpected base image media type: %s", desc.MediaType)
if o.creationTime != nil {
buildOptions = append(buildOptions, build.WithCreationTime(*o.creationTime))
if o.koDataCreationTime != nil {
buildOptions = append(buildOptions, build.WithKoDataCreationTime(*o.koDataCreationTime))
for k, v := range o.labels {
buildOptions = append(buildOptions, build.WithLabel(k, v))
for k, v := range o.annotations {
buildOptions = append(buildOptions, build.WithAnnotation(k, v))
if o.user != "" {
buildOptions = append(buildOptions, build.WithUser(o.user))
switch o.sbom {
case "spdx":
buildOptions = append(buildOptions, build.WithSPDX("devel"))
case "none":
buildOptions = append(buildOptions, build.WithDisabledSBOM())
return nil, fmt.Errorf("unknown sbom type: %q", o.sbom)
b, err := build.NewGo(ctx, o.workingDir, buildOptions...)
if err != nil {
return nil, fmt.Errorf("newGo: %w", err)
return build.NewCaching(b)
func doBuild(ctx *context.Context, ko config.Ko) func() error {
return func() error {
opts, err := buildBuildOptions(ctx, ko)
if err != nil {
return err
b, err := opts.makeBuilder(ctx)
if err != nil {
return fmt.Errorf("makeBuilder: %w", err)
r, err := b.Build(ctx, opts.importPath)
if err != nil {
return fmt.Errorf("build: %w", err)
po := &options.PublishOptions{
DockerRepo: opts.imageRepo,
Bare: opts.bare,
PreserveImportPaths: opts.preserveImportPaths,
BaseImportPaths: opts.baseImportPaths,
Tags: opts.tags,
Local: ctx.Snapshot,
LocalDomain: "goreleaser.ko.local",
var p publish.Interface
if ctx.Snapshot {
p, err = publish.NewDaemon(
} else {
p, err = publish.NewDefault(
if err != nil {
return fmt.Errorf("newPublisher: %w", err)
defer func() { _ = p.Close() }()
ref, err := p.Publish(ctx, r, opts.importPath)
if err != nil {
return fmt.Errorf("publish: %w", err)
if err := p.Close(); err != nil {
return fmt.Errorf("close: %w", err)
art := &artifact.Artifact{
Type: artifact.DockerManifest,
Name: ref.Name(),
Path: ref.Name(),
Extra: map[string]interface{}{},
if ko.ID != "" {
art.Extra[artifact.ExtraID] = ko.ID
if digest := ref.Context().Digest(ref.Identifier()).DigestStr(); digest != "" {
art.Extra[artifact.ExtraDigest] = digest
return nil
func findBuild(ctx *context.Context, ko config.Ko) (config.Build, error) {
for _, build := range ctx.Config.Builds {
if build.ID == ko.Build {
return build, nil
return config.Build{}, fmt.Errorf("no builds with id %q", ko.Build)
func buildBuildOptions(ctx *context.Context, cfg config.Ko) (*buildOptions, error) {
localImportPath := cfg.Main
dir := filepath.Clean(cfg.WorkingDir)
if dir == "." {
dir = ""
pkgs, err := packages.Load(&packages.Config{
Mode: packages.NeedName,
Dir: dir,
}, localImportPath)
if err != nil {
return nil, fmt.Errorf(
"ko: %s does not contain a valid local import path (%s) for directory (%s): %w",
cfg.ID, localImportPath, cfg.WorkingDir, err,
if len(pkgs) != 1 {
return nil, fmt.Errorf(
"ko: %s results in %d local packages, only 1 is expected",
cfg.ID, len(pkgs),
opts := &buildOptions{
importPath: pkgs[0].PkgPath,
workingDir: cfg.WorkingDir,
bare: cfg.Bare,
preserveImportPaths: cfg.PreserveImportPaths,
baseImportPaths: cfg.BaseImportPaths,
baseImage: cfg.BaseImage,
platforms: cfg.Platforms,
sbom: cfg.SBOM,
imageRepo: cfg.Repository,
user: cfg.User,
tags, err := applyTemplate(ctx, cfg.Tags)
if err != nil {
return nil, err
opts.tags = removeEmpty(tags)
if cfg.CreationTime != "" {
creationTime, err := getTimeFromTemplate(ctx, cfg.CreationTime)
if err != nil {
return nil, err
opts.creationTime = creationTime
if cfg.KoDataCreationTime != "" {
koDataCreationTime, err := getTimeFromTemplate(ctx, cfg.KoDataCreationTime)
if err != nil {
return nil, err
opts.koDataCreationTime = koDataCreationTime
if len(cfg.Labels) > 0 {
labels, err := applyTemplateToMapValues(ctx, cfg.Labels)
if err != nil {
return nil, err
opts.labels = labels
if len(cfg.Annotations) > 0 {
annotations, err := applyTemplateToMapValues(ctx, cfg.Annotations)
if err != nil {
return nil, err
opts.annotations = annotations
if len(cfg.Env) > 0 {
env, err := applyTemplate(ctx, cfg.Env)
if err != nil {
return nil, err
opts.env = env
if len(cfg.Flags) > 0 {
flags, err := applyTemplate(ctx, cfg.Flags)
if err != nil {
return nil, err
opts.flags = flags
if len(cfg.Ldflags) > 0 {
ldflags, err := applyTemplate(ctx, cfg.Ldflags)
if err != nil {
return nil, err
opts.ldflags = ldflags
return opts, nil
func removeEmpty(strs []string) []string {
var res []string
for _, s := range strs {
if strings.TrimSpace(s) == "" {
res = append(res, s)
return res
func applyTemplate(ctx *context.Context, templateable []string) ([]string, error) {
templated := make([]string, 0, len(templateable))
for _, t := range templateable {
tlf, err := tmpl.New(ctx).Apply(t)
if err != nil {
return nil, err
templated = append(templated, tlf)
return templated, nil
func applyTemplateToMapValues(ctx *context.Context, templateable map[string]string) (map[string]string, error) {
templated := make(map[string]string, len(templateable))
for k, v := range templateable {
tv, err := tmpl.New(ctx).Apply(v)
if err != nil {
return nil, err
templated[k] = tv
return templated, nil
func getTimeFromTemplate(ctx *context.Context, t string) (*v1.Time, error) {
epoch, err := tmpl.New(ctx).Apply(t)
if err != nil {
return nil, err
seconds, err := strconv.ParseInt(epoch, 10, 64)
if err != nil {
return nil, err
return &v1.Time{Time: time.Unix(seconds, 0)}, nil
func validateMainPath(path string) error {
// if the path is empty, it's probably fine as ko will use the default value
if path == "" {
return nil
if matched, _ := regexp.MatchString(`^\.?(\.\/[^\/]?.*)?$`, path); !matched {
return errInvalidMainPath
// paths sure can have dots in them, but if the path ends in .go, it's propably a file that one misundertood as a valid value
if strings.HasSuffix(path, ".go") {
return errInvalidMainGoPath
return nil