fix(syft): correctly set DOCKER_CONFIG env variable (#4158)

* fix(syft): correctly set DOCKER_CONFIG env variable

cmd/kanikoExecute_test.go

@@ -358,7 +358,7 @@ func TestRunKanikoExecute(t *testing.T) {
 		assert.Equal(t, "https://index.docker.io", commonPipelineEnvironment.container.registryURL)
 
 		assert.Equal(t, "/tmp/syfttest/syft", execRunner.Calls[2].Exec)
-		assert.Equal(t, []string{"packages", "index.docker.io/myImage:tag", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"}, execRunner.Calls[2].Params)
+		assert.Equal(t, []string{"packages", "registry:index.docker.io/myImage:tag", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"}, execRunner.Calls[2].Params)
 	})
 
 	t.Run("success case - multi image build with root image", func(t *testing.T) {
@@ -507,9 +507,9 @@ func TestRunKanikoExecute(t *testing.T) {
 			{"--dockerfile", "Dockerfile", "--context", cwd, "--destination", "my.registry.com:50000/myImage:myTag"},
 			{"--dockerfile", filepath.Join("sub1", "Dockerfile"), "--context", cwd, "--destination", "my.registry.com:50000/myImage-sub1:myTag"},
 			{"--dockerfile", filepath.Join("sub2", "Dockerfile"), "--context", cwd, "--destination", "my.registry.com:50000/myImage-sub2:myTag"},
-			{"packages", "my.registry.com:50000/myImage:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"},
-			{"packages", "my.registry.com:50000/myImage-sub1:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-1.xml", "-q"},
-			{"packages", "my.registry.com:50000/myImage-sub2:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-2.xml", "-q"},
+			{"packages", "registry:my.registry.com:50000/myImage:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"},
+			{"packages", "registry:my.registry.com:50000/myImage-sub1:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-1.xml", "-q"},
+			{"packages", "registry:my.registry.com:50000/myImage-sub2:myTag", "-o", "cyclonedx-xml", "--file", "bom-docker-2.xml", "-q"},
 		}
 		// need to go this way since we cannot count on the correct order
 		for _, call := range execRunner.Calls {

integration/integration_cnb_test.go

@@ -134,7 +134,7 @@ func TestCNBIntegrationZipPath(t *testing.T) {
 		fmt.Sprintf("Saving %s/not-found:0.0.1", registryURL),
 		"*** Images (sha256:",
 		"SUCCESS",
-		"syft packages localhost:5000/not-found:0.0.1 -o cyclonedx-xml --file bom-docker-0.xml -q",
+		"syft packages registry:localhost:5000/not-found:0.0.1 -o cyclonedx-xml --file bom-docker-0.xml -q",
 	)
 	container.assertHasFiles(t, "/project/bom-docker-0.xml")
 }
@@ -276,9 +276,9 @@ func TestCNBIntegrationMultiImage(t *testing.T) {
 		"Saving localhost:5000/go-app:v1.0.0...",
 		"Using cached buildpack",
 		"Saving localhost:5000/my-app2:latest...",
-		"syft packages localhost:5000/io-buildpacks-my-app:latest -o cyclonedx-xml --file bom-docker-0.xml -q",
-		"syft packages localhost:5000/go-app:v1.0.0 -o cyclonedx-xml --file bom-docker-1.xml -q",
-		"syft packages localhost:5000/my-app2:latest -o cyclonedx-xml --file bom-docker-2.xml -q",
+		"syft packages registry:localhost:5000/io-buildpacks-my-app:latest -o cyclonedx-xml --file bom-docker-0.xml -q",
+		"syft packages registry:localhost:5000/go-app:v1.0.0 -o cyclonedx-xml --file bom-docker-1.xml -q",
+		"syft packages registry:localhost:5000/my-app2:latest -o cyclonedx-xml --file bom-docker-2.xml -q",
 	)
 
 	container.assertHasFiles(t, "/project/bom-docker-0.xml")

pkg/syft/syft.go

@@ -24,7 +24,7 @@ func GenerateSBOM(syftDownloadURL, dockerConfigDir string, execRunner command.Ex
 		return errors.New("syft: no images provided")
 	}
 
-	execRunner.AppendEnv([]string{"DOCKER_CONFIG", dockerConfigDir})
+	execRunner.AppendEnv([]string{fmt.Sprintf("DOCKER_CONFIG=%s", dockerConfigDir)})
 
 	tmpDir, err := fileUtils.TempDir("", "syft")
 	if err != nil {
@@ -42,7 +42,7 @@ func GenerateSBOM(syftDownloadURL, dockerConfigDir string, execRunner command.Ex
 			return errors.New("syft: image name must not be empty")
 		}
 		// TrimPrefix needed as syft needs containerRegistry name only
-		err = execRunner.RunExecutable(syftFile, "packages", fmt.Sprintf("%s/%s", strings.TrimPrefix(registryURL, "https://"), image), "-o", "cyclonedx-xml", "--file", fmt.Sprintf("bom-docker-%v.xml", index), "-q")
+		err = execRunner.RunExecutable(syftFile, "packages", fmt.Sprintf("registry:%s/%s", strings.TrimPrefix(registryURL, "https://"), image), "-o", "cyclonedx-xml", "--file", fmt.Sprintf("bom-docker-%v.xml", index), "-q")
 		if err != nil {
 			return fmt.Errorf("failed to generate SBOM: %w", err)
 		}

pkg/syft/syft_test.go

@@ -41,17 +41,17 @@ func TestGenerateSBOM(t *testing.T) {
 		assert.Len(t, execMock.Calls, 2)
 		firstCall := execMock.Calls[0]
 		assert.Equal(t, firstCall.Exec, "/tmp/syfttest/syft")
-		assert.Equal(t, firstCall.Params, []string{"packages", "my-registry/image:latest", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"})
+		assert.Equal(t, firstCall.Params, []string{"packages", "registry:my-registry/image:latest", "-o", "cyclonedx-xml", "--file", "bom-docker-0.xml", "-q"})
 
 		secondCall := execMock.Calls[1]
 		assert.Equal(t, secondCall.Exec, "/tmp/syfttest/syft")
-		assert.Equal(t, secondCall.Params, []string{"packages", "my-registry/image:1.2.3", "-o", "cyclonedx-xml", "--file", "bom-docker-1.xml", "-q"})
+		assert.Equal(t, secondCall.Params, []string{"packages", "registry:my-registry/image:1.2.3", "-o", "cyclonedx-xml", "--file", "bom-docker-1.xml", "-q"})
 	})
 
 	t.Run("error case: syft execution failed", func(t *testing.T) {
 		execMock = mock.ExecMockRunner{}
 		execMock.ShouldFailOnCommand = map[string]error{
-			"/tmp/syfttest/syft packages my-registry/image:latest -o cyclonedx-xml --file bom-docker-0.xml -q": errors.New("failed"),
+			"/tmp/syfttest/syft packages registry:my-registry/image:latest -o cyclonedx-xml --file bom-docker-0.xml -q": errors.New("failed"),
 		}
 
 		err := syft.GenerateSBOM("http://test-syft-gh-release.com/syft.tar.gz", "", &execMock, &fileMock, client, "https://my-registry", []string{"image:latest"})