From bfaaf8c894b489b91ceb0699a9539563244cedf0 Mon Sep 17 00:00:00 2001 From: arewm Date: Fri, 26 Jul 2024 11:16:49 -0400 Subject: [PATCH] Ensure that Chains sees all image manifests referenced Due to a bug in Chains, it does not currently see all images produced within a matrix. In order to work around this, we can expose all images that we include in our Image Index so that Chains can generate the provenance for all of them. Signed-off-by: arewm --- task/build-image-manifest/0.1/build-image-manifest.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/task/build-image-manifest/0.1/build-image-manifest.yaml b/task/build-image-manifest/0.1/build-image-manifest.yaml index e0d1a08cd7..20895b3c5a 100644 --- a/task/build-image-manifest/0.1/build-image-manifest.yaml +++ b/task/build-image-manifest/0.1/build-image-manifest.yaml @@ -39,6 +39,8 @@ spec: name: IMAGE_DIGEST - description: Image repository where the built image was pushed name: IMAGE_URL + - description: List of all referenced image manifests + name: IMAGES stepTemplate: env: - name: BUILDAH_FORMAT @@ -72,6 +74,7 @@ spec: sed -i 's/^\s*short-name-mode\s*=\s*.*/short-name-mode = "disabled"/' /etc/containers/registries.conf + image_manifests="" buildah manifest create "$IMAGE" for i in $@ do @@ -82,6 +85,7 @@ spec: TOADD="$(echo $i | cut -d: -f1)@sha256:$(echo $i | cut -d: -f3)" fi echo "Adding $TOADD" + image_manifests="${image_manifests} ${TOADD}," buildah manifest add $IMAGE "docker://$TOADD" --all done @@ -103,7 +107,8 @@ spec: fi cat image-digest | tee $(results.IMAGE_DIGEST.path) - echo -n "$IMAGE" | tee $(results.IMAGE_URL.path) + echo -n "$IMAGE" | tee "$(results.IMAGE_URL.path)" + echo -n "${image_manifests:1:-1}" > "$(results.IMAGES.path)" securityContext: capabilities: add: