src/context.ts

import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import * as tmp from 'tmp';
import * as buildx from './buildx';
import * as core from '@actions/core';
import * as github from '@actions/github';
import {parse} from 'csv-parse/sync';
import * as handlebars from 'handlebars';

let _defaultContext, _tmpDir: string;

export interface Inputs {
  addHosts: string[];
  allow: string[];
  attests: string[];
  buildArgs: string[];
  buildContexts: string[];
  builder: string;
  cacheFrom: string[];
  cacheTo: string[];
  cgroupParent: string;
  context: string;
  file: string;
  labels: string[];
  load: boolean;
  network: string;
  noCache: boolean;
  noCacheFilters: string[];
  outputs: string[];
  platforms: string[];
  provenance: string;
  pull: boolean;
  push: boolean;
  sbom: string;
  secrets: string[];
  secretFiles: string[];
  shmSize: string;
  ssh: string[];
  tags: string[];
  target: string;
  ulimit: string[];
  githubToken: string;
}

export function defaultContext(): string {
  if (!_defaultContext) {
    let ref = github.context.ref;
    if (github.context.sha && ref && !ref.startsWith('refs/')) {
      ref = `refs/heads/${github.context.ref}`;
    }
    if (github.context.sha && !ref.startsWith(`refs/pull/`)) {
      ref = github.context.sha;
    }
    _defaultContext = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}.git#${ref}`;
  }
  return _defaultContext;
}

export function tmpDir(): string {
  if (!_tmpDir) {
    _tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);
  }
  return _tmpDir;
}

export function tmpNameSync(options?: tmp.TmpNameOptions): string {
  return tmp.tmpNameSync(options);
}

export async function getInputs(defaultContext: string): Promise<Inputs> {
  return {
    addHosts: await getInputList('add-hosts'),
    allow: await getInputList('allow'),
    attests: await getInputList('attests', true),
    buildArgs: await getInputList('build-args', true),
    buildContexts: await getInputList('build-contexts', true),
    builder: core.getInput('builder'),
    cacheFrom: await getInputList('cache-from', true),
    cacheTo: await getInputList('cache-to', true),
    cgroupParent: core.getInput('cgroup-parent'),
    context: core.getInput('context') || defaultContext,
    file: core.getInput('file'),
    labels: await getInputList('labels', true),
    load: core.getBooleanInput('load'),
    network: core.getInput('network'),
    noCache: core.getBooleanInput('no-cache'),
    noCacheFilters: await getInputList('no-cache-filters'),
    outputs: await getInputList('outputs', true),
    platforms: await getInputList('platforms'),
    provenance: core.getInput('provenance'),
    pull: core.getBooleanInput('pull'),
    push: core.getBooleanInput('push'),
    sbom: core.getInput('sbom'),
    secrets: await getInputList('secrets', true),
    secretFiles: await getInputList('secret-files', true),
    shmSize: core.getInput('shm-size'),
    ssh: await getInputList('ssh'),
    tags: await getInputList('tags'),
    target: core.getInput('target'),
    ulimit: await getInputList('ulimit', true),
    githubToken: core.getInput('github-token')
  };
}

export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {
  const context = handlebars.compile(inputs.context)({defaultContext});
  // prettier-ignore
  return [
    ...await getBuildArgs(inputs, defaultContext, context, buildxVersion, standalone),
    ...await getCommonArgs(inputs, buildxVersion),
    context
  ];
}

async function getBuildArgs(inputs: Inputs, defaultContext: string, context: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {
  const args: Array<string> = ['build'];
  await asyncForEach(inputs.addHosts, async addHost => {
    args.push('--add-host', addHost);
  });
  if (inputs.allow.length > 0) {
    args.push('--allow', inputs.allow.join(','));
  }
  if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
    await asyncForEach(inputs.attests, async attest => {
      args.push('--attest', attest);
    });
  }
  await asyncForEach(inputs.buildArgs, async buildArg => {
    args.push('--build-arg', buildArg);
  });
  if (buildx.satisfies(buildxVersion, '>=0.8.0')) {
    await asyncForEach(inputs.buildContexts, async buildContext => {
      args.push('--build-context', buildContext);
    });
  }
  await asyncForEach(inputs.cacheFrom, async cacheFrom => {
    args.push('--cache-from', cacheFrom);
  });
  await asyncForEach(inputs.cacheTo, async cacheTo => {
    args.push('--cache-to', cacheTo);
  });
  if (inputs.cgroupParent) {
    args.push('--cgroup-parent', inputs.cgroupParent);
  }
  if (inputs.file) {
    args.push('--file', inputs.file);
  }
  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
    args.push('--iidfile', await buildx.getImageIDFile());
  }
  await asyncForEach(inputs.labels, async label => {
    args.push('--label', label);
  });
  await asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
    args.push('--no-cache-filter', noCacheFilter);
  });
  await asyncForEach(inputs.outputs, async output => {
    args.push('--output', output);
  });
  if (inputs.platforms.length > 0) {
    args.push('--platform', inputs.platforms.join(','));
  }
  if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
    const prvBuilderID = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
    if (inputs.provenance) {
      args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));
    } else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {
      if (fromPayload('repository.private') !== false) {
        // if this is a private repository, we set the default provenance
        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
        // along the builder-id attribute.
        args.push('--provenance', `mode=min,inline-only=true,builder-id=${prvBuilderID}`);
      } else {
        // for a public repository, we set max provenance mode and the
        // builder-id attribute.
        args.push('--provenance', `mode=max,builder-id=${prvBuilderID}`);
      }
    }
    if (inputs.sbom) {
      args.push('--sbom', inputs.sbom);
    }
  }
  await asyncForEach(inputs.secrets, async secret => {
    try {
      args.push('--secret', await buildx.getSecretString(secret));
    } catch (err) {
      core.warning(err.message);
    }
  });
  await asyncForEach(inputs.secretFiles, async secretFile => {
    try {
      args.push('--secret', await buildx.getSecretFile(secretFile));
    } catch (err) {
      core.warning(err.message);
    }
  });
  if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && context.startsWith(defaultContext)) {
    args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
  }
  if (inputs.shmSize) {
    args.push('--shm-size', inputs.shmSize);
  }
  await asyncForEach(inputs.ssh, async ssh => {
    args.push('--ssh', ssh);
  });
  await asyncForEach(inputs.tags, async tag => {
    args.push('--tag', tag);
  });
  if (inputs.target) {
    args.push('--target', inputs.target);
  }
  await asyncForEach(inputs.ulimit, async ulimit => {
    args.push('--ulimit', ulimit);
  });
  return args;
}

async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
  const args: Array<string> = [];
  if (inputs.builder) {
    args.push('--builder', inputs.builder);
  }
  if (inputs.load) {
    args.push('--load');
  }
  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
    args.push('--metadata-file', await buildx.getMetadataFile());
  }
  if (inputs.network) {
    args.push('--network', inputs.network);
  }
  if (inputs.noCache) {
    args.push('--no-cache');
  }
  if (inputs.pull) {
    args.push('--pull');
  }
  if (inputs.push) {
    args.push('--push');
  }
  return args;
}

export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
  const res: Array<string> = [];

  const items = core.getInput(name);
  if (items == '') {
    return res;
  }

  const records = await parse(items, {
    columns: false,
    relaxQuotes: true,
    relaxColumnCount: true,
    skipEmptyLines: true
  });

  for (const record of records as Array<string[]>) {
    if (record.length == 1) {
      res.push(record[0]);
      continue;
    } else if (!ignoreComma) {
      res.push(...record);
      continue;
    }
    res.push(record.join(','));
  }

  return res.filter(item => item).map(pat => pat.trim());
}

export const asyncForEach = async (array, callback) => {
  for (let index = 0; index < array.length; index++) {
    await callback(array[index], index, array);
  }
};

// eslint-disable-next-line @typescript-eslint/no-explicit-any
function fromPayload(path: string): any {
  return select(github.context.payload, path);
}

// eslint-disable-next-line @typescript-eslint/no-explicit-any
function select(obj: any, path: string): any {
  if (!obj) {
    return undefined;
  }
  const i = path.indexOf('.');
  if (i < 0) {
    return obj[path];
  }
  const key = path.slice(0, i);
  return select(obj[key], path.slice(i + 1));
}

function getProvenanceAttrs(input: string, builderID: string): string {
  const fields = parse(input, {
    relaxColumnCount: true,
    skipEmptyLines: true
  })[0];
  // check if builder-id attribute exists in the input
  for (const field of fields) {
    const parts = field
      .toString()
      .split(/(?<=^[^=]+?)=/)
      .map(item => item.trim());
    if (parts[0] == 'builder-id') {
      return input;
    }
  }
  // if not add builder-id attribute
  return `${input},builder-id=${builderID}`;
}
Add digest output 2020-08-17 22:18:15 +02:00			`import * as fs from 'fs';`
			`import * as os from 'os';`
			`import * as path from 'path';`
Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:06 +02:00			`import * as tmp from 'tmp';`
Remove workaround for setOutput 2022-10-12 06:56:31 +02:00			`import * as buildx from './buildx';`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`import * as core from '@actions/core';`
Add secrets input 2020-09-02 10:07:11 +02:00			`import * as github from '@actions/github';`
Remove workaround for setOutput 2022-10-12 06:56:31 +02:00			`import {parse} from 'csv-parse/sync';`
Add subdirectory for Git context 2021-12-28 00:49:32 +01:00			`import * as handlebars from 'handlebars';`
Add --ssh arg support 2020-09-11 11:23:49 +12:00
Fix tmpDir and defaultContext func 2020-10-21 02:46:41 +02:00			`let _defaultContext, _tmpDir: string;`

Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`export interface Inputs {`
Fix add-hosts context 2022-01-31 11:47:45 +01:00			`addHosts: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`allow: string[];`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`attests: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`buildArgs: string[];`
`build-contexts` input 2022-03-14 20:09:10 +01:00			`buildContexts: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`builder: string;`
			`cacheFrom: string[];`
			`cacheTo: string[];`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`cgroupParent: string;`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`context: string;`
			`file: string;`
			`labels: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`load: boolean;`
Add network input 2021-04-06 14:49:15 +02:00			`network: string;`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`noCache: boolean;`
`no-cache-filters` input 2022-07-18 17:24:11 +02:00			`noCacheFilters: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`outputs: string[];`
Treat platforms and allow as a list 2020-08-17 02:32:27 +02:00			`platforms: string[];`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`provenance: string;`
Sort inputs 2021-04-06 13:54:58 +02:00			`pull: boolean;`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`push: boolean;`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`sbom: string;`
Add secrets input 2020-09-02 10:07:11 +02:00			`secrets: string[];`
Allow to use secret file mount 2021-02-15 10:08:19 +01:00			`secretFiles: string[];`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`shmSize: string;`
Add --ssh arg support 2020-09-11 11:23:49 +12:00			`ssh: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`tags: string[];`
			`target: string;`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`ulimit: string[];`
Sort inputs 2021-04-06 13:54:58 +02:00			`githubToken: string;`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`}`

Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:06 +02:00			`export function defaultContext(): string {`
Fix tmpDir and defaultContext func 2020-10-21 02:46:41 +02:00			`if (!_defaultContext) {`
Fix ref spec for default Git context 2021-04-26 11:02:09 +02:00			`let ref = github.context.ref;`
			`if (github.context.sha && ref && !ref.startsWith('refs/')) {`
			ref = `refs/heads/${github.context.ref}`;
			`}`
			if (github.context.sha && !ref.startsWith(`refs/pull/`)) {
			`ref = github.context.sha;`
			`}`
Handle git sha version of buildx 2021-07-01 15:29:36 +02:00			_defaultContext = `${process.env.GITHUB_SERVER_URL \|\| 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}.git#${ref}`;
Fix tmpDir and defaultContext func 2020-10-21 02:46:41 +02:00			`}`
			`return _defaultContext;`
Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:06 +02:00			`}`

			`export function tmpDir(): string {`
Fix tmpDir and defaultContext func 2020-10-21 02:46:41 +02:00			`if (!_tmpDir) {`
			`_tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);`
			`}`
			`return _tmpDir;`
Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:06 +02:00			`}`

			`export function tmpNameSync(options?: tmp.TmpNameOptions): string {`
			`return tmp.tmpNameSync(options);`
			`}`

			`export async function getInputs(defaultContext: string): Promise<Inputs> {`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`return {`
Fix add-hosts context 2022-01-31 11:47:45 +01:00			`addHosts: await getInputList('add-hosts'),`
Sort inputs 2021-04-06 13:54:58 +02:00			`allow: await getInputList('allow'),`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`attests: await getInputList('attests', true),`
Sort inputs 2021-04-06 13:54:58 +02:00			`buildArgs: await getInputList('build-args', true),`
`build-contexts` input 2022-03-14 20:09:10 +01:00			`buildContexts: await getInputList('build-contexts', true),`
Sort inputs 2021-04-06 13:54:58 +02:00			`builder: core.getInput('builder'),`
			`cacheFrom: await getInputList('cache-from', true),`
			`cacheTo: await getInputList('cache-to', true),`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`cgroupParent: core.getInput('cgroup-parent'),`
Expose Git secret token if default context used 2020-09-22 20:49:18 +02:00			`context: core.getInput('context') \|\| defaultContext,`
use default docker command line values for file when it is missing 2020-12-18 10:05:47 -05:00			`file: core.getInput('file'),`
Labels and build args should not be handled as CSV type 2020-10-20 19:04:54 +02:00			`labels: await getInputList('labels', true),`
Use `core.getBooleanInput` 2021-06-22 17:25:52 +02:00			`load: core.getBooleanInput('load'),`
Add network input 2021-04-06 14:49:15 +02:00			`network: core.getInput('network'),`
Use `core.getBooleanInput` 2021-06-22 17:25:52 +02:00			`noCache: core.getBooleanInput('no-cache'),`
`no-cache-filters` input 2022-07-18 17:24:11 +02:00			`noCacheFilters: await getInputList('no-cache-filters'),`
Sort inputs 2021-04-06 13:54:58 +02:00			`outputs: await getInputList('outputs', true),`
Treat platforms and allow as a list 2020-08-17 02:32:27 +02:00			`platforms: await getInputList('platforms'),`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`provenance: core.getInput('provenance'),`
Use `core.getBooleanInput` 2021-06-22 17:25:52 +02:00			`pull: core.getBooleanInput('pull'),`
			`push: core.getBooleanInput('push'),`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`sbom: core.getInput('sbom'),`
Expose Git secret token if default context used 2020-09-22 20:49:18 +02:00			`secrets: await getInputList('secrets', true),`
Allow to use secret file mount 2021-02-15 10:08:19 +01:00			`secretFiles: await getInputList('secret-files', true),`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`shmSize: core.getInput('shm-size'),`
Sort inputs 2021-04-06 13:54:58 +02:00			`ssh: await getInputList('ssh'),`
			`tags: await getInputList('tags'),`
			`target: core.getInput('target'),`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`ulimit: await getInputList('ulimit', true),`
Sort inputs 2021-04-06 13:54:58 +02:00			`githubToken: core.getInput('github-token')`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`};`
			`}`

check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {`
Fix GitHub token not passed with Git context if subdir defined 2022-08-03 14:38:56 +02:00			`const context = handlebars.compile(inputs.context)({defaultContext});`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`// prettier-ignore`
			`return [`
check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`...await getBuildArgs(inputs, defaultContext, context, buildxVersion, standalone),`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`...await getCommonArgs(inputs, buildxVersion),`
Fix GitHub token not passed with Git context if subdir defined 2022-08-03 14:38:56 +02:00			`context`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`];`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`}`

check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`async function getBuildArgs(inputs: Inputs, defaultContext: string, context: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`const args: Array<string> = ['build'];`
Fix add-hosts context 2022-01-31 11:47:45 +01:00			`await asyncForEach(inputs.addHosts, async addHost => {`
			`args.push('--add-host', addHost);`
			`});`
sort flags 2021-11-16 05:19:44 +01:00			`if (inputs.allow.length > 0) {`
			`args.push('--allow', inputs.allow.join(','));`
			`}`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`if (buildx.satisfies(buildxVersion, '>=0.10.0')) {`
			`await asyncForEach(inputs.attests, async attest => {`
			`args.push('--attest', attest);`
			`});`
			`}`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`await asyncForEach(inputs.buildArgs, async buildArg => {`
			`args.push('--build-arg', buildArg);`
			`});`
`build-contexts` input 2022-03-14 20:09:10 +01:00			`if (buildx.satisfies(buildxVersion, '>=0.8.0')) {`
			`await asyncForEach(inputs.buildContexts, async buildContext => {`
			`args.push('--build-context', buildContext);`
			`});`
			`}`
sort flags 2021-11-16 05:19:44 +01:00			`await asyncForEach(inputs.cacheFrom, async cacheFrom => {`
			`args.push('--cache-from', cacheFrom);`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`});`
sort flags 2021-11-16 05:19:44 +01:00			`await asyncForEach(inputs.cacheTo, async cacheTo => {`
			`args.push('--cache-to', cacheTo);`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`});`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`if (inputs.cgroupParent) {`
			`args.push('--cgroup-parent', inputs.cgroupParent);`
			`}`
sort flags 2021-11-16 05:19:44 +01:00			`if (inputs.file) {`
			`args.push('--file', inputs.file);`
Check Buildx version 2020-08-23 03:31:38 +02:00			`}`
Handle git sha version of buildx 2021-07-01 15:29:36 +02:00			`if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 \|\| buildx.satisfies(buildxVersion, '>=0.4.2'))) {`
Do not set --iidfile flag if local and tar exporters are used 2020-10-19 21:17:06 +02:00			`args.push('--iidfile', await buildx.getImageIDFile());`
			`}`
sort flags 2021-11-16 05:19:44 +01:00			`await asyncForEach(inputs.labels, async label => {`
			`args.push('--label', label);`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`});`
`no-cache-filters` input 2022-07-18 17:24:11 +02:00			`await asyncForEach(inputs.noCacheFilters, async noCacheFilter => {`
			`args.push('--no-cache-filter', noCacheFilter);`
			`});`
sort flags 2021-11-16 05:19:44 +01:00			`await asyncForEach(inputs.outputs, async output => {`
			`args.push('--output', output);`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`});`
sort flags 2021-11-16 05:19:44 +01:00			`if (inputs.platforms.length > 0) {`
			`args.push('--platform', inputs.platforms.join(','));`
			`}`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`if (buildx.satisfies(buildxVersion, '>=0.10.0')) {`
always set builder-id attribute for provenance 2023-01-11 13:20:47 +01:00			const prvBuilderID = `${process.env.GITHUB_SERVER_URL \|\| 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`if (inputs.provenance) {`
always set builder-id attribute for provenance 2023-01-11 13:20:47 +01:00			`args.push('--provenance', getProvenanceAttrs(inputs.provenance, prvBuilderID));`
check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`} else if (await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) {`
			`if (fromPayload('repository.private') !== false) {`
always set builder-id attribute for provenance 2023-01-11 13:20:47 +01:00			`// if this is a private repository, we set the default provenance`
			`// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603`
			`// along the builder-id attribute.`
			args.push('--provenance', `mode=min,inline-only=true,builder-id=${prvBuilderID}`);
check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`} else {`
always set builder-id attribute for provenance 2023-01-11 13:20:47 +01:00			`// for a public repository, we set max provenance mode and the`
			`// builder-id attribute.`
			args.push('--provenance', `mode=max,builder-id=${prvBuilderID}`);
check BuildKit compatibility before setting default provenance opts 2023-01-11 12:10:34 +01:00			`}`
add `attests`, `provenance` and `sbom` inputs 2023-01-11 12:12:09 +01:00			`}`
			`if (inputs.sbom) {`
			`args.push('--sbom', inputs.sbom);`
			`}`
			`}`
Add secrets input 2020-09-02 10:07:11 +02:00			`await asyncForEach(inputs.secrets, async secret => {`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`try {`
Allow to use secret file mount 2021-02-15 10:08:19 +01:00			`args.push('--secret', await buildx.getSecretString(secret));`
			`} catch (err) {`
			`core.warning(err.message);`
			`}`
			`});`
			`await asyncForEach(inputs.secretFiles, async secretFile => {`
			`try {`
			`args.push('--secret', await buildx.getSecretFile(secretFile));`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`} catch (err) {`
			`core.warning(err.message);`
			`}`
Add secrets input 2020-09-02 10:07:11 +02:00			`});`
Fix GitHub token not passed with Git context if subdir defined 2022-08-03 14:38:56 +02:00			`if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && context.startsWith(defaultContext)) {`
Allow to use secret file mount 2021-02-15 10:08:19 +01:00			args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
Expose Git secret token if default context used 2020-09-22 20:49:18 +02:00			`}`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`if (inputs.shmSize) {`
			`args.push('--shm-size', inputs.shmSize);`
			`}`
Add --ssh arg support 2020-09-11 11:23:49 +12:00			`await asyncForEach(inputs.ssh, async ssh => {`
			`args.push('--ssh', ssh);`
			`});`
sort flags 2021-11-16 05:19:44 +01:00			`await asyncForEach(inputs.tags, async tag => {`
			`args.push('--tag', tag);`
			`});`
			`if (inputs.target) {`
			`args.push('--target', inputs.target);`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`}`
add `cgroup-parent`, `shm-size`, `ulimit` inputs 2021-11-16 07:19:27 +01:00			`await asyncForEach(inputs.ulimit, async ulimit => {`
			`args.push('--ulimit', ulimit);`
			`});`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`return args;`
			`}`

sort flags 2021-11-16 05:19:44 +01:00			`async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`const args: Array<string> = [];`
Use --builder 2020-09-03 11:49:39 +02:00			`if (inputs.builder) {`
			`args.push('--builder', inputs.builder);`
			`}`
Add digest output 2020-08-17 22:18:15 +02:00			`if (inputs.load) {`
			`args.push('--load');`
			`}`
sort flags 2021-11-16 05:19:44 +01:00			`if (buildx.satisfies(buildxVersion, '>=0.6.0')) {`
			`args.push('--metadata-file', await buildx.getMetadataFile());`
			`}`
Add network input 2021-04-06 14:49:15 +02:00			`if (inputs.network) {`
			`args.push('--network', inputs.network);`
			`}`
sort flags 2021-11-16 05:19:44 +01:00			`if (inputs.noCache) {`
			`args.push('--no-cache');`
			`}`
			`if (inputs.pull) {`
			`args.push('--pull');`
			`}`
Add digest output 2020-08-17 22:18:15 +02:00			`if (inputs.push) {`
			`args.push('--push');`
			`}`
			`return args;`
			`}`

Ignore comma sep for CSV inputs type 2020-08-29 17:15:26 +02:00			`export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {`
chore: update dev dependencies and workflow 2022-03-15 21:59:52 +01:00			`const res: Array<string> = [];`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`const items = core.getInput(name);`
			`if (items == '') {`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`return res;`
			`}`

Fix csv-parse implementation since major update 2022-04-25 06:47:48 +02:00			`const records = await parse(items, {`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`columns: false,`
Fix csv-parse implementation since major update 2022-04-25 06:47:48 +02:00			`relaxQuotes: true,`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`relaxColumnCount: true,`
Fix csv-parse implementation since major update 2022-04-25 06:47:48 +02:00			`skipEmptyLines: true`
			`});`

			`for (const record of records as Array<string[]>) {`
			`if (record.length == 1) {`
			`res.push(record[0]);`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`continue;`
			`} else if (!ignoreComma) {`
Fix csv-parse implementation since major update 2022-04-25 06:47:48 +02:00			`res.push(...record);`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`continue;`
			`}`
Fix csv-parse implementation since major update 2022-04-25 06:47:48 +02:00			`res.push(record.join(','));`
Handle multi-line secret value 2020-11-17 21:38:45 +01:00			`}`

Trim input list items 2020-12-05 03:40:39 +01:00			`return res.filter(item => item).map(pat => pat.trim());`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`}`

Treat platforms and allow as a list 2020-08-17 02:32:27 +02:00			`export const asyncForEach = async (array, callback) => {`
Handle build bake through bake, bake-files and bake-targets 2020-08-16 17:18:08 +02:00			`for (let index = 0; index < array.length; index++) {`
			`await callback(array[index], index, array);`
			`}`
			`};`
provenance: set mode max and builder-id for public repos by default 2022-12-20 06:17:29 +01:00
			`// eslint-disable-next-line @typescript-eslint/no-explicit-any`
			`function fromPayload(path: string): any {`
			`return select(github.context.payload, path);`
			`}`

			`// eslint-disable-next-line @typescript-eslint/no-explicit-any`
			`function select(obj: any, path: string): any {`
			`if (!obj) {`
			`return undefined;`
			`}`
			`const i = path.indexOf('.');`
			`if (i < 0) {`
			`return obj[path];`
			`}`
			`const key = path.slice(0, i);`
			`return select(obj[key], path.slice(i + 1));`
			`}`
always set builder-id attribute for provenance 2023-01-11 13:20:47 +01:00
			`function getProvenanceAttrs(input: string, builderID: string): string {`
			`const fields = parse(input, {`
			`relaxColumnCount: true,`
			`skipEmptyLines: true`
			`})[0];`
			`// check if builder-id attribute exists in the input`
			`for (const field of fields) {`
			`const parts = field`
			`.toString()`
			`.split(/(?<=^[^=]+?)=/)`
			`.map(item => item.trim());`
			`if (parts[0] == 'builder-id') {`
			`return input;`
			`}`
			`}`
			`// if not add builder-id attribute`
			return `${input},builder-id=${builderID}`;
			`}`