Improve generation of base images SBOMs #1659
Conversation
mkosiarc
force-pushed
the
improve-image-parsin
branch
2 times, most recently
from
cef8f6c to
780dca1
Compare
|
has to be merged only after konflux-ci/build-tasks-dockerfiles#191 |
There was a problem hiding this comment.
<image-reference-used-in-dockerfile>|<full-image-reference-with-digest>
The character that creates the mapping "|" was chosen arbitrarily, just
because it cannot be a valid part of image reference.
It would be a bit more natural to just separate them by whitespace, but this is OK too
I guess I don't mind using space instead of "|". I just used it for more visibility and because of an (possibly irrational) fear that additional empty space might find its way to the file, causing problems with the parsing. |
Python handles additional spaces without issues In [1]: " image1\t \t image2 \n".split()
Out[1]: ['image1', 'image2'](and so does Bash, in fact) $ read -r image1 image2 <<< $' image1\t \t image2 \n'
$ echo "$image1; $image2;"
image1; image2; |
|
Yeah, like I said, it was more irrational :D I can make the switch to using space. |
mkosiarc
force-pushed
the
improve-image-parsin
branch
from
780dca1 to
754d0fd
Compare
mkosiarc
force-pushed
the
improve-image-parsin
branch
from
754d0fd to
61b44ce
Compare
mkosiarc
force-pushed
the
improve-image-parsin
branch
2 times, most recently
from
af81c03 to
3aa895f
Compare
most functional changes are in the related PR that updates the base_images_sbom_script.py konflux-ci/build-tasks-dockerfiles#191 Here, we are just updating on how we generate the inputs for this script. We are now passing the whole parsed Dockerfile in json format to that script, which allows us to better parse/detect base images. Also, the format of the /shared/base_images_digests file was changed. Previously we could rely on the order of the image references with the digests in the file. Now we need to provide a mapping from an image reference as it was used in the Dockerfile to the full image reference with digests that was used during build and generated by buildah. The mapping is done as: <image-reference-used-in-dockerfile> <full-image-reference-with-digest> Also, the sbom utility image has to be updated together in the same PR/commit, otherwise it would break konflux temporarily KFLUXBUGS-1718 Signed-off-by: mkosiarc <[email protected]>
mkosiarc
force-pushed
the
improve-image-parsin
branch
from
3aa895f to
eee3c4f
Compare
|
/retest |
most functional changes are in the related PR that updates the
base_images_sbom_script.py
konflux-ci/build-tasks-dockerfiles#191
Here, we are just updating on how we generate the inputs for this
script.
We are now passing the whole parsed Dockerfile in json format to that
script, which allows us to better parse/detect base images.
Also, the format of the /shared/base_images_digests file was changed.
Previously we could rely on the order of the image references with the
digests in the file. Now we need to provide a mapping from an image
reference as it was used in the Dockerfile to the full image reference
with digests that was used during build and generated by buildah.
The mapping is done as:
Also, the sbom utility image has to be updated together in the same
PR/commit, otherwise it would break konflux temporarily
KFLUXBUGS-1718