Skip to content

Commit

Permalink
Ignore tag when matching trusted builders
Browse files Browse the repository at this point in the history
Signed-off-by: Johannes Dillmann <[email protected]>
  • Loading branch information
modulo11 committed Sep 25, 2024
1 parent 4ffdb5e commit eebc93a
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 17 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
package builder

import (
"strings"

"github.com/buildpacks/pack/internal/config"
)

type KnownBuilder struct {
Vendor string
Image string
Expand Down Expand Up @@ -67,11 +73,22 @@ var KnownBuilders = []KnownBuilder{
},
}

var IsKnownTrustedBuilder = func(b string) bool {
func IsKnownTrustedBuilder(builderName string) bool {
for _, knownBuilder := range KnownBuilders {
if b == knownBuilder.Image && knownBuilder.Trusted {
if builderName == knownBuilder.Image && knownBuilder.Trusted {
return true
}
}
return false
}

func IsTrustedBuilder(cfg config.Config, builderName string) bool {
nameAndTag := strings.Split(builderName, ":")
for _, trustedBuilder := range cfg.TrustedBuilders {
if nameAndTag[0] == trustedBuilder.Name {
return true
}
}

return false
}
55 changes: 55 additions & 0 deletions internal/builder/trusted_builder_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
package builder_test

import (
"testing"

"github.com/heroku/color"
"github.com/sclevine/spec"
"github.com/sclevine/spec/report"

bldr "github.com/buildpacks/pack/internal/builder"
"github.com/buildpacks/pack/internal/config"

h "github.com/buildpacks/pack/testhelpers"
)

func TestTrustedBuilder(t *testing.T) {
color.Disable(true)
defer color.Disable(false)
spec.Run(t, "Trusted Builder", trustedBuilder, spec.Parallel(), spec.Report(report.Terminal{}))
}

func trustedBuilder(t *testing.T, when spec.G, it spec.S) {
when("IsKnownTrustedBuilder", func() {
it("matches exactly", func() {
h.AssertTrue(t, bldr.IsKnownTrustedBuilder("paketobuildpacks/builder-jammy-base"))
h.AssertFalse(t, bldr.IsKnownTrustedBuilder("paketobuildpacks/builder-jammy-base:latest"))
h.AssertFalse(t, bldr.IsKnownTrustedBuilder("paketobuildpacks/builder-jammy-base:1.2.3"))
h.AssertFalse(t, bldr.IsKnownTrustedBuilder("my/private/builder"))
})
})

when("IsTrustedBuilder", func() {
it("matches partially", func() {
cfg := config.Config{
TrustedBuilders: []config.TrustedBuilder{
{
Name: "my/trusted/builder-jammy",
},
},
}
builders := []string{
"my/trusted/builder-jammy",
"my/trusted/builder-jammy:latest",
"my/trusted/builder-jammy:1.2.3",
}

for _, builder := range builders {
h.AssertTrue(t, bldr.IsTrustedBuilder(cfg, builder))
}
h.AssertFalse(t, bldr.IsTrustedBuilder(cfg, "my/private/builder"))
h.AssertFalse(t, bldr.IsTrustedBuilder(cfg, "my/trusted/builder-jammy-base"))
h.AssertFalse(t, bldr.IsTrustedBuilder(cfg, ""))
})
})
}
4 changes: 3 additions & 1 deletion internal/commands/build.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ import (
"github.com/pkg/errors"
"github.com/spf13/cobra"

bldr "github.com/buildpacks/pack/internal/builder"

"github.com/buildpacks/pack/internal/config"
"github.com/buildpacks/pack/internal/style"
"github.com/buildpacks/pack/pkg/client"
Expand Down Expand Up @@ -111,7 +113,7 @@ func Build(logger logging.Logger, cfg config.Config, packClient PackClient) *cob
return err
}

trustBuilder := isTrustedBuilder(cfg, builder) || flags.TrustBuilder
trustBuilder := bldr.IsTrustedBuilder(cfg, builder) || bldr.IsKnownTrustedBuilder(builder) || flags.TrustBuilder
if trustBuilder {
logger.Debugf("Builder %s is trusted", style.Symbol(builder))
if flags.LifecycleImage != "" {
Expand Down
4 changes: 3 additions & 1 deletion internal/commands/builder_inspect.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (
"github.com/buildpacks/pack/internal/config"
"github.com/buildpacks/pack/pkg/client"
"github.com/buildpacks/pack/pkg/logging"

bldr "github.com/buildpacks/pack/internal/builder"
)

type BuilderInspector interface {
Expand Down Expand Up @@ -64,7 +66,7 @@ func inspectBuilder(
builderInfo := writer.SharedBuilderInfo{
Name: imageName,
IsDefault: imageName == cfg.DefaultBuilder,
Trusted: isTrustedBuilder(cfg, imageName),
Trusted: bldr.IsTrustedBuilder(cfg, imageName),
}

localInfo, localErr := inspector.InspectBuilder(imageName, true, client.WithDetectionOrderDepth(flags.Depth))
Expand Down
12 changes: 0 additions & 12 deletions internal/commands/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ import (
"os/signal"
"syscall"

"github.com/buildpacks/pack/internal/builder"

"github.com/google/go-containerregistry/pkg/v1/types"
"github.com/pkg/errors"
"github.com/spf13/cobra"
Expand Down Expand Up @@ -107,16 +105,6 @@ func getMirrors(config config.Config) map[string][]string {
return mirrors
}

func isTrustedBuilder(cfg config.Config, builderName string) bool {
for _, trustedBuilder := range cfg.TrustedBuilders {
if builderName == trustedBuilder.Name {
return true
}
}

return builder.IsKnownTrustedBuilder(builderName)
}

func deprecationWarning(logger logging.Logger, oldCmd, replacementCmd string) {
logger.Warnf("Command %s has been deprecated, please use %s instead", style.Symbol("pack "+oldCmd), style.Symbol("pack "+replacementCmd))
}
Expand Down
2 changes: 1 addition & 1 deletion internal/commands/config_trusted_builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func addTrustedBuilder(args []string, logger logging.Logger, cfg config.Config,
imageName := args[0]
builderToTrust := config.TrustedBuilder{Name: imageName}

if isTrustedBuilder(cfg, imageName) {
if bldr.IsTrustedBuilder(cfg, imageName) || bldr.IsKnownTrustedBuilder(imageName) {
logger.Infof("Builder %s is already trusted", style.Symbol(imageName))
return nil
}
Expand Down

0 comments on commit eebc93a

Please sign in to comment.