|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +# Copyright 2023 The Kubernetes Authors. |
| 4 | +# |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | +# you may not use this file except in compliance with the License. |
| 7 | +# You may obtain a copy of the License at |
| 8 | +# |
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +# |
| 11 | +# Unless required by applicable law or agreed to in writing, software |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | +# See the License for the specific language governing permissions and |
| 15 | +# limitations under the License. |
| 16 | + |
| 17 | +# There is no reliable way to check if a buildx installation supports |
| 18 | +# --provenance other than trying to execute it. You cannot even rely |
| 19 | +# on the version, because buildx's own installation docs will result |
| 20 | +# in installations of buildx that do not correctly report their version |
| 21 | +# via `docker buildx version`. |
| 22 | +# |
| 23 | +# Additionally, if the local buildkit worker is the Docker daemon, |
| 24 | +# attestation should not be supported and must be disabled. |
| 25 | +# |
| 26 | +# Thus, this script echos back the flag `--provenance=false` if and only |
| 27 | +# if the local buildx installation supports it. If not, it exits silently. |
| 28 | + |
| 29 | +BUILDX_TEST=`docker buildx build --provenance=false 2>&1` |
| 30 | +if [[ "${BUILDX_TEST}" == *"See 'docker buildx build --help'."* ]]; then |
| 31 | + if [[ "${BUILDX_TEST}" == *"requires exactly 1 argument"* ]] && ! docker buildx inspect | grep -qE "^Driver:\s*docker$"; then |
| 32 | + echo "--provenance=false" |
| 33 | + fi |
| 34 | +else |
| 35 | + echo "Local buildx installation broken?" >&2 |
| 36 | + exit 1 |
| 37 | +fi |
0 commit comments