Merge pull request #49 from franc-liuzzi/feature/docker-build-provenance-flag-support

mnapoli · web-flow · commit b2d0a9b47b41 · 2025-04-05T21:21:04.000+02:00
feat: add support for provenance option in docker build
diff --git a/docs/guides/functions.md b/docs/guides/functions.md
@@ -300,6 +300,7 @@ Additionally, you can define arguments that will be passed to the `docker build`
 - `buildArgs`: With the `buildArgs` property, you can define arguments that will be passed to `docker build` command with `--build-arg` flag. They might be later referenced via `ARG` within your `Dockerfile`. (See [Documentation](https://docs.docker.com/engine/reference/builder/#arg))
 - `cacheFrom`: The `cacheFrom` property can be used to specify which images to use as a source for layer caching in the `docker build` command with `--cache-from` flag. (See [Documentation](https://docs.docker.com/engine/reference/builder/#usage))
 - `platform`: The `platform` property can be used to specify the architecture target in the `docker build` command with the `--platform` flag. If not specified, Docker will build for your computer's architecture by default. AWS Lambda typically uses `x86` architecture unless otherwise specified in the Lambda's runtime settings. In order to avoid runtime errors when building on an ARM-based machine (e.g. Apple M1 Mac), `linux/amd64` must be used here. The options for this flag are `linux/amd64` (`x86`-based Lambdas), `linux/arm64` (`arm`-based Lambdas), or `windows/amd64`. (See [Documentation](https://docs.docker.com/engine/reference/builder/#from))
+- `provenance` Use the `provenance` property to disable multi-architecture manifest generated from BuildKit or `docker buildx`, allows the architecture specified in `platform` to be recognized by AWS Lambda during deployment.
 
 When `uri` is defined for an image, `buildArgs`, `cacheFrom`, and `platform` cannot be defined.
 
@@ -320,6 +321,7 @@ provider:
         cacheFrom:
           - my-image:latest
         platform: linux/amd64
+        provenance: false
       anotherimage:
         uri: 000000000000.dkr.ecr.sa-east-1.amazonaws.com/test-lambda-docker@sha256:6bb600b4d6e1d7cf521097177dd0c4e9ea373edb91984a505333be8ac9455d38
 ```
diff --git a/lib/plugins/aws/provider.js b/lib/plugins/aws/provider.js
@@ -1135,6 +1135,7 @@ class AwsProvider {
                             buildArgs: { type: 'object', additionalProperties: { type: 'string' } },
                             cacheFrom: { type: 'array', items: { type: 'string' } },
                             platform: { type: 'string' },
+                            provenance: { type: 'string' },
                           },
                           additionalProperties: false,
                         },
@@ -2215,6 +2216,7 @@ Object.defineProperties(
         buildArgs,
         cacheFrom,
         platform,
+        provenance,
         scanOnPush,
       }) {
         const imageProgress = progress.get(`containerImage:${imageName}`);
@@ -2261,8 +2263,10 @@ Object.defineProperties(
           imagePath,
         ];
 
-        // This is an optional argument, so we only append to the arguments if "platform" is specified.
+        // These are optional arguments, so we only append to the arguments
+        // if "platform" or "provenance" is specified.
         if (platform !== '') buildDockerArgs.push(`--platform=${platform}`);
+        if (provenance !== '') buildDockerArgs.push(`--provenance=${provenance}`);
 
         let imageSha;
         try {
@@ -2397,6 +2401,7 @@ Object.defineProperties(
         const defaultCacheFrom = [];
         const defaultScanOnPush = false;
         const defaultPlatform = '';
+        const defaultProvenance = '';
 
         if (imageUri) {
           return await this.resolveImageUriAndShaFromUri(imageUri);
@@ -2451,6 +2456,12 @@ Object.defineProperties(
               'ECR_IMAGE_BOTH_URI_AND_PLATFORM_DEFINED_ERROR'
             );
           }
+          if (imageDefinedInProvider.uri && imageDefinedInProvider.provenance) {
+            throw new ServerlessError(
+              `The "provenance" property cannot be used with "uri" property "${imageName}"`,
+              'ECR_IMAGE_BOTH_URI_AND_PROVENANCE_DEFINED_ERROR'
+            );
+          }
           if (imageDefinedInProvider.path) {
             return await this.resolveImageUriAndShaFromPath({
               imageName,
@@ -2459,6 +2470,7 @@ Object.defineProperties(
               buildArgs: imageDefinedInProvider.buildArgs || defaultBuildArgs,
               cacheFrom: imageDefinedInProvider.cacheFrom || defaultCacheFrom,
               platform: imageDefinedInProvider.platform || defaultPlatform,
+              provenance: imageDefinedInProvider.provenance || defaultProvenance,
               scanOnPush: imageScanDefinedInProvider,
             });
           }
@@ -2474,6 +2486,7 @@ Object.defineProperties(
           buildArgs: imageDefinedInProvider.buildArgs || defaultBuildArgs,
           cacheFrom: imageDefinedInProvider.cacheFrom || defaultCacheFrom,
           platform: imageDefinedInProvider.platform || defaultPlatform,
+          provenance: imageDefinedInProvider.provenance || defaultProvenance,
           scanOnPush: imageScanDefinedInProvider,
         });
       },
