From f111de2bd3e6fc8c69094b3304d4e3ddf5ccea5f Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 7 Mar 2025 22:48:48 +0000 Subject: [PATCH 1/3] chore: enable SBOM and containerd support in Docker builds Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbom Updated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestations Configured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd --- .github/workflows/release.yaml | 1 + dogfood/contents/files/etc/docker/daemon.json | 5 ++++- scripts/build_docker.sh | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a963a7da6b19a..b381e2c4447e2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -361,6 +361,7 @@ jobs: file: scripts/Dockerfile.base platforms: linux/amd64,linux/arm64,linux/arm/v7 provenance: true + sbom: true pull: true no-cache: true push: true diff --git a/dogfood/contents/files/etc/docker/daemon.json b/dogfood/contents/files/etc/docker/daemon.json index c2cbc52c3cc45..775b800114ce7 100644 --- a/dogfood/contents/files/etc/docker/daemon.json +++ b/dogfood/contents/files/etc/docker/daemon.json @@ -1,3 +1,6 @@ { - "registry-mirrors": ["https://mirror.gcr.io"] + "registry-mirrors": ["https://mirror.gcr.io"], + "features": { + "containerd-snapshotter': true + } } diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh index 1bee954e9713c..ad8fb5b8f141e 100755 --- a/scripts/build_docker.sh +++ b/scripts/build_docker.sh @@ -136,10 +136,12 @@ fi log "--- Building Docker image for $arch ($image_tag)" -docker build \ +docker buildx build \ --platform "$arch" \ --build-arg "BASE_IMAGE=$base_image" \ --build-arg "CODER_VERSION=$version" \ + --provenence true \ + --sbom true \ --no-cache \ --tag "$image_tag" \ -f Dockerfile \ From 378fdf83f647210a042a750ae49a0d43ecd809ed Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 7 Mar 2025 22:49:18 +0000 Subject: [PATCH 2/3] chore: enable SBOM and containerd support in Docker builds Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbom Updated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestations Configured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd --- .github/workflows/ci.yaml | 2 +- dogfood/contents/files/etc/docker/daemon.json | 2 +- scripts/build_docker.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e663cc2303986..4f010b5be75cc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -999,7 +999,7 @@ jobs: AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt - name: Upload build artifacts - if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }} + if: ${{ github.repository_owner == 'coder' }} uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: dylibs diff --git a/dogfood/contents/files/etc/docker/daemon.json b/dogfood/contents/files/etc/docker/daemon.json index 775b800114ce7..33b0126288fda 100644 --- a/dogfood/contents/files/etc/docker/daemon.json +++ b/dogfood/contents/files/etc/docker/daemon.json @@ -1,6 +1,6 @@ { "registry-mirrors": ["https://mirror.gcr.io"], "features": { - "containerd-snapshotter': true + "containerd-snapshotter": true } } diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh index ad8fb5b8f141e..bf3e3bb8116bb 100755 --- a/scripts/build_docker.sh +++ b/scripts/build_docker.sh @@ -140,7 +140,7 @@ docker buildx build \ --platform "$arch" \ --build-arg "BASE_IMAGE=$base_image" \ --build-arg "CODER_VERSION=$version" \ - --provenence true \ + --provenance true \ --sbom true \ --no-cache \ --tag "$image_tag" \ From 1dcf0dab2881e2c2775d31959c902f68484c90c4 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 7 Mar 2025 23:26:17 +0000 Subject: [PATCH 3/3] chore: enable SBOM and containerd support in Docker builds Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbom Updated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestations Configured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4f010b5be75cc..e663cc2303986 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -999,7 +999,7 @@ jobs: AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt - name: Upload build artifacts - if: ${{ github.repository_owner == 'coder' }} + if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }} uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: dylibs pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy