fix: docker build attestations break cdk-assets (400 Bad Request) (ba…

…ckport #342) (#347) # Backport This will backport the following commits from `main` to `v2-main`: - [fix: docker build attestations break cdk-assets (400 Bad Request) (#342)](#342)  ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) --------- Co-authored-by: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com>
cdklabs · Feb 11, 2025 · 884e8a0 · 884e8a0
1 parent 0e697bd
commit 884e8a0
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 13 deletions.
diff --git a/lib/private/docker.ts b/lib/private/docker.ts
@@ -123,6 +123,9 @@ export class Docker {
     await this.execute(buildCommand, {
       cwd: options.directory,
       quiet: options.quiet,
+      env: {
+        BUILDX_NO_DEFAULT_ATTESTATIONS: '1', // Docker Build adds provenance attestations by default that confuse cdk-assets
+      },
     });
   }
 

diff --git a/test/private/docker.test.ts b/test/private/docker.test.ts
@@ -6,23 +6,25 @@ type ShellExecuteMock = jest.SpyInstance<
   Parameters<Docker['execute']>
 >;
 
-describe('Docker', () => {
-  describe('exists', () => {
-    let docker: Docker;
+let docker: Docker;
 
-    const makeShellExecuteMock = (fn: (params: string[]) => void): ShellExecuteMock =>
-      jest
-        .spyOn<{ execute: Docker['execute'] }, 'execute'>(Docker.prototype as any, 'execute')
-        .mockImplementation(async (params: string[], _options?: ShellOptions) => fn(params));
+const makeShellExecuteMock = (fn: (params: string[]) => void): ShellExecuteMock =>
+  jest
+    .spyOn<{ execute: Docker['execute'] }, 'execute'>(Docker.prototype as any, 'execute')
+    .mockImplementation(
+      async (params: string[], _options?: Omit<ShellOptions, 'shellEventPublisher'>) => fn(params)
+    );
 
-    afterEach(() => {
-      jest.restoreAllMocks();
-    });
+afterEach(() => {
+  jest.restoreAllMocks();
+});
 
-    beforeEach(() => {
-      docker = new Docker();
-    });
+beforeEach(() => {
+  docker = new Docker(() => {}, 'ignore');
+});
 
+describe('Docker', () => {
+  describe('exists', () => {
     test('returns true when image inspect command does not throw', async () => {
       const spy = makeShellExecuteMock(() => undefined);
 
@@ -92,4 +94,25 @@ describe('Docker', () => {
       expect(imageExists).toBe(false);
     });
   });
+
+  describe('build', () => {
+    test('includes BUILDX_NO_DEFAULT_ATTESTATIONS env variable in commands', async () => {
+      const spy = makeShellExecuteMock(() => undefined);
+
+      await docker.build({
+        directory: 'foo',
+        tag: 'bar',
+      });
+
+      // Verify the options passed to build
+      expect(spy).toHaveBeenCalledWith(
+        expect.any(Array),
+        expect.objectContaining({
+          env: expect.objectContaining({
+            BUILDX_NO_DEFAULT_ATTESTATIONS: '1',
+          }),
+        })
+      );
+    });
+  });
 });