From 7e212942a9dd2a463dd694454af1f278117953e1 Mon Sep 17 00:00:00 2001
From: Justin Chadwell <me@jedevc.com>
Date: Mon, 5 Dec 2022 16:21:02 +0000
Subject: [PATCH] bake: add sbom and provenance shorthands

Signed-off-by: Justin Chadwell <me@jedevc.com>
---
 commands/bake.go              | 9 +++++++++
 commands/build.go             | 5 +++--
 docs/reference/buildx_bake.md | 2 ++
 util/buildflags/attests.go    | 8 ++++++++
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/commands/bake.go b/commands/bake.go
index 0629df5be131..a55f760a1eb1 100644
--- a/commands/bake.go
+++ b/commands/bake.go
@@ -9,6 +9,7 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/docker/buildx/bake"
 	"github.com/docker/buildx/build"
+	"github.com/docker/buildx/util/buildflags"
 	"github.com/docker/buildx/util/confutil"
 	"github.com/docker/buildx/util/progress"
 	"github.com/docker/buildx/util/tracing"
@@ -71,6 +72,12 @@ func runBake(dockerCli command.Cli, targets []string, in bakeOptions) (err error
 	if in.pull != nil {
 		overrides = append(overrides, fmt.Sprintf("*.pull=%t", *in.pull))
 	}
+	if in.sbom != "" {
+		overrides = append(overrides, fmt.Sprintf("*.attest=%s", buildflags.CanonicalizeAttest("sbom", in.sbom)))
+	}
+	if in.provenance != "" {
+		overrides = append(overrides, fmt.Sprintf("*.attest=%s", buildflags.CanonicalizeAttest("provenance", in.provenance)))
+	}
 	contextPathHash, _ := os.Getwd()
 
 	ctx2, cancel := context.WithCancel(context.TODO())
@@ -190,6 +197,8 @@ func bakeCmd(dockerCli command.Cli, rootOpts *rootOptions) *cobra.Command {
 	flags.BoolVar(&options.exportLoad, "load", false, `Shorthand for "--set=*.output=type=docker"`)
 	flags.BoolVar(&options.printOnly, "print", false, "Print the options without building")
 	flags.BoolVar(&options.exportPush, "push", false, `Shorthand for "--set=*.output=type=registry"`)
+	flags.StringVar(&options.sbom, "sbom", "", `Shorthand for "--set=*.attest=type=sbom"`)
+	flags.StringVar(&options.provenance, "provenance", "", `Shorthand for "--set=*.attest=type=provenance"`)
 	flags.StringArrayVar(&options.overrides, "set", nil, `Override target value (e.g., "targetpattern.key=value")`)
 
 	commonBuildFlags(&options.commonOptions, flags)
diff --git a/commands/build.go b/commands/build.go
index 496853c3efb9..a0c20abc72d1 100644
--- a/commands/build.go
+++ b/commands/build.go
@@ -65,9 +65,7 @@ type buildOptions struct {
 	noCacheFilter []string
 	outputs       []string
 	platforms     []string
-	provenance    string
 	quiet         bool
-	sbom          string
 	secrets       []string
 	shmSize       dockeropts.MemBytes
 	ssh           []string
@@ -86,6 +84,9 @@ type commonOptions struct {
 
 	exportPush bool
 	exportLoad bool
+
+	sbom       string
+	provenance string
 }
 
 func runBuild(dockerCli command.Cli, in buildOptions) (err error) {
diff --git a/docs/reference/buildx_bake.md b/docs/reference/buildx_bake.md
index 73d1799b77b2..d74a8ca04e39 100644
--- a/docs/reference/buildx_bake.md
+++ b/docs/reference/buildx_bake.md
@@ -22,8 +22,10 @@ Build from a file
 | [`--no-cache`](#no-cache) |  |  | Do not use cache when building the image |
 | [`--print`](#print) |  |  | Print the options without building |
 | [`--progress`](#progress) | `string` | `auto` | Set type of progress output (`auto`, `plain`, `tty`). Use plain to show container output |
+| `--provenance` | `string` |  | Shorthand for `--set=*.attest=type=provenance` |
 | [`--pull`](#pull) |  |  | Always attempt to pull all referenced images |
 | `--push` |  |  | Shorthand for `--set=*.output=type=registry` |
+| `--sbom` | `string` |  | Shorthand for `--set=*.attest=type=sbom` |
 | [`--set`](#set) | `stringArray` |  | Override target value (e.g., `targetpattern.key=value`) |
 
 
diff --git a/util/buildflags/attests.go b/util/buildflags/attests.go
index 0ce21c6f8eb0..8eb7ee15d5a9 100644
--- a/util/buildflags/attests.go
+++ b/util/buildflags/attests.go
@@ -2,12 +2,20 @@ package buildflags
 
 import (
 	"encoding/csv"
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/pkg/errors"
 )
 
+func CanonicalizeAttest(attestType string, in string) string {
+	if b, err := strconv.ParseBool(in); err == nil && b {
+		return fmt.Sprintf("type=%s", attestType)
+	}
+	return fmt.Sprintf("type=%s,%s", attestType, in)
+}
+
 func ParseAttests(in []string) (map[string]string, error) {
 	out := map[string]string{}
 	for _, in := range in {