Make the notary version detectable

docker · Aug 6, 2024 · dbdbf02 · dbdbf02
1 parent d1a94cf
commit dbdbf02
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 31 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1 @@
 .jq-template.awk
-.template-helper-functions.jq
diff --git a/Dockerfile-builder.template b/Dockerfile-builder.template
@@ -1,4 +1,3 @@
-{{ include ".template-helper-functions" -}}
 FROM golang:1.19-alpine{{ .alpine }}
 
 RUN apk add --no-cache git make
@@ -11,28 +10,18 @@ ENV GOFLAGS -mod=vendor
 WORKDIR /go/src/$NOTARYPKG
 RUN set -eux; \
 	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# In case the version in file doens't match the tag (like in 0.7.0)
+	echo "${TAG//v/}" > NOTARY_VERSION; \
 # https://github.com/notaryproject/notary/pull/1635
 	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
 	git -c user.name=foo -c [email protected] cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
 # https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
 	go get github.com/dvsekhvalnov/[email protected]; \
 	go mod vendor; \
 # TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+# Make the version detectable by scanners
+	sed -i -r -E 's|(version.NotaryVersion=\$\(NOTARY_VERSION\))|\1 -X $(NOTARY_PKG)/version.Version=$(NOTARY_VERSION)|' Makefile; \
 	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
 	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
 	/notary-server --version; \
-	/notary-signer --version; \
-	\
-	echo {{
-		{
-			name: "notary",
-			version: .version,
-			params: {
-				os_name: "alpine",
-				os_version: .alpine
-			},
-			licenses: [
-				"Apache-2.0"
-			]
-		} | sbom | tostring | @sh
-	}} > /notary.spdx.json;
+	/notary-signer --version;
diff --git a/Dockerfile.template b/Dockerfile.template
@@ -12,7 +12,7 @@ ENV INSTALLDIR /notary/{{ env.variant }}
 ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-COPY --from=notary:{{ .version }}-builder /notary-{{ env.variant }} /notary.spdx.json ./
+COPY --from=notary:{{ .version }}-builder /notary-{{ env.variant }} ./
 RUN ./notary-{{ env.variant }} --version
 
 COPY ./{{ env.variant }}-config.json .

diff --git a/apply-templates.sh b/apply-templates.sh
@@ -13,14 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
 	wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
 fi
 
-jqf='.template-helper-functions.jq'
-if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
-	jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq"
-elif [ "$BASH_SOURCE" -nt "$jqf" ]; then
-	wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq'
-fi
-
-
 generated_warning() {
 	cat <<-EOH
 		#

diff --git a/notary-builder/Dockerfile b/notary-builder/Dockerfile
@@ -16,16 +16,18 @@ ENV GOFLAGS -mod=vendor
 WORKDIR /go/src/$NOTARYPKG
 RUN set -eux; \
 	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# In case the version in file doens't match the tag (like in 0.7.0)
+	echo "${TAG//v/}" > NOTARY_VERSION; \
 # https://github.com/notaryproject/notary/pull/1635
 	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
 	git -c user.name=foo -c [email protected] cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
 # https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
 	go get github.com/dvsekhvalnov/[email protected]; \
 	go mod vendor; \
 # TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+# Make the version detectable by scanners
+	sed -i -r -E 's|(version.NotaryVersion=\$\(NOTARY_VERSION\))|\1 -X $(NOTARY_PKG)/version.Version=$(NOTARY_VERSION)|' Makefile; \
 	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
 	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
 	/notary-server --version; \
-	/notary-signer --version; \
-	\
-	echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"notary-sbom","packages":[{"name":"notary","versionInfo":"0.7.0","SPDXID":"SPDXRef-Package--notary","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/[email protected]?os_name=alpine&os_version=3.16"}],"licenseDeclared":"Apache-2.0"}]}' > /notary.spdx.json;
+	/notary-signer --version;
diff --git a/notary-server/Dockerfile b/notary-server/Dockerfile
@@ -13,7 +13,7 @@ ENV INSTALLDIR /notary/server
 ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-COPY --from=notary:0.7.0-builder /notary-server /notary.spdx.json ./
+COPY --from=notary:0.7.0-builder /notary-server ./
 RUN ./notary-server --version
 
 COPY ./server-config.json .

diff --git a/notary-signer/Dockerfile b/notary-signer/Dockerfile
@@ -14,7 +14,7 @@ ENV INSTALLDIR /notary/signer
 ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-COPY --from=notary:0.7.0-builder /notary-signer /notary.spdx.json ./
+COPY --from=notary:0.7.0-builder /notary-signer ./
 RUN ./notary-signer --version
 
 COPY ./signer-config.json .