Skip to content

feat: creating kaniko build artifact metadata #5435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

feat: creating kaniko build artifact metadata #5435

wants to merge 19 commits into from

Conversation

@anilkeshav27
Copy link
Member

Description

Checklist

  • Tests
  • Documentation
  • Inner source library needs updating

@anilkeshav27 anilkeshav27 requested a review from a team as a code owner August 1, 2025 21:25
manjunathSurendrakumar
manjunathSurendrakumar reviewed Aug 11, 2025
View reviewed changes
@manjunathSurendrakumar
Copy link
Member

@anilkeshav27 Please add tests to the new functions introduced

manjunathSurendrakumar
manjunathSurendrakumar reviewed Aug 11, 2025
View reviewed changes
cmd/kanikoExecute.go

// syft sbom do not contain purl for the parent component
// this is problem since the way we tie back promoted artifact to build
// is only via the sbom parent componen , untill the time https://github.com/anchore/syft/issues/1408
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be tracked by DMS or sentinel to make the change when the issue is fixed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

currently there is no plan from the syft team itself for the fix so its hard to commit, but whenever the sbom topic is handelled centrally will hand over

manjunathSurendrakumar
manjunathSurendrakumar reviewed Aug 11, 2025
View reviewed changes
@manjunathSurendrakumar
Copy link
Member

@anilkeshav27 When I tried to build multiple images I get wrong buildPath for example:

Project structure:
multi-docker/sub-dir1/Dockerfile
multi-docker/sub-dir2/Dockerfile
Dockerfile

For all the Dockerfiles the BuildPath is root directory as value ".", the path to the build descriptor is essential isn't it?

@anilkeshav27
Copy link
Member Author

anilkeshav27 commented Aug 13, 2025
edited
Loading

@anilkeshav27 When I tried to build multiple images I get wrong buildPath for example:

Project structure: multi-docker/sub-dir1/Dockerfile multi-docker/sub-dir2/Dockerfile Dockerfile

For all the Dockerfiles the BuildPath is root directory as value ".", the path to the build descriptor is essential isn't it?

currently the buildPath is not needed for downstream application, but i can take it up as a follow up task to fix after this PR

@anilkeshav27
Copy link
Member Author

@anilkeshav27 Please add tests to the new functions introduced

have included the unit test

@manjunathSurendrakumar
Copy link
Member

@anilkeshav27 When I tried to build multiple images I get wrong buildPath for example:
Project structure: multi-docker/sub-dir1/Dockerfile multi-docker/sub-dir2/Dockerfile Dockerfile
For all the Dockerfiles the BuildPath is root directory as value ".", the path to the build descriptor is essential isn't it?

currently the buildPath is not needed for downstream application, but i can take it up as a follow up task to fix after this PR

My understanding for signature scan is, SBOM and its corresponding build descriptor path are required. Could you please confirm again this is not the case?

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@manjunathSurendrakumar
Copy link
Member

/it-go

manjunathSurendrakumar
manjunathSurendrakumar approved these changes Sep 4, 2025
View reviewed changes
Copy link
Member

@manjunathSurendrakumar manjunathSurendrakumar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions
Copy link
Contributor

github-actions bot commented Nov 4, 2025

Thank you for your contribution! This pull request is stale because it has been open 60 days with no activity. In order to keep it open, please remove stale label or add a comment within the next 10 days. If you need a Piper team member to remove the stale label make sure to add @SAP/jenkins-library-team to your comment.

@github-actions github-actions bot added the stale marks stale issues and pull requests label Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manjunathSurendrakumar manjunathSurendrakumar manjunathSurendrakumar approved these changes

Assignees

No one assigned

Labels

stale marks stale issues and pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anilkeshav27 @manjunathSurendrakumar