diff --git a/control/control.go b/control/control.go index b8d2049810076..ebac05a65bcc6 100644 --- a/control/control.go +++ b/control/control.go @@ -18,6 +18,7 @@ import ( apitypes "github.com/moby/buildkit/api/types" "github.com/moby/buildkit/cache/remotecache" "github.com/moby/buildkit/client" + "github.com/moby/buildkit/client/llb" "github.com/moby/buildkit/cmd/buildkitd/config" controlgateway "github.com/moby/buildkit/control/gateway" "github.com/moby/buildkit/exporter" @@ -403,14 +404,19 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (* if err != nil { return nil, errors.Wrapf(err, "failed to parse sbom generator %s", src) } + ref = reference.TagNameOnly(ref) useCache := true if v, ok := req.FrontendAttrs["no-cache"]; ok && v == "" { // disable cache if cache is disabled for all stages useCache = false } - ref = reference.TagNameOnly(ref) - procs = append(procs, proc.SBOMProcessor(ref.String(), useCache)) + resolveMode := llb.ResolveModeDefault.String() + if v, ok := req.FrontendAttrs["image-resolve-mode"]; ok { + resolveMode = v + } + + procs = append(procs, proc.SBOMProcessor(ref.String(), useCache, resolveMode)) } if attrs, ok := attests["provenance"]; ok { diff --git a/frontend/attestations/sbom/sbom.go b/frontend/attestations/sbom/sbom.go index 54e8e316a2a25..6afafe98fa846 100644 --- a/frontend/attestations/sbom/sbom.go +++ b/frontend/attestations/sbom/sbom.go @@ -33,12 +33,12 @@ const ( // attestation. type Scanner func(ctx context.Context, name string, ref llb.State, extras map[string]llb.State, opts ...llb.ConstraintsOpt) (result.Attestation[llb.State], error) -func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scanner string) (Scanner, error) { +func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scanner string, resolveOpt llb.ResolveImageConfigOpt) (Scanner, error) { if scanner == "" { return nil, nil } - _, dt, err := resolver.ResolveImageConfig(ctx, scanner, llb.ResolveImageConfigOpt{}) + _, dt, err := resolver.ResolveImageConfig(ctx, scanner, resolveOpt) if err != nil { return nil, err } diff --git a/frontend/dockerfile/builder/build.go b/frontend/dockerfile/builder/build.go index f9dd3643cd637..cc92dd852ee18 100644 --- a/frontend/dockerfile/builder/build.go +++ b/frontend/dockerfile/builder/build.go @@ -506,7 +506,9 @@ func Build(ctx context.Context, c client.Client) (_ *client.Result, err error) { } ref = reference.TagNameOnly(ref) - scanner, err = sbom.CreateSBOMScanner(ctx, c, ref.String()) + scanner, err = sbom.CreateSBOMScanner(ctx, c, ref.String(), llb.ResolveImageConfigOpt{ + ResolveMode: resolveMode.String(), + }) if err != nil { return nil, err } diff --git a/solver/llbsolver/proc/sbom.go b/solver/llbsolver/proc/sbom.go index 2d7e969ba5472..3b95cd1eaf240 100644 --- a/solver/llbsolver/proc/sbom.go +++ b/solver/llbsolver/proc/sbom.go @@ -13,7 +13,7 @@ import ( "github.com/pkg/errors" ) -func SBOMProcessor(scannerRef string, useCache bool) llbsolver.Processor { +func SBOMProcessor(scannerRef string, useCache bool, resolveMode string) llbsolver.Processor { return func(ctx context.Context, res *llbsolver.Result, s *llbsolver.Solver, j *solver.Job) (*llbsolver.Result, error) { // skip sbom generation if we already have an sbom if sbom.HasSBOM(res.Result) { @@ -25,7 +25,9 @@ func SBOMProcessor(scannerRef string, useCache bool) llbsolver.Processor { return nil, err } - scanner, err := sbom.CreateSBOMScanner(ctx, s.Bridge(j), scannerRef) + scanner, err := sbom.CreateSBOMScanner(ctx, s.Bridge(j), scannerRef, llb.ResolveImageConfigOpt{ + ResolveMode: resolveMode, + }) if err != nil { return nil, err }