PoC: add docker provenance & SBOM #802
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fmigneault
added
the
ci/operations
…ut push side-effect
|
FYI |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## master #802 +/- ##
=======================================
Coverage 87.76% 87.76%
=======================================
Files 82 82
Lines 21346 21346
Branches 2893 2893
=======================================
Hits 18734 18734
Misses 1851 1851
Partials 761 761 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
In order to offer better traceability of the code and runtime environment (not just the underlying execution artifacts annotated by CWLProv / W3C PROV when running processing), annotate the provided docker image with best practice provenance details.
Detail
Employ docker traceability attestations:
Requires an intermediate step to setup the
docker-containerdriver asbuilder:https://docs.docker.com/build/builders/drivers/docker-container/
Allows a better Docker Scout health score (other items remaining to iron out the score to be addressed in separate PRs).
Before
https://hub.docker.com/layers/pavics/weaver/6.4.0/images/sha256-17ed69160f769eb88f019b77a46223ed20e5ef98319e2d0392f8009aa7378294
After
https://hub.docker.com/layers/pavics/weaver/6.5.0-rc/images/sha256-85cc04f422d81ec0e637e77d918684c6c702ca4b6a55c1c28e069cbd1900cc98
Usage / Validation
docker buildx imagetools inspect pavics/weaver:6.5.0-rc --format "{{ json .Provenance.SLSA }}"{ "buildConfig": { "digestMapping": { "sha256:00179c39b0f4e127ac749504e6305f3e9c8e51aec06a49f076d0e4081a4fd928": "step0", "sha256:16b20880cb9e9c3270a91df3581ac597ccaa1bf558381f4bfd4e125d0dc08a4f": "step1", "sha256:6ce196c295f360bb6906c6eadb12439f6c74422c6d0fcf38b52c99564bfe42a2": "step2", "sha256:7164064266a98617a1fced0e7b0d5e3cab5753cfc06a9b5f7a73016750fec212": "step6", "sha256:7e20492911c4fa3374b646b92627379e0bf58278c082f387a4a1262fe93373a4": "step8", "sha256:af60562792c43f60230073a4389ab8296db13062cabd68007c0f7fa122e9acf8": "step5", "sha256:be6cc100c75d5c9a26433a92f29455f4c5e43caf27b06b3157776bfa3d13326a": "step3", "sha256:c2f4f4abe1c0cef6281960651916225f2cf93d8f1c16cbe3241fb05f8a2174f1": "step4", "sha256:e0d1f64b8ff5f43bdfe08090679323b3f4010205eaab3313375bf5a49961f3f2": "step7" }, "llbDefinition": [ { "id": "step0", "op": { "Op": { "source": { "identifier": "docker-image://docker.io/library/python:3.11-slim@sha256:614c8691ab74150465ec9123378cd4dde7a6e57be9e558c3108df40664667a4c" } }, "constraints": {}, "platform": { "Architecture": "amd64", "OS": "linux" } } }, { "id": "step1", "inputs": [ "step0:0" ], "op": { "Op": { "file": { "actions": [ { "Action": { "mkdir": { "makeParents": true, "mode": 493, "path": "/opt/local/src/weaver", "timestamp": -1 } }, "input": 0, "output": 0, "secondaryInput": -1 } ] } }, "constraints": {} } }, { "id": "step2", "op": { "Op": { "source": { "attrs": { "local.excludepatterns": "[\"docker\",\".dockerignore\",\".git\",\".github\",\".gitignore\",\"[Mm]akefile.config\",\"downloads\",\"env\",\"package.json\",\"package-lock.json\",\"node_modules\",\"celeryconfig*\",\"celery-config*\",\"celerybeat-schedule.*\",\"*~\",\"*.mo\",\"*.so\",\"*.py[cod]\",\"*.bak\",\"*.sqlite\",\"*.egg[s]\",\"*.egg-info\",\"*egg[s]__pycache__\",\".python_history\",\".cache\",\".coverage\",\"coverage\",\".pylint.d\",\".pytest_cache\",\".tox\",\"nosetests.xml\",\"unit_tests/testdata.json\",\"tests\",\"**/*.log\",\"**/*.lock\",\"testdata.json\",\"reports\",\"*.Rhistory\",\".project\",\".pydevproject\",\".settings\",\"*.idea\",\"*.run\",\"*.iml\",\"*.kate-swp\",\"*.sublime*\",\"docs\",\"[Bb]uild\",\"src\",\".ipynb_checkpoints\",\"**/*.o\",\"**/*.a\",\"**/*.mod\",\"**/*.out\",\"workflows\",\"**/*.tif\",\"archive\",\"*.zip\",\"*.tar.gz\",\"**/*.zip\",\"**/*.tag.gz\",\"!config/*.example\",\"config/*\",\"[Bb]in\"]", "local.sharedkeyhint": "context" }, "identifier": "local://context" } }, "constraints": {} } }, { "id": "step3", "inputs": [ "step1:0", "step2:0" ], "op": { "Op": { "file": { "actions": [ { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/weaver/__init__.py", "timestamp": -1 } }, "input": 0, "output": -1, "secondaryInput": 1 }, { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/weaver/__meta__.py", "timestamp": -1 } }, "input": 2, "output": 0, "secondaryInput": 1 } ] } }, "constraints": {} } }, { "id": "step4", "inputs": [ "step3:0", "step2:0" ], "op": { "Op": { "file": { "actions": [ { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/requirements*", "timestamp": -1 } }, "input": 0, "output": -1, "secondaryInput": 1 }, { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/setup.py", "timestamp": -1 } }, "input": 2, "output": -1, "secondaryInput": 1 }, { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/README.rst", "timestamp": -1 } }, "input": 3, "output": -1, "secondaryInput": 1 }, { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver/", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/CHANGES.rst", "timestamp": -1 } }, "input": 4, "output": 0, "secondaryInput": 1 } ] } }, "constraints": {} } }, { "id": "step5", "inputs": [ "step4:0" ], "op": { "Op": { "exec": { "meta": { "args": [ "/bin/sh", "-c", "apt-get update \u0026\u0026 apt-get install -y --no-install-recommends ca-certificates netbase gcc g++ git nodejs \u0026\u0026 pip install --no-cache-dir --upgrade -r requirements-sys.txt \u0026\u0026 pip install --no-cache-dir -r requirements.txt \u0026\u0026 pip install --no-cache-dir -e ${APP_DIR} \u0026\u0026 apt-get remove -y gcc g++ git \u0026\u0026 rm -rf /var/lib/apt/lists/*" ], "cwd": "/opt/local/src/weaver", "env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "PYTHON_VERSION=3.11.11", "PYTHON_SHA256=2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3", "APP_DIR=/opt/local/src/weaver", "APP_CONFIG_DIR=/opt/local/src/weaver/config", "APP_ENV_DIR=/opt/local/src/weaver/env" ], "removeMountStubsRecursive": true }, "mounts": [ { "dest": "/" } ] } }, "constraints": {}, "platform": { "Architecture": "amd64", "OS": "linux" } } }, { "id": "step6", "inputs": [ "step5:0", "step2:0" ], "op": { "Op": { "file": { "actions": [ { "Action": { "copy": { "allowEmptyWildcard": true, "allowWildcard": true, "createDestPath": true, "dest": "/opt/local/src/weaver", "dirCopyContents": true, "followSymlink": true, "mode": -1, "src": "/", "timestamp": -1 } }, "input": 0, "output": 0, "secondaryInput": 1 } ] } }, "constraints": {} } }, { "id": "step7", "inputs": [ "step6:0" ], "op": { "Op": { "exec": { "meta": { "args": [ "/bin/sh", "-c", "pip install --no-dependencies -e ${APP_DIR}" ], "cwd": "/opt/local/src/weaver", "env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "PYTHON_VERSION=3.11.11", "PYTHON_SHA256=2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3", "APP_DIR=/opt/local/src/weaver", "APP_CONFIG_DIR=/opt/local/src/weaver/config", "APP_ENV_DIR=/opt/local/src/weaver/env" ], "removeMountStubsRecursive": true }, "mounts": [ { "dest": "/" } ] } }, "constraints": {}, "platform": { "Architecture": "amd64", "OS": "linux" } } }, { "id": "step8", "inputs": [ "step7:0" ], "op": { "Op": {} } } ] }, "buildType": "https://mobyproject.org/buildkit@v1", "builder": { "id": "" }, "invocation": { "configSource": { "entryPoint": "Dockerfile-base" }, "environment": { "platform": "linux/amd64" }, "parameters": { "args": { "build-arg:DOCKER_BASE": "pavics/weaver:6.5.0-rc" }, "frontend": "dockerfile.v0", "locals": [ { "name": "context" }, { "name": "dockerfile" } ] } }, "materials": [ { "digest": { "sha256": "434b49272c090c4788e38c8d8d6008c3741c4a8d4638e62dff5cdc6409d7927a" }, "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1" }, { "digest": { "sha256": "614c8691ab74150465ec9123378cd4dde7a6e57be9e558c3108df40664667a4c" }, "uri": "pkg:docker/[email protected]?platform=linux%2Famd64" } ], "metadata": { "buildFinishedOn": "2025-03-08T04:10:20.400776296Z", "buildInvocationID": "tqbbjiwx96085ey7dqx8bp9vb", "buildStartedOn": "2025-03-08T04:10:11.51635378Z", "completeness": { "environment": true, "materials": false, "parameters": true }, "https://mobyproject.org/buildkit@v1#metadata": { "layers": { "step0:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 } ] ], "step1:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 } ] ], "step3:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 }, { "digest": "sha256:bba822e7648ca37d5bf3dfc2343a8fcf953598dd53121335e73b12a127dc94f0", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1575 } ] ], "step4:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 }, { "digest": "sha256:bba822e7648ca37d5bf3dfc2343a8fcf953598dd53121335e73b12a127dc94f0", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1575 }, { "digest": "sha256:08a5daca288a27a74a6db045d454d864218248e5e712fa636b424cd48f2ae4e2", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 65212 } ] ], "step5:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 }, { "digest": "sha256:bba822e7648ca37d5bf3dfc2343a8fcf953598dd53121335e73b12a127dc94f0", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1575 }, { "digest": "sha256:08a5daca288a27a74a6db045d454d864218248e5e712fa636b424cd48f2ae4e2", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 65212 }, { "digest": "sha256:b8a973fc54b8c29177560617beb7d6253b70be506bad8492560e0f0f0e36f5fa", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 286841141 } ] ], "step6:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 }, { "digest": "sha256:bba822e7648ca37d5bf3dfc2343a8fcf953598dd53121335e73b12a127dc94f0", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1575 }, { "digest": "sha256:08a5daca288a27a74a6db045d454d864218248e5e712fa636b424cd48f2ae4e2", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 65212 }, { "digest": "sha256:b8a973fc54b8c29177560617beb7d6253b70be506bad8492560e0f0f0e36f5fa", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 286841141 }, { "digest": "sha256:750115c113447421deb66709f9fb12ea7c770a5cfc9a2aa64af5e5b564d7177f", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1258463 } ] ], "step7:0": [ [ { "digest": "sha256:7cf63256a31a4cc44f6defe8e1af95363aee5fa75f30a248d95cae684f87c53c", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 28219301 }, { "digest": "sha256:183f0922284a8cedfbb884126f80363579bb8dbca1911951bfd7f0ee1d710f11", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 3511492 }, { "digest": "sha256:5dbb3b698b727bb06ce21e20ef60f7929e05ea0746047bb970d01e34ee6129ad", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 16204764 }, { "digest": "sha256:0c5ce2cb4ecc4aadbe1ed2f03df63b0a280a041c1b61fe1cde8d9af1ee5de163", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 250 }, { "digest": "sha256:5388b38f6f9655a573989452ab8d3d76ea11212e54b5a9f1267a5a4fa1564260", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 150 }, { "digest": "sha256:bba822e7648ca37d5bf3dfc2343a8fcf953598dd53121335e73b12a127dc94f0", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1575 }, { "digest": "sha256:08a5daca288a27a74a6db045d454d864218248e5e712fa636b424cd48f2ae4e2", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 65212 }, { "digest": "sha256:b8a973fc54b8c29177560617beb7d6253b70be506bad8492560e0f0f0e36f5fa", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 286841141 }, { "digest": "sha256:750115c113447421deb66709f9fb12ea7c770a5cfc9a2aa64af5e5b564d7177f", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 1258463 }, { "digest": "sha256:e9b3c256973171dc89120c68dda0f99fc07a606d31e8d0e5818da0261802e599", "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 103951 } ] ] }, "source": { "infos": [ { "data": "RlJPTSBweXRob246My4xMS1zbGltCkxBQkVMIGRlc2NyaXB0aW9uLnNob3J0PSJXZWF2ZXIgQmFzZSIKTEFCRUwgZGVzY3JpcHRpb24ubG9uZz0iV29ya2Zsb3cgRXhlY3V0aW9uIE1hbmFnZW1lbnQgU2VydmljZSAoRU1TKTsgQXBwbGljYXRpb24sIERlcGxveW1lbnQgYW5kIEV4ZWN1dGlvbiBTZXJ2aWNlIChBREVTKSIKTEFCRUwgbWFpbnRhaW5lcj0iRnJhbmNpcyBDaGFyZXR0ZS1NaWduZWF1bHQgPGZyYW5jaXMuY2hhcmV0dGUtbWlnbmVhdWx0QGNyaW0uY2E+IgpMQUJFTCB2ZW5kb3I9IkNSSU0iCkxBQkVMIHZlcnNpb249IjYuNC4wIgoKIyBzZXR1cCBwYXRocwpFTlYgQVBQX0RJUj0vb3B0L2xvY2FsL3NyYy93ZWF2ZXIKRU5WIEFQUF9DT05GSUdfRElSPSR7QVBQX0RJUn0vY29uZmlnCkVOViBBUFBfRU5WX0RJUj0ke0FQUF9ESVJ9L2VudgpXT1JLRElSICR7QVBQX0RJUn0KCiMgb2J0YWluIHNvdXJjZSBmaWxlcwpDT1BZIHdlYXZlci9fX2luaXRfXy5weSB3ZWF2ZXIvX19tZXRhX18ucHkgJHtBUFBfRElSfS93ZWF2ZXIvCkNPUFkgcmVxdWlyZW1lbnRzKiBzZXR1cC5weSBSRUFETUUucnN0IENIQU5HRVMucnN0ICR7QVBQX0RJUn0vCgojIGluc3RhbGwgcnVudGltZS9wYWNrYWdlIGRlcGVuZGVuY2llcwpSVU4gYXB0LWdldCB1cGRhdGUgJiYgYXB0LWdldCBpbnN0YWxsIC15IC0tbm8taW5zdGFsbC1yZWNvbW1lbmRzIFwKICAgICAgICBjYS1jZXJ0aWZpY2F0ZXMgXAogICAgICAgIG5ldGJhc2UgXAogICAgICAgIGdjYyBcCiAgICAgICAgZysrIFwKICAgICAgICBnaXQgXAogICAgICAgIG5vZGVqcyBcCiAgICAmJiBwaXAgaW5zdGFsbCAtLW5vLWNhY2hlLWRpciAtLXVwZ3JhZGUgLXIgcmVxdWlyZW1lbnRzLXN5cy50eHQgXAogICAgJiYgcGlwIGluc3RhbGwgLS1uby1jYWNoZS1kaXIgLXIgcmVxdWlyZW1lbnRzLnR4dCBcCiAgICAmJiBwaXAgaW5zdGFsbCAtLW5vLWNhY2hlLWRpciAtZSAke0FQUF9ESVJ9IFwKICAgICYmIGFwdC1nZXQgcmVtb3ZlIC15IFwKICAgICAgICBnY2MgXAogICAgICAgIGcrKyBcCiAgICAgICAgZ2l0IFwKICAgICYmIHJtIC1yZiAvdmFyL2xpYi9hcHQvbGlzdHMvKgoKIyBpbnN0YWxsIHBhY2thZ2UKQ09QWSAuLyAke0FQUF9ESVJ9CiMgZXF1aXZhbGVudCBvZiBgbWFrZSBpbnN0YWxsYCB3aXRob3V0IGNvbmRhIGVudiBhbmQgcHJlLWluc3RhbGxlZCBwYWNrYWdlcwpSVU4gcGlwIGluc3RhbGwgLS1uby1kZXBlbmRlbmNpZXMgLWUgJHtBUFBfRElSfQoKQ01EIFsiYmFzaCJdCg==", "digestMapping": { "sha256:2cda967b8064767f2d3b6d14fd2f7eab82d9c4cb758e5718de6381047da36a8e": "step1", "sha256:3ab9882ac673e61226109b3573d14b2e933f69cd8d35529eb87892f27549d625": "step0" }, "filename": "Dockerfile-base", "language": "Dockerfile", "llbDefinition": [ { "id": "step0", "op": { "Op": { "source": { "attrs": { "local.differ": "none", "local.followpaths": "[\"Dockerfile-base\",\"Dockerfile-base.dockerignore\"]", "local.sharedkeyhint": "dockerfile" }, "identifier": "local://dockerfile" } }, "constraints": {} } }, { "id": "step1", "inputs": [ "step0:0" ], "op": { "Op": {} } } ] } ], "locations": { "step0": { "locations": [ { "ranges": [ { "end": { "line": 1 }, "start": { "line": 1 } } ] } ] }, "step1": { "locations": [ { "ranges": [ { "end": { "line": 12 }, "start": { "line": 12 } } ] } ] }, "step2": {}, "step3": { "locations": [ { "ranges": [ { "end": { "line": 15 }, "start": { "line": 15 } } ] } ] }, "step4": { "locations": [ { "ranges": [ { "end": { "line": 16 }, "start": { "line": 16 } } ] } ] }, "step5": { "locations": [ { "ranges": [ { "end": { "line": 19 }, "start": { "line": 19 } }, { "end": { "line": 20 }, "start": { "line": 20 } }, { "end": { "line": 21 }, "start": { "line": 21 } }, { "end": { "line": 22 }, "start": { "line": 22 } }, { "end": { "line": 23 }, "start": { "line": 23 } }, { "end": { "line": 24 }, "start": { "line": 24 } }, { "end": { "line": 25 }, "start": { "line": 25 } }, { "end": { "line": 26 }, "start": { "line": 26 } }, { "end": { "line": 27 }, "start": { "line": 27 } }, { "end": { "line": 28 }, "start": { "line": 28 } }, { "end": { "line": 29 }, "start": { "line": 29 } }, { "end": { "line": 30 }, "start": { "line": 30 } }, { "end": { "line": 31 }, "start": { "line": 31 } }, { "end": { "line": 32 }, "start": { "line": 32 } }, { "end": { "line": 33 }, "start": { "line": 33 } } ] } ] }, "step6": { "locations": [ { "ranges": [ { "end": { "line": 36 }, "start": { "line": 36 } } ] } ] }, "step7": { "locations": [ { "ranges": [ { "end": { "line": 38 }, "start": { "line": 38 } } ] } ] } } }, "vcs": { "localdir:context": ".", "localdir:dockerfile": "docker", "revision": "d97a03ac5304a581add4d404c8262e1426ebf016", "source": "git@github-perso:crim-ca/weaver" } }, "reproducible": false } }Example parts extracts that can be tracked with guaranteed using provenance:
... and many other references that are usually "assumed" but not actually guaranteed (eg: manual push of a tag or any other atypical environment build configuration).
Comparison with other PAVICS-related images