Skip to content
This repository was archived by the owner on Jul 18, 2025. It is now read-only.

Commit 865a45c

Browse files
cdupuiscdupuis
committed
Allow image upload without sbom
1 parent d042c75 commit 865a45c

File tree

2 files changed

+26
-16
lines changed

2 files changed

+26
-16
lines changed

commands/cmd.go

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ import (
2525
"strings"
2626

2727
"github.com/docker/index-cli-plugin/internal"
28+
"github.com/docker/index-cli-plugin/sbom"
2829

2930
"github.com/moby/term"
3031
"github.com/pkg/errors"
@@ -38,7 +39,6 @@ import (
3839
"github.com/docker/cli/cli/command"
3940
"github.com/docker/index-cli-plugin/format"
4041
"github.com/docker/index-cli-plugin/query"
41-
"github.com/docker/index-cli-plugin/sbom"
4242
"github.com/docker/index-cli-plugin/types"
4343
)
4444

@@ -73,8 +73,8 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
7373
config := dockerCli.ConfigFile()
7474

7575
var (
76-
output, ociDir, image, workspace string
77-
apiKeyStdin, includeCves, includeBaseImages, remediate bool
76+
output, ociDir, image, workspace string
77+
apiKeyStdin, includeCves, includeBaseImages, remediate, includeSbom bool
7878
)
7979

8080
logoutCommand := &cobra.Command{
@@ -181,14 +181,18 @@ func NewRootCmd(name string, isPlugin bool, dockerCli command.Cli) *cobra.Comman
181181
if err != nil {
182182
return err
183183
}
184+
if !includeSbom {
185+
sb.Artifacts = nil
186+
}
184187
return sbom.UploadSbom(sb, workspace, apiKey)
185188
},
186189
}
187190
uploadCommandFlags := uploadCommand.Flags()
188-
uploadCommandFlags.StringVar(&image, "image", "", "Image reference to index")
189-
uploadCommandFlags.StringVar(&ociDir, "oci-dir", "", "Path to image in OCI format")
190-
uploadCommandFlags.StringVar(&workspace, "workspace", "", "Atomist workspace")
191+
uploadCommandFlags.StringVarP(&image, "image", "i", "", "Image reference to index")
192+
uploadCommandFlags.StringVarP(&ociDir, "oci-dir", "d", "", "Path to image in OCI format")
193+
uploadCommandFlags.StringVarP(&workspace, "workspace", "w", "", "Atomist workspace")
191194
uploadCommandFlags.BoolVar(&apiKeyStdin, "api-key-stdin", false, "Atomist API key")
195+
uploadCommandFlags.BoolVarP(&includeSbom, "sbom", "s", false, "Add SBOM")
192196

193197
cveCommand := &cobra.Command{
194198
Use: "cve [OPTIONS] CVE_ID",

sbom/upload.go

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -145,16 +145,18 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
145145
Layers: &layers,
146146
BlobDigest: digests[len(digests)-1].String(),
147147
DiffChainId: diffIds[len(diffIds)-1].String(),
148-
149-
SbomVersion: sb.Descriptor.SbomVersion,
150-
SbomState: Indexing,
151-
SbomLastUpdated: &now,
152-
SbomPackageCount: len(sb.Artifacts),
153148
}
154149
if sha != "" {
155150
image.Sha = sha
156151
}
157152

153+
if sb.Artifacts != nil {
154+
image.SbomVersion = sb.Descriptor.SbomVersion
155+
image.SbomState = Indexing
156+
image.SbomLastUpdated = &now
157+
image.SbomPackageCount = len(sb.Artifacts)
158+
}
159+
158160
if sb.Source.Image.Tags != nil && len(*sb.Source.Image.Tags) > 0 {
159161
image.Tags = &skill.ManyRef{Add: *sb.Source.Image.Tags}
160162

@@ -189,8 +191,7 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
189191
transaction := newTransaction().Ordered()
190192

191193
image = ImageEntity{
192-
Digest: sb.Source.Image.Digest,
193-
SbomState: Indexing,
194+
Digest: sb.Source.Image.Digest,
194195
}
195196

196197
for _, p := range packages {
@@ -235,8 +236,13 @@ func transactSbom(sb *types.Sbom, newTransaction func() skill.Transaction) (*Ima
235236
}
236237

237238
image = ImageEntity{
238-
Digest: sb.Source.Image.Digest,
239-
SbomState: Indexed,
239+
Digest: sb.Source.Image.Digest,
240+
Repository: &repository,
241+
Repositories: &[]RepositoryEntity{repository},
242+
SbomState: Indexed,
243+
}
244+
if sb.Artifacts != nil {
245+
image.SbomState = Indexed
240246
}
241247
err = newTransaction().Ordered().AddEntities(image).Transact()
242248
if err != nil {
@@ -401,7 +407,7 @@ type ImageEntity struct {
401407
DiffChainId string `edn:"docker.image/diff-chain-id,omitempty"`
402408
Sha string `edn:"docker.image/sha,omitempty"`
403409

404-
SbomState edn.Keyword `edn:"sbom/state"`
410+
SbomState edn.Keyword `edn:"sbom/state,omitempty"`
405411
SbomVersion string `edn:"sbom/version,omitempty"`
406412
SbomLastUpdated *time.Time `edn:"sbom/last-updated,omitempty"`
407413
SbomPackageCount int `edn:"sbom/package-count,omitempty"`

0 commit comments

Comments
 (0)