From c2003d906d709799c1383f23f04d755fe4c837be Mon Sep 17 00:00:00 2001 From: Adam Cmiel Date: Thu, 9 Jan 2025 16:47:51 +0100 Subject: [PATCH] deprecated-image-check: support SPDX SBOMs Support extracting the base/builder images from both CycloneDX SBOMs and SPDX SBOMs. In an SPDX SBOM, the base/builder images are identified via JSON-encoded annotations. Example: { "SPDXID": "SPDXRef-image-... "name": "registry.access.redhat.com/ubi9/ubi-micro", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:oci/ubi-micro@sha256:...?repository_url=..." } ], "annotations": [ { "annotator": "Tool: konflux:jsonencoded", "comment": "{\"name\":\"konflux:container:is_base_image\",\"value\":\"true\"}", "annotationDate": "2025-01-13T12:15:31Z", "annotationType": "OTHER" } ] } Signed-off-by: Adam Cmiel --- .../0.4/deprecated-image-check.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/task/deprecated-image-check/0.4/deprecated-image-check.yaml b/task/deprecated-image-check/0.4/deprecated-image-check.yaml index 6fd8352412..753bc54c48 100644 --- a/task/deprecated-image-check/0.4/deprecated-image-check.yaml +++ b/task/deprecated-image-check/0.4/deprecated-image-check.yaml @@ -91,7 +91,18 @@ spec: continue fi - cat ${SBOM_FILE_PATH} | jq -r '.formulation? // empty | .[] | .components? // empty | .[] | select(any((.properties // empty)[]; .name | test("^konflux:container:is_(base|builder)_image"))) | .name' >> ${IMAGES_TO_BE_PROCESSED_PATH} + < "${SBOM_FILE_PATH}" jq -r ' + if .bomFormat == "CycloneDX" then + .formulation[]? + | .components[]? + | select(any(.properties[]?; .name | test("^konflux:container:is_(base|builder)_image"))) + | .name + else + .packages[] + | select(any(.annotations[]?.comment; (fromjson?).name? | test("^konflux:container:is_(base|builder)_image")?)) + | .name + end + ' >> "${IMAGES_TO_BE_PROCESSED_PATH}" echo "Detected base images from $arch SBOM:" cat "${IMAGES_TO_BE_PROCESSED_PATH}" echo ""