provenance slsa v1

Signed-off-by: CrazyMax <[email protected]>

Author: crazy-max

control/control.go

@@ -35,6 +35,7 @@ import (
 	"github.com/moby/buildkit/solver/llbsolver"
 	"github.com/moby/buildkit/solver/llbsolver/cdidevices"
 	"github.com/moby/buildkit/solver/llbsolver/proc"
+	provenancetypes "github.com/moby/buildkit/solver/llbsolver/provenance/types"
 	"github.com/moby/buildkit/solver/pb"
 	"github.com/moby/buildkit/util/bklog"
 	"github.com/moby/buildkit/util/db"
@@ -508,7 +509,19 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (*
 	}
 
 	if attrs, ok := attests["provenance"]; ok {
-		procs = append(procs, proc.ProvenanceProcessor(attrs))
+		var slsaVersion provenancetypes.ProvenanceSLSA
+		params := make(map[string]string)
+		for k, v := range attrs {
+			if k == "version" {
+				slsaVersion = provenancetypes.ProvenanceSLSA(v)
+				if err := slsaVersion.Validate(); err != nil {
+					return nil, err
+				}
+			} else {
+				params[k] = v
+			}
+		}
+		procs = append(procs, proc.ProvenanceProcessor(slsaVersion, params))
 	}
 
 	resp, err := c.solver.Solve(ctx, req.Ref, req.Session, frontend.SolveRequest{

frontend/attestations/parse.go

@@ -3,6 +3,7 @@ package attestations
 import (
 	"strings"
 
+	provenancetypes "github.com/moby/buildkit/solver/llbsolver/provenance/types"
 	"github.com/pkg/errors"
 	"github.com/tonistiigi/go-csvvalue"
 )
@@ -14,6 +15,7 @@ const (
 
 const (
 	defaultSBOMGenerator = "docker/buildkit-syft-scanner:stable-1"
+	defaultSLSAVersion   = string(provenancetypes.ProvenanceSLSA02)
 )
 
 func Filter(v map[string]string) map[string]string {
@@ -57,8 +59,11 @@ func Parse(values map[string]string) (map[string]map[string]string, error) {
 	for k, v := range attests {
 		attrs := make(map[string]string)
 		out[k] = attrs
-		if k == KeyTypeSbom {
+		switch k {
+		case KeyTypeSbom:
 			attrs["generator"] = defaultSBOMGenerator
+		case KeyTypeProvenance:
+			attrs["version"] = defaultSLSAVersion
 		}
 		if v == "" {
 			continue

frontend/attestations/parse_test.go

@@ -24,7 +24,8 @@ func TestParse(t *testing.T) {
 					"generator": "docker.io/foo/bar",
 				},
 				"provenance": {
-					"mode": "max",
+					"mode":    "max",
+					"version": "v0.2",
 				},
 			},
 		},