chore: enable SBOM and containerd support in Docker builds

matifali · matifali · commit 13e99e0c40b2 · 2025-03-07T22:59:23.000Z
Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbom
Updated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestations
Configured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1018,7 +1018,7 @@ jobs:
     needs:
       - changes
       - build-dylib
-    if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
+    if: needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-22.04' }}
     permissions:
       # Necessary to push docker images to ghcr.io.
diff --git a/dogfood/contents/files/etc/docker/daemon.json b/dogfood/contents/files/etc/docker/daemon.json
@@ -1,6 +1,6 @@
 {
 	"registry-mirrors": ["https://mirror.gcr.io"],
 	"features": {
-		"containerd-snapshotter': true
+		"containerd-snapshotter": true
 	}
 }
diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
@@ -140,7 +140,7 @@ docker buildx build \
 	--platform "$arch" \
 	--build-arg "BASE_IMAGE=$base_image" \
 	--build-arg "CODER_VERSION=$version" \
-	--provenence true \
+	--provenance true \
 	--sbom true \
 	--no-cache \
 	--tag "$image_tag" \

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"registry-mirrors": ["https://mirror.gcr.io"],`
`3`	`3`	`"features": {`
`4`		`- "containerd-snapshotter': true`
	`4`	`+ "containerd-snapshotter": true`
`5`	`5`	`}`
`6`	`6`	`}`