chore: enable SBOM and containerd support in Docker builds

matifali · matifali · commit 378fdf83f647 · 2025-03-07T23:19:35.000Z
Added SBOM (Software Bill of Materials) generation during Docker build to enhance traceability. Refer to Docker documentation on SBOM: docs.docker.com/build/metadata/attestations/sbom
Updated Docker build scripts to use BuildKit for provenance and SBOM support: docs.docker.com/build/metadata/attestations
Configured Docker daemon to support the Containerd snapshotter feature to improve performance: docs.docker.com/engine/storage/containerd
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -999,7 +999,7 @@ jobs:
           AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
 
       - name: Upload build artifacts
-        if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
+        if: ${{ github.repository_owner == 'coder' }}
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: dylibs
diff --git a/dogfood/contents/files/etc/docker/daemon.json b/dogfood/contents/files/etc/docker/daemon.json
@@ -1,6 +1,6 @@
 {
 	"registry-mirrors": ["https://mirror.gcr.io"],
 	"features": {
-		"containerd-snapshotter': true
+		"containerd-snapshotter": true
 	}
 }
diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
@@ -140,7 +140,7 @@ docker buildx build \
 	--platform "$arch" \
 	--build-arg "BASE_IMAGE=$base_image" \
 	--build-arg "CODER_VERSION=$version" \
-	--provenence true \
+	--provenance true \
 	--sbom true \
 	--no-cache \
 	--tag "$image_tag" \

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"registry-mirrors": ["https://mirror.gcr.io"],`
`3`	`3`	`"features": {`
`4`		`- "containerd-snapshotter': true`
	`4`	`+ "containerd-snapshotter": true`
`5`	`5`	`}`
`6`	`6`	`}`