Skip to content

Commit 7020690

Browse files
committed
6031 Disable image provenance in Docker images for lambdas
1 parent 715780c commit 7020690

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

java/clients/src/main/java/sleeper/clients/deploy/container/UploadDockerImages.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,13 @@ private void buildAndPushImage(String tag, StackDockerImage image) throws IOExce
100100
if (image.isMultiplatform()) {
101101
commandRunner.runOrThrow("docker", "buildx", "build", "--platform", "linux/amd64,linux/arm64", "-t", tag, "--push", dockerfileDirectory.toString());
102102
} else {
103-
commandRunner.runOrThrow("docker", "build", "-t", tag, dockerfileDirectory.toString());
103+
if (image.getLambdaJar().isPresent()) {
104+
// At time of writing AWS Lambda does not support images with provenance enabled.
105+
// See https://docs.aws.amazon.com/lambda/latest/dg/java-image.html
106+
commandRunner.runOrThrow("docker", "build", "--provenance=false", "-t", tag, dockerfileDirectory.toString());
107+
} else {
108+
commandRunner.runOrThrow("docker", "build", "-t", tag, dockerfileDirectory.toString());
109+
}
104110
commandRunner.runOrThrow("docker", "push", tag);
105111
}
106112
}

java/clients/src/test/java/sleeper/clients/deploy/container/DockerImagesTestBase.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ protected CommandPipeline buildImageCommand(String tag, String dockerDirectory)
105105
}
106106

107107
protected CommandPipeline buildLambdaImageCommand(String tag, String dockerDirectory) {
108-
return pipeline(command("docker", "build", "-t", tag, dockerDirectory));
108+
return pipeline(command("docker", "build", "--provenance=false", "-t", tag, dockerDirectory));
109109
}
110110

111111
protected CommandPipeline pullImageCommand(String tag) {

0 commit comments

Comments
 (0)