fix(docker): extracting chalk mark from distroless non-buildx images

[x] Followed the steps in the contributor's guide: https://crashoverride.com/docs/other/contributing#filing-the-pull-request
[x] PR title uses semantic commit messages
[x] Filled out the template to a useful degree
[x] Updated CHANGELOG.md if necessary

Issue

Image build without buildx on docker push its chalk mark was not reported

Description

The format of docker history is different between buildx and non-buildx images. For non-buildx:

/bin/sh -c #(nop) COPY file:283b357328fb308cf6cfe240564dab744e8547f48c8626f11c1926ce41df45ef in /chalk.json

For buildx:

COPY --chmod=0444 chalk-XP9wJMFN-file.tmp /chalk.json # buildkit

To try to accomodate both chalk now simply checks for substring match whether "COPY " and " /chalk.json" was present in the layer spec and if so it attempts to extract chalk mark from the image tar file.

Testing

➜ make tests args="test_docker.py::test_build_and_push[valid/empty-False-False] --logs"

crashappsec / chalk

fix(docker): extracting chalk mark from distroless non-buildx images #338

Issue

Description

Testing