grafeas / voucher

🎟 Voucher creates attestations for Binary Authorization
Apache License 2.0
73 stars 20 forks source link

Fallback build details project #69

Closed thepwagner closed 2 years ago

thepwagner commented 2 years ago

This is cherry-picking @rxbchen and @chrisshino 's work in https://github.com/Shopify/voucher/pull/16 onto the current grafeas/voucher: I ran git cherry-pick dab0b6902f2542ada0f6cede2c962866c5d7b1ef^..0935f52c7f2c0f735d9c102b136ff9b1c476a4cc, then biased towards "incoming changes" to resolve conflicts.

In https://github.com/grafeas/voucher/issues/47#issuecomment-982019107 , Shopify made a nasty hack and forked Voucher to avoid polluting upstream. We'd like to finish that work correctly, so this is part of the housekeeping to bring the branches closer.


What?

Added a new configuration that allows user to configure a fallback project for when build metadata is not found in the same project as the image.

Why?

This addresses the issue where an image and it's corresponding build metadata lives in different GCP projects causing excessive warning logs to be emitted

How?

This is done by adding a configuration:

[containeranalysis]
build_detail_fallback_project = "project_name"

If this field is not empty, we will attempt to get image build metadata from there when any error occurs

Checklist

Before Merging