Merge pull request #382 from LaurentGoderre/sbom

Added explicit attestation for Redis

Author: yosifkit

.gitattributes

@@ -0,0 +1,3 @@
+/*/**/Dockerfile            linguist-generated
+/*/**/docker-entrypoint.sh  linguist-generated
+/Dockerfile*.template       linguist-language=Dockerfile

.gitignore

@@ -1 +1,2 @@
 .jq-template.awk
+.template-helper-functions.jq

6.0/alpine3.18/Dockerfile

@@ -1,3 +1,4 @@
+{{ include ".template-helper-functions" -}}
 FROM alpine:{{ env.variant | ltrimstr("alpine") }}
 
 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
@@ -89,7 +90,21 @@ RUN set -eux; \
 	apk del --no-network .build-deps; \
 	\
 	redis-cli --version; \
-	redis-server --version
+	redis-server --version; \
+	\
+	echo {{
+		{
+			name: "redis-server",
+			version: .version,
+			params: {
+				os_name: "alpine",
+				os_version: env.variant | ltrimstr("alpine")
+			},
+			licenses: [
+				"BSD-3-Clause"
+			]
+		} | sbom | tostring | @sh
+	}} > /usr/local/redis.spdx.json
 
 RUN mkdir /data && chown redis:redis /data
 VOLUME /data

6.0/bookworm/Dockerfile

@@ -1,3 +1,4 @@
+{{ include ".template-helper-functions" -}}
 FROM debian:{{ env.variant }}-slim
 
 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
@@ -107,7 +108,21 @@ RUN set -eux; \
 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	\
 	redis-cli --version; \
-	redis-server --version
+	redis-server --version; \
+	\
+	echo {{
+		{
+			name: "redis-server",
+			version: .version,
+			params: {
+				os_name: "debian",
+				os_version: env.variant
+			},
+			licenses: [
+				"BSD-3-Clause"
+			]
+		} | sbom | tostring | @sh
+	}} > /usr/local/redis.spdx.json
 
 RUN mkdir /data && chown redis:redis /data
 VOLUME /data

6.2/alpine3.18/Dockerfile

@@ -13,6 +13,13 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
 	wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
 fi
 
+jqf='.template-helper-functions.jq'
+if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
+	jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq"
+elif [ "$BASH_SOURCE" -nt "$jqf" ]; then
+	wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/08c926140ad0af22de58c2a2656afda58082ba3e/scripts/template-helper-functions.jq'
+fi
+
 if [ "$#" -eq 0 ]; then
 	versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
 	eval "set -- $versions"