Incorporate docker host and context functionality (#8)

.github/workflows/release.yaml

@@ -9,7 +9,7 @@ on:
       - "v*"
 
 env:
-  GO_VERSION: "1.17.x"
+  GO_VERSION: "1.18.x"
 
 jobs:
   quality-gate:

.github/workflows/validations.yaml

@@ -7,7 +7,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: "1.17.x"
+  GO_VERSION: "1.18.x"
 
 jobs:
 

Makefile

@@ -68,7 +68,7 @@ $(RESULTS_DIR):
 bootstrap-tools:
 	$(call title,Bootstrapping tools)
 	mkdir -p $(TEMP_DIR)
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(TEMP_DIR)/ v1.42.1
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(TEMP_DIR)/ v1.45.0
 	curl -sSfL https://raw.githubusercontent.com/wagoodman/go-bouncer/master/bouncer.sh | sh -s -- -b $(TEMP_DIR)/ v0.3.0
 	curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMP_DIR)/ v0.3.0
 	.github/scripts/goreleaser-install.sh -b $(TEMP_DIR)/ v1.5.0

cmd/root.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"strings"
@@ -19,7 +20,9 @@ import (
 	"github.com/wagoodman/go-partybus"
 
 	"github.com/anchore/stereoscope"
+	"github.com/anchore/stereoscope/pkg/file"
 	"github.com/anchore/stereoscope/pkg/image"
+	stereoscopeDocker "github.com/anchore/stereoscope/pkg/image/docker"
 	"github.com/anchore/syft/syft"
 	"github.com/anchore/syft/syft/event"
 	"github.com/anchore/syft/syft/pkg/cataloger"
@@ -37,7 +40,7 @@ const (
 	shortDescription = "View the packaged-based Software Bill Of Materials (SBOM) for an image"
 )
 
-func cmd(_ command.Cli) *cobra.Command {
+func cmd(dockerCli command.Cli) *cobra.Command {
 	c := &cobra.Command{
 		Use:               "sbom",
 		Short:             shortDescription,
@@ -47,7 +50,7 @@ func cmd(_ command.Cli) *cobra.Command {
 		SilenceUsage:      true,
 		SilenceErrors:     true,
 		Version:           version.FromBuild().Version,
-		RunE:              run,
+		RunE:              newRunner(dockerCli).run,
 		ValidArgsFunction: dockerImageValidArgsFunction,
 	}
 
@@ -174,7 +177,17 @@ func validateInputArgs(cmd *cobra.Command, args []string) error {
 	return cobra.ExactArgs(1)(cmd, args)
 }
 
-func run(_ *cobra.Command, args []string) error {
+type runner struct {
+	client command.Cli
+}
+
+func newRunner(client command.Cli) runner {
+	return runner{
+		client: client,
+	}
+}
+
+func (r runner) run(_ *cobra.Command, args []string) error {
 	writer, err := makeWriter([]string{appConfig.Format}, appConfig.Output)
 	if err != nil {
 		return err
@@ -186,16 +199,16 @@ func run(_ *cobra.Command, args []string) error {
 		}
 	}()
 
-	si := source.Input{
-		UserInput:   args[0],
-		Scheme:      source.ImageScheme,
-		ImageSource: image.DockerDaemonSource,
-		Location:    args[0],
-		Platform:    appConfig.Platform,
+	var platform *image.Platform
+	if appConfig.Platform != "" {
+		platform, err = image.NewPlatform(appConfig.Platform)
+		if err != nil {
+			return fmt.Errorf("invalid platform provided: %w", err)
+		}
 	}
 
 	return eventLoop(
-		sbomExecWorker(si, writer),
+		sbomExecWorker(args[0], r.client, platform, writer),
 		setupSignals(),
 		eventSubscription,
 		stereoscope.Cleanup,
@@ -236,21 +249,42 @@ func generateSBOM(src *source.Source) (*sbom.SBOM, error) {
 	return &s, nil
 }
 
-func sbomExecWorker(si source.Input, writer sbom.Writer) <-chan error {
+func sbomExecWorker(userInput string, dockerCli command.Cli, platform *image.Platform, writer sbom.Writer) <-chan error {
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
 
-		src, cleanup, err := source.New(si, nil, appConfig.Exclusions)
-		if cleanup != nil {
-			defer cleanup()
+		provider := stereoscopeDocker.NewProviderFromDaemon(
+			userInput,
+			file.NewTempDirGenerator(internal.ApplicationName),
+			dockerCli.Client(),
+			platform,
+		)
+		img, err := provider.Provide(context.Background())
+		defer func() {
+			if err := img.Cleanup(); err != nil {
+				log.Warnf("failed to clean up image: %+v", err)
 			}
+		}()
 		if err != nil {
-			errs <- fmt.Errorf("failed to construct source from user input %q: %w", si.UserInput, err)
+			errs <- fmt.Errorf("failed to fetch the image %q: %w", userInput, err)
 			return
 		}
 
-		s, err := generateSBOM(src)
+		err = img.Read()
+		if err != nil {
+			errs <- fmt.Errorf("failed to read the image %q: %w", userInput, err)
+			return
+		}
+
+		src, err := source.NewFromImage(img, userInput)
+		if err != nil {
+			errs <- fmt.Errorf("failed to construct source from user input %q: %w", userInput, err)
+			return
+		}
+		src.Exclusions = appConfig.Exclusions
+
+		s, err := generateSBOM(&src)
 		if err != nil {
 			errs <- err
 			return

go.mod

@@ -1,12 +1,12 @@
 module github.com/docker/sbom-cli-plugin
 
-go 1.17
+go 1.18
 
 require (
 	github.com/Microsoft/hcsshim v0.9.2 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/anchore/stereoscope v0.0.0-20220307154759-8a5a70c227d3
-	github.com/anchore/syft v0.41.1
+	github.com/anchore/stereoscope v0.0.0-20220322123031-7a744f443e99
+	github.com/anchore/syft v0.42.2
 	github.com/containerd/containerd v1.5.10 // indirect
 	github.com/containerd/continuity v0.2.2 // indirect
 	github.com/docker/cli v20.10.12+incompatible
@@ -15,7 +15,7 @@ require (
 	github.com/fvbommel/sortorder v1.0.2 // indirect
 	github.com/gookit/color v1.4.2
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/moby/sys/mount v0.3.0 // indirect
+	github.com/moby/sys/mount v0.3.1 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.3.0
@@ -33,13 +33,14 @@ require (
 
 require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.4.0 // indirect
+	github.com/CycloneDX/cyclonedx-go v0.5.0 // indirect
 	github.com/Microsoft/go-winio v0.5.1 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
+	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/go-rpmdb v0.0.0-20210914181456-a9c52348da63 // indirect
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 // indirect
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b // indirect
-	github.com/anchore/packageurl-go v0.0.0-20210922164639-b3fa992ebd29 // indirect
+	github.com/anchore/packageurl-go v0.1.1-0.20220314153042-1bcd40e5206b // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect
@@ -84,7 +85,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
-	github.com/moby/sys/mountinfo v0.5.0 // indirect
+	github.com/moby/sys/mountinfo v0.6.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect

test/cli/sbom_cmd_test.go

@@ -35,7 +35,7 @@ func TestSBOMCmdFlags(t *testing.T) {
 				assertInOutput("docker-sbom ("),
 				assertInOutput("Provider:"),
 				assertInOutput("GitDescription:"),
-				assertInOutput("syft (v0.41.1)"),
+				assertInOutput("syft (v0.42.2)"),
 				assertNotInOutput("not provided"),
 				assertSuccessfulReturnCode,
 			},
@@ -55,7 +55,7 @@ func TestSBOMCmdFlags(t *testing.T) {
 			args: []string{"sbom", "--format", "json", coverageImage},
 			assertions: []traitAssertion{
 				assertJsonReport,
-				assertJsonDescriptor(internal.SyftName, "v0.41.1"),
+				assertJsonDescriptor(internal.SyftName, "v0.42.2"),
 				assertNotInOutput("not provided"),
 				assertSuccessfulReturnCode,
 			},