add sbom flags on server side for podman-remote

aguidirh · aguidirh · commit 6cc56dbee19c · 2025-04-11T13:37:01.000+02:00
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"strings"
 	"syscall"
@@ -171,6 +172,13 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		UnsetEnvs               []string `schema:"unsetenv"`
 		UnsetLabels             []string `schema:"unsetlabel"`
 		Volumes                 []string `schema:"volume"`
+		SBOMOutput              string   `schema:"sbom-output"`
+		SBOMPURLOutput          string   `schema:"sbom-purl-output"`
+		ImageSBOMOutput         string   `schema:"sbom-image-output"`
+		ImageSBOMPURLOutput     string   `schema:"sbom-image-purl-output"`
+		ImageSBOM               string   `schema:"sbom-scanner-image"`
+		SBOMCommands            []string `schema:"sbom-scanner-command"`
+		SBOMMergeStrategy       string   `schema:"sbom-merge-strategy"`
 	}{
 		Dockerfile:       "Dockerfile",
 		IdentityLabel:    true,
@@ -693,6 +701,38 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	var sbomScanOptions []buildahDefine.SBOMScanOptions
+	if query.ImageSBOM != "" ||
+		query.SBOMOutput != "" ||
+		query.ImageSBOMOutput != "" ||
+		query.SBOMPURLOutput != "" ||
+		query.ImageSBOMPURLOutput != "" ||
+		len(query.SBOMCommands) > 0 ||
+		query.SBOMMergeStrategy != "" {
+		sbomScanOption := &buildahDefine.SBOMScanOptions{
+			SBOMOutput:      query.SBOMOutput,
+			PURLOutput:      query.SBOMPURLOutput,
+			ImageSBOMOutput: query.ImageSBOMOutput,
+			ImagePURLOutput: query.ImageSBOMPURLOutput,
+			Image:           query.ImageSBOM,
+			Commands:        query.SBOMCommands,
+			MergeStrategy:   buildahDefine.SBOMMergeStrategy(query.SBOMMergeStrategy),
+			PullPolicy:      pullPolicy,
+		}
+
+		if !slices.Contains(sbomScanOption.ContextDir, contextDirectory) {
+			sbomScanOption.ContextDir = append(sbomScanOption.ContextDir, contextDirectory)
+		}
+
+		for _, abc := range additionalBuildContexts {
+			if !abc.IsURL && !abc.IsImage {
+				sbomScanOption.ContextDir = append(sbomScanOption.ContextDir, abc.Value)
+			}
+		}
+
+		sbomScanOptions = append(sbomScanOptions, *sbomScanOption)
+	}
+
 	buildOptions := buildahDefine.BuildOptions{
 		AddCapabilities:         addCaps,
 		AdditionalBuildContexts: additionalBuildContexts,
@@ -772,6 +812,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		Target:                         query.Target,
 		UnsetEnvs:                      query.UnsetEnvs,
 		UnsetLabels:                    query.UnsetLabels,
+		SBOMScanOptions:                sbomScanOptions,
 	}
 
 	platforms := query.Platform
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
@@ -483,6 +483,42 @@ func Build(ctx context.Context, containerFiles []string, options types.BuildOpti
 		stdout = options.Out
 	}
 
+	if len(options.SBOMScanOptions) > 0 {
+		for _, sbomScanOpts := range options.SBOMScanOptions {
+			if sbomScanOpts.SBOMOutput != "" {
+				params.Set("sbom-output", sbomScanOpts.SBOMOutput)
+			}
+
+			if sbomScanOpts.PURLOutput != "" {
+				params.Set("sbom-purl-output", sbomScanOpts.PURLOutput)
+			}
+
+			if sbomScanOpts.ImageSBOMOutput != "" {
+				params.Set("sbom-image-output", sbomScanOpts.ImageSBOMOutput)
+			}
+
+			if sbomScanOpts.ImagePURLOutput != "" {
+				params.Set("sbom-image-purl-output", sbomScanOpts.ImagePURLOutput)
+			}
+
+			if sbomScanOpts.Image != "" {
+				params.Set("sbom-scanner-image", sbomScanOpts.Image)
+			}
+
+			if commands := sbomScanOpts.Commands; len(commands) > 0 {
+				c, err := jsoniter.MarshalToString(commands)
+				if err != nil {
+					return nil, err
+				}
+				params.Add("sbom-scanner-command", c)
+			}
+
+			if sbomScanOpts.MergeStrategy != "" {
+				params.Set("sbom-merge-strategy", string(sbomScanOpts.MergeStrategy))
+			}
+		}
+	}
+
 	contextDir, err = filepath.Abs(options.ContextDirectory)
 	if err != nil {
 		logrus.Errorf("Cannot find absolute path of %v: %v", options.ContextDirectory, err)
