fix: #23915 podman build is not parsing sbom command line arguments

[aguidirh]

Issue Description

SBOM flags are not respected while podman build command.

At the same time buildah build command works as expected.

Fixes #23915

Steps to reproduce the issue

With the following Containerfile:

FROM ubuntu:22.04
WORKDIR /app

Run the following podman build:

podman build -t sbom-img --sbom=trivy-spdx \
        --sbom-image-output=/app/sbom-spdx.json \
        --sbom-output=sbom-spdx.json \
        --sbom-scanner-image=ghcr.io/aquasecurity/trivy \
        --sbom-scanner-command="trivy filesystem -q {ROOTFS} --format spdx-json --output {OUTPUT}" \
        --sbom-scanner-command="trivy filesystem -q {CONTEXT} --format spdx-json --output {OUTPUT}" \
        --sbom-merge-strategy=merge-spdx-by-package-name-and-versioninfo \
        -f Containerfile

Create a container with the image built in the previous step and check if the file sbom-spdx.json is inside of the container as requested:

podman run -it --rm sbom-img ls -al

Expected result:

drwxr-xr-x. 1 root root     28 Mar 21 13:06 .
dr-xr-xr-x. 1 root root     12 Mar 21 13:17 ..
-rw-r--r--. 1 root root 147729 Mar 21 13:06 sbom-spdx.json

Actual results:

drwxr-xr-x. 1 root root     28 Mar 21 13:06 .
dr-xr-xr-x. 1 root root     12 Mar 21 13:17 ..

Running the steps above with the code from this PR shows the expected result (the same as when using buildah), while running with the code from the main branch shows the actual result (with the bug).

Does this PR introduce a user-facing change?

None

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aguidirh
Once this PR has been reviewed and has the lgtm label, please assign luap99 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[baude]

please sign your commits https://github.com/containers/podman/blob/main/CONTRIBUTING.md#sign-your-prs

[baude]

@nalind ptal

[baude]

and you need to add a release note ... this is cli and is an outward change.

and add a test

[aguidirh]

Hi @baude,

please sign your commits https://github.com/containers/podman/blob/main/CONTRIBUTING.md#sign-your-prs

I believe the commit is signed.

and you need to add a release note

I did not add a release note because in the template it was saying to add it only in case of user-facing change, there is no user-facing change, only a bug fix for the flags that were already there.

[nalind]

This looks exactly what github.com/containers/buildah/pkg/cli.GenBuildOptions() does, so I expect it's going to handle the options correctly, so LGTM.
But if podman isn't calling that function, I have to wonder why we went to the trouble of exporting it there.

[aguidirh]

/retest

[openshift-ci]

@aguidirh: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[aguidirh]

Hi @nalind,

I added the test requested by @baude.

They are passing locally, I am not sure why some tests are failing in the PR.

Could you please /retest them?

[nalind]

/ok-to-test

[nalind]

/retest

[baude]

the test [FAIL] Podman build [It] podman build with sbom flags is failing here.

[baude]

also note the failures are all remote tests

[aguidirh]

also note the failures are all remote tests

Thanks @baude, I will have a look why they are failing for the remote tests and try to fix them.

[l0rd]

Great job @aguidirh , tests are passing. If you don't mind, it would be helpful to add some remote tests (see pkg/machine/e2e). Also, please squash your commits as CI tests were not passing for the first one.