buildkitd: Add ability to restrict frontends and gateway sources (!46) · Merge requests · repos / releng / Buildkit

Ahmon Dancy requested to merge wmf/v0.12-If6519d9b16f636d40b445e42c58d21b38d4b666e into wmf/v0.12 Feb 01, 2024

When building images on trusted runners we want to ensure that only
the Blubber frontend is used. This commit adds the ability to
restrict the frontends and gateway sources in buildkitd.

buildkit.toml entries that will be used on trusted runners:

allowed-frontends = ["gateway.v0"]
allowed-gateway-sources = ["docker-registry.wikimedia.org/repos/releng/blubber/buildkit"]

Bug: T329220

Related MRs:

!46 (merged) (This MR)
!47 (merged)
wmf/v0.12

Depends-On: !47 (merged)

Edited Feb 01, 2024 by Ahmon Dancy

Admin message

Admin message

buildkitd: Add ability to restrict frontends and gateway sources

Merge request reports