refactor(sbom): reuse ContainerBackend.SaveImageToStream();

refactor(sbom): use mutate.Extract()

Signed-off-by: Alexandr Zaytsev <[email protected]>

Author: nervgh

cmd/werf/sbom/get/get.go

@@ -1,6 +1,7 @@
 package get
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"io"
@@ -17,7 +18,6 @@ import (
 	"github.com/werf/werf/v2/pkg/container_backend"
 	"github.com/werf/werf/v2/pkg/giterminism_manager"
 	"github.com/werf/werf/v2/pkg/sbom"
-	"github.com/werf/werf/v2/pkg/sbom/finder"
 	"github.com/werf/werf/v2/pkg/tmp_manager"
 	"github.com/werf/werf/v2/pkg/true_git"
 	"github.com/werf/werf/v2/pkg/werf/global_warnings"
@@ -219,20 +219,35 @@ func run(ctx context.Context, containerBackend container_backend.ContainerBacken
 		return err
 	}
 
-	sbomArtifactFinder := finder.NewFinder(containerBackend)
-
-	artifactFile, err := sbomArtifactFinder.FindArtifactFile(ctx, exportedImages, requestedImageName)
+	sbomImageName, err := getSbomImageName(exportedImages, requestedImageName)
 	if err != nil {
-		return fmt.Errorf("find artifact file error: %w", err)
+		return fmt.Errorf("unable to get SBOM image name: %w", err)
+	}
+
+	opener := func() (io.ReadCloser, error) {
+		return containerBackend.SaveImageToStream(ctx, sbomImageName)
 	}
-	if artifactFile == nil {
-		return fmt.Errorf("artifact file is not found in SBOM image %q", sbom.ImageName(requestedImageName))
+
+	artifactContent, err := sbom.FindSingleSbomArtifact(opener)
+	if err != nil {
+		return fmt.Errorf("unable to find artifact file: %w", err)
 	}
 
 	return logboek.Streams().DoErrorWithoutProxyStreamDataFormatting(func() error {
-		if _, err = io.Copy(os.Stdout, artifactFile); err != nil {
+		if _, err = io.Copy(os.Stdout, bytes.NewReader(artifactContent)); err != nil {
 			return fmt.Errorf("unable to redirect artifact file content into stdout: %w", err)
 		}
 		return nil
 	})
 }
+
+func getSbomImageName(exportedImages []*image.Image, requestedImageName string) (string, error) {
+	foundImage, ok := lo.Find(exportedImages, func(item *image.Image) bool {
+		return item.Name == requestedImageName
+	})
+	if !ok {
+		return "", fmt.Errorf("unable to find requested image %q", requestedImageName)
+	}
+
+	return sbom.ImageName(foundImage.GetLastNonEmptyStage().GetStageImage().Image.GetStageDesc().Info.Name), nil
+}

pkg/buildah/common.go

@@ -1,7 +1,6 @@
 package buildah
 
 import (
-	"bytes"
 	"context"
 	"fmt"
 	"io"
@@ -215,7 +214,6 @@ type Buildah interface {
 	PruneImages(ctx context.Context, opts PruneImagesOptions) (PruneImagesReport, error)
 	SaveImageToStream(ctx context.Context, imageName string) (io.ReadCloser, error)
 	LoadImageFromStream(ctx context.Context, input io.Reader) (string, error)
-	DumpImage(ctx context.Context, ref string, opts StreamOpts) (*bytes.Reader, error)
 }
 
 type Mode string

pkg/buildah/native_linux.go

@@ -334,49 +334,6 @@ func (b *NativeBuildah) Push(ctx context.Context, ref string, opts PushOpts) err
 	return nil
 }
 
-func (b *NativeBuildah) DumpImage(ctx context.Context, ref string, opts StreamOpts) (*bytes.Reader, error) {
-	// NOTICE: targetPlatform specified for push causes buildah to fail for some unknown reason
-	sysCtx, err := b.getSystemContext("")
-	if err != nil {
-		return nil, err
-	}
-
-	tmpFile, err := os.CreateTemp(b.TmpDir, "buildah-img-******.tar")
-	if err != nil {
-		return nil, err
-	}
-	defer tmpFile.Close()
-	defer os.Remove(tmpFile.Name())
-
-	pushOpts := buildah.PushOptions{
-		Compression:         define.Uncompressed,
-		SignaturePolicyPath: b.SignaturePolicyPath,
-		ReportWriter:        opts.LogWriter,
-		Store:               b.Store,
-		SystemContext:       sysCtx,
-		ManifestType:        manifest.DockerV2Schema2MediaType,
-	}
-
-	// NOTE: Here we use "docker-archive" transport on [email protected] to disable gzip compression.
-	// Is there any way to disable gzip compression with "oci-archive" transport using go code?
-	// In e2e this approach works with Buildah CLI.
-	destinationRef, err := alltransports.ParseImageName(fmt.Sprintf("docker-archive:%s", tmpFile.Name()))
-	if err != nil {
-		return nil, fmt.Errorf("error parsing destination ref from %q: %w", tmpFile.Name(), err)
-	}
-
-	if _, _, err = buildah.Push(ctx, ref, destinationRef, pushOpts); err != nil {
-		return nil, fmt.Errorf("error pushing image %q: %w", ref, err)
-	}
-
-	bSlice, err := os.ReadFile(tmpFile.Name())
-	if err != nil {
-		return nil, fmt.Errorf("unable to bufferize image data: %w", err)
-	}
-
-	return bytes.NewReader(bSlice), nil
-}
-
 func (b *NativeBuildah) BuildFromDockerfile(ctx context.Context, dockerfile string, opts BuildFromDockerfileOpts) (string, error) {
 	var targetPlatform string
 	var targetPlatforms []struct{ OS, Arch, Variant string }

pkg/container_backend/buildah_backend.go

@@ -1205,9 +1205,3 @@ func mapSbomScanOptionsToBuidahBackendScanOptions(scanOpts scanner.ScanOptions)
 		Commands:   []string{scanCmd.String()},
 	}
 }
-
-func (backend *BuildahBackend) DumpImage(ctx context.Context, ref string) (*bytes.Reader, error) {
-	return backend.buildah.DumpImage(ctx, ref, buildah.StreamOpts{
-		LogWriter: io.Discard,
-	})
-}

pkg/container_backend/docker_server_backend.go

@@ -1,7 +1,6 @@
 package container_backend
 
 import (
-	"bytes"
 	"context"
 	"errors"
 	"fmt"
@@ -500,23 +499,6 @@ func (backend *DockerServerBackend) GenerateSBOM(ctx context.Context, scanOpts s
 	return imageId, nil
 }
 
-func (backend *DockerServerBackend) DumpImage(ctx context.Context, ref string) (*bytes.Reader, error) {
-	rc, err := docker.ImageSave(ctx, ref)
-	if err != nil {
-		return nil, fmt.Errorf("unable to open image streaming %q: %w", ref, err)
-	}
-	buf := &bytes.Buffer{}
-
-	if _, err = io.Copy(buf, rc); err != nil {
-		return nil, fmt.Errorf("unable to bufferize image data: %w", err)
-	}
-	if err = rc.Close(); err != nil {
-		return nil, fmt.Errorf("unable to close image streaming: %w", err)
-	}
-
-	return bytes.NewReader(buf.Bytes()), nil
-}
-
 func mapSbomScanCommandsToSbomBillNames(commands []scanner.ScanCommand) []string {
 	return lo.Map(commands, func(scanCmd scanner.ScanCommand, _ int) string {
 		return filepath.Join(scanCmd.OutputStandard.String(), fmt.Sprintf("%s.json", scanCmd.Checksum()))

pkg/container_backend/interface.go

@@ -1,7 +1,6 @@
 package container_backend
 
 import (
-	"bytes"
 	"context"
 	"io"
 
@@ -111,9 +110,6 @@ type ContainerBackend interface {
 	// PruneVolumes removes all anonymous volumes not used by at least one container
 	PruneVolumes(ctx context.Context, options prune.Options) (prune.Report, error)
 
-	// DumpImage streams image using bytes reader
-	DumpImage(ctx context.Context, ref string) (*bytes.Reader, error)
-
 	// GenerateSBOM scans and generates SBOM from source image into another destination image
 	GenerateSBOM(ctx context.Context, scanOpts scanner.ScanOptions, dstImgLabels []string) (string, error)
 

pkg/container_backend/perf_check_container_backend.go

@@ -1,7 +1,6 @@
 package container_backend
 
 import (
-	"bytes"
 	"context"
 	"io"
 
@@ -225,14 +224,6 @@ func (runtime *PerfCheckContainerBackend) LoadImageFromStream(ctx context.Contex
 	return runtime.ContainerBackend.LoadImageFromStream(ctx, input)
 }
 
-func (runtime *PerfCheckContainerBackend) DumpImage(ctx context.Context, ref string) (reader *bytes.Reader, err error) {
-	logboek.Context(ctx).Default().LogProcess("ContainerBackend.DumpImage %v", ref).
-		Do(func() {
-			reader, err = runtime.ContainerBackend.DumpImage(ctx, ref)
-		})
-	return
-}
-
 func (runtime *PerfCheckContainerBackend) GenerateSBOM(ctx context.Context, scanOpts scanner.ScanOptions, dstImgLabels []string) (imgId string, err error) {
 	logboek.Context(ctx).Default().LogProcess("ContainerBackend.GenerateSBOM scanOpts=%+v, dstImgLabels=%v", scanOpts, dstImgLabels).
 		Do(func() {