policy: add artifact attestation and github attestation builtin support

build/build.go

@@ -308,7 +308,7 @@ func newBuildRequests(ctx context.Context, docker *dockerutil.Client, cfg *confu
 				return nil, nil, err
 			}
 			localOpt := opt
-			so, release, err := toSolveOpt(ctx, np.Node(), multiDriver, &localOpt, gatewayOpts, cfg, w, docker)
+			so, release, err := toSolveOpt(ctx, np, multiDriver, &localOpt, gatewayOpts, cfg, w, docker)
 			opts[k] = localOpt
 			if err != nil {
 				return nil, nil, err

build/opt.go

@@ -23,14 +23,15 @@ import (
 	"github.com/containerd/containerd/v2/plugins/content/local"
 	"github.com/containerd/platforms"
 	"github.com/distribution/reference"
-	"github.com/docker/buildx/builder"
+	noderesolver "github.com/docker/buildx/build/resolver"
 	"github.com/docker/buildx/driver"
 	"github.com/docker/buildx/policy"
 	"github.com/docker/buildx/util/buildflags"
 	"github.com/docker/buildx/util/confutil"
 	"github.com/docker/buildx/util/dockerutil"
 	"github.com/docker/buildx/util/osutil"
 	"github.com/docker/buildx/util/progress"
+	"github.com/docker/buildx/util/sourcemeta"
 	"github.com/docker/buildx/util/urlutil"
 	"github.com/moby/buildkit/client"
 	"github.com/moby/buildkit/client/llb"
@@ -222,7 +223,8 @@ func isPolicyEvaluationError(policies []*policy.Policy, err error) bool {
 	return false
 }
 
-func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *Options, bopts gateway.BuildOpts, cfg *confutil.Config, pw progress.Writer, docker *dockerutil.Client) (_ *client.SolveOpt, release func(error), err error) {
+func toSolveOpt(ctx context.Context, np *noderesolver.ResolvedNode, multiDriver bool, opt *Options, bopts gateway.BuildOpts, cfg *confutil.Config, pw progress.Writer, docker *dockerutil.Client) (_ *client.SolveOpt, release func(error), err error) {
+	node := np.Node()
 	nodeDriver := node.Driver
 	defers := make([]func(error), 0, 2)
 	releaseF := func(inErr error) {
@@ -513,6 +515,17 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *O
 		if err != nil {
 			return nil, nil, err
 		}
+		var sourceResolver *sourcemeta.Resolver
+		if len(popts) > 0 {
+			c, err := np.Client(ctx)
+			if err != nil {
+				return nil, nil, err
+			}
+			sourceResolver = sourcemeta.NewResolver(c, sourcemeta.WithProgressWriter(pw))
+			defers = append(defers, func(error) {
+				_ = sourceResolver.Close()
+			})
+		}
 		var policyFiles []string
 		for _, popt := range popts {
 			for _, f := range popt.Files {
@@ -554,6 +567,7 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *O
 				FS:               opt.Inputs.policy.FS,
 				VerifierProvider: policy.SignatureVerifier(cfg),
 				DefaultPlatform:  defaultPlatform(bopts),
+				SourceResolver:   sourceResolver,
 			})
 			policies = append(policies, p)
 			cbs = append(cbs, p.CheckPolicy)

go.mod

@@ -21,6 +21,7 @@ require (
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-units v0.5.0
 	github.com/gofrs/flock v0.13.0
+	github.com/golang/snappy v0.0.4
 	github.com/google/go-dap v0.12.1-0.20250904181021-d7a2259b058b
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.6.0

go.sum

@@ -289,6 +289,8 @@ github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8J
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/certificate-transparency-go v1.3.2 h1:9ahSNZF2o7SYMaKaXhAumVEzXB2QaayzII9C8rv7v+A=
 github.com/google/certificate-transparency-go v1.3.2/go.mod h1:H5FpMUaGa5Ab2+KCYsxg6sELw3Flkl7pGZzWdBoYLXs=
 github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q=

policy/builtins.rego

@@ -21,3 +21,19 @@ docker_github_builder_signature(sig, repo) if {
 	sig.signer.runnerEnvironment == "github-hosted"
 	count(sig.timestamps) > 0
 }
+
+docker_github_builder_bundle(http, filename, repo) if {
+	sig := artifact_attestation(http, filename)
+	docker_github_builder_signature(sig, repo)
+}
+
+github_release_attestation(http) := sig if {
+	http.schema == "https"
+	lower(http.host) == "github.com"
+
+	m := regex.find_all_string_submatch_n(`^/([^/]+)/([^/]+)/releases/download/[^/]+/.+$`, http.path, 1)[0]
+	owner := m[1]
+	repo := m[2]
+
+	sig := github_attestation(http, sprintf("%s/%s", [owner, repo]))
+}