security opt label disable added

[Shashankft9]

Summary

fixes #1208

• added security option label=disabled as mentioned here: Add --security-opt flag #1208 (comment)
• not sure where this has to be documented as talked about in the issue mentioned above, please provide the pointers and I will create a PR for that

[dfreilich]

Hey @Shashankft9!

Thanks for the help with this, that looks pretty great. Two things:

1. Could you fix your DCO signing? You'll find instructions for that here
2. Could you add a test for it? It should be as simple as adding a line to these tests

[codecov]

Codecov Report

Merging #1307 (000c345) into main (c7eaf3b) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1307      +/-   ##
==========================================
+ Coverage   81.03%   81.04%   +0.01%     
==========================================
  Files         143      143              
  Lines        8734     8737       +3     
==========================================
+ Hits         7077     7080       +3     
  Misses       1218     1218              
  Partials      439      439              

Flag	Coverage Δ
os_linux	79.62% <100.00%> (+0.01%)	⬆️
os_macos	76.90% <100.00%> (+0.01%)	⬆️
os_windows	80.94% <100.00%> (+0.01%)	⬆️
unit	81.04% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

[Shashankft9]

@dfreilich thank you for the help, appreciate it.

Tests seem to be failing with:

===> DETECTING
        Running the 'detector' on OS 'windows' with:
        Container Settings:
          Args: '/cnb/lifecycle/detector -app c:\workspace -log-level debug'
          System Envs: 'CNB_PLATFORM_API=0.6'
          Image: 'pack.local/builder/74736771786a636b6772:latest'
          User: ''
          Labels: 'map[author:pack]'
        Host Settings:
          Binds: 'pack-layers-lvtzshrkyo:c:\layers pack-app-gdoykcpsvo:c:\workspace'
          Network Mode: ''
        [detector] ======== Output: read/env@read-env-version ========
        [detector] DETECT: Printenv buildpack
        [detector] ======== Results ========
        [detector] pass: simple/layers@simple-layers-version
        [detector] err:  read/env@read-env-version (1)
        [detector] Resolving plan... (try #1)
        [detector] 1 of 2 buildpacks participating
        [detector] simple/layers simple-layers-version
        ===> ANALYZING
        Running the 'analyzer' on OS 'windows' with:
        Container Settings:
          Args: '/cnb/lifecycle/analyzer -log-level debug -daemon -cache-dir c:\cache 10.32.101.130:50491/some-org/aowswsurzg'
          System Envs: 'CNB_USER_ID=1 CNB_GROUP_ID=1 CNB_PLATFORM_API=0.6'
          Image: 'index.docker.io/buildpacksio/lifecycle:0.11.3'
          User: 'ContainerAdministrator'
          Labels: 'map[author:pack]'
        Host Settings:
          Binds: '\\.\pipe\docker_engine:\\.\pipe\docker_engine pack-cache-some-org_aowswsurzg_latest-088135f0954b.build:c:\cache pack-layers-lvtzshrkyo:c:\layers pack-app-gdoykcpsvo:c:\workspace'
          Network Mode: ''
        ERROR: failed to build: executing lifecycle. This may be the result of using an untrusted builder: container start: Error response from daemon: security option not supported: label

[Shashankft9]

oh, am I correct in thinking that this security opt needs to be set only when provider.os is not windows?

[Shashankft9]

hey @dfreilich this is ready for another review I think

[jromero]

@Shashankft9 🙏 Thanks for the contribution! Keep it up!