[bug] fix copacetic trying to patch images with 0 patchable vulnerabi…

…lities (#106)

* fix copacetic trying to patch images with 0 patchable vulnerabilities
* update buildkitd version to match go.mod

.devcontainer/docker-compose.yml

@@ -8,7 +8,7 @@ services:
     command: sleep infinity
 
   buildkitd:
-    image: moby/buildkit:v0.12.4
+    image: moby/buildkit:v0.15.1
     entrypoint: ["buildkitd"]
     command: ["--addr", "tcp://0.0.0.0:8888"]
     privileged: true

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/aquasecurity/trivy v0.53.1-0.20240725155459-d76febaee107
 	github.com/blang/semver/v4 v4.0.0
 	github.com/bobg/go-generics v1.7.2
+	github.com/containerd/platforms v0.2.1
 	github.com/distribution/reference v0.6.0
 	github.com/docker/buildx v0.16.0
 	github.com/enescakir/emoji v1.0.0
@@ -57,7 +58,6 @@ require (
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/containerd/console v1.0.4 // indirect
 	github.com/containerd/containerd/api v1.7.19 // indirect
-	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.3.0 // indirect
 	github.com/csaf-poc/csaf_distribution/v3 v3.0.0 // indirect

pkg/copa/patch.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containerd/platforms"
 	"github.com/docker/buildx/build"
 	"github.com/docker/cli/cli/config"
 	"github.com/quay/claircore/osrelease"
@@ -19,6 +20,7 @@ import (
 
 	"github.com/distribution/reference"
 	"github.com/moby/buildkit/client"
+	"github.com/moby/buildkit/client/llb"
 	"github.com/moby/buildkit/exporter/containerimage/exptypes"
 	gwclient "github.com/moby/buildkit/frontend/gateway/client"
 	"github.com/moby/buildkit/session"
@@ -224,15 +226,16 @@ func patchWithContext(ctx context.Context, ch chan error, image, reportFile, pat
 			patchedImageState, errPkgs, err := manager.InstallUpdates(ctx, updates, ignoreError)
 			log.Infof("Error is: %v", err)
 			if err != nil {
-				// if there are no patchable vulnerabilities, return nil without error
-				if len(updates.Updates) != 0 {
-					ch <- err
-					return nil, fmt.Errorf("copa: error installing updates for %s to address %d vulnerabilities :: %w", image, len(updates.Updates), err)
-				}
+				ch <- err
 				return nil, nil
 			}
 
-			def, err := patchedImageState.Marshal(ctx)
+			platform := platforms.Normalize(platforms.DefaultSpec())
+			if platform.OS != "linux" {
+				platform.OS = "linux"
+			}
+
+			def, err := patchedImageState.Marshal(ctx, llb.Platform(platform))
 			if err != nil {
 				ch <- err
 				return nil, err

pkg/trivy/util.go

@@ -8,7 +8,9 @@ func ContainsOsPkgs(rs types.Results) bool {
 	for _, r := range rs {
 		switch r.Class {
 		case "os-pkgs":
-			return true
+			if !r.IsEmpty() {
+				return true
+			}
 		}
 	}
 	return false

website/docs/env.md

@@ -18,7 +18,7 @@ docker run -d -p 5000:5000 --restart=always --name registry registry:2
 #### Buildkitd
 
 ```shell title="bash"
-export BUILDKIT_VERSION=v0.12.4
+export BUILDKIT_VERSION=v0.15.1
 export BUILDKIT_PORT=8888
 docker run --detach --rm --privileged \
 -p 127.0.0.1:$BUILDKIT_PORT:$BUILDKIT_PORT/tcp \

website/docs/intro_extended.md

@@ -26,7 +26,7 @@ docker run -d -p 5000:5000 --restart=always --name registry registry:2
 #### Buildkitd
 
 ```shell title="bash"
-export BUILDKIT_VERSION=v0.12.4
+export BUILDKIT_VERSION=v0.15.1
 export BUILDKIT_PORT=8888
 docker run --detach --rm --privileged \
 -p 127.0.0.1:$BUILDKIT_PORT:$BUILDKIT_PORT/tcp \