From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Mon, 3 Feb 2025 22:14:55 -0800
Subject: [PATCH] otel: avoid tracing raw os arguments

User might pass a value that they don't expect to
be kept in trace storage. For example some cache backends
allow passing authentication tokens with a flag.

Instead use known primary config values as attributes
of the root span.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

Origin: upstream, https://github.com/docker/buildx/commit/0982070af84d476b232d2d75ab551c3222592db1
Bug-Debian: http://bugs.debian.org/1100991
Backported-by: Nicolas Peugnet <nicolas@club1.fr>
 * Added missing import in commands/bake.go
 * Fixed conflicts in other hunks
---
 commands/bake.go      | 7 ++++++-
 commands/build.go     | 6 +++++-
 util/tracing/trace.go | 7 +++----
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/commands/bake.go b/commands/bake.go
index 14e3d4a..bd4747a 100644
--- a/commands/bake.go
+++ b/commands/bake.go
@@ -26,6 +26,7 @@ import (
 	"github.com/moby/buildkit/util/progress/progressui"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 type bakeOptions struct {
@@ -42,7 +43,11 @@ type bakeOptions struct {
 }
 
 func runBake(ctx context.Context, dockerCli command.Cli, targets []string, in bakeOptions, cFlags commonFlags) (err error) {
-	ctx, end, err := tracing.TraceCurrentCommand(ctx, "bake")
+	ctx, end, err := tracing.TraceCurrentCommand(ctx, append([]string{"bake"}, targets...),
+		attribute.String("builder", in.builder),
+		attribute.StringSlice("targets", targets),
+		attribute.StringSlice("files", in.files),
+	)
 	if err != nil {
 		return err
 	}
diff --git a/commands/build.go b/commands/build.go
index 9753650..c83934a 100644
--- a/commands/build.go
+++ b/commands/build.go
@@ -272,7 +272,11 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 	}
 	defer mp.Report(context.Background())
 
-	ctx, end, err := tracing.TraceCurrentCommand(ctx, "build")
+	ctx, end, err := tracing.TraceCurrentCommand(ctx, []string{"build", options.contextPath},
+		attribute.String("builder", options.builder),
+		attribute.String("context", options.contextPath),
+		attribute.String("dockerfile", options.dockerfileName),
+	)
 	if err != nil {
 		return err
 	}
diff --git a/util/tracing/trace.go b/util/tracing/trace.go
index c95ad5a..13ce349 100644
--- a/util/tracing/trace.go
+++ b/util/tracing/trace.go
@@ -2,7 +2,6 @@ package tracing
 
 import (
 	"context"
-	"os"
 	"strings"
 
 	"github.com/moby/buildkit/util/tracing/detect"
@@ -10,13 +9,13 @@ import (
 	"go.opentelemetry.io/otel/trace"
 )
 
-func TraceCurrentCommand(ctx context.Context, name string) (context.Context, func(error), error) {
+func TraceCurrentCommand(ctx context.Context, args []string, attrs ...attribute.KeyValue) (context.Context, func(error), error) {
 	tp, err := detect.TracerProvider()
 	if err != nil {
 		return context.Background(), nil, err
 	}
-	ctx, span := tp.Tracer("").Start(ctx, name, trace.WithAttributes(
-		attribute.String("command", strings.Join(os.Args, " ")),
+	ctx, span := tp.Tracer("").Start(ctx, strings.Join(args, " "), trace.WithAttributes(
+		attrs...,
 	))
 
 	return ctx, func(err error) {