mirror of
				https://gitea.com/docker/build-push-action.git
				synced 2025-10-22 19:53:41 +08:00 
			
		
		
		
	Compare commits
	
		
			162 Commits
		
	
	
		
			v4.1.0
			...
			releases/v
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | ca052bb54a | ||
|   | 025c2051f3 | ||
|   | 12076d2fb1 | ||
|   | ef6cba3353 | ||
|   | 4c16cf906a | ||
|   | a3118a86c8 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | c86eb8b0f7 | ||
|   | 2a53c6ccda | ||
|   | ccef1f210d | ||
|   | 79117b6ea5 | ||
|   | df19a799eb | ||
|   | 0e2ab16cd2 | ||
|   | 54d0f58d64 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 563a2f55e4 | ||
|   | 6003d3266a | ||
|   | e1e22cdde8 | ||
|   | fc15b64049 | ||
|   | 6c58ea3670 | ||
|   | 729f7f4926 | ||
|   | 99d83235bc | ||
|   | 1d5307d7af | ||
|   | cf8d130912 | ||
|   | 8804d8e2ac | ||
|   | 1984549052 | ||
|   | 5bc9e2e9b9 | ||
|   | eb539f44b1 | ||
|   | b6ff9e5753 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 929fba6cce | ||
|   | 7f1f43ba33 | ||
|   | 40d6a900e0 | ||
|   | d56be63626 | ||
|   | eb3cfeaf00 | ||
|   | d0fc12d8a4 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 68615d5b67 | ||
|   | c3b570184c | ||
|   | 7e6f77677b | ||
|   | 2ce6beaad4 | ||
|   | 4c8d1e6826 | ||
|   | b0312962ef | ||
|   | 96acf63e4c | ||
|   | f8bc7f4600 | ||
|   | c2064be02c | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 4f02f34098 | ||
|   | 090ca155fc | ||
|   | ec4854f780 | ||
|   | 2cdde995de | ||
|   | 008747aa03 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 1580753126 | ||
|   | 2a7db1d68a | ||
|   | 35e7dd5921 | ||
|   | af5a7ed5ba | ||
|   | 2a85189a6c | ||
|   | 6c2079483e | ||
|   | afdf0c0a67 | ||
|   | 00ae31ab6e | ||
|   | 701942b6e5 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 90e54d0b1d | ||
|   | 831ca179d3 | ||
|   | 6bd0e5492f | ||
|   | b3eddbb94c | ||
|   | ffd798c1f1 | ||
|   | 62d8db0960 | ||
|   | 8ab81cb898 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | d47e7c357d | ||
|   | 4976231911 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | d236adc992 | ||
|   | 94d76d3bc1 | ||
|   | 2b28f2a854 | ||
|   | 9f6f8c940b | ||
|   | 8411d080ee | ||
|   | 4a13e500e5 | ||
|   | 7416668686 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | b4f76a5dc6 | ||
|   | b7feb766fa | ||
|   | fae8018297 | ||
|   | b625868b13 | ||
|   | 5193ef1da6 | ||
|   | d3afd779e4 | ||
|   | 7a786bb2b9 | ||
|   | c66ae3adcf | ||
|   | 248131c7bf | ||
|   | b425c4cd5a | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 9834ce5b4d | ||
|   | fdf7f43ecf | ||
|   | e3a4c332fb | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | c48d200483 | ||
|   | 8d2cf95286 | ||
|   | 3c7915695f | ||
|   | 0a283b683f | ||
|   | c544b50d70 | ||
|   | dd31262fa7 | ||
|   | 5f01267817 | ||
|   | 0f847266c3 | ||
|   | ea8499618b | ||
|   | 4c1b68d83a | ||
|   | 5909c5bffe | ||
|   | 285730d174 | ||
|   | 4bbe0177ef | ||
|   | cc4d1d4d5f | ||
|   | e7d3750abc | ||
|   | 4556201a14 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 9fa62cfa91 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 8026f009fc | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 6b35a7a7f1 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | c6e64b478a | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | e2505c6383 | ||
|   | 0565240e2d | ||
|   | 3ab07f8801 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | b9e7e4daec | ||
|   | 04d1a3b049 | ||
|   | 1a4d1a13fb | ||
|   | 675965c0e1 | ||
|   | 58ee34cb6b | ||
|   | c97c4060bd | ||
|   | 47d5369e0b | ||
|   | 8895c7468f | ||
|   | 59ba712c53 | ||
|   | 0c20fff10d | ||
|   | 0a97817b6a | ||
|   | ec39ef320c | ||
|   | f46044b799 | ||
|   | 4e4ee680f6 | ||
|   | e86cf554b6 | ||
|   | daa0106f78 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | ce51e905a6 | ||
|   | 1fde16337d | ||
|   | ae311c520f | ||
|   | 9311bf5263 | ||
|   | b1654941ef | ||
|   | 12a9f89349 | ||
|   | 2036a561be | ||
|   | b1d46f11a2 | ||
|   | e5b2fc7017 | ||
|   | 24216ba114 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | eb33afda71 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 9407ba1305 | ||
|   | 429cdb70ad | ||
|   | 74a34eff3a | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | 6787bde0a6 | ||
|   | 56932deb0a | ||
|   | 0681013357 | ||
|   | be4bf1099e | ||
|   | 9ec154c4b6 | ||
|   | 380260b6c7 | ||
|   | ac790be09a | ||
|   | dc0a85b056 | ||
|   | aca01f02d5 | ||
|   | 4b0752a2b1 | ||
|   | be06a9da57 | ||
|   | 19184b90ca | ||
|   | 57e90a56ab | ||
|   | 4fad532b9f | ||
|   | 413aee355f | ||
|   | f05b754b57 | ||
|   | 2f3765570b | ||
|   | 68d0dc20df | ||
|   | 1fd7f72e60 | ||
| ![dependabot[bot]](/assets/img/avatar_default.png)  | ea907fb0a4 | ||
|   | 2eb1c1961a | ||
|   | 27376fe2fc | ||
|   | c9330004c2 | ||
|   | dac08d41ad | 
| @@ -1,2 +1,12 @@ | |||||||
| /coverage | /coverage | ||||||
| /node_modules |  | ||||||
|  | # Dependency directories | ||||||
|  | node_modules/ | ||||||
|  | jspm_packages/ | ||||||
|  |  | ||||||
|  | # yarn v2 | ||||||
|  | .yarn/cache | ||||||
|  | .yarn/unplugged | ||||||
|  | .yarn/build-state.yml | ||||||
|  | .yarn/install-state.gz | ||||||
|  | .pnp.* | ||||||
|   | |||||||
							
								
								
									
										3
									
								
								.eslintignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								.eslintignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | |||||||
|  | /dist/** | ||||||
|  | /coverage/** | ||||||
|  | /node_modules/** | ||||||
| @@ -1,18 +1,19 @@ | |||||||
| { | { | ||||||
|   "env": { |   "env": { | ||||||
|     "node": true, |     "node": true, | ||||||
|     "es2021": true, |     "es6": true, | ||||||
|     "jest": true |     "jest": true | ||||||
|   }, |   }, | ||||||
|   "extends": [ |   "extends": [ | ||||||
|     "eslint:recommended", |     "eslint:recommended", | ||||||
|  |     "plugin:@typescript-eslint/eslint-recommended", | ||||||
|     "plugin:@typescript-eslint/recommended", |     "plugin:@typescript-eslint/recommended", | ||||||
|     "plugin:jest/recommended", |     "plugin:jest/recommended", | ||||||
|     "plugin:prettier/recommended" |     "plugin:prettier/recommended" | ||||||
|   ], |   ], | ||||||
|   "parser": "@typescript-eslint/parser", |   "parser": "@typescript-eslint/parser", | ||||||
|   "parserOptions": { |   "parserOptions": { | ||||||
|     "ecmaVersion": "latest", |     "ecmaVersion": 2023, | ||||||
|     "sourceType": "module" |     "sourceType": "module" | ||||||
|   }, |   }, | ||||||
|   "plugins": [ |   "plugins": [ | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								.gitattributes
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitattributes
									
									
									
									
										vendored
									
									
								
							| @@ -1,2 +1,4 @@ | |||||||
|  | /.yarn/releases/** binary | ||||||
|  | /.yarn/plugins/** binary | ||||||
| /dist/** linguist-generated=true | /dist/** linguist-generated=true | ||||||
| /lib/** linguist-generated=true | /lib/** linguist-generated=true | ||||||
|   | |||||||
							
								
								
									
										1
									
								
								.github/CODEOWNERS
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.github/CODEOWNERS
									
									
									
									
										vendored
									
									
								
							| @@ -1 +0,0 @@ | |||||||
| *	@crazy-max |  | ||||||
							
								
								
									
										3
									
								
								.github/CODE_OF_CONDUCT.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								.github/CODE_OF_CONDUCT.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | |||||||
|  | # Code of conduct | ||||||
|  |  | ||||||
|  | - [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines) | ||||||
							
								
								
									
										101
									
								
								.github/ISSUE_TEMPLATE/bug.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										101
									
								
								.github/ISSUE_TEMPLATE/bug.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,101 @@ | |||||||
|  | # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema | ||||||
|  | name: Bug Report | ||||||
|  | description: Report a bug | ||||||
|  | labels: | ||||||
|  |   - status/triage | ||||||
|  |  | ||||||
|  | body: | ||||||
|  |   - type: markdown | ||||||
|  |     attributes: | ||||||
|  |       value: | | ||||||
|  |         Thank you for taking the time to report a bug! | ||||||
|  |         If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com). | ||||||
|  |         Before submitting a bug report, check out the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md). | ||||||
|  |  | ||||||
|  |   - type: checkboxes | ||||||
|  |     attributes: | ||||||
|  |       label: Contributing guidelines | ||||||
|  |       description: > | ||||||
|  |         Make sure you've read the contributing guidelines before proceeding. | ||||||
|  |       options: | ||||||
|  |         - label: I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree | ||||||
|  |           required: true | ||||||
|  |  | ||||||
|  |   - type: checkboxes | ||||||
|  |     attributes: | ||||||
|  |       label: "I've found a bug, and:" | ||||||
|  |       description: | | ||||||
|  |         Make sure that your request fulfills all of the following requirements. | ||||||
|  |         If one requirement cannot be satisfied, explain in detail why. | ||||||
|  |       options: | ||||||
|  |         - label: The documentation does not mention anything about my problem | ||||||
|  |         - label: There are no open or closed issues that are related to my problem | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: Description | ||||||
|  |       description: > | ||||||
|  |         Provide a brief description of the bug in 1-2 sentences. | ||||||
|  |     validations: | ||||||
|  |       required: true | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: Expected behaviour | ||||||
|  |       description: > | ||||||
|  |         Describe precisely what you'd expect to happen. | ||||||
|  |     validations: | ||||||
|  |       required: true | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: Actual behaviour | ||||||
|  |       description: > | ||||||
|  |         Describe precisely what is actually happening. | ||||||
|  |     validations: | ||||||
|  |       required: true | ||||||
|  |  | ||||||
|  |   - type: input | ||||||
|  |     attributes: | ||||||
|  |       label: Repository URL | ||||||
|  |       description: > | ||||||
|  |         Enter the URL of the repository where you are experiencing the | ||||||
|  |         issue. If your repository is private, provide a link to a minimal | ||||||
|  |         repository that reproduces the issue. | ||||||
|  |  | ||||||
|  |   - type: input | ||||||
|  |     attributes: | ||||||
|  |       label: Workflow run URL | ||||||
|  |       description: > | ||||||
|  |         Enter the URL of the GitHub Action workflow run, if public. | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: YAML workflow | ||||||
|  |       description: | | ||||||
|  |         Provide the YAML of the workflow that's causing the issue. | ||||||
|  |         Make sure to remove any sensitive information. | ||||||
|  |       render: yaml | ||||||
|  |     validations: | ||||||
|  |       required: true | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: Workflow logs | ||||||
|  |       description: > | ||||||
|  |         [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files) | ||||||
|  |         the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs) | ||||||
|  |         and make sure to remove any sensitive information. | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: BuildKit logs | ||||||
|  |       description: > | ||||||
|  |         If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs) | ||||||
|  |       render: text | ||||||
|  |  | ||||||
|  |   - type: textarea | ||||||
|  |     attributes: | ||||||
|  |       label: Additional info | ||||||
|  |       description: | | ||||||
|  |         Provide any additional information that could be useful. | ||||||
							
								
								
									
										37
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										37
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
								
							| @@ -1,37 +0,0 @@ | |||||||
| --- |  | ||||||
| name: Bug report |  | ||||||
| about: Create a report to help us improve |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Troubleshooting |  | ||||||
|  |  | ||||||
| Before submitting a bug report please read the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md). |  | ||||||
|  |  | ||||||
| ### Behaviour |  | ||||||
|  |  | ||||||
| #### Steps to reproduce this issue |  | ||||||
|  |  | ||||||
| 1. |  | ||||||
| 2. |  | ||||||
| 3. |  | ||||||
|  |  | ||||||
| #### Expected behaviour |  | ||||||
|  |  | ||||||
| > Tell us what should happen |  | ||||||
|  |  | ||||||
| #### Actual behaviour |  | ||||||
|  |  | ||||||
| > Tell us what happens instead |  | ||||||
|  |  | ||||||
| ### Configuration |  | ||||||
|  |  | ||||||
| * Repository URL (if public):  |  | ||||||
| * Build URL (if public):  |  | ||||||
|  |  | ||||||
| ```yml |  | ||||||
| # paste your YAML workflow file here and remove sensitive data |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Logs |  | ||||||
|  |  | ||||||
| > Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs) and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue. |  | ||||||
							
								
								
									
										9
									
								
								.github/ISSUE_TEMPLATE/config.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								.github/ISSUE_TEMPLATE/config.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | |||||||
|  | # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser | ||||||
|  | blank_issues_enabled: true | ||||||
|  | contact_links: | ||||||
|  |   - name: Questions and Discussions | ||||||
|  |     url: https://github.com/docker/build-push-action/discussions/new | ||||||
|  |     about: Use Github Discussions to ask questions and/or open discussion topics. | ||||||
|  |   - name: Documentation | ||||||
|  |     url: https://docs.docker.com/build/ci/github-actions/ | ||||||
|  |     about: Read the documentation. | ||||||
							
								
								
									
										15
									
								
								.github/ISSUE_TEMPLATE/feature.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								.github/ISSUE_TEMPLATE/feature.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | |||||||
|  | # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema | ||||||
|  | name: Feature request | ||||||
|  | description: Missing functionality? Come tell us about it! | ||||||
|  | labels: | ||||||
|  |   - kind/enhancement | ||||||
|  |   - status/triage | ||||||
|  |  | ||||||
|  | body: | ||||||
|  |   - type: textarea | ||||||
|  |     id: description | ||||||
|  |     attributes: | ||||||
|  |       label: Description | ||||||
|  |       description: What is the feature you want to see? | ||||||
|  |     validations: | ||||||
|  |       required: true | ||||||
							
								
								
									
										12
									
								
								.github/SECURITY.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								.github/SECURITY.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | # Reporting security issues | ||||||
|  |  | ||||||
|  | The project maintainers take security seriously. If you discover a security | ||||||
|  | issue, please bring it to their attention right away! | ||||||
|  |  | ||||||
|  | **Please _DO NOT_ file a public issue**, instead send your report privately to | ||||||
|  | [security@docker.com](mailto:security@docker.com). | ||||||
|  |  | ||||||
|  | Security reports are greatly appreciated, and we will publicly thank you for it. | ||||||
|  | We also like to send gifts—if you'd like Docker swag, make sure to let | ||||||
|  | us know. We currently do not offer a paid security bounty program, but are not | ||||||
|  | ruling it out in the future. | ||||||
							
								
								
									
										31
									
								
								.github/SUPPORT.md
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										31
									
								
								.github/SUPPORT.md
									
									
									
									
										vendored
									
									
								
							| @@ -1,31 +0,0 @@ | |||||||
| # Support [](https://isitmaintained.com/project/docker/build-push-action) |  | ||||||
|  |  | ||||||
| First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md). |  | ||||||
|  |  | ||||||
| ## Reporting an issue |  | ||||||
|  |  | ||||||
| Please do a search in [open issues](https://github.com/docker/build-push-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed. |  | ||||||
|  |  | ||||||
| If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment. |  | ||||||
|  |  | ||||||
| :+1: - upvote |  | ||||||
|  |  | ||||||
| :-1: - downvote |  | ||||||
|  |  | ||||||
| If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below. |  | ||||||
|  |  | ||||||
| ## Writing good bug reports and feature requests |  | ||||||
|  |  | ||||||
| File a single issue per problem and feature request. |  | ||||||
|  |  | ||||||
| * Do not enumerate multiple bugs or feature requests in the same issue. |  | ||||||
| * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes. |  | ||||||
|  |  | ||||||
| The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix. |  | ||||||
|  |  | ||||||
| You are now ready to [create a new issue](https://github.com/docker/build-push-action/issues/new/choose)! |  | ||||||
|  |  | ||||||
| ## Closure policy |  | ||||||
|  |  | ||||||
| * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines. |  | ||||||
| * Issues that go a week without a response from original poster are subject to closure at our discretion. |  | ||||||
							
								
								
									
										1
									
								
								.github/dependabot.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.github/dependabot.yml
									
									
									
									
										vendored
									
									
								
							| @@ -11,6 +11,7 @@ updates: | |||||||
|     directory: "/" |     directory: "/" | ||||||
|     schedule: |     schedule: | ||||||
|       interval: "daily" |       interval: "daily" | ||||||
|  |     versioning-strategy: "increase" | ||||||
|     allow: |     allow: | ||||||
|       - dependency-type: "production" |       - dependency-type: "production" | ||||||
|     labels: |     labels: | ||||||
|   | |||||||
							
								
								
									
										130
									
								
								.github/workflows/.e2e-run.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										130
									
								
								.github/workflows/.e2e-run.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,130 @@ | |||||||
|  | # reusable workflow | ||||||
|  | name: .e2e-run | ||||||
|  |  | ||||||
|  | on: | ||||||
|  |   workflow_call: | ||||||
|  |     inputs: | ||||||
|  |       id: | ||||||
|  |         required: false | ||||||
|  |         type: string | ||||||
|  |       type: | ||||||
|  |         required: true | ||||||
|  |         type: string | ||||||
|  |       name: | ||||||
|  |         required: true | ||||||
|  |         type: string | ||||||
|  |       registry: | ||||||
|  |         required: false | ||||||
|  |         type: string | ||||||
|  |       slug: | ||||||
|  |         required: false | ||||||
|  |         type: string | ||||||
|  |       username_secret: | ||||||
|  |         required: false | ||||||
|  |         type: string | ||||||
|  |       password_secret: | ||||||
|  |         required: false | ||||||
|  |         type: string | ||||||
|  |  | ||||||
|  | env: | ||||||
|  |   HARBOR_VERSION: v2.7.0 | ||||||
|  |   NEXUS_VERSION: 3.47.1 | ||||||
|  |   DISTRIBUTION_VERSION: 2.8.1 | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   run: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     strategy: | ||||||
|  |       fail-fast: false | ||||||
|  |       matrix: | ||||||
|  |         include: | ||||||
|  |           - | ||||||
|  |             buildx_version: latest | ||||||
|  |             buildkit_image: moby/buildkit:buildx-stable-1 | ||||||
|  |           - | ||||||
|  |             buildx_version: https://github.com/docker/buildx.git#master | ||||||
|  |             buildkit_image: moby/buildkit:master | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up env | ||||||
|  |         if: inputs.type == 'local' | ||||||
|  |         run: | | ||||||
|  |           cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV | ||||||
|  |       - | ||||||
|  |         name: Set up BuildKit config | ||||||
|  |         run: | | ||||||
|  |           touch /tmp/buildkitd.toml | ||||||
|  |           if [ "${{ inputs.type }}" = "local" ]; then | ||||||
|  |             echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml | ||||||
|  |           fi | ||||||
|  |       - | ||||||
|  |         name: Set up Docker daemon | ||||||
|  |         if: inputs.type == 'local' | ||||||
|  |         run: | | ||||||
|  |           if [ ! -e /etc/docker/daemon.json ]; then | ||||||
|  |             echo '{}' | tee /etc/docker/daemon.json >/dev/null | ||||||
|  |           fi | ||||||
|  |           DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json) | ||||||
|  |           sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null | ||||||
|  |           sudo service docker restart | ||||||
|  |       - | ||||||
|  |         name: Install ${{ inputs.name }} | ||||||
|  |         if: inputs.type == 'local' | ||||||
|  |         run: | | ||||||
|  |           sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh | ||||||
|  |           sudo chown $(id -u):$(id -g) -R ~/.docker | ||||||
|  |       - | ||||||
|  |         name: Docker meta | ||||||
|  |         id: meta | ||||||
|  |         uses: docker/metadata-action@v5 | ||||||
|  |         with: | ||||||
|  |           images: ${{ env.REGISTRY_SLUG || inputs.slug }} | ||||||
|  |           tags: | | ||||||
|  |             type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }} | ||||||
|  |             type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }} | ||||||
|  |             type=raw,gh-runid-${{ github.run_id }} | ||||||
|  |       - | ||||||
|  |         name: Set up QEMU | ||||||
|  |         uses: docker/setup-qemu-action@v3 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ matrix.buildx_version }} | ||||||
|  |           buildkitd-config: /tmp/buildkitd.toml | ||||||
|  |           buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host | ||||||
|  |           driver-opts: | | ||||||
|  |             image=${{ matrix.buildkit_image }} | ||||||
|  |             network=host | ||||||
|  |       - | ||||||
|  |         name: Login to Registry | ||||||
|  |         if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != '' | ||||||
|  |         uses: docker/login-action@v3 | ||||||
|  |         with: | ||||||
|  |           registry: ${{ env.REGISTRY_FQDN || inputs.registry }} | ||||||
|  |           username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }} | ||||||
|  |           password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }} | ||||||
|  |       - | ||||||
|  |         name: Build and push | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/multi.Dockerfile | ||||||
|  |           platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x | ||||||
|  |           push: ${{ github.event_name != 'pull_request' }} | ||||||
|  |           tags: ${{ steps.meta.outputs.tags }} | ||||||
|  |           labels: ${{ steps.meta.outputs.labels }} | ||||||
|  |           cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master | ||||||
|  |           cache-to: type=inline | ||||||
|  |       - | ||||||
|  |         name: Inspect image | ||||||
|  |         run: | | ||||||
|  |           docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} | ||||||
|  |           docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} | ||||||
|  |       - | ||||||
|  |         name: Check manifest | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}' | ||||||
							
								
								
									
										523
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										523
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,5 +1,9 @@ | |||||||
| name: ci | name: ci | ||||||
|  |  | ||||||
|  | concurrency: | ||||||
|  |   group: ${{ github.workflow }}-${{ github.ref }} | ||||||
|  |   cancel-in-progress: true | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   workflow_dispatch: |   workflow_dispatch: | ||||||
|     inputs: |     inputs: | ||||||
| @@ -29,12 +33,12 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|         with: |         with: | ||||||
|           path: action |           path: action | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -55,16 +59,16 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|         with: |         with: | ||||||
|           path: action |           path: action | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         id: buildx |         id: buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -104,16 +108,16 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|         with: |         with: | ||||||
|           path: action |           path: action | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         id: buildx |         id: buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -163,14 +167,14 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         id: buildx |         id: buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -212,11 +216,11 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Docker meta |         name: Docker meta | ||||||
|         id: meta |         id: meta | ||||||
|         uses: docker/metadata-action@v4 |         uses: docker/metadata-action@v5 | ||||||
|         with: |         with: | ||||||
|           images: ${{ env.DOCKER_IMAGE }} |           images: ${{ env.DOCKER_IMAGE }} | ||||||
|           tags: | |           tags: | | ||||||
| @@ -229,7 +233,7 @@ jobs: | |||||||
|             type=sha |             type=sha | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -268,11 +272,11 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Stop docker |         name: Stop docker | ||||||
|         run: | |         run: | | ||||||
|           sudo systemctl stop docker |           sudo systemctl stop docker docker.socket | ||||||
|       - |       - | ||||||
|         name: Build |         name: Build | ||||||
|         id: docker_build |         id: docker_build | ||||||
| @@ -295,13 +299,13 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -336,7 +340,7 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Build |         name: Build | ||||||
|         id: docker_build |         id: docker_build | ||||||
| @@ -352,7 +356,7 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Build |         name: Build | ||||||
|         uses: ./ |         uses: ./ | ||||||
| @@ -371,10 +375,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -389,15 +393,40 @@ jobs: | |||||||
|             MYSECRET=foo |             MYSECRET=foo | ||||||
|             INVALID_SECRET= |             INVALID_SECRET= | ||||||
|  |  | ||||||
|  |   secret-envs: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         env: | ||||||
|  |           ENV_SECRET: foo | ||||||
|  |         with: | ||||||
|  |           context: . | ||||||
|  |           file: ./test/secret.Dockerfile | ||||||
|  |           secret-envs: | | ||||||
|  |             MYSECRET=ENV_SECRET | ||||||
|  |             INVALID_SECRET= | ||||||
|  |  | ||||||
|   network: |   network: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -418,10 +447,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -440,10 +469,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -465,10 +494,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -488,10 +517,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -513,10 +542,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -547,10 +576,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ matrix.buildx }} |           version: ${{ matrix.buildx }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -569,19 +598,31 @@ jobs: | |||||||
|     strategy: |     strategy: | ||||||
|       fail-fast: false |       fail-fast: false | ||||||
|       matrix: |       matrix: | ||||||
|         attrs: |         include: | ||||||
|           - '' |           - target: image | ||||||
|           - mode=max |             output: type=image,name=localhost:5000/name/app:latest,push=true | ||||||
|           - builder-id=foo |             attr: mode=max | ||||||
|           - false |           - target: image | ||||||
|           - true |             output: type=image,name=localhost:5000/name/app:latest,push=true | ||||||
|  |             attr: '' | ||||||
|  |           - target: binary | ||||||
|  |             output: /tmp/buildx-build | ||||||
|  |             attr: mode=max | ||||||
|  |           - target: binary | ||||||
|  |             output: /tmp/buildx-build | ||||||
|  |             attr: '' | ||||||
|  |     services: | ||||||
|  |       registry: | ||||||
|  |         image: registry:2 | ||||||
|  |         ports: | ||||||
|  |           - 5000:5000 | ||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -593,11 +634,24 @@ jobs: | |||||||
|         with: |         with: | ||||||
|           context: ./test/go |           context: ./test/go | ||||||
|           file: ./test/go/Dockerfile |           file: ./test/go/Dockerfile | ||||||
|           target: binary |           target: ${{ matrix.target }} | ||||||
|           outputs: type=oci,dest=/tmp/build.tar |           outputs: ${{ matrix.output }} | ||||||
|           provenance: ${{ matrix.attrs }} |           provenance: ${{ matrix.attr }} | ||||||
|           cache-from: type=gha,scope=provenance |       - | ||||||
|           cache-to: type=gha,scope=provenance,mode=max |         name: Inspect Provenance | ||||||
|  |         if: matrix.target == 'image' | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}' | ||||||
|  |       - | ||||||
|  |         name: Check output folder | ||||||
|  |         if: matrix.target == 'binary' | ||||||
|  |         run: | | ||||||
|  |           tree /tmp/buildx-build | ||||||
|  |       - | ||||||
|  |         name: Print local Provenance | ||||||
|  |         if: matrix.target == 'binary' | ||||||
|  |         run: | | ||||||
|  |           cat /tmp/buildx-build/provenance.json | jq | ||||||
|  |  | ||||||
|   sbom: |   sbom: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
| @@ -617,10 +671,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -638,22 +692,17 @@ jobs: | |||||||
|           cache-from: type=gha,scope=attests-${{ matrix.target }} |           cache-from: type=gha,scope=attests-${{ matrix.target }} | ||||||
|           cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max |           cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max | ||||||
|       - |       - | ||||||
|         name: Inspect image |         name: Inspect SBOM | ||||||
|         if: matrix.target == 'image' |         if: matrix.target == 'image' | ||||||
|         run: | |         run: | | ||||||
|           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' |           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}' | ||||||
|       - |       - | ||||||
|         name: Check output folder |         name: Check output folder | ||||||
|         if: matrix.target == 'binary' |         if: matrix.target == 'binary' | ||||||
|         run: | |         run: | | ||||||
|           tree /tmp/buildx-build |           tree /tmp/buildx-build | ||||||
|       - |       - | ||||||
|         name: Print provenance |         name: Print local SBOM | ||||||
|         if: matrix.target == 'binary' |  | ||||||
|         run: | |  | ||||||
|           cat /tmp/buildx-build/provenance.json | jq |  | ||||||
|       - |  | ||||||
|         name: Print SBOM |  | ||||||
|         if: matrix.target == 'binary' |         if: matrix.target == 'binary' | ||||||
|         run: | |         run: | | ||||||
|           cat /tmp/buildx-build/sbom.spdx.json | jq |           cat /tmp/buildx-build/sbom.spdx.json | jq | ||||||
| @@ -674,14 +723,14 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         id: buildx |         id: buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -735,12 +784,6 @@ jobs: | |||||||
|           - driver: docker-container |           - driver: docker-container | ||||||
|             load: true |             load: true | ||||||
|             push: true |             push: true | ||||||
|           - driver: docker |  | ||||||
|             load: false |  | ||||||
|             push: false |  | ||||||
|           - driver: docker-container |  | ||||||
|             load: false |  | ||||||
|             push: false |  | ||||||
|     services: |     services: | ||||||
|       registry: |       registry: | ||||||
|         image: registry:2 |         image: registry:2 | ||||||
| @@ -749,10 +792,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver: ${{ matrix.driver }} |           driver: ${{ matrix.driver }} | ||||||
| @@ -774,9 +817,13 @@ jobs: | |||||||
|           docker image ls --no-trunc |           docker image ls --no-trunc | ||||||
|       - |       - | ||||||
|         name: Check digest |         name: Check digest | ||||||
|         if: ${{ matrix.push }} |  | ||||||
|         run: | |         run: | | ||||||
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then |           if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then | ||||||
|  |             if [ -n "${{ steps.docker_build.outputs.digest }}" ]; then | ||||||
|  |               echo "::error::Digest should be empty" | ||||||
|  |               exit 1 | ||||||
|  |             fi | ||||||
|  |           elif [[ "${{ matrix.push }}" = "true" ]] && [[ -z "${{ steps.docker_build.outputs.digest }}" ]]; then | ||||||
|             echo "::error::Digest should not be empty" |             echo "::error::Digest should not be empty" | ||||||
|             exit 1 |             exit 1 | ||||||
|           fi |           fi | ||||||
| @@ -789,7 +836,12 @@ jobs: | |||||||
|       - |       - | ||||||
|         name: Check image ID |         name: Check image ID | ||||||
|         run: | |         run: | | ||||||
|           if [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then |           if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then | ||||||
|  |             if [ -n "${{ steps.docker_build.outputs.imageid }}" ]; then | ||||||
|  |               echo "::error::Image ID should be empty" | ||||||
|  |               exit 1 | ||||||
|  |             fi | ||||||
|  |           elif [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then | ||||||
|             echo "::error::Image ID should not be empty" |             echo "::error::Image ID should not be empty" | ||||||
|             exit 1 |             exit 1 | ||||||
|           fi |           fi | ||||||
| @@ -810,13 +862,13 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -859,13 +911,13 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -890,19 +942,80 @@ jobs: | |||||||
|         run: | |         run: | | ||||||
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' |           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' | ||||||
|  |  | ||||||
|  |   local-cache: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     services: | ||||||
|  |       registry: | ||||||
|  |         image: registry:2 | ||||||
|  |         ports: | ||||||
|  |           - 5000:5000 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up QEMU | ||||||
|  |         uses: docker/setup-qemu-action@v3 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             network=host | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |           buildkitd-flags: --debug | ||||||
|  |       - | ||||||
|  |         name: Cache Build | ||||||
|  |         uses: actions/cache@v4 | ||||||
|  |         with: | ||||||
|  |           path: /tmp/.buildx-cache | ||||||
|  |           key: ${{ runner.os }}-local-test-${{ github.sha }} | ||||||
|  |           restore-keys: | | ||||||
|  |             ${{ runner.os }}-local-test- | ||||||
|  |       - | ||||||
|  |         name: Build and push | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/multi.Dockerfile | ||||||
|  |           platforms: linux/amd64,linux/arm64 | ||||||
|  |           push: true | ||||||
|  |           tags: | | ||||||
|  |             localhost:5000/name/app:latest | ||||||
|  |             localhost:5000/name/app:1.0.0 | ||||||
|  |           cache-from: type=local,src=/tmp/.buildx-cache | ||||||
|  |           cache-to: type=local,dest=/tmp/.buildx-cache-new | ||||||
|  |       - | ||||||
|  |         name: Inspect | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' | ||||||
|  |       - | ||||||
|  |         # Temp fix | ||||||
|  |         # https://github.com/docker/build-push-action/issues/252 | ||||||
|  |         # https://github.com/moby/buildkit/issues/1896 | ||||||
|  |         name: Move cache | ||||||
|  |         run: | | ||||||
|  |           rm -rf /tmp/.buildx-cache | ||||||
|  |           mv /tmp/.buildx-cache-new /tmp/.buildx-cache | ||||||
|  |  | ||||||
|   standalone: |   standalone: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Uninstall moby cli |         name: Uninstall docker cli | ||||||
|         run: | |         run: | | ||||||
|           sudo apt-get purge -y moby-cli moby-buildx |           if dpkg -s "docker-ce" >/dev/null 2>&1; then | ||||||
|  |             sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin | ||||||
|  |           else | ||||||
|  |             sudo apt-get purge -y moby-cli moby-buildx | ||||||
|  |           fi | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -920,10 +1033,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -942,10 +1055,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver: docker |           driver: docker | ||||||
| @@ -976,10 +1089,10 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|           driver-opts: | |           driver-opts: | | ||||||
| @@ -1001,3 +1114,233 @@ jobs: | |||||||
|           file: ./test/named-context.Dockerfile |           file: ./test/named-context.Dockerfile | ||||||
|           build-contexts: | |           build-contexts: | | ||||||
|             alpine=docker-image://localhost:5000/my-base-image:latest |             alpine=docker-image://localhost:5000/my-base-image:latest | ||||||
|  |  | ||||||
|  |   docker-config-malformed: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set malformed docker config | ||||||
|  |         run: | | ||||||
|  |           mkdir -p ~/.docker | ||||||
|  |           echo 'foo_bar' >> ~/.docker/config.json | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |  | ||||||
|  |   proxy-docker-config: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     services: | ||||||
|  |       squid-proxy: | ||||||
|  |         image: ubuntu/squid:latest | ||||||
|  |         ports: | ||||||
|  |           - 3128:3128 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Check proxy | ||||||
|  |         run: | | ||||||
|  |           netstat -aptn | ||||||
|  |           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set proxy config | ||||||
|  |         run: | | ||||||
|  |           mkdir -p ~/.docker | ||||||
|  |           echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |             network=host | ||||||
|  |           buildkitd-flags: --debug | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/proxy.Dockerfile | ||||||
|  |  | ||||||
|  |   proxy-buildkitd: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     services: | ||||||
|  |       squid-proxy: | ||||||
|  |         image: ubuntu/squid:latest | ||||||
|  |         ports: | ||||||
|  |           - 3128:3128 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Check proxy | ||||||
|  |         run: | | ||||||
|  |           netstat -aptn | ||||||
|  |           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |             network=host | ||||||
|  |             env.http_proxy=http://127.0.0.1:3128 | ||||||
|  |             env.https_proxy=http://127.0.0.1:3128 | ||||||
|  |           buildkitd-flags: --debug | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/Dockerfile | ||||||
|  |  | ||||||
|  |   annotations: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     env: | ||||||
|  |       DOCKER_IMAGE: localhost:5000/name/app | ||||||
|  |     services: | ||||||
|  |       registry: | ||||||
|  |         image: registry:2 | ||||||
|  |         ports: | ||||||
|  |           - 5000:5000 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Docker meta | ||||||
|  |         id: meta | ||||||
|  |         uses: docker/metadata-action@v5 | ||||||
|  |         with: | ||||||
|  |           images: ${{ env.DOCKER_IMAGE }} | ||||||
|  |           tags: | | ||||||
|  |             type=schedule | ||||||
|  |             type=ref,event=branch | ||||||
|  |             type=ref,event=pr | ||||||
|  |             type=semver,pattern={{version}} | ||||||
|  |             type=semver,pattern={{major}}.{{minor}} | ||||||
|  |             type=semver,pattern={{major}} | ||||||
|  |             type=sha | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             network=host | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |       - | ||||||
|  |         name: Build and push to local registry | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/Dockerfile | ||||||
|  |           push: true | ||||||
|  |           tags: ${{ steps.meta.outputs.tags }} | ||||||
|  |           annotations: | | ||||||
|  |             index:com.example.key=value | ||||||
|  |             index:com.example.key2=value2 | ||||||
|  |             manifest:com.example.key3=value3 | ||||||
|  |       - | ||||||
|  |         name: Check manifest | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}' | ||||||
|  |  | ||||||
|  |   multi-output: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     services: | ||||||
|  |       registry: | ||||||
|  |         image: registry:2 | ||||||
|  |         ports: | ||||||
|  |           - 5000:5000 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up QEMU | ||||||
|  |         uses: docker/setup-qemu-action@v3 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             network=host | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |           buildkitd-flags: --debug | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/Dockerfile | ||||||
|  |           outputs: | | ||||||
|  |             type=image,name=localhost:5000/name/app:latest,push=true | ||||||
|  |             type=docker,name=app:local | ||||||
|  |             type=oci,dest=/tmp/oci.tar | ||||||
|  |       - | ||||||
|  |         name: Check registry | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' | ||||||
|  |       - | ||||||
|  |         name: Check docker | ||||||
|  |         run: | | ||||||
|  |           docker image inspect app:local | ||||||
|  |       - | ||||||
|  |         name: Check oci | ||||||
|  |         run: | | ||||||
|  |           set -ex | ||||||
|  |           mkdir -p /tmp/oci-out | ||||||
|  |           tar xf /tmp/oci.tar -C /tmp/oci-out | ||||||
|  |           tree -nh /tmp/oci-out | ||||||
|  |  | ||||||
|  |   load-and-push: | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     services: | ||||||
|  |       registry: | ||||||
|  |         image: registry:2 | ||||||
|  |         ports: | ||||||
|  |           - 5000:5000 | ||||||
|  |     steps: | ||||||
|  |       - | ||||||
|  |         name: Checkout | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |       - | ||||||
|  |         name: Set up QEMU | ||||||
|  |         uses: docker/setup-qemu-action@v3 | ||||||
|  |       - | ||||||
|  |         name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |         with: | ||||||
|  |           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} | ||||||
|  |           driver-opts: | | ||||||
|  |             network=host | ||||||
|  |             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} | ||||||
|  |           buildkitd-flags: --debug | ||||||
|  |       - | ||||||
|  |         name: Build | ||||||
|  |         uses: ./ | ||||||
|  |         with: | ||||||
|  |           context: ./test | ||||||
|  |           file: ./test/Dockerfile | ||||||
|  |           load: true | ||||||
|  |           push: true | ||||||
|  |           tags: localhost:5000/name/app:latest | ||||||
|  |       - | ||||||
|  |         name: Check registry | ||||||
|  |         run: | | ||||||
|  |           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' | ||||||
|  |       - | ||||||
|  |         name: Check docker | ||||||
|  |         run: | | ||||||
|  |           docker image inspect localhost:5000/name/app:latest | ||||||
|   | |||||||
							
								
								
									
										121
									
								
								.github/workflows/e2e.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										121
									
								
								.github/workflows/e2e.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,19 +1,11 @@ | |||||||
| name: e2e | name: e2e | ||||||
|  |  | ||||||
|  | concurrency: | ||||||
|  |   group: ${{ github.workflow }}-${{ github.ref }} | ||||||
|  |   cancel-in-progress: true | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   workflow_dispatch: |   workflow_dispatch: | ||||||
|     inputs: |  | ||||||
|       buildx-version: |  | ||||||
|         description: 'Buildx version or Git context' |  | ||||||
|         default: 'latest' |  | ||||||
|         required: false |  | ||||||
|       buildkit-image: |  | ||||||
|         description: 'BuildKit image' |  | ||||||
|         default: 'moby/buildkit:buildx-stable-1' |  | ||||||
|         required: false |  | ||||||
|       tag: |  | ||||||
|         description: 'Additional tag to push' |  | ||||||
|         required: false |  | ||||||
|   schedule: |   schedule: | ||||||
|     - cron: '0 10 * * *' |     - cron: '0 10 * * *' | ||||||
|   push: |   push: | ||||||
| @@ -22,16 +14,9 @@ on: | |||||||
|     tags: |     tags: | ||||||
|       - 'v*' |       - 'v*' | ||||||
|  |  | ||||||
| env: |  | ||||||
|   BUILDX_VERSION: latest |  | ||||||
|   BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1 |  | ||||||
|   HARBOR_VERSION: v2.7.0 |  | ||||||
|   NEXUS_VERSION: 3.47.1 |  | ||||||
|   DISTRIBUTION_VERSION: 2.8.1 |  | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   build: |   build: | ||||||
|     runs-on: ubuntu-latest |     uses: ./.github/workflows/.e2e-run.yml | ||||||
|     strategy: |     strategy: | ||||||
|       fail-fast: false |       fail-fast: false | ||||||
|       matrix: |       matrix: | ||||||
| @@ -105,8 +90,8 @@ jobs: | |||||||
|             type: remote |             type: remote | ||||||
|           - |           - | ||||||
|             name: Artifactory |             name: Artifactory | ||||||
|             registry: buildkitghactiontests.jfrog.io |             registry: infradock.jfrog.io | ||||||
|             slug: buildkitghactiontests.jfrog.io/ghactiontest/test-docker-action |             slug: infradock.jfrog.io/test-ghaction/build-push-action | ||||||
|             username_secret: ARTIFACTORY_USERNAME |             username_secret: ARTIFACTORY_USERNAME | ||||||
|             password_secret: ARTIFACTORY_TOKEN |             password_secret: ARTIFACTORY_TOKEN | ||||||
|             type: remote |             type: remote | ||||||
| @@ -118,86 +103,12 @@ jobs: | |||||||
|             name: Nexus |             name: Nexus | ||||||
|             id: nexus |             id: nexus | ||||||
|             type: local |             type: local | ||||||
|     steps: |     with: | ||||||
|       - |       id: ${{ matrix.id }} | ||||||
|         name: Checkout |       type: ${{ matrix.type }} | ||||||
|         uses: actions/checkout@v3 |       name: ${{ matrix.name }} | ||||||
|       - |       registry: ${{ matrix.registry }} | ||||||
|         name: Set up env |       slug: ${{ matrix.slug }} | ||||||
|         if: matrix.type == 'local' |       username_secret: ${{ matrix.username_secret }} | ||||||
|         run: | |       password_secret: ${{ matrix.password_secret }} | ||||||
|           cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV |     secrets: inherit | ||||||
|       - |  | ||||||
|         name: Set up BuildKit config |  | ||||||
|         run: | |  | ||||||
|           touch /tmp/buildkitd.toml |  | ||||||
|           if [ "${{ matrix.type }}" = "local" ]; then |  | ||||||
|             echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml |  | ||||||
|           fi |  | ||||||
|       - |  | ||||||
|         name: Set up Docker daemon |  | ||||||
|         if: matrix.type == 'local' |  | ||||||
|         run: | |  | ||||||
|           if [ ! -e /etc/docker/daemon.json ]; then |  | ||||||
|             echo '{}' | tee /etc/docker/daemon.json >/dev/null |  | ||||||
|           fi |  | ||||||
|           DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json) |  | ||||||
|           sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null |  | ||||||
|           sudo service docker restart |  | ||||||
|       - |  | ||||||
|         name: Install ${{ matrix.name }} |  | ||||||
|         if: matrix.type == 'local' |  | ||||||
|         run: | |  | ||||||
|           sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh |  | ||||||
|       - |  | ||||||
|         name: Docker meta |  | ||||||
|         id: meta |  | ||||||
|         uses: docker/metadata-action@v4 |  | ||||||
|         with: |  | ||||||
|           images: ${{ env.REGISTRY_SLUG || matrix.slug }} |  | ||||||
|           tags: | |  | ||||||
|             type=ref,event=branch |  | ||||||
|             type=ref,event=tag |  | ||||||
|             type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} |  | ||||||
|       - |  | ||||||
|         name: Set up QEMU |  | ||||||
|         uses: docker/setup-qemu-action@v2 |  | ||||||
|       - |  | ||||||
|         name: Set up Docker Buildx |  | ||||||
|         uses: docker/setup-buildx-action@v2 |  | ||||||
|         with: |  | ||||||
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} |  | ||||||
|           config: /tmp/buildkitd.toml |  | ||||||
|           buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host |  | ||||||
|           driver-opts: | |  | ||||||
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} |  | ||||||
|             network=host |  | ||||||
|       - |  | ||||||
|         name: Login to Registry |  | ||||||
|         if: github.event_name != 'pull_request' && (env.REGISTRY_USER || matrix.username_secret) != '' |  | ||||||
|         uses: docker/login-action@v2 |  | ||||||
|         with: |  | ||||||
|           registry: ${{ env.REGISTRY_FQDN || matrix.registry }} |  | ||||||
|           username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }} |  | ||||||
|           password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }} |  | ||||||
|       - |  | ||||||
|         name: Build and push |  | ||||||
|         uses: ./ |  | ||||||
|         with: |  | ||||||
|           context: ./test |  | ||||||
|           file: ./test/multi.Dockerfile |  | ||||||
|           platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x |  | ||||||
|           push: ${{ github.event_name != 'pull_request' }} |  | ||||||
|           tags: ${{ steps.meta.outputs.tags }} |  | ||||||
|           labels: ${{ steps.meta.outputs.labels }} |  | ||||||
|           cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master |  | ||||||
|           cache-to: type=inline |  | ||||||
|       - |  | ||||||
|         name: Inspect image |  | ||||||
|         run: | |  | ||||||
|           docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} |  | ||||||
|           docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} |  | ||||||
|       - |  | ||||||
|         name: Check manifest |  | ||||||
|         run: | |  | ||||||
|           docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}' |  | ||||||
|   | |||||||
							
								
								
									
										11
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										11
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,5 +1,9 @@ | |||||||
| name: test | name: test | ||||||
|  |  | ||||||
|  | concurrency: | ||||||
|  |   group: ${{ github.workflow }}-${{ github.ref }} | ||||||
|  |   cancel-in-progress: true | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   push: |   push: | ||||||
|     branches: |     branches: | ||||||
| @@ -13,14 +17,15 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Test |         name: Test | ||||||
|         uses: docker/bake-action@v3 |         uses: docker/bake-action@v4 | ||||||
|         with: |         with: | ||||||
|           targets: test |           targets: test | ||||||
|       - |       - | ||||||
|         name: Upload coverage |         name: Upload coverage | ||||||
|         uses: codecov/codecov-action@v3 |         uses: codecov/codecov-action@v4 | ||||||
|         with: |         with: | ||||||
|           file: ./coverage/clover.xml |           file: ./coverage/clover.xml | ||||||
|  |           token: ${{ secrets.CODECOV_TOKEN }} | ||||||
|   | |||||||
							
								
								
									
										10
									
								
								.github/workflows/validate.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										10
									
								
								.github/workflows/validate.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,5 +1,9 @@ | |||||||
| name: validate | name: validate | ||||||
|  |  | ||||||
|  | concurrency: | ||||||
|  |   group: ${{ github.workflow }}-${{ github.ref }} | ||||||
|  |   cancel-in-progress: true | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   push: |   push: | ||||||
|     branches: |     branches: | ||||||
| @@ -15,7 +19,7 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Targets matrix |         name: Targets matrix | ||||||
|         id: targets |         id: targets | ||||||
| @@ -33,9 +37,9 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Validate |         name: Validate | ||||||
|         uses: docker/bake-action@v3 |         uses: docker/bake-action@v4 | ||||||
|         with: |         with: | ||||||
|           targets: ${{ matrix.target }} |           targets: ${{ matrix.target }} | ||||||
|   | |||||||
							
								
								
									
										66
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										66
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,7 +1,5 @@ | |||||||
| node_modules | # https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore | ||||||
| lib |  | ||||||
|  |  | ||||||
| # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore |  | ||||||
| # Logs | # Logs | ||||||
| logs | logs | ||||||
| *.log | *.log | ||||||
| @@ -9,6 +7,7 @@ npm-debug.log* | |||||||
| yarn-debug.log* | yarn-debug.log* | ||||||
| yarn-error.log* | yarn-error.log* | ||||||
| lerna-debug.log* | lerna-debug.log* | ||||||
|  | .pnpm-debug.log* | ||||||
|  |  | ||||||
| # Diagnostic reports (https://nodejs.org/api/report.html) | # Diagnostic reports (https://nodejs.org/api/report.html) | ||||||
| report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json | ||||||
| @@ -19,34 +18,14 @@ pids | |||||||
| *.seed | *.seed | ||||||
| *.pid.lock | *.pid.lock | ||||||
|  |  | ||||||
| # Directory for instrumented libs generated by jscoverage/JSCover |  | ||||||
| lib-cov |  | ||||||
|  |  | ||||||
| # Coverage directory used by tools like istanbul | # Coverage directory used by tools like istanbul | ||||||
| coverage | coverage | ||||||
| *.lcov | *.lcov | ||||||
|  |  | ||||||
| # nyc test coverage |  | ||||||
| .nyc_output |  | ||||||
|  |  | ||||||
| # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) |  | ||||||
| .grunt |  | ||||||
|  |  | ||||||
| # Bower dependency directory (https://bower.io/) |  | ||||||
| bower_components |  | ||||||
|  |  | ||||||
| # node-waf configuration |  | ||||||
| .lock-wscript |  | ||||||
|  |  | ||||||
| # Compiled binary addons (https://nodejs.org/api/addons.html) |  | ||||||
| build/Release |  | ||||||
|  |  | ||||||
| # Dependency directories | # Dependency directories | ||||||
|  | node_modules/ | ||||||
| jspm_packages/ | jspm_packages/ | ||||||
|  |  | ||||||
| # TypeScript v1 declaration files |  | ||||||
| typings/ |  | ||||||
|  |  | ||||||
| # TypeScript cache | # TypeScript cache | ||||||
| *.tsbuildinfo | *.tsbuildinfo | ||||||
|  |  | ||||||
| @@ -56,36 +35,19 @@ typings/ | |||||||
| # Optional eslint cache | # Optional eslint cache | ||||||
| .eslintcache | .eslintcache | ||||||
|  |  | ||||||
| # Optional REPL history |  | ||||||
| .node_repl_history |  | ||||||
|  |  | ||||||
| # Output of 'npm pack' |  | ||||||
| *.tgz |  | ||||||
|  |  | ||||||
| # Yarn Integrity file | # Yarn Integrity file | ||||||
| .yarn-integrity | .yarn-integrity | ||||||
|  |  | ||||||
| # dotenv environment variables file | # dotenv environment variable files | ||||||
| .env | .env | ||||||
| .env.test | .env.development.local | ||||||
|  | .env.test.local | ||||||
|  | .env.production.local | ||||||
|  | .env.local | ||||||
|  |  | ||||||
| # parcel-bundler cache (https://parceljs.org/) | # yarn v2 | ||||||
| .cache | .yarn/cache | ||||||
|  | .yarn/unplugged | ||||||
| # next.js build output | .yarn/build-state.yml | ||||||
| .next | .yarn/install-state.gz | ||||||
|  | .pnp.* | ||||||
| # nuxt.js build output |  | ||||||
| .nuxt |  | ||||||
|  |  | ||||||
| # vuepress build output |  | ||||||
| .vuepress/dist |  | ||||||
|  |  | ||||||
| # Serverless directories |  | ||||||
| .serverless/ |  | ||||||
|  |  | ||||||
| # FuseBox cache |  | ||||||
| .fusebox/ |  | ||||||
|  |  | ||||||
| # DynamoDB Local files |  | ||||||
| .dynamodb/ |  | ||||||
|   | |||||||
							
								
								
									
										6
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								.prettierignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | |||||||
|  | # Dependency directories | ||||||
|  | node_modules/ | ||||||
|  | jspm_packages/ | ||||||
|  |  | ||||||
|  | # yarn v2 | ||||||
|  | .yarn/ | ||||||
							
								
								
									
										541
									
								
								.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										541
									
								
								.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							
							
								
								
									
										13
									
								
								.yarnrc.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								.yarnrc.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | |||||||
|  | logFilters: | ||||||
|  |   - code: YN0013 | ||||||
|  |     level: discard | ||||||
|  |   - code: YN0019 | ||||||
|  |     level: discard | ||||||
|  |   - code: YN0076 | ||||||
|  |     level: discard | ||||||
|  |  | ||||||
|  | nodeLinker: node-modules | ||||||
|  |  | ||||||
|  | plugins: | ||||||
|  |   - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs | ||||||
|  |     spec: "@yarnpkg/plugin-interactive-tools" | ||||||
							
								
								
									
										48
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										48
									
								
								README.md
									
									
									
									
									
								
							| @@ -31,6 +31,9 @@ ___ | |||||||
|   * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/) |   * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/) | ||||||
|   * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) |   * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) | ||||||
|   * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) |   * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) | ||||||
|  |   * [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/) | ||||||
|  |   * [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/) | ||||||
|  |   * [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/) | ||||||
| * [Customizing](#customizing) | * [Customizing](#customizing) | ||||||
|   * [inputs](#inputs) |   * [inputs](#inputs) | ||||||
|   * [outputs](#outputs) |   * [outputs](#outputs) | ||||||
| @@ -74,19 +77,19 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|       - |       - | ||||||
|         name: Login to Docker Hub |         name: Login to Docker Hub | ||||||
|         uses: docker/login-action@v2 |         uses: docker/login-action@v3 | ||||||
|         with: |         with: | ||||||
|           username: ${{ secrets.DOCKERHUB_USERNAME }} |           username: ${{ secrets.DOCKERHUB_USERNAME }} | ||||||
|           password: ${{ secrets.DOCKERHUB_TOKEN }} |           password: ${{ secrets.DOCKERHUB_TOKEN }} | ||||||
|       - |       - | ||||||
|         name: Build and push |         name: Build and push | ||||||
|         uses: docker/build-push-action@v4 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           push: true |           push: true | ||||||
|           tags: user/app:latest |           tags: user/app:latest | ||||||
| @@ -108,24 +111,16 @@ to the default Git context: | |||||||
|         # Setting up Docker Buildx with docker-container driver is required |         # Setting up Docker Buildx with docker-container driver is required | ||||||
|         # at the moment to be able to use a subdirectory with Git context |         # at the moment to be able to use a subdirectory with Git context | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|       - |       - | ||||||
|         name: Build and push |         name: Build and push | ||||||
|         uses: docker/build-push-action@v4 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           context: "{{defaultContext}}:mysubdir" |           context: "{{defaultContext}}:mysubdir" | ||||||
|           push: true |           push: true | ||||||
|           tags: user/app:latest |           tags: user/app:latest | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| > **Warning** |  | ||||||
| > |  | ||||||
| > Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0). |  | ||||||
| > If you're using the `docker` builder (default if `setup-buildx-action` not used), |  | ||||||
| > then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds |  | ||||||
| > Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore |  | ||||||
| > required to use the `setup-buildx-action` at the moment. |  | ||||||
|  |  | ||||||
| Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication), | Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication), | ||||||
| so it does not need to be passed. If you want to authenticate against another | so it does not need to be passed. If you want to authenticate against another | ||||||
| private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets) | private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets) | ||||||
| @@ -134,7 +129,7 @@ named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx: | |||||||
| ```yaml | ```yaml | ||||||
|       - |       - | ||||||
|         name: Build and push |         name: Build and push | ||||||
|         uses: docker/build-push-action@v4 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           push: true |           push: true | ||||||
|           tags: user/app:latest |           tags: user/app:latest | ||||||
| @@ -158,22 +153,22 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|       - |       - | ||||||
|         name: Login to Docker Hub |         name: Login to Docker Hub | ||||||
|         uses: docker/login-action@v2 |         uses: docker/login-action@v3 | ||||||
|         with: |         with: | ||||||
|           username: ${{ secrets.DOCKERHUB_USERNAME }} |           username: ${{ secrets.DOCKERHUB_USERNAME }} | ||||||
|           password: ${{ secrets.DOCKERHUB_TOKEN }} |           password: ${{ secrets.DOCKERHUB_TOKEN }} | ||||||
|       - |       - | ||||||
|         name: Build and push |         name: Build and push | ||||||
|         uses: docker/build-push-action@v4 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           context: . |           context: . | ||||||
|           push: true |           push: true | ||||||
| @@ -194,6 +189,9 @@ jobs: | |||||||
| * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/) | * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/) | ||||||
| * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) | * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) | ||||||
| * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) | * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) | ||||||
|  | * [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/) | ||||||
|  | * [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/) | ||||||
|  | * [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/) | ||||||
|  |  | ||||||
| ## Customizing | ## Customizing | ||||||
|  |  | ||||||
| @@ -217,6 +215,7 @@ Following inputs can be used as `step.with` keys | |||||||
| |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||||||
| | `add-hosts`        | List/CSV    | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)      | | | `add-hosts`        | List/CSV    | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)      | | ||||||
| | `allow`            | List/CSV    | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`)                         | | | `allow`            | List/CSV    | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`)                         | | ||||||
|  | | `annotations`      | List        | List of annotation to set to the image                                                                                                                                            | | ||||||
| | `attests`          | List        | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`)                                                                 |  | | `attests`          | List        | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`)                                                                 |  | ||||||
| | `builder`          | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                       | | | `builder`          | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                       | | ||||||
| | `build-args`       | List        | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg)                                                                      | | | `build-args`       | List        | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg)                                                                      | | ||||||
| @@ -231,13 +230,14 @@ Following inputs can be used as `step.with` keys | |||||||
| | `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   | | | `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   | | ||||||
| | `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        | | | `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        | | ||||||
| | `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     | | | `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     | | ||||||
| | `outputs`¹         | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         | | | `outputs`          | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         | | ||||||
| | `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 | | | `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 | | ||||||
| | `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           | | | `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           | | ||||||
| | `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    | | | `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    | | ||||||
| | `push`             | Bool        | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`)                                     | | | `push`             | Bool        | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`)                                     | | ||||||
| | `sbom`             | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`)                                                  | | | `sbom`             | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`)                                                  | | ||||||
| | `secrets`          | List        | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)                | | | `secrets`          | List        | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)                | | ||||||
|  | | `secret-envs`      | List/CSV    | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`)         | | ||||||
| | `secret-files`     | List        | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`)         | | | `secret-files`     | List        | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`)         | | ||||||
| | `shm-size`         | String      | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`)                                                                    | | | `shm-size`         | String      | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`)                                                                    | | ||||||
| | `ssh`              | List        | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build                                                 | | | `ssh`              | List        | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build                                                 | | ||||||
| @@ -246,13 +246,9 @@ Following inputs can be used as `step.with` keys | |||||||
| | `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            | | | `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            | | ||||||
| | `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            | | | `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            | | ||||||
|  |  | ||||||
| > **Note** |  | ||||||
| > |  | ||||||
| > * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555) |  | ||||||
|  |  | ||||||
| ### outputs | ### outputs | ||||||
|  |  | ||||||
| Following outputs are available | The following outputs are available: | ||||||
|  |  | ||||||
| | Name       | Type    | Description           | | | Name       | Type    | Description           | | ||||||
| |------------|---------|-----------------------| | |------------|---------|-----------------------| | ||||||
|   | |||||||
| @@ -4,6 +4,7 @@ | |||||||
|   * [BuildKit container logs](#buildkit-container-logs) |   * [BuildKit container logs](#buildkit-container-logs) | ||||||
|   * [With containerd](#with-containerd) |   * [With containerd](#with-containerd) | ||||||
| * [`repository name must be lowercase`](#repository-name-must-be-lowercase) | * [`repository name must be lowercase`](#repository-name-must-be-lowercase) | ||||||
|  | * [Image not loaded](#image-not-loaded) | ||||||
|  |  | ||||||
| ## Cannot push to a registry | ## Cannot push to a registry | ||||||
|  |  | ||||||
| @@ -44,13 +45,13 @@ jobs: | |||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|       - |       - | ||||||
|         name: Set up Docker Buildx |         name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|         with: |         with: | ||||||
|           buildkitd-flags: --debug |           buildkitd-flags: --debug | ||||||
|       - |       - | ||||||
| @@ -58,7 +59,7 @@ jobs: | |||||||
|         uses: crazy-max/ghaction-setup-containerd@v2 |         uses: crazy-max/ghaction-setup-containerd@v2 | ||||||
|       - |       - | ||||||
|         name: Build Docker image |         name: Build Docker image | ||||||
|         uses: docker/build-push-action@v4 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           context: . |           context: . | ||||||
|           platforms: linux/amd64,linux/arm64 |           platforms: linux/amd64,linux/arm64 | ||||||
| @@ -111,7 +112,7 @@ to generate sanitized tags: | |||||||
|     tags: latest |     tags: latest | ||||||
|  |  | ||||||
| - name: Build and push | - name: Build and push | ||||||
|   uses: docker/build-push-action@v4 |   uses: docker/build-push-action@v5 | ||||||
|   with: |   with: | ||||||
|     context: . |     context: . | ||||||
|     push: true |     push: true | ||||||
| @@ -129,9 +130,35 @@ Or a dedicated step to sanitize the slug: | |||||||
|     script: return 'ghcr.io/${{ github.repository }}'.toLowerCase() |     script: return 'ghcr.io/${{ github.repository }}'.toLowerCase() | ||||||
|  |  | ||||||
| - name: Build and push | - name: Build and push | ||||||
|   uses: docker/build-push-action@v4 |   uses: docker/build-push-action@v5 | ||||||
|   with: |   with: | ||||||
|     context: . |     context: . | ||||||
|     push: true |     push: true | ||||||
|     tags: ${{ steps.repo_slug.outputs.result }}:latest |     tags: ${{ steps.repo_slug.outputs.result }}:latest | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | ## Image not loaded | ||||||
|  |  | ||||||
|  | Sometimes when your workflows are heavy consumers of disk storage, it can happen that build-push-action declares that the built image is loaded, but then not found in the following workflow steps. | ||||||
|  |  | ||||||
|  | - You can use the following solution as workaround, to free space on disk before building docker image using the following workflow step | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  |       # Free disk space | ||||||
|  |       - name: Free Disk space | ||||||
|  |         shell: bash | ||||||
|  |         run: | | ||||||
|  |           sudo rm -rf /usr/local/lib/android  # will release about 10 GB if you don't need Android | ||||||
|  |           sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | - Another workaround can be to call `docker/setup-buildx-action` with docker driver | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | name: Set up Docker Buildx | ||||||
|  | uses: docker/setup-buildx-action@v3 | ||||||
|  | with: | ||||||
|  |   driver: docker | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | More details in the [related issue](https://github.com/docker/build-push-action/issues/321) | ||||||
|   | |||||||
| @@ -1,13 +1,16 @@ | |||||||
| import {beforeEach, describe, expect, jest, test} from '@jest/globals'; | import {beforeEach, describe, expect, jest, test} from '@jest/globals'; | ||||||
| import * as fs from 'fs'; | import * as fs from 'fs'; | ||||||
| import * as path from 'path'; | import * as path from 'path'; | ||||||
|  |  | ||||||
| import {Builder} from '@docker/actions-toolkit/lib/buildx/builder'; | import {Builder} from '@docker/actions-toolkit/lib/buildx/builder'; | ||||||
| import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx'; | import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx'; | ||||||
|  | import {Build} from '@docker/actions-toolkit/lib/buildx/build'; | ||||||
| import {Context} from '@docker/actions-toolkit/lib/context'; | import {Context} from '@docker/actions-toolkit/lib/context'; | ||||||
| import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; | import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; | ||||||
| import {GitHub} from '@docker/actions-toolkit/lib/github'; | import {GitHub} from '@docker/actions-toolkit/lib/github'; | ||||||
| import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | ||||||
| import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder'; |  | ||||||
|  | import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder'; | ||||||
| import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github'; | import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github'; | ||||||
|  |  | ||||||
| import * as context from '../src/context'; | import * as context from '../src/context'; | ||||||
| @@ -35,6 +38,16 @@ jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean> | |||||||
|   return true; |   return true; | ||||||
| }); | }); | ||||||
|  |  | ||||||
|  | const metadataJson = path.join(tmpDir, 'metadata.json'); | ||||||
|  | jest.spyOn(Build.prototype, 'getMetadataFilePath').mockImplementation((): string => { | ||||||
|  |   return metadataJson; | ||||||
|  | }); | ||||||
|  |  | ||||||
|  | const imageIDFilePath = path.join(tmpDir, 'iidfile.txt'); | ||||||
|  | jest.spyOn(Build.prototype, 'getImageIDFilePath').mockImplementation((): string => { | ||||||
|  |   return imageIDFilePath; | ||||||
|  | }); | ||||||
|  |  | ||||||
| jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => { | jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => { | ||||||
|   return { |   return { | ||||||
|     name: 'builder2', |     name: 'builder2', | ||||||
| @@ -78,7 +91,7 @@ describe('getArgs', () => { | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -101,7 +114,7 @@ ccc"`], | |||||||
|         '--build-arg', 'MY_ARG=val1,val2,val3', |         '--build-arg', 'MY_ARG=val1,val2,val3', | ||||||
|         '--build-arg', 'ARG=val', |         '--build-arg', 'ARG=val', | ||||||
|         '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`, |         '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`, | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         'https://github.com/docker/build-push-action.git#refs/heads/master' |         'https://github.com/docker/build-push-action.git#refs/heads/master' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -117,7 +130,7 @@ ccc"`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--tag', 'name/app:7.4', |         '--tag', 'name/app:7.4', | ||||||
|         '--tag', 'name/app:latest', |         '--tag', 'name/app:latest', | ||||||
|         'https://github.com/docker/build-push-action.git#refs/heads/master' |         'https://github.com/docker/build-push-action.git#refs/heads/master' | ||||||
| @@ -172,7 +185,7 @@ ccc"`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -189,7 +202,7 @@ ccc"`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, |         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
| @@ -230,7 +243,7 @@ ccc"`], | |||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--platform', 'linux/amd64,linux/arm64', |         '--platform', 'linux/amd64,linux/arm64', | ||||||
|         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, |         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, | ||||||
|         '--builder', 'builder-git-context-2', |         '--builder', 'builder-git-context-2', | ||||||
| @@ -264,7 +277,7 @@ ccc"`], | |||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--platform', 'linux/amd64,linux/arm64', |         '--platform', 'linux/amd64,linux/arm64', | ||||||
|         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, |         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, | ||||||
|         '--secret', `id=MYSECRET,src=${tmpName}`, |         '--secret', `id=MYSECRET,src=${tmpName}`, | ||||||
| @@ -301,7 +314,7 @@ ccc`], | |||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--platform', 'linux/amd64,linux/arm64', |         '--platform', 'linux/amd64,linux/arm64', | ||||||
|         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, |         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, | ||||||
|         '--secret', `id=MYSECRET,src=${tmpName}`, |         '--secret', `id=MYSECRET,src=${tmpName}`, | ||||||
| @@ -330,7 +343,7 @@ ccc`], | |||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--secret', `id=MY_SECRET,src=${tmpName}`, |         '--secret', `id=MY_SECRET,src=${tmpName}`, | ||||||
|         '--builder', 'builder-git-context-2', |         '--builder', 'builder-git-context-2', | ||||||
|         '--network', 'host', |         '--network', 'host', | ||||||
| @@ -377,8 +390,8 @@ ccc`], | |||||||
|         '--add-host', 'docker:10.180.0.1', |         '--add-host', 'docker:10.180.0.1', | ||||||
|         '--add-host', 'foo:10.0.0.1', |         '--add-host', 'foo:10.0.0.1', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '--network', 'host', |         '--network', 'host', | ||||||
|         '--push', |         '--push', | ||||||
|         '.' |         '.' | ||||||
| @@ -406,11 +419,11 @@ nproc=3`], | |||||||
|         '--add-host', 'foo:10.0.0.1', |         '--add-host', 'foo:10.0.0.1', | ||||||
|         '--cgroup-parent', 'foo', |         '--cgroup-parent', 'foo', | ||||||
|         '--file', './test/Dockerfile', |         '--file', './test/Dockerfile', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--shm-size', '2g', |         '--shm-size', '2g', | ||||||
|         '--ulimit', 'nofile=1024:1024', |         '--ulimit', 'nofile=1024:1024', | ||||||
|         '--ulimit', 'nproc=3', |         '--ulimit', 'nproc=3', | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -426,8 +439,8 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         'https://github.com/docker/build-push-action.git#refs/heads/master:docker' |         'https://github.com/docker/build-push-action.git#refs/heads/master:docker' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -444,9 +457,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, |         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         'https://github.com/docker/build-push-action.git#refs/heads/master:subdir' |         'https://github.com/docker/build-push-action.git#refs/heads/master:subdir' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -463,8 +476,8 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -480,9 +493,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, |         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -499,9 +512,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, |         '--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -518,9 +531,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, |         '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -537,9 +550,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--provenance", 'false', |         '--attest', 'type=provenance,disabled=true', | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -556,9 +569,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--provenance", 'builder-id=foo', |         '--attest', 'type=provenance,builder-id=foo', | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -575,9 +588,9 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         "--output", 'type=docker', |         "--output", 'type=docker', | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
| @@ -593,9 +606,196 @@ nproc=3`], | |||||||
|       ]), |       ]), | ||||||
|       [ |       [ | ||||||
|         'build', |         'build', | ||||||
|         '--iidfile', path.join(tmpDir, 'iidfile'), |         '--iidfile', imageIDFilePath, | ||||||
|         '--load', |         '--load', | ||||||
|         '--metadata-file', path.join(tmpDir, 'metadata-file'), |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       25, | ||||||
|  |       '0.10.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['build-args', `FOO=bar#baz`], | ||||||
|  |         ['load', 'true'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--build-arg', 'FOO=bar#baz', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--load', | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       26, | ||||||
|  |       '0.10.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['load', 'true'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |         ['secret-envs', `MY_SECRET=MY_SECRET_ENV | ||||||
|  | ANOTHER_SECRET=ANOTHER_SECRET_ENV`] | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--secret', 'id=MY_SECRET,env=MY_SECRET_ENV', | ||||||
|  |         '--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--load', | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       27, | ||||||
|  |       '0.10.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['load', 'true'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |         ['secret-envs', 'MY_SECRET=MY_SECRET_ENV,ANOTHER_SECRET=ANOTHER_SECRET_ENV'] | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--secret', 'id=MY_SECRET,env=MY_SECRET_ENV', | ||||||
|  |         '--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--load', | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       28, | ||||||
|  |       '0.11.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'], | ||||||
|  |         ['outputs', 'type=local,dest=./release-out'], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--output', 'type=local,dest=./release-out', | ||||||
|  |         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       29, | ||||||
|  |       '0.12.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'], | ||||||
|  |         ['outputs', 'type=local,dest=./release-out'], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--annotation', 'example1=www', | ||||||
|  |         '--annotation', 'index:example2=xxx', | ||||||
|  |         '--annotation', 'manifest:example3=yyy', | ||||||
|  |         '--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz', | ||||||
|  |         '--output', 'type=local,dest=./release-out', | ||||||
|  |         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       30, | ||||||
|  |       '0.12.0', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['outputs', `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         "--output", `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`, | ||||||
|  |         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       31, | ||||||
|  |       '0.13.1', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |         ['provenance', 'mode=max'], | ||||||
|  |         ['sbom', 'true'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--attest', `type=sbom,disabled=false`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       32, | ||||||
|  |       '0.13.1', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |         ['attests', 'type=provenance,mode=min'], | ||||||
|  |         ['provenance', 'mode=max'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|  |         '.' | ||||||
|  |       ] | ||||||
|  |     ], | ||||||
|  |     [ | ||||||
|  |       33, | ||||||
|  |       '0.13.1', | ||||||
|  |       new Map<string, string>([ | ||||||
|  |         ['context', '.'], | ||||||
|  |         ['load', 'false'], | ||||||
|  |         ['no-cache', 'false'], | ||||||
|  |         ['push', 'false'], | ||||||
|  |         ['pull', 'false'], | ||||||
|  |         ['attests', 'type=provenance,mode=min'], | ||||||
|  |       ]), | ||||||
|  |       [ | ||||||
|  |         'build', | ||||||
|  |         '--iidfile', imageIDFilePath, | ||||||
|  |         '--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, | ||||||
|  |         '--metadata-file', metadataJson, | ||||||
|         '.' |         '.' | ||||||
|       ] |       ] | ||||||
|     ], |     ], | ||||||
|   | |||||||
| @@ -13,6 +13,9 @@ inputs: | |||||||
|   allow: |   allow: | ||||||
|     description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" |     description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" | ||||||
|     required: false |     required: false | ||||||
|  |   annotations: | ||||||
|  |     description: "List of annotation to set to the image" | ||||||
|  |     required: false | ||||||
|   attests: |   attests: | ||||||
|     description: "List of attestation parameters (e.g., type=sbom,generator=image)" |     description: "List of attestation parameters (e.g., type=sbom,generator=image)" | ||||||
|     required: false |     required: false | ||||||
| @@ -80,6 +83,9 @@ inputs: | |||||||
|   secrets: |   secrets: | ||||||
|     description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" |     description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)" | ||||||
|     required: false |     required: false | ||||||
|  |   secret-envs: | ||||||
|  |     description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)" | ||||||
|  |     required: false | ||||||
|   secret-files: |   secret-files: | ||||||
|     description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" |     description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)" | ||||||
|     required: false |     required: false | ||||||
| @@ -112,6 +118,6 @@ outputs: | |||||||
|     description: 'Build result metadata' |     description: 'Build result metadata' | ||||||
|  |  | ||||||
| runs: | runs: | ||||||
|   using: 'node16' |   using: 'node20' | ||||||
|   main: 'dist/index.js' |   main: 'dist/index.js' | ||||||
|   post: 'dist/index.js' |   post: 'dist/index.js' | ||||||
|   | |||||||
| @@ -1,15 +1,20 @@ | |||||||
| # syntax=docker/dockerfile:1 | # syntax=docker/dockerfile:1 | ||||||
|  |  | ||||||
| ARG NODE_VERSION=16 | ARG NODE_VERSION=20 | ||||||
| ARG DOCKER_VERSION=20.10.13 |  | ||||||
| ARG BUILDX_VERSION=0.8.0 |  | ||||||
|  |  | ||||||
| FROM node:${NODE_VERSION}-alpine AS base | FROM node:${NODE_VERSION}-alpine AS base | ||||||
| RUN apk add --no-cache cpio findutils git | RUN apk add --no-cache cpio findutils git | ||||||
| WORKDIR /src | WORKDIR /src | ||||||
|  | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache <<EOT | ||||||
|  |   corepack enable | ||||||
|  |   yarn --version | ||||||
|  |   yarn config set --home enableTelemetry 0 | ||||||
|  | EOT | ||||||
|  |  | ||||||
| FROM base AS deps | FROM base AS deps | ||||||
| RUN --mount=type=bind,target=.,rw \ | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache \ | ||||||
|   --mount=type=cache,target=/src/node_modules \ |   --mount=type=cache,target=/src/node_modules \ | ||||||
|   yarn install && mkdir /vendor && cp yarn.lock /vendor |   yarn install && mkdir /vendor && cp yarn.lock /vendor | ||||||
|  |  | ||||||
| @@ -18,18 +23,19 @@ COPY --from=deps /vendor / | |||||||
|  |  | ||||||
| FROM deps AS vendor-validate | FROM deps AS vendor-validate | ||||||
| RUN --mount=type=bind,target=.,rw <<EOT | RUN --mount=type=bind,target=.,rw <<EOT | ||||||
| set -e |   set -e | ||||||
| git add -A |   git add -A | ||||||
| cp -rf /vendor/* . |   cp -rf /vendor/* . | ||||||
| if [ -n "$(git status --porcelain -- yarn.lock)" ]; then |   if [ -n "$(git status --porcelain -- yarn.lock)" ]; then | ||||||
|   echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"' |     echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"' | ||||||
|   git status --porcelain -- yarn.lock |     git status --porcelain -- yarn.lock | ||||||
|   exit 1 |     exit 1 | ||||||
| fi |   fi | ||||||
| EOT | EOT | ||||||
|  |  | ||||||
| FROM deps AS build | FROM deps AS build | ||||||
| RUN --mount=type=bind,target=.,rw \ | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache \ | ||||||
|   --mount=type=cache,target=/src/node_modules \ |   --mount=type=cache,target=/src/node_modules \ | ||||||
|   yarn run build && mkdir /out && cp -Rf dist /out/ |   yarn run build && mkdir /out && cp -Rf dist /out/ | ||||||
|  |  | ||||||
| @@ -38,39 +44,37 @@ COPY --from=build /out / | |||||||
|  |  | ||||||
| FROM build AS build-validate | FROM build AS build-validate | ||||||
| RUN --mount=type=bind,target=.,rw <<EOT | RUN --mount=type=bind,target=.,rw <<EOT | ||||||
| set -e |   set -e | ||||||
| git add -A |   git add -A | ||||||
| cp -rf /out/* . |   cp -rf /out/* . | ||||||
| if [ -n "$(git status --porcelain -- dist)" ]; then |   if [ -n "$(git status --porcelain -- dist)" ]; then | ||||||
|   echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"' |     echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"' | ||||||
|   git status --porcelain -- dist |     git status --porcelain -- dist | ||||||
|   exit 1 |     exit 1 | ||||||
| fi |   fi | ||||||
| EOT | EOT | ||||||
|  |  | ||||||
| FROM deps AS format | FROM deps AS format | ||||||
| RUN --mount=type=bind,target=.,rw \ | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache \ | ||||||
|   --mount=type=cache,target=/src/node_modules \ |   --mount=type=cache,target=/src/node_modules \ | ||||||
|   yarn run format \ |   yarn run format \ | ||||||
|   && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out |   && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out | ||||||
|  |  | ||||||
| FROM scratch AS format-update | FROM scratch AS format-update | ||||||
| COPY --from=format /out / | COPY --from=format /out / | ||||||
|  |  | ||||||
| FROM deps AS lint | FROM deps AS lint | ||||||
| RUN --mount=type=bind,target=.,rw \ | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache \ | ||||||
|   --mount=type=cache,target=/src/node_modules \ |   --mount=type=cache,target=/src/node_modules \ | ||||||
|   yarn run lint |   yarn run lint | ||||||
|  |  | ||||||
| FROM docker:${DOCKER_VERSION} as docker |  | ||||||
| FROM docker/buildx-bin:${BUILDX_VERSION} as buildx |  | ||||||
|  |  | ||||||
| FROM deps AS test | FROM deps AS test | ||||||
| RUN --mount=type=bind,target=.,rw \ | RUN --mount=type=bind,target=.,rw \ | ||||||
|  |   --mount=type=cache,target=/src/.yarn/cache \ | ||||||
|   --mount=type=cache,target=/src/node_modules \ |   --mount=type=cache,target=/src/node_modules \ | ||||||
|   --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \ |   yarn run test --coverage --coverageDirectory=/tmp/coverage | ||||||
|   --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \ |  | ||||||
|   yarn run test --coverageDirectory=/tmp/coverage |  | ||||||
|  |  | ||||||
| FROM scratch AS test-coverage | FROM scratch AS test-coverage | ||||||
| COPY --from=test /tmp/coverage / | COPY --from=test /tmp/coverage / | ||||||
|   | |||||||
							
								
								
									
										92
									
								
								dist/index.js
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										92
									
								
								dist/index.js
									
									
									
										generated
									
									
										vendored
									
									
								
							
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							
							
								
								
									
										2
									
								
								dist/index.js.map
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								dist/index.js.map
									
									
									
										generated
									
									
										vendored
									
									
								
							
										
											
												File diff suppressed because one or more lines are too long
											
										
									
								
							
							
								
								
									
										2799
									
								
								dist/licenses.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										2799
									
								
								dist/licenses.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -3,7 +3,7 @@ group "default" { | |||||||
| } | } | ||||||
|  |  | ||||||
| group "pre-checkin" { | group "pre-checkin" { | ||||||
|   targets = ["vendor-update", "format", "build"] |   targets = ["vendor", "format", "build"] | ||||||
| } | } | ||||||
|  |  | ||||||
| group "validate" { | group "validate" { | ||||||
| @@ -34,7 +34,7 @@ target "lint" { | |||||||
|   output = ["type=cacheonly"] |   output = ["type=cacheonly"] | ||||||
| } | } | ||||||
|  |  | ||||||
| target "vendor-update" { | target "vendor" { | ||||||
|   dockerfile = "dev.Dockerfile" |   dockerfile = "dev.Dockerfile" | ||||||
|   target = "vendor-update" |   target = "vendor-update" | ||||||
|   output = ["."] |   output = ["."] | ||||||
|   | |||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Cache |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/cache/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Copy images between registries |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/copy-image-registries/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Update Docker Hub repo description |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Export image to Docker |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/export-docker/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Isolated builders |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Local registry |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/local-registry/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Multi-platform image |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/multi-platform/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Named contexts |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/named-contexts/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Push to multi-registries |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/push-multi-registries/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Secrets |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/secrets/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Share built image between jobs |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/share-image-jobs/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Handle tags and labels |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/) |  | ||||||
| @@ -1,3 +0,0 @@ | |||||||
| # Test your image before pushing it |  | ||||||
|  |  | ||||||
| This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/test-before-push/) |  | ||||||
							
								
								
									
										55
									
								
								package.json
									
									
									
									
									
								
							
							
						
						
									
										55
									
								
								package.json
									
									
									
									
									
								
							| @@ -1,13 +1,16 @@ | |||||||
| { | { | ||||||
|   "name": "docker-build-push", |   "name": "docker-build-push", | ||||||
|   "description": "Build and push Docker images", |   "description": "Build and push Docker images", | ||||||
|   "main": "lib/main.js", |   "main": "src/main.ts", | ||||||
|   "scripts": { |   "scripts": { | ||||||
|     "build": "ncc build src/main.ts --source-map --minify --license licenses.txt", |     "build": "ncc build --source-map --minify --license licenses.txt", | ||||||
|     "lint": "eslint src/**/*.ts __tests__/**/*.ts", |     "lint": "yarn run prettier && yarn run eslint", | ||||||
|     "format": "eslint --fix src/**/*.ts __tests__/**/*.ts", |     "format": "yarn run prettier:fix && yarn run eslint:fix", | ||||||
|     "test": "jest --coverage", |     "eslint": "eslint --max-warnings=0 .", | ||||||
|     "all": "yarn run build && yarn run format && yarn test" |     "eslint:fix": "eslint --fix .", | ||||||
|  |     "prettier": "prettier --check \"./**/*.ts\"", | ||||||
|  |     "prettier:fix": "prettier --write \"./**/*.ts\"", | ||||||
|  |     "test": "jest" | ||||||
|   }, |   }, | ||||||
|   "repository": { |   "repository": { | ||||||
|     "type": "git", |     "type": "git", | ||||||
| @@ -19,33 +22,27 @@ | |||||||
|     "build", |     "build", | ||||||
|     "push" |     "push" | ||||||
|   ], |   ], | ||||||
|   "author": "Docker", |   "author": "Docker Inc.", | ||||||
|   "contributors": [ |  | ||||||
|     { |  | ||||||
|       "name": "CrazyMax", |  | ||||||
|       "url": "https://crazymax.dev" |  | ||||||
|     } |  | ||||||
|   ], |  | ||||||
|   "license": "Apache-2.0", |   "license": "Apache-2.0", | ||||||
|  |   "packageManager": "yarn@3.6.3", | ||||||
|   "dependencies": { |   "dependencies": { | ||||||
|     "@actions/core": "^1.10.0", |     "@actions/core": "^1.10.1", | ||||||
|     "@docker/actions-toolkit": "^0.3.0", |     "@docker/actions-toolkit": "0.24.0", | ||||||
|     "handlebars": "^4.7.7" |     "handlebars": "^4.7.7" | ||||||
|   }, |   }, | ||||||
|   "devDependencies": { |   "devDependencies": { | ||||||
|     "@types/csv-parse": "^1.2.2", |     "@types/node": "^20.12.12", | ||||||
|     "@types/node": "^16.18.21", |     "@typescript-eslint/eslint-plugin": "^7.9.0", | ||||||
|     "@typescript-eslint/eslint-plugin": "^5.56.0", |     "@typescript-eslint/parser": "^7.9.0", | ||||||
|     "@typescript-eslint/parser": "^5.56.0", |     "@vercel/ncc": "^0.38.1", | ||||||
|     "@vercel/ncc": "^0.36.1", |     "eslint": "^8.57.0", | ||||||
|     "eslint": "^8.36.0", |     "eslint-config-prettier": "^9.1.0", | ||||||
|     "eslint-config-prettier": "^8.8.0", |     "eslint-plugin-jest": "^28.5.0", | ||||||
|     "eslint-plugin-jest": "^27.2.1", |     "eslint-plugin-prettier": "^5.1.3", | ||||||
|     "eslint-plugin-prettier": "^4.2.1", |     "jest": "^29.7.0", | ||||||
|     "jest": "^29.5.0", |     "prettier": "^3.2.5", | ||||||
|     "prettier": "^2.8.7", |     "ts-jest": "^29.1.2", | ||||||
|     "ts-jest": "^29.0.5", |     "ts-node": "^10.9.2", | ||||||
|     "ts-node": "^10.9.1", |     "typescript": "^5.4.5" | ||||||
|     "typescript": "^4.9.5" |  | ||||||
|   } |   } | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										180
									
								
								src/context.ts
									
									
									
									
									
								
							
							
						
						
									
										180
									
								
								src/context.ts
									
									
									
									
									
								
							| @@ -1,28 +1,30 @@ | |||||||
| import * as core from '@actions/core'; | import * as core from '@actions/core'; | ||||||
| import * as handlebars from 'handlebars'; | import * as handlebars from 'handlebars'; | ||||||
|  |  | ||||||
|  | import {Build} from '@docker/actions-toolkit/lib/buildx/build'; | ||||||
| import {Context} from '@docker/actions-toolkit/lib/context'; | import {Context} from '@docker/actions-toolkit/lib/context'; | ||||||
| import {GitHub} from '@docker/actions-toolkit/lib/github'; | import {GitHub} from '@docker/actions-toolkit/lib/github'; | ||||||
| import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs'; |  | ||||||
| import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | ||||||
| import {Util} from '@docker/actions-toolkit/lib/util'; | import {Util} from '@docker/actions-toolkit/lib/util'; | ||||||
|  |  | ||||||
| export interface Inputs { | export interface Inputs { | ||||||
|   addHosts: string[]; |   'add-hosts': string[]; | ||||||
|   allow: string[]; |   allow: string[]; | ||||||
|  |   annotations: string[]; | ||||||
|   attests: string[]; |   attests: string[]; | ||||||
|   buildArgs: string[]; |   'build-args': string[]; | ||||||
|   buildContexts: string[]; |   'build-contexts': string[]; | ||||||
|   builder: string; |   builder: string; | ||||||
|   cacheFrom: string[]; |   'cache-from': string[]; | ||||||
|   cacheTo: string[]; |   'cache-to': string[]; | ||||||
|   cgroupParent: string; |   'cgroup-parent': string; | ||||||
|   context: string; |   context: string; | ||||||
|   file: string; |   file: string; | ||||||
|   labels: string[]; |   labels: string[]; | ||||||
|   load: boolean; |   load: boolean; | ||||||
|   network: string; |   network: string; | ||||||
|   noCache: boolean; |   'no-cache': boolean; | ||||||
|   noCacheFilters: string[]; |   'no-cache-filters': string[]; | ||||||
|   outputs: string[]; |   outputs: string[]; | ||||||
|   platforms: string[]; |   platforms: string[]; | ||||||
|   provenance: string; |   provenance: string; | ||||||
| @@ -30,47 +32,50 @@ export interface Inputs { | |||||||
|   push: boolean; |   push: boolean; | ||||||
|   sbom: string; |   sbom: string; | ||||||
|   secrets: string[]; |   secrets: string[]; | ||||||
|   secretFiles: string[]; |   'secret-envs': string[]; | ||||||
|   shmSize: string; |   'secret-files': string[]; | ||||||
|  |   'shm-size': string; | ||||||
|   ssh: string[]; |   ssh: string[]; | ||||||
|   tags: string[]; |   tags: string[]; | ||||||
|   target: string; |   target: string; | ||||||
|   ulimit: string[]; |   ulimit: string[]; | ||||||
|   githubToken: string; |   'github-token': string; | ||||||
| } | } | ||||||
|  |  | ||||||
| export async function getInputs(): Promise<Inputs> { | export async function getInputs(): Promise<Inputs> { | ||||||
|   return { |   return { | ||||||
|     addHosts: Util.getInputList('add-hosts'), |     'add-hosts': Util.getInputList('add-hosts'), | ||||||
|     allow: Util.getInputList('allow'), |     allow: Util.getInputList('allow'), | ||||||
|  |     annotations: Util.getInputList('annotations', {ignoreComma: true}), | ||||||
|     attests: Util.getInputList('attests', {ignoreComma: true}), |     attests: Util.getInputList('attests', {ignoreComma: true}), | ||||||
|     buildArgs: Util.getInputList('build-args', {ignoreComma: true}), |     'build-args': Util.getInputList('build-args', {ignoreComma: true}), | ||||||
|     buildContexts: Util.getInputList('build-contexts', {ignoreComma: true}), |     'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}), | ||||||
|     builder: core.getInput('builder'), |     builder: core.getInput('builder'), | ||||||
|     cacheFrom: Util.getInputList('cache-from', {ignoreComma: true}), |     'cache-from': Util.getInputList('cache-from', {ignoreComma: true}), | ||||||
|     cacheTo: Util.getInputList('cache-to', {ignoreComma: true}), |     'cache-to': Util.getInputList('cache-to', {ignoreComma: true}), | ||||||
|     cgroupParent: core.getInput('cgroup-parent'), |     'cgroup-parent': core.getInput('cgroup-parent'), | ||||||
|     context: core.getInput('context') || Context.gitContext(), |     context: core.getInput('context') || Context.gitContext(), | ||||||
|     file: core.getInput('file'), |     file: core.getInput('file'), | ||||||
|     labels: Util.getInputList('labels', {ignoreComma: true}), |     labels: Util.getInputList('labels', {ignoreComma: true}), | ||||||
|     load: core.getBooleanInput('load'), |     load: core.getBooleanInput('load'), | ||||||
|     network: core.getInput('network'), |     network: core.getInput('network'), | ||||||
|     noCache: core.getBooleanInput('no-cache'), |     'no-cache': core.getBooleanInput('no-cache'), | ||||||
|     noCacheFilters: Util.getInputList('no-cache-filters'), |     'no-cache-filters': Util.getInputList('no-cache-filters'), | ||||||
|     outputs: Util.getInputList('outputs', {ignoreComma: true}), |     outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}), | ||||||
|     platforms: Util.getInputList('platforms'), |     platforms: Util.getInputList('platforms'), | ||||||
|     provenance: BuildxInputs.getProvenanceInput('provenance'), |     provenance: Build.getProvenanceInput('provenance'), | ||||||
|     pull: core.getBooleanInput('pull'), |     pull: core.getBooleanInput('pull'), | ||||||
|     push: core.getBooleanInput('push'), |     push: core.getBooleanInput('push'), | ||||||
|     sbom: core.getInput('sbom'), |     sbom: core.getInput('sbom'), | ||||||
|     secrets: Util.getInputList('secrets', {ignoreComma: true}), |     secrets: Util.getInputList('secrets', {ignoreComma: true}), | ||||||
|     secretFiles: Util.getInputList('secret-files', {ignoreComma: true}), |     'secret-envs': Util.getInputList('secret-envs'), | ||||||
|     shmSize: core.getInput('shm-size'), |     'secret-files': Util.getInputList('secret-files', {ignoreComma: true}), | ||||||
|  |     'shm-size': core.getInput('shm-size'), | ||||||
|     ssh: Util.getInputList('ssh'), |     ssh: Util.getInputList('ssh'), | ||||||
|     tags: Util.getInputList('tags'), |     tags: Util.getInputList('tags'), | ||||||
|     target: core.getInput('target'), |     target: core.getInput('target'), | ||||||
|     ulimit: Util.getInputList('ulimit', {ignoreComma: true}), |     ulimit: Util.getInputList('ulimit', {ignoreComma: true}), | ||||||
|     githubToken: core.getInput('github-token') |     'github-token': core.getInput('github-token') | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -88,44 +93,55 @@ export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<s | |||||||
|  |  | ||||||
| async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> { | async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> { | ||||||
|   const args: Array<string> = ['build']; |   const args: Array<string> = ['build']; | ||||||
|   await Util.asyncForEach(inputs.addHosts, async addHost => { |   await Util.asyncForEach(inputs['add-hosts'], async addHost => { | ||||||
|     args.push('--add-host', addHost); |     args.push('--add-host', addHost); | ||||||
|   }); |   }); | ||||||
|   if (inputs.allow.length > 0) { |   if (inputs.allow.length > 0) { | ||||||
|     args.push('--allow', inputs.allow.join(',')); |     args.push('--allow', inputs.allow.join(',')); | ||||||
|   } |   } | ||||||
|   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) { |   if (await toolkit.buildx.versionSatisfies('>=0.12.0')) { | ||||||
|     await Util.asyncForEach(inputs.attests, async attest => { |     await Util.asyncForEach(inputs.annotations, async annotation => { | ||||||
|       args.push('--attest', attest); |       args.push('--annotation', annotation); | ||||||
|     }); |     }); | ||||||
|  |   } else if (inputs.annotations.length > 0) { | ||||||
|  |     core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored."); | ||||||
|   } |   } | ||||||
|   await Util.asyncForEach(inputs.buildArgs, async buildArg => { |   await Util.asyncForEach(inputs['build-args'], async buildArg => { | ||||||
|     args.push('--build-arg', buildArg); |     args.push('--build-arg', buildArg); | ||||||
|   }); |   }); | ||||||
|   if (await toolkit.buildx.versionSatisfies('>=0.8.0')) { |   if (await toolkit.buildx.versionSatisfies('>=0.8.0')) { | ||||||
|     await Util.asyncForEach(inputs.buildContexts, async buildContext => { |     await Util.asyncForEach(inputs['build-contexts'], async buildContext => { | ||||||
|       args.push('--build-context', buildContext); |       args.push('--build-context', buildContext); | ||||||
|     }); |     }); | ||||||
|  |   } else if (inputs['build-contexts'].length > 0) { | ||||||
|  |     core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored."); | ||||||
|   } |   } | ||||||
|   await Util.asyncForEach(inputs.cacheFrom, async cacheFrom => { |   await Util.asyncForEach(inputs['cache-from'], async cacheFrom => { | ||||||
|     args.push('--cache-from', cacheFrom); |     args.push('--cache-from', cacheFrom); | ||||||
|   }); |   }); | ||||||
|   await Util.asyncForEach(inputs.cacheTo, async cacheTo => { |   await Util.asyncForEach(inputs['cache-to'], async cacheTo => { | ||||||
|     args.push('--cache-to', cacheTo); |     args.push('--cache-to', cacheTo); | ||||||
|   }); |   }); | ||||||
|   if (inputs.cgroupParent) { |   if (inputs['cgroup-parent']) { | ||||||
|     args.push('--cgroup-parent', inputs.cgroupParent); |     args.push('--cgroup-parent', inputs['cgroup-parent']); | ||||||
|   } |   } | ||||||
|  |   await Util.asyncForEach(inputs['secret-envs'], async secretEnv => { | ||||||
|  |     try { | ||||||
|  |       args.push('--secret', Build.resolveSecretEnv(secretEnv)); | ||||||
|  |     } catch (err) { | ||||||
|  |       core.warning(err.message); | ||||||
|  |     } | ||||||
|  |   }); | ||||||
|   if (inputs.file) { |   if (inputs.file) { | ||||||
|     args.push('--file', inputs.file); |     args.push('--file', inputs.file); | ||||||
|   } |   } | ||||||
|   if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) { |   if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) { | ||||||
|     args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath()); |     args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath()); | ||||||
|   } |   } | ||||||
|   await Util.asyncForEach(inputs.labels, async label => { |   await Util.asyncForEach(inputs.labels, async label => { | ||||||
|     args.push('--label', label); |     args.push('--label', label); | ||||||
|   }); |   }); | ||||||
|   await Util.asyncForEach(inputs.noCacheFilters, async noCacheFilter => { |   await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => { | ||||||
|     args.push('--no-cache-filter', noCacheFilter); |     args.push('--no-cache-filter', noCacheFilter); | ||||||
|   }); |   }); | ||||||
|   await Util.asyncForEach(inputs.outputs, async output => { |   await Util.asyncForEach(inputs.outputs, async output => { | ||||||
| @@ -135,44 +151,29 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): | |||||||
|     args.push('--platform', inputs.platforms.join(',')); |     args.push('--platform', inputs.platforms.join(',')); | ||||||
|   } |   } | ||||||
|   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) { |   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) { | ||||||
|     if (inputs.provenance) { |     args.push(...(await getAttestArgs(inputs, toolkit))); | ||||||
|       args.push('--provenance', inputs.provenance); |   } else { | ||||||
|     } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) { |     core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored."); | ||||||
|       // if provenance not specified and BuildKit version compatible for |  | ||||||
|       // attestation, set default provenance. Also needs to make sure user |  | ||||||
|       // doesn't want to explicitly load the image to docker. |  | ||||||
|       if (GitHub.context.payload.repository?.private ?? false) { |  | ||||||
|         // if this is a private repository, we set the default provenance |  | ||||||
|         // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603 |  | ||||||
|         args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`)); |  | ||||||
|       } else { |  | ||||||
|         // for a public repository, we set max provenance mode. |  | ||||||
|         args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`)); |  | ||||||
|       } |  | ||||||
|     } |  | ||||||
|     if (inputs.sbom) { |  | ||||||
|       args.push('--sbom', inputs.sbom); |  | ||||||
|     } |  | ||||||
|   } |   } | ||||||
|   await Util.asyncForEach(inputs.secrets, async secret => { |   await Util.asyncForEach(inputs.secrets, async secret => { | ||||||
|     try { |     try { | ||||||
|       args.push('--secret', BuildxInputs.resolveBuildSecretString(secret)); |       args.push('--secret', Build.resolveSecretString(secret)); | ||||||
|     } catch (err) { |     } catch (err) { | ||||||
|       core.warning(err.message); |       core.warning(err.message); | ||||||
|     } |     } | ||||||
|   }); |   }); | ||||||
|   await Util.asyncForEach(inputs.secretFiles, async secretFile => { |   await Util.asyncForEach(inputs['secret-files'], async secretFile => { | ||||||
|     try { |     try { | ||||||
|       args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile)); |       args.push('--secret', Build.resolveSecretFile(secretFile)); | ||||||
|     } catch (err) { |     } catch (err) { | ||||||
|       core.warning(err.message); |       core.warning(err.message); | ||||||
|     } |     } | ||||||
|   }); |   }); | ||||||
|   if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) { |   if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) { | ||||||
|     args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`)); |     args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`)); | ||||||
|   } |   } | ||||||
|   if (inputs.shmSize) { |   if (inputs['shm-size']) { | ||||||
|     args.push('--shm-size', inputs.shmSize); |     args.push('--shm-size', inputs['shm-size']); | ||||||
|   } |   } | ||||||
|   await Util.asyncForEach(inputs.ssh, async ssh => { |   await Util.asyncForEach(inputs.ssh, async ssh => { | ||||||
|     args.push('--ssh', ssh); |     args.push('--ssh', ssh); | ||||||
| @@ -198,12 +199,12 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st | |||||||
|     args.push('--load'); |     args.push('--load'); | ||||||
|   } |   } | ||||||
|   if (await toolkit.buildx.versionSatisfies('>=0.6.0')) { |   if (await toolkit.buildx.versionSatisfies('>=0.6.0')) { | ||||||
|     args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath()); |     args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath()); | ||||||
|   } |   } | ||||||
|   if (inputs.network) { |   if (inputs.network) { | ||||||
|     args.push('--network', inputs.network); |     args.push('--network', inputs.network); | ||||||
|   } |   } | ||||||
|   if (inputs.noCache) { |   if (inputs['no-cache']) { | ||||||
|     args.push('--no-cache'); |     args.push('--no-cache'); | ||||||
|   } |   } | ||||||
|   if (inputs.pull) { |   if (inputs.pull) { | ||||||
| @@ -214,3 +215,52 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st | |||||||
|   } |   } | ||||||
|   return args; |   return args; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> { | ||||||
|  |   const args: Array<string> = []; | ||||||
|  |  | ||||||
|  |   // check if provenance attestation is set in attests input | ||||||
|  |   let hasAttestProvenance = false; | ||||||
|  |   await Util.asyncForEach(inputs.attests, async (attest: string) => { | ||||||
|  |     if (Build.hasAttestationType('provenance', attest)) { | ||||||
|  |       hasAttestProvenance = true; | ||||||
|  |     } | ||||||
|  |   }); | ||||||
|  |  | ||||||
|  |   let provenanceSet = false; | ||||||
|  |   let sbomSet = false; | ||||||
|  |   if (inputs.provenance) { | ||||||
|  |     args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`)); | ||||||
|  |     provenanceSet = true; | ||||||
|  |   } else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) { | ||||||
|  |     // if provenance not specified in provenance or attests inputs and BuildKit | ||||||
|  |     // version compatible for attestation, set default provenance. Also needs | ||||||
|  |     // to make sure user doesn't want to explicitly load the image to docker. | ||||||
|  |     if (GitHub.context.payload.repository?.private ?? false) { | ||||||
|  |       // if this is a private repository, we set the default provenance | ||||||
|  |       // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603 | ||||||
|  |       args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`); | ||||||
|  |     } else { | ||||||
|  |       // for a public repository, we set max provenance mode. | ||||||
|  |       args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |   if (inputs.sbom) { | ||||||
|  |     args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`)); | ||||||
|  |     sbomSet = true; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // set attests but check if provenance or sbom types already set as | ||||||
|  |   // provenance and sbom inputs take precedence over attests input. | ||||||
|  |   await Util.asyncForEach(inputs.attests, async (attest: string) => { | ||||||
|  |     if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) { | ||||||
|  |       args.push('--attest', Build.resolveAttestationAttrs(attest)); | ||||||
|  |     } else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) { | ||||||
|  |       args.push('--attest', Build.resolveProvenanceAttrs(attest)); | ||||||
|  |     } else if (!sbomSet && Build.hasAttestationType('sbom', attest)) { | ||||||
|  |       args.push('--attest', attest); | ||||||
|  |     } | ||||||
|  |   }); | ||||||
|  |  | ||||||
|  |   return args; | ||||||
|  | } | ||||||
|   | |||||||
							
								
								
									
										53
									
								
								src/main.ts
									
									
									
									
									
								
							
							
						
						
									
										53
									
								
								src/main.ts
									
									
									
									
									
								
							| @@ -1,20 +1,25 @@ | |||||||
| import * as fs from 'fs'; | import * as fs from 'fs'; | ||||||
|  | import * as path from 'path'; | ||||||
| import * as stateHelper from './state-helper'; | import * as stateHelper from './state-helper'; | ||||||
| import * as core from '@actions/core'; | import * as core from '@actions/core'; | ||||||
| import * as actionsToolkit from '@docker/actions-toolkit'; | import * as actionsToolkit from '@docker/actions-toolkit'; | ||||||
|  |  | ||||||
| import {Context} from '@docker/actions-toolkit/lib/context'; | import {Context} from '@docker/actions-toolkit/lib/context'; | ||||||
| import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; | import {Docker} from '@docker/actions-toolkit/lib/docker/docker'; | ||||||
| import {Exec} from '@docker/actions-toolkit/lib/exec'; | import {Exec} from '@docker/actions-toolkit/lib/exec'; | ||||||
| import {GitHub} from '@docker/actions-toolkit/lib/github'; | import {GitHub} from '@docker/actions-toolkit/lib/github'; | ||||||
| import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs'; |  | ||||||
| import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | import {Toolkit} from '@docker/actions-toolkit/lib/toolkit'; | ||||||
|  |  | ||||||
|  | import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker'; | ||||||
|  |  | ||||||
| import * as context from './context'; | import * as context from './context'; | ||||||
|  |  | ||||||
| actionsToolkit.run( | actionsToolkit.run( | ||||||
|   // main |   // main | ||||||
|   async () => { |   async () => { | ||||||
|     const inputs: context.Inputs = await context.getInputs(); |     const inputs: context.Inputs = await context.getInputs(); | ||||||
|  |     core.debug(`inputs: ${JSON.stringify(inputs)}`); | ||||||
|  |  | ||||||
|     const toolkit = new Toolkit(); |     const toolkit = new Toolkit(); | ||||||
|  |  | ||||||
|     await core.group(`GitHub Actions runtime token ACs`, async () => { |     await core.group(`GitHub Actions runtime token ACs`, async () => { | ||||||
| @@ -34,6 +39,31 @@ actionsToolkit.run( | |||||||
|       } |       } | ||||||
|     }); |     }); | ||||||
|  |  | ||||||
|  |     await core.group(`Proxy configuration`, async () => { | ||||||
|  |       let dockerConfig: ConfigFile | undefined; | ||||||
|  |       let dockerConfigMalformed = false; | ||||||
|  |       try { | ||||||
|  |         dockerConfig = await Docker.configFile(); | ||||||
|  |       } catch (e) { | ||||||
|  |         dockerConfigMalformed = true; | ||||||
|  |         core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`); | ||||||
|  |       } | ||||||
|  |       if (dockerConfig && dockerConfig.proxies) { | ||||||
|  |         for (const host in dockerConfig.proxies) { | ||||||
|  |           let prefix = ''; | ||||||
|  |           if (Object.keys(dockerConfig.proxies).length > 1) { | ||||||
|  |             prefix = '  '; | ||||||
|  |             core.info(host); | ||||||
|  |           } | ||||||
|  |           for (const key in dockerConfig.proxies[host]) { | ||||||
|  |             core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`); | ||||||
|  |           } | ||||||
|  |         } | ||||||
|  |       } else if (!dockerConfigMalformed) { | ||||||
|  |         core.info('No proxy configuration found'); | ||||||
|  |       } | ||||||
|  |     }); | ||||||
|  |  | ||||||
|     if (!(await toolkit.buildx.isAvailable())) { |     if (!(await toolkit.buildx.isAvailable())) { | ||||||
|       core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`); |       core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`); | ||||||
|       return; |       return; | ||||||
| @@ -45,8 +75,18 @@ actionsToolkit.run( | |||||||
|       await toolkit.buildx.printVersion(); |       await toolkit.buildx.printVersion(); | ||||||
|     }); |     }); | ||||||
|  |  | ||||||
|  |     await core.group(`Builder info`, async () => { | ||||||
|  |       const builder = await toolkit.builder.inspect(inputs.builder); | ||||||
|  |       core.info(JSON.stringify(builder, null, 2)); | ||||||
|  |     }); | ||||||
|  |  | ||||||
|     const args: string[] = await context.getArgs(inputs, toolkit); |     const args: string[] = await context.getArgs(inputs, toolkit); | ||||||
|  |     core.debug(`context.getArgs: ${JSON.stringify(args)}`); | ||||||
|  |  | ||||||
|     const buildCmd = await toolkit.buildx.getCommand(args); |     const buildCmd = await toolkit.buildx.getCommand(args); | ||||||
|  |     core.debug(`buildCmd.command: ${buildCmd.command}`); | ||||||
|  |     core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`); | ||||||
|  |  | ||||||
|     await Exec.getExecOutput(buildCmd.command, buildCmd.args, { |     await Exec.getExecOutput(buildCmd.command, buildCmd.args, { | ||||||
|       ignoreReturnCode: true |       ignoreReturnCode: true | ||||||
|     }).then(res => { |     }).then(res => { | ||||||
| @@ -55,9 +95,9 @@ actionsToolkit.run( | |||||||
|       } |       } | ||||||
|     }); |     }); | ||||||
|  |  | ||||||
|     const imageID = BuildxInputs.resolveBuildImageID(); |     const imageID = toolkit.buildxBuild.resolveImageID(); | ||||||
|     const metadata = BuildxInputs.resolveBuildMetadata(); |     const metadata = toolkit.buildxBuild.resolveMetadata(); | ||||||
|     const digest = BuildxInputs.resolveDigest(); |     const digest = toolkit.buildxBuild.resolveDigest(); | ||||||
|  |  | ||||||
|     if (imageID) { |     if (imageID) { | ||||||
|       await core.group(`ImageID`, async () => { |       await core.group(`ImageID`, async () => { | ||||||
| @@ -73,8 +113,9 @@ actionsToolkit.run( | |||||||
|     } |     } | ||||||
|     if (metadata) { |     if (metadata) { | ||||||
|       await core.group(`Metadata`, async () => { |       await core.group(`Metadata`, async () => { | ||||||
|         core.info(metadata); |         const metadatadt = JSON.stringify(metadata, null, 2); | ||||||
|         core.setOutput('metadata', metadata); |         core.info(metadatadt); | ||||||
|  |         core.setOutput('metadata', metadatadt); | ||||||
|       }); |       }); | ||||||
|     } |     } | ||||||
|   }, |   }, | ||||||
|   | |||||||
							
								
								
									
										9
									
								
								test/proxy.Dockerfile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								test/proxy.Dockerfile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | |||||||
|  | # syntax=docker/dockerfile:1 | ||||||
|  | FROM alpine | ||||||
|  | RUN apk add --no-cache curl net-tools | ||||||
|  | ARG HTTP_PROXY | ||||||
|  | ARG HTTPS_PROXY | ||||||
|  | RUN printenv HTTP_PROXY | ||||||
|  | RUN printenv HTTPS_PROXY | ||||||
|  | RUN netstat -aptn | ||||||
|  | RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com | ||||||
		Reference in New Issue
	
	Block a user