Merge pull request #1375 from crazy-max/remove-gcr

e2e: remove GCR
2025-05-21 08:17:43 +08:00 · 2025-05-15 15:48:50 +02:00 · 2025-05-15 15:02:58 +02:00 · 2025-05-15 10:18:19 +02:00 · 2025-05-13 13:34:30 +02:00 · 2025-05-13 13:34:30 +02:00
13 changed files with 283 additions and 105 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1464,6 +1464,35 @@ jobs:
        env:
          DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}

+  export-legacy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        legacy:
+          - false
+          - true
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: action
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./action
+        with:
+          file: ./test/Dockerfile
+        env:
+          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
+
  checks:
    runs-on: ubuntu-latest
    strategy:
@ -1542,3 +1571,26 @@ jobs:
            echo "::error::Should have failed"
            exit 1
          fi
+
+  no-default-attestations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: action
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./action
+        with:
+          file: ./test/Dockerfile
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: 1
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -67,13 +67,6 @@ jobs:
            username_secret: GAR_USERNAME
            password_secret: GAR_JSON_KEY
            type: remote
-          -
-            name: Google Container Registry
-            registry: gcr.io
-            slug: gcr.io/sandbox-298914/test-docker-action
-            username_secret: GCR_USERNAME
-            password_secret: GCR_JSON_KEY
-            type: remote
          -
            name: Azure Container Registry
            registry: officialgithubactions.azurecr.io
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -15,10 +15,14 @@ jobs:
  test:
    runs-on: ubuntu-latest
    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
      -
        name: Test
        uses: docker/bake-action@v6
        with:
+          source: .
          targets: test
      -
        name: Upload coverage
--- a/README.md
+++ b/README.md
@ -162,6 +162,7 @@ jobs:
 * [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
 * [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
 * [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
+* [Validating build configuration](https://docs.docker.com/build/ci/github-actions/checks/)
 * [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
 * [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
 * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
@ -185,6 +186,19 @@ additional details about the build, including build stats, logs, outputs, and
 more. The build record can be imported to Docker Desktop for inspecting the
 build in greater detail.

+> [!WARNING]
+>
+> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
+> action in your workflow, you need to ignore the build record artifacts
+> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
+> otherwise the action will fail:
+> ```yaml
+> - uses: actions/download-artifact@v4
+>   with:
+>     pattern: "!*.dockerbuild"
+> ```
+> More info: https://github.com/actions/toolkit/pull/1874
+
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).

@ -263,6 +277,7 @@ The following outputs are available:
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
+| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |

 ## Troubleshooting

--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -1,4 +1,4 @@
-import {beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';

@ -68,6 +68,7 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
 });

 describe('getArgs', () => {
+  const originalEnv = process.env;
  beforeEach(() => {
    process.env = Object.keys(process.env).reduce((object, key) => {
      if (!key.startsWith('INPUT_')) {
@ -76,6 +77,9 @@ describe('getArgs', () => {
      return object;
    }, {});
  });
+  afterEach(() => {
+    process.env = originalEnv;
+  });

  // prettier-ignore
  test.each([
@ -93,7 +97,8 @@ describe('getArgs', () => {
        'build',
        '--iidfile', imageIDFilePath,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      1,
@ -116,7 +121,8 @@ ccc"`],
        '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
        '--iidfile', imageIDFilePath,
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      2,
@ -134,7 +140,8 @@ ccc"`],
        '--tag', 'name/app:7.4',
        '--tag', 'name/app:latest',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      3,
@ -154,7 +161,8 @@ ccc"`],
        '--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
        '--output', 'type=local,dest=./release-out',
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      4,
@ -171,7 +179,8 @@ ccc"`],
        'build',
        '--platform', 'linux/amd64,linux/arm64',
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      5,
@ -187,7 +196,8 @@ ccc"`],
        'build',
        '--iidfile', imageIDFilePath,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      6,
@ -205,7 +215,8 @@ ccc"`],
        '--iidfile', imageIDFilePath,
        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      7,
@ -223,7 +234,8 @@ ccc"`],
        '--output', '.',
        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      8,
@ -249,7 +261,8 @@ ccc"`],
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      9,
@ -286,7 +299,8 @@ ccc"`],
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      10,
@ -323,7 +337,8 @@ ccc`],
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      11,
@ -349,7 +364,8 @@ ccc`],
        '--network', 'host',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
    ],
    [
      12,
@ -369,7 +385,8 @@ ccc`],
        '--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
        '--output', 'type=local,dest=./release-out',
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      13,
@ -395,7 +412,8 @@ ccc`],
        '--network', 'host',
        '--push',
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      14,
@ -425,7 +443,8 @@ nproc=3`],
        '--ulimit', 'nproc=3',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      15,
@ -442,7 +461,8 @@ nproc=3`],
        '--iidfile', imageIDFilePath,
        '--metadata-file', metadataJson,
        'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
-      ]
+      ],
+      undefined
    ],
    [
      16,
@ -461,7 +481,8 @@ nproc=3`],
        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
        '--metadata-file', metadataJson,
        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
-      ]
+      ],
+      undefined
    ],
    [
      17,
@ -479,7 +500,8 @@ nproc=3`],
        '--iidfile', imageIDFilePath,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      18,
@ -497,7 +519,8 @@ nproc=3`],
        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      19,
@ -516,7 +539,8 @@ nproc=3`],
        '--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      20,
@ -535,7 +559,8 @@ nproc=3`],
        '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      21,
@ -554,7 +579,8 @@ nproc=3`],
        '--attest', 'type=provenance,disabled=true',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      22,
@ -573,7 +599,8 @@ nproc=3`],
        '--attest', 'type=provenance,builder-id=foo',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      23,
@ -592,7 +619,8 @@ nproc=3`],
        "--output", 'type=docker',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      24,
@ -610,7 +638,8 @@ nproc=3`],
        '--load',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      25,
@ -630,7 +659,8 @@ nproc=3`],
        '--load',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      26,
@ -652,7 +682,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--load',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      27,
@ -673,7 +704,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--load',
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      28,
@ -693,7 +725,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      29,
@ -717,7 +750,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      30,
@ -737,7 +771,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      31,
@ -758,7 +793,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=sbom,disabled=false`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      32,
@ -778,7 +814,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
    ],
    [
      33,
@ -797,11 +834,37 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
        '--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--metadata-file', metadataJson,
        '.'
-      ]
+      ],
+      undefined
+    ],
+    [
+      34,
+      '0.13.1',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'build',
+        '--iidfile', imageIDFilePath,
+        '--metadata-file', metadataJson,
+        '.'
+      ],
+      new Map<string, string>([
+        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
+      ])
    ],
  ])(
    '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+      if (envs) {
+        envs.forEach((value: string, name: string) => {
+          process.env[name] = value;
+        });
+      }
      inputs.forEach((value: string, name: string) => {
        setInput(name, value);
      });
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/package.json
+++ b/package.json
@ -27,7 +27,7 @@
  "packageManager": "yarn@3.6.3",
  "dependencies": {
    "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "0.56.0",
+    "@docker/actions-toolkit": "0.61.0",
    "handlebars": "^4.7.7"
  },
  "devDependencies": {
--- a/src/context.ts
+++ b/src/context.ts
@ -81,25 +81,6 @@ export async function getInputs(): Promise<Inputs> {
  };
 }

-export function sanitizeInputs(inputs: Inputs) {
-  const res = {};
-  for (const key of Object.keys(inputs)) {
-    if (key === 'github-token') {
-      continue;
-    }
-    const value: string | string[] | boolean = inputs[key];
-    if (typeof value === 'boolean' && value === false) {
-      continue;
-    } else if (Array.isArray(value) && value.length === 0) {
-      continue;
-    } else if (!value) {
-      continue;
-    }
-    res[key] = value;
-  }
-  return res;
-}
-
 export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
  const context = handlebars.compile(inputs.context)({
    defaultContext: Context.gitContext()
@ -264,7 +245,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
  if (inputs.provenance) {
    args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
    provenanceSet = true;
-  } else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
+  } else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
    // if provenance not specified in provenance or attests inputs and BuildKit
    // version compatible for attestation, set default provenance. Also needs
    // to make sure user doesn't want to explicitly load the image to docker.
@ -296,3 +277,10 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st

  return args;
 }
+
+function noDefaultAttestations(): boolean {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
+  }
+  return false;
+}
--- a/src/main.ts
+++ b/src/main.ts
@ -24,8 +24,8 @@ actionsToolkit.run(
  async () => {
    const startedTime = new Date();
    const inputs: context.Inputs = await context.getInputs();
+    stateHelper.setSummaryInputs(inputs);
    core.debug(`inputs: ${JSON.stringify(inputs)}`);
-    stateHelper.setInputs(inputs);

    const toolkit = new Toolkit();

@ -108,9 +108,9 @@ actionsToolkit.run(
        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
          // take the first line with the message summaryzing the warnings
-          err = Error(res.stdout.split('\n')[0]?.trim());
+          err = new Error(res.stdout.split('\n')[0]?.trim());
        } else if (res.stderr.length > 0) {
-          err = Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
+          err = new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
        }
      }
    });
@ -200,7 +200,8 @@ actionsToolkit.run(

          const buildxHistory = new BuildxHistory();
          const exportRes = await buildxHistory.export({
-            refs: stateHelper.buildRef ? [stateHelper.buildRef] : []
+            refs: stateHelper.buildRef ? [stateHelper.buildRef] : [],
+            useContainer: buildExportLegacy()
          });
          core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);

@ -216,7 +217,7 @@ actionsToolkit.run(
          await GitHub.writeBuildSummary({
            exportRes: exportRes,
            uploadRes: uploadRes,
-            inputs: stateHelper.inputs
+            inputs: stateHelper.summaryInputs
          });
        } catch (e) {
          core.warning(e.message);
@ -225,7 +226,11 @@ actionsToolkit.run(
    }
    if (stateHelper.tmpDir.length > 0) {
      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
-        fs.rmSync(stateHelper.tmpDir, {recursive: true});
+        try {
+          fs.rmSync(stateHelper.tmpDir, {recursive: true});
+        } catch (e) {
+          core.warning(`Failed to remove temp folder ${stateHelper.tmpDir}`);
+        }
      });
    }
  }
@ -285,8 +290,15 @@ function buildRecordRetentionDays(): number | undefined {
  if (val) {
    const res = parseInt(val);
    if (isNaN(res)) {
-      throw Error(`Invalid build record retention days: ${val}`);
+      throw new Error(`Invalid build record retention days: ${val}`);
    }
    return res;
  }
 }
+
+function buildExportLegacy(): boolean {
+  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
+    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
+  }
+  return false;
+}
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -1,20 +1,18 @@
 import * as core from '@actions/core';

-import {Inputs, sanitizeInputs} from './context';
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
+
+import {Inputs} from './context';

 export const tmpDir = process.env['STATE_tmpDir'] || '';
-export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
 export const buildRef = process.env['STATE_buildRef'] || '';
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
+export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;

 export function setTmpDir(tmpDir: string) {
  core.saveState('tmpDir', tmpDir);
 }

-export function setInputs(inputs: Inputs) {
-  core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
-}
-
 export function setBuildRef(buildRef: string) {
  core.saveState('buildRef', buildRef);
 }
@ -22,3 +20,39 @@ export function setBuildRef(buildRef: string) {
 export function setSummarySupported() {
  core.saveState('isSummarySupported', 'true');
 }
+
+export function setSummaryInputs(inputs: Inputs) {
+  const res = {};
+  for (const key of Object.keys(inputs)) {
+    if (key === 'github-token') {
+      continue;
+    }
+    const value: string | string[] | boolean = inputs[key];
+    if (typeof value === 'boolean' && !value) {
+      continue;
+    } else if (Array.isArray(value)) {
+      if (value.length === 0) {
+        continue;
+      } else if (key === 'secrets' && value.length > 0) {
+        const secretKeys: string[] = [];
+        for (const secret of value) {
+          try {
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const [skey, _] = Build.parseSecretKvp(secret, true);
+            secretKeys.push(skey);
+          } catch (err) {
+            // ignore invalid secret
+          }
+        }
+        if (secretKeys.length > 0) {
+          res[key] = secretKeys;
+        }
+        continue;
+      }
+    } else if (!value) {
+      continue;
+    }
+    res[key] = value;
+  }
+  core.saveState('summaryInputs', JSON.stringify(res));
+}
--- a/yarn.lock
+++ b/yarn.lock
@ -12,9 +12,9 @@ __metadata:
  languageName: node
  linkType: hard

-"@actions/artifact@npm:^2.2.2":
-  version: 2.2.2
-  resolution: "@actions/artifact@npm:2.2.2"
+"@actions/artifact@npm:^2.3.2":
+  version: 2.3.2
+  resolution: "@actions/artifact@npm:2.3.2"
  dependencies:
    "@actions/core": ^1.10.0
    "@actions/github": ^5.1.1
@ -28,13 +28,13 @@ __metadata:
    archiver: ^7.0.1
    jwt-decode: ^3.1.2
    unzip-stream: ^0.3.1
-  checksum: 1501b3d0ceb671f370786ccf70014de9586c5a78c95d235248fc16c73bf928f8de2aa932a679258f6d9bc2f2e570648d830551af9f063298f05d19f3330b33bc
+  checksum: 78ee41b43800accb2f3527e1733217c43d53693e7f96ce2470b16890fb84f5c2ebaaa6048ccdb6cfe188b54c02779ec99623c6932558e757f6829cfde203cf2c
  languageName: node
  linkType: hard

-"@actions/cache@npm:^4.0.2":
-  version: 4.0.2
-  resolution: "@actions/cache@npm:4.0.2"
+"@actions/cache@npm:^4.0.3":
+  version: 4.0.3
+  resolution: "@actions/cache@npm:4.0.3"
  dependencies:
    "@actions/core": ^1.11.1
    "@actions/exec": ^1.0.1
@ -46,7 +46,7 @@ __metadata:
    "@azure/storage-blob": ^12.13.0
    "@protobuf-ts/plugin": ^2.9.4
    semver: ^6.3.1
-  checksum: 208f11238a26194f331b329bb99d50a87c1a3ccef1dbae181e5c142b3faf41715203e0c5cbc491519d3d97540a68fbd418c25fb6e16caabf76248c40867c02b4
+  checksum: ee9c2a21a70bd3f35c63f302af478e23f135c26deb77ea2e4eed29c62766a4b201fc7435651c0d56fa504c02d203107e3bdfda1dba18a3ee09338e1dfc3f2fe8
  languageName: node
  linkType: hard

@ -1072,12 +1072,12 @@ __metadata:
  languageName: node
  linkType: hard

-"@docker/actions-toolkit@npm:0.56.0":
-  version: 0.56.0
-  resolution: "@docker/actions-toolkit@npm:0.56.0"
+"@docker/actions-toolkit@npm:0.61.0":
+  version: 0.61.0
+  resolution: "@docker/actions-toolkit@npm:0.61.0"
  dependencies:
-    "@actions/artifact": ^2.2.2
-    "@actions/cache": ^4.0.2
+    "@actions/artifact": ^2.3.2
+    "@actions/cache": ^4.0.3
    "@actions/core": ^1.11.1
    "@actions/exec": ^1.1.1
    "@actions/github": ^6.0.0
@ -1097,7 +1097,7 @@ __metadata:
    semver: ^7.7.1
    tar-stream: ^3.1.7
    tmp: ^0.2.3
-  checksum: 0f1b569f8bb206399f8c26e566c78e30e4a311bbd64486016e7fa1d35fbbb4c94d4f55afa6b711afa4b41c5835b40b038f48c3d1bfdfdc6f7c6680973e922d9e
+  checksum: 60cc6c8f5bde8221a3d6a40c15258d44a468950353098f1814d8af3a14131df9c41df5b87298cd82f5c77aa4e36e262c15a5bb0cc03ea2857bea18c9e0952d80
  languageName: node
  linkType: hard

@ -3143,7 +3143,7 @@ __metadata:
  resolution: "docker-build-push@workspace:."
  dependencies:
    "@actions/core": ^1.11.1
-    "@docker/actions-toolkit": 0.56.0
+    "@docker/actions-toolkit": 0.61.0
    "@types/node": ^20.12.12
    "@typescript-eslint/eslint-plugin": ^7.9.0
    "@typescript-eslint/parser": ^7.9.0
Author	SHA1	Message	Date
CrazyMax	0788c444d8	Merge pull request #1375 from crazy-max/remove-gcr e2e: remove GCR	2025-05-15 15:48:50 +02:00
CrazyMax	aa179ca4f4	e2e: remove GCR Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-05-15 15:02:58 +02:00
CrazyMax	1dc7386353	Merge pull request #1364 from crazy-max/history-export-cmd Bump @docker/actions-toolkit from 0.59.0 to 0.61.0	2025-05-15 10:18:19 +02:00
CrazyMax	9c9803f364	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-05-13 13:34:30 +02:00
CrazyMax	db1f6c46e8	DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-05-13 13:34:30 +02:00
CrazyMax	721e8c79de	Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-05-13 13:34:29 +02:00
CrazyMax	14487ce63c	Merge pull request #1343 from crazy-max/fix-no-default-attest handle no default attestations env var	2025-04-23 18:39:17 +02:00
CrazyMax	0ec91264d8	Merge pull request #1366 from crazy-max/pr-assign-author pr-assign-author workflow	2025-04-23 16:10:45 +02:00
CrazyMax	b749522b90	pr-assign-author workflow Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-23 14:15:19 +02:00
CrazyMax	c566248492	Merge pull request #1363 from crazy-max/fix-codecov ci: fix missing source for codecov	2025-04-22 14:23:11 +02:00
CrazyMax	13275dd76e	ci: fix missing source for codecov Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-22 14:11:25 +02:00
CrazyMax	67dc78bbaf	Merge pull request #1361 from mschoettle/patch-1 docs: add validating build configuration example	2025-04-17 17:12:36 +02:00
Matthias Schoettle	0760504437	docs: add validating build configuration example Signed-off-by: Matthias Schoettle <git@mattsch.com>	2025-04-17 10:14:30 -04:00
CrazyMax	1c198f4467	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-09 18:58:46 +02:00
CrazyMax	288d9e2e4a	handle no default attestations env var Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-09 18:48:40 +02:00
CrazyMax	88844b95d8	Merge pull request #1353 from crazy-max/summary-secret-keys only print secret keys in build summary output	2025-04-09 18:48:07 +02:00
CrazyMax	1be4244e8d	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-09 13:28:49 +02:00
CrazyMax	094d2bc0cd	only print secret keys in build summary output Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-09 13:27:52 +02:00
CrazyMax	548776e8d0	Merge pull request #1352 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.59.0 chore(deps): Bump @docker/actions-toolkit from 0.56.0 to 0.59.0	2025-04-08 17:50:15 +02:00
CrazyMax	91838c2ba3	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-04-08 17:47:27 +02:00
dependabot[bot]	1332e65dc3	chore(deps): Bump @docker/actions-toolkit from 0.56.0 to 0.59.0 Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.56.0 to 0.59.0. - [Release notes](https://github.com/docker/actions-toolkit/releases) - [Commits](https://github.com/docker/actions-toolkit/compare/v0.56.0...v0.59.0) --- updated-dependencies: - dependency-name: "@docker/actions-toolkit" dependency-version: 0.59.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-08 15:44:44 +00:00
CrazyMax	66147ca503	Merge pull request #1344 from k-kbk/add-exception-handling refactor: add missing 'new' and exception handling	2025-04-07 14:46:26 +02:00
k-kbk	8ea72f78e8	chore: update dist Signed-off-by: k-kbk <kkbk0077@gmail.com>	2025-04-01 23:28:50 +09:00
Bokyeom	6481840af9	refactor: add missing 'new' and exception handling Signed-off-by: Bokyeom <79684339+k-kbk@users.noreply.github.com>	2025-04-01 11:36:44 +09:00
CrazyMax	84ad562665	Merge pull request #1337 from crazy-max/note-download-artifact note about usage of summary feature with download-artifact action	2025-03-10 16:09:21 +01:00
CrazyMax	9bea05fc44	note about usage of summary feature with download-artifact action Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-03-10 11:16:14 +01:00