build(deps): bump the go-dependencies group with 6 updates (#2424)

Bumps the go-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.40.0` | `0.41.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.26.0` | `0.27.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.34.0` | `0.35.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.33.0` | `0.34.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.27.0` | `0.28.0` |


Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0
- [Commits](https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0)

Updates `golang.org/x/crypto` from 0.40.0 to 0.41.0
- [Commits](https://github.com/golang/crypto/compare/v0.40.0...v0.41.0)

Updates `golang.org/x/mod` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/sys` from 0.34.0 to 0.35.0
- [Commits](https://github.com/golang/sys/compare/v0.34.0...v0.35.0)

Updates `golang.org/x/term` from 0.33.0 to 0.34.0
- [Commits](https://github.com/golang/term/compare/v0.33.0...v0.34.0)

Updates `golang.org/x/text` from 0.27.0 to 0.28.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: github.com/docker/go-connections
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/term
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/text
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -4,8 +4,13 @@ updates:
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
-      # Check for updates to GitHub Actions every weekday
-      interval: "daily"
+      interval: "weekly"
+    groups:
+      # Group all minor/patch go dependencies into a single PR.
+      go-dependencies:
+        update-types:
+          - "minor"
+          - "patch"
     labels:
       - "dependencies"
       - "go"
@@ -15,8 +20,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      # Check for updates to GitHub Actions every weekday
-      interval: "daily"
+      interval: "weekly"
     labels:
       - "dependencies"
       - "github_actions"

.github/workflows/benchmark.yml

@@ -13,11 +13,13 @@ jobs:
     name: Run Go benchmark example
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: 1.24
+          check-latest: true
+          go-version-file: 'go.mod'
       - name: Set up go env
         run: |
           echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV

.github/workflows/build.yml

@@ -20,10 +20,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        config: [macos, linux, windows-lcow, windows-wcow]
+        config: [macos, linux, windows-lcow]
         include:
           - config: macos
-            os: macos
+            # since macos-14 the latest runner is arm64
+            os: macos-arm64
             runner: macos-latest
             no_docker: "true"
             pack_bin: pack
@@ -37,11 +38,6 @@ jobs:
             runner: [self-hosted, windows, lcow]
             no_docker: "false"
             pack_bin: pack.exe
-          - config: windows-wcow
-            os: windows
-            runner: [windows-2019]
-            no_docker: "false"
-            pack_bin: pack.exe
     runs-on: ${{ matrix.runner }}
     env:
       PACK_BIN: ${{ matrix.pack_bin }}
@@ -53,7 +49,7 @@ jobs:
           git config --global core.autocrlf false
           git config --global core.eol lf
           git config --global core.symlinks true
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Derive pack version from branch name Unix
         if: runner.os != 'Windows'
         run: |
@@ -72,10 +68,10 @@ jobs:
           }
         shell: powershell
       - name: Set up go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
           check-latest: true
+          go-version-file: 'go.mod'
       - name: Set up go env for Unix
         if: runner.os != 'Windows'
         run: |
@@ -90,36 +86,6 @@ jobs:
         shell: powershell
       - name: Verify
         run: make verify
-      - name: Register runner IP
-        if: matrix.config == 'windows-wcow'
-        shell: powershell
-        run: |
-          # Get IP from default gateway interface
-          $IPAddress=(Get-NetIPAddress -InterfaceAlias ((Get-NetRoute "0.0.0.0/0").InterfaceAlias) -AddressFamily IPv4)[0].IPAddress
-
-          # Allow container-to-host registry traffic (from public interface, to the same interface)
-          New-NetfirewallRule -DisplayName test-registry -LocalAddress $IPAddress -RemoteAddress $IPAddress
-
-          # create or update daemon config to allow host as insecure-registry
-          $config=@{}
-          if (Test-Path C:\ProgramData\docker\config\daemon.json) {
-            $config=(Get-Content C:\ProgramData\docker\config\daemon.json | ConvertFrom-json)
-          }
-          $config | Add-Member -Force -Name "insecure-registries" -value @("$IPAddress/32") -MemberType NoteProperty
-          ConvertTo-json $config | Out-File -Encoding ASCII C:\ProgramData\docker\config\daemon.json
-
-          Restart-Service docker
-
-          # dump docker info for auditing
-          docker version
-          docker info
-
-          # Modify etc\hosts to include runner IP
-          $IPAddress=(Get-NetIPAddress -InterfaceAlias ((Get-NetRoute "0.0.0.0/0").InterfaceAlias) -AddressFamily IPv4)[0].IPAddress
-          "# Modified by CNB: https://github.com/buildpacks/ci/tree/main/gh-runners/windows
-          ${IPAddress} host.docker.internal
-          ${IPAddress} gateway.docker.internal
-          " | Out-File -Filepath C:\Windows\System32\drivers\etc\hosts -Encoding utf8
       - name: Test
         env:
           TEST_COVERAGE: 1
@@ -135,7 +101,7 @@ jobs:
           verbose: true
       - name: Prepare Codecov
         if: matrix.os == 'windows'
-        uses: crazy-max/ghaction-chocolatey@v2
+        uses: crazy-max/ghaction-chocolatey@v3
         with:
           args: install codecov -y
       - name: run Codecov
@@ -156,8 +122,7 @@ jobs:
         env:
           PACK_BUILD: ${{ github.run_number }}
         shell: powershell
-      - uses: actions/upload-artifact@v3
-        if: matrix.config != 'windows-lcow'
+      - uses: actions/upload-artifact@v4
         with:
           name: pack-${{ matrix.os }}
           path: out/${{ env.PACK_BIN }}
@@ -170,25 +135,32 @@ jobs:
           - name: linux-arm64
             goarch: arm64
             goos: linux
-          - name: macos-arm64
-            goarch: arm64
+          - name: macos
+            # since macos-14 default runner is arm, we need to build for intel architecture later
+            goarch: amd64
             goos: darwin
+          - name: linux-s390x
+            goarch: s390x
+            goos: linux
+          - name: linux-ppc64le
+            goarch: ppc64le
+            goos: linux
     needs: test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
           check-latest: true
+          go-version-file: 'go.mod'
       - name: Build
         run: |
           [[ $GITHUB_REF =~ ^refs\/heads\/release/(.*)$ ]] && version=${BASH_REMATCH[1]} || version=0.0.0
           env PACK_VERSION=${version} GOARCH=${{ matrix.goarch }} GOOS=${{ matrix.goos }} make build
         env:
           PACK_BUILD: ${{ github.run_number }}
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: pack-${{ matrix.name }}
           path: out/${{ env.PACK_BIN }}
@@ -197,7 +169,7 @@ jobs:
     needs: build-additional-archs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Derive pack version from branch name
         shell: bash
         run: |
@@ -217,7 +189,7 @@ jobs:
 
           echo "PACK_MILESTONE=${milestone}" >> $GITHUB_ENV
       - name: Download artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
       - name: Package artifacts - macos
         run: |
           chmod +x pack-macos/pack
@@ -230,6 +202,18 @@ jobs:
           filename=pack-v${{ env.PACK_VERSION }}-linux-arm64.tgz
           tar -C pack-linux-arm64 -vzcf $filename pack
           shasum -a 256 $filename > $filename.sha256
+      - name: Package artifacts - linux-s390x
+        run: |
+          chmod +x pack-linux-s390x/pack
+          filename=pack-v${{ env.PACK_VERSION }}-linux-s390x.tgz
+          tar -C pack-linux-s390x -vzcf $filename pack
+          shasum -a 256 $filename > $filename.sha256
+      - name: Package artifacts - linux-ppc64le
+        run: |
+          chmod +x pack-linux-ppc64le/pack
+          filename=pack-v${{ env.PACK_VERSION }}-linux-ppc64le.tgz
+          tar -C pack-linux-ppc64le -vzcf $filename pack
+          shasum -a 256 $filename > $filename.sha256
       - name: Package artifacts - macos-arm64
         run: |
           chmod +x pack-macos-arm64/pack
@@ -269,7 +253,7 @@ jobs:
           milestone: ${{ env.PACK_MILESTONE }}
       - name: Create Pre-Release
         if: ${{ env.PACK_VERSION != env.PACK_MILESTONE }}
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -280,8 +264,6 @@ jobs:
           prerelease: true
           files: pack-v${{ env.PACK_VERSION }}-*
           body: |
-            > This is a **beta** pre-release of the Cloud Native Buildpack local CLI. This platform implementation should be relatively stable and reliable, but breaking changes in the underlying [specification](https://github.com/buildpack/spec) may be implemented without notice.
-
             ## Prerequisites
 
             - A container runtime such as [Docker](https://www.docker.com/get-started) or [podman](https://podman.io/getting-started/) must be available to execute builds.
@@ -302,6 +284,17 @@ jobs:
             (curl -sSL "https://github.com/buildpacks/pack/releases/download/v${{ env.PACK_VERSION }}/pack-v${{ env.PACK_VERSION }}-linux-arm64.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
             ```
 
+            ##### S390X
+
+            ```bash
+            (curl -sSL "https://github.com/buildpacks/pack/releases/download/v${{ env.PACK_VERSION }}/pack-v${{ env.PACK_VERSION }}-linux-s390x.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+            ```
+            ##### PPC64LE
+
+            ```bash
+            (curl -sSL "https://github.com/buildpacks/pack/releases/download/v${{ env.PACK_VERSION }}/pack-v${{ env.PACK_VERSION }}-linux-ppc64le.tgz" | sudo tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+            ```
+
             #### MacOS
 
             ##### Intel
@@ -341,7 +334,7 @@ jobs:
 
       - name: Create Beta Release
         if: ${{ env.PACK_VERSION == env.PACK_MILESTONE }}
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -350,8 +343,6 @@ jobs:
           draft: true
           files: pack-v${{ env.PACK_VERSION }}-*
           body: |
-            > This is a **beta** release of the Cloud Native Buildpack local CLI. This platform implementation should be relatively stable and reliable, but breaking changes in the underlying [specification](https://github.com/buildpack/spec) may be implemented without notice.
-
             ## Prerequisites
 
             - A container runtime such as [Docker](https://www.docker.com/get-started) or [podman](https://podman.io/getting-started/) must be available to execute builds.

.github/workflows/check-latest-release.yml

@@ -10,8 +10,8 @@ jobs:
     runs-on:
       - ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
       - name: Read go versions
@@ -25,7 +25,7 @@ jobs:
           
           LATEST_GO_VERSION=$(go version | cut -d ' ' -f 3)
           
-          LATEST_RELEASE_VERSION=$(gh release list -L 1 | cut -d $'\t' -f 1 | cut -d ' ' -f 2)
+          LATEST_RELEASE_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases -L 1 | cut -d $'\t' -f 1 | cut -d ' ' -f 2)
           
           wget https://github.com/$GITHUB_REPOSITORY/releases/download/$LATEST_RELEASE_VERSION/pack-$LATEST_RELEASE_VERSION-linux.tgz -O out.tgz
           tar xzf out.tgz
@@ -70,9 +70,9 @@ jobs:
           fi
       - name: Scan latest release image
         id: scan-image
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v6
         with:
-          image: buildpacksio/pack:${{ steps.read-go.outputs.latest-release-version }}
+          image: docker.io/buildpacksio/pack:${{ steps.read-go.outputs.latest-release-version }}
       - name: Create issue if needed
         if: failure() && steps.scan-image.outcome == 'failure'
         env:
@@ -91,7 +91,7 @@ jobs:
             search_output=$(gh issue list --search "$title" --label "$label")
 
             GITHUB_WORKFLOW_URL=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
-            body="Latest buildpacksio/pack v${{ steps.read-go.outputs.latest-release-version }} triggered CVE(s) from Grype. For further details, see: $GITHUB_WORKFLOW_URL"
+            body="Latest docker.io/buildpacksio/pack v${{ steps.read-go.outputs.latest-release-version }} triggered CVE(s) from Grype. For further details, see: $GITHUB_WORKFLOW_URL"
 
             if [ -z "${search_output// }" ]
             then

.github/workflows/codeql-analysis.yml

@@ -30,11 +30,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -45,7 +45,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -59,4 +59,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/compatibility.yml

@@ -42,12 +42,12 @@ jobs:
             lifecycle_kind: current
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
           check-latest: true
+          go-version-file: 'go.mod'
       - name: Set up go env
         run: |
           echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
@@ -59,3 +59,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           make acceptance
+          docker network prune

.github/workflows/delivery-archlinux-git.yml

@@ -12,7 +12,7 @@ jobs:
     env:
       PACKAGE_NAME: pack-cli-git
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup working dir

.github/workflows/delivery-archlinux.yml

@@ -11,72 +11,14 @@ on:
         required: true
 
 jobs:
-  pack-cli:
-    runs-on: ubuntu-latest
-    env:
-      PACKAGE_NAME: pack-cli
-    steps:
-      - uses: actions/checkout@v3
-      - name: Determine version
-        uses: actions/github-script@v6
-        id: version
-        with:
-          result-encoding: string
-          script: |
-            let payload = context.payload;
-            let tag = (payload.release && payload.release.tag_name) || (payload.inputs && payload.inputs.tag_name);
-            if (!tag) {
-              throw "ERROR: unable to determine tag"
-            }
-            return tag.replace(/^v/, '');
-      - name: Set PACK_VERSION
-        run: echo "PACK_VERSION=${{ steps.version.outputs.result }}" >> $GITHUB_ENV
-        shell: bash
-      - name: Setup working dir
-        run: |
-          mkdir -p ${{ env.PACKAGE_NAME }}
-          cp .github/workflows/delivery/archlinux/${{ env.PACKAGE_NAME }}/PKGBUILD ${{ env.PACKAGE_NAME }}/PKGBUILD
-      - name: Metadata
-        id: metadata
-        run: |
-          url=https://github.com/buildpacks/pack/archive/v${{ env.PACK_VERSION }}.tar.gz
-          filename=pack-${{ env.PACK_VERSION }}.tgz
-          fullpath=`pwd`/$filename
-
-          curl -sSL "$url" -o "$fullpath"
-          sha512=$(sha512sum "$fullpath" | awk '{ print $1 }')
-          echo "url=$url" >> $GITHUB_OUTPUT
-          echo "sha512=$sha512" >> $GITHUB_OUTPUT
-      - name: Fill PKGBUILD
-        uses: cschleiden/replace-tokens@v1
-        with:
-          files: ${{ env.PACKAGE_NAME }}/PKGBUILD
-          tokenPrefix: '{{'
-          tokenSuffix: '}}'
-        env:
-          PACK_VERSION: ${{ env.PACK_VERSION }}
-          SRC_TGZ_URL: ${{ steps.metadata.outputs.url }}
-          SRC_TGZ_SHA: ${{ steps.metadata.outputs.sha512 }}
-      - name: Print PKGBUILD
-        run: cat ${{ env.PACKAGE_NAME }}/PKGBUILD
-      - name: Test
-        uses: docker://archlinux:latest
-        with:
-          entrypoint: .github/workflows/delivery/archlinux/test-install-package.sh
-      - name: Publish
-        uses: docker://archlinux:latest
-        env:
-          AUR_KEY: ${{ secrets.AUR_KEY }}
-        with:
-          entrypoint: .github/workflows/delivery/archlinux/publish-package.sh
   pack-cli-bin:
     runs-on: ubuntu-latest
     env:
       PACKAGE_NAME: pack-cli-bin
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Determine version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: version
         with:
           result-encoding: string
@@ -95,7 +37,7 @@ jobs:
           mkdir -p ${{ env.PACKAGE_NAME }}/
           cp .github/workflows/delivery/archlinux/${{ env.PACKAGE_NAME }}/PKGBUILD ${{ env.PACKAGE_NAME }}/PKGBUILD
       - name: Lookup assets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: assets
         with:
           script: |

.github/workflows/delivery-chocolatey.yml

@@ -21,9 +21,9 @@ jobs:
   deliver-chocolatey:
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Determine version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: version
         with:
           result-encoding: string
@@ -40,7 +40,7 @@ jobs:
             return updatedTag;
       - name: Setup working dir
         run: |
-          mkdir ${{ env.CHOCO_PATH }}
+          mkdir -p ${{ env.CHOCO_PATH }}/source
           cp -r .github/workflows/delivery/chocolatey/. ${{ env.CHOCO_PATH }}/
           ls -R ${{ env.CHOCO_PATH }}
       - name: Download and unzip Pack (Windows)
@@ -67,20 +67,20 @@ jobs:
           cp LICENSE $file
           cat $file
       - name: build-release
-        uses: crazy-max/ghaction-chocolatey@v2
+        uses: crazy-max/ghaction-chocolatey@v3
         with:
-          args: pack ${{ env.CHOCO_PATH }}/pack.nuspec --outputdirectory ${{ env.CHOCO_PATH}}
+          args: pack ${{ env.CHOCO_PATH }}/pack.nuspec --outputdirectory ${{ env.CHOCO_PATH}}/source
       - name: list files
         run: |
           ls ${{ env.CHOCO_PATH }}
           ls ${{ env.CHOCO_PATH }}/tools
       - name: Test Release
-        uses: crazy-max/ghaction-chocolatey@v2
+        uses: crazy-max/ghaction-chocolatey@v3
         with:
-          args: install pack -s ${{ env.CHOCO_PATH }}/pack.${{ env.PACK_VERSION }}.nupkg
+          args: install pack -s ${{ env.CHOCO_PATH }}/source
       - name: Ensure Pack Installed
         run: pack help
       - name: Upload Release
-        uses: crazy-max/ghaction-chocolatey@v2
+        uses: crazy-max/ghaction-chocolatey@v3
         with:
-          args: push ${{ env.CHOCO_PATH }}/pack.${{ env.PACK_VERSION }}.nupkg -s https://push.chocolatey.org/ -k ${{ secrets.CHOCO_KEY }}
+          args: push ${{ env.CHOCO_PATH }}/source/pack.${{ env.PACK_VERSION }}.nupkg -s https://push.chocolatey.org/ -k ${{ secrets.CHOCO_KEY }}

.github/workflows/delivery-docker.yml

@@ -16,16 +16,26 @@ on:
         default: false
 
 env:
-  BUILDER: "paketobuildpacks/builder-jammy-tiny"
+  REGISTRY_NAME: 'docker.io'
+  USER_NAME: 'buildpacksio'
   IMG_NAME: 'pack'
-  USERNAME: 'buildpacksio'
 
 jobs:
   deliver-docker:
+    strategy:
+      matrix:
+        config: [tiny, base]
+        include:
+          - config: tiny
+            base_image: gcr.io/distroless/static
+            suffix:
+          - config: base
+            base_image: ubuntu:jammy
+            suffix: -base
     runs-on: ubuntu-latest
     steps:
       - name: Determine version
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: version
         with:
           result-encoding: string
@@ -39,38 +49,33 @@ jobs:
 
             return tag.replace(/^v/, '');
       - name: Checkout source at tag
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: v${{ steps.version.outputs.result }}
-      # This has to come after the first checkout, so it isn't clobbered
-      - name: Checkout delivery configuration
-        uses: actions/checkout@v3
-        with:
-          path: ./head
-      - name: Setup Working Dir
-        shell: bash
-        run: |
-          rm project.toml || true
-          cp head/.github/workflows/delivery/docker/project.toml project.toml
       - name: Determine App Name
-        run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
+        run: 'echo "IMG_NAME=${{ env.REGISTRY_NAME }}/${{ env.USER_NAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
       - name: Login to Dockerhub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: buildpacks/github-actions/setup-tools@v5.3.1
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: buildpacks/github-actions/setup-tools@v5.9.2
       - name: Buildx Build/Publish
         run: |
           docker buildx build . \
-            --tag ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} \
-            --platform linux/amd64,linux/arm64 \
+            --tag ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} \
+            --platform linux/amd64,linux/arm64,linux/s390x,linux/ppc64le \
             --build-arg pack_version=${{ steps.version.outputs.result }} \
+            --build-arg base_image=${{ matrix.base_image }} \
             --provenance=false \
             --push
-      - name: Tag Image as Latest
-        if: ${{ github.event.release != '' || github.event.inputs.tag_latest }}
+      - name: Tag Image as Base
+        if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config == 'base' }}
         run: |
-          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} ${{ env.IMG_NAME }}:latest
+          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} ${{ env.IMG_NAME }}:base
+      - name: Tag Image as Latest
+        if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config != 'base' }}
+        run: |
+          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} ${{ env.IMG_NAME }}:latest

.github/workflows/delivery-homebrew.yml

@@ -14,9 +14,9 @@ jobs:
   update-tap:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout tap
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: buildpack/homebrew-tap
           path: homebrew-tap
@@ -24,7 +24,7 @@ jobs:
       - name: Copy pack.rb
         run: cp .github/workflows/delivery/homebrew/pack.rb homebrew-tap/Formula/pack.rb
       - name: Lookup assets
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: assets
         with:
           script: |
@@ -50,6 +50,11 @@ jobs:
                 core.setOutput("linux_url", asset.browser_download_url);
               }
 
+              if (asset.name.endsWith("linux-arm64.tgz")) {
+                core.setOutput("linux_arm64_name", asset.name);
+                core.setOutput("linux_arm64_url", asset.browser_download_url);
+              }
+
               if (asset.name.endsWith("macos.tgz")) {
                 core.setOutput("macos_name", asset.name);
                 core.setOutput("macos_url", asset.browser_download_url);
@@ -67,6 +72,10 @@ jobs:
           linux_sha256=$(sha256sum ${{ steps.assets.outputs.linux_name }} | cut -d ' ' -f1)
           echo "linux_sha256=$linux_sha256" >> $GITHUB_OUTPUT
 
+          curl -sSL ${{ steps.assets.outputs.linux_arm64_url }} -o ${{ steps.assets.outputs.linux_arm64_name }}
+          linux_arm64_sha256=$(sha256sum ${{ steps.assets.outputs.linux_arm64_name }} | cut -d ' ' -f1)
+          echo "linux_arm64_sha256=$linux_arm64_sha256" >> $GITHUB_OUTPUT
+
           curl -sSL ${{ steps.assets.outputs.macos_url }} -o ${{ steps.assets.outputs.macos_name }}
           macos_sha256=$(sha256sum ${{ steps.assets.outputs.macos_name }} | cut -d ' ' -f1)
           echo "macos_sha256=$macos_sha256" >> $GITHUB_OUTPUT
@@ -83,6 +92,8 @@ jobs:
         env:
           LINUX_URL: ${{ steps.assets.outputs.linux_url }}
           LINUX_SHA: ${{ steps.checksums.outputs.linux_sha256 }}
+          LINUX_ARM64_URL: ${{ steps.assets.outputs.linux_arm64_url }}
+          LINUX_ARM64_SHA: ${{ steps.checksums.outputs.linux_arm64_sha256 }}
           MACOS_URL: ${{ steps.assets.outputs.macos_url }}
           MACOS_SHA: ${{ steps.checksums.outputs.macos_sha256 }}
           MACOS_ARM64_URL: ${{ steps.assets.outputs.macos_arm64_url }}

.github/workflows/delivery-release-dispatch.yml

@@ -13,7 +13,7 @@ jobs:
         repo: ['buildpacks/docs', 'buildpacks/samples', 'buildpacks/pack-orb', 'buildpacks/github-actions']
     steps:
       - name: Repository Dispatch
-        uses: peter-evans/repository-dispatch@v2
+        uses: peter-evans/repository-dispatch@v3
         with:
           token: ${{ secrets.PLATFORM_GITHUB_TOKEN }}
           event-type: pack-release

.github/workflows/delivery-ubuntu.yml

@@ -20,11 +20,11 @@ jobs:
       strategy:
         fail-fast: false
         matrix:
-          target: [bionic, focal, jammy, lunar]
-      runs-on: ubuntu-20.04
+          target: [bionic, focal, jammy, noble, oracular, plucky]
+      runs-on: ubuntu-22.04
       steps:
           - name: Checkout code
-            uses: actions/checkout@v3
+            uses: actions/checkout@v4
 
           - name: Metadata
             id: metadata
@@ -32,7 +32,7 @@ jobs:
                 echo "date=$(date +"%a, %d %b %Y %T %z")" >> $GITHUB_OUTPUT
 
           - name: Determine version
-            uses: actions/github-script@v6
+            uses: actions/github-script@v7
             id: version
             with:
               result-encoding: string
@@ -103,9 +103,33 @@ jobs:
               GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
               PACKAGE_VERSION: ${{ steps.version.outputs.result }}
 
-          - name: Deliver lunar
-            if: matrix.target == 'lunar'
-            uses: docker://ubuntu:lunar
+          - name: Deliver noble
+            if: matrix.target == 'noble'
+            uses: docker://ubuntu:noble
+            with:
+              entrypoint: .github/workflows/delivery/ubuntu/deliver.sh
+            env:
+              DEBIAN_FRONTEND: "noninteractive"
+              GO_DEP_PACKAGE_NAME: golang
+              GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+              GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
+              PACKAGE_VERSION: ${{ steps.version.outputs.result }}
+
+          - name: Deliver oracular
+            if: matrix.target == 'oracular'
+            uses: docker://ubuntu:oracular
+            with:
+              entrypoint: .github/workflows/delivery/ubuntu/deliver.sh
+            env:
+              DEBIAN_FRONTEND: "noninteractive"
+              GO_DEP_PACKAGE_NAME: golang
+              GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+              GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
+              PACKAGE_VERSION: ${{ steps.version.outputs.result }}
+
+          - name: Deliver plucky
+            if: matrix.target == 'plucky'
+            uses: docker://ubuntu:plucky
             with:
               entrypoint: .github/workflows/delivery/ubuntu/deliver.sh
             env:

.github/workflows/delivery/archlinux/README.md

@@ -1,8 +1,8 @@
 # Arch Linux
 
-There are 3 maintained packages:
+There are two maintained packages by us and one official archlinux package:
 
-- [pack-cli](https://aur.archlinux.org/packages/pack-cli/): The latest release of `pack`, compiled from source.
+- [pack-cli](https://archlinux.org/packages/extra/x86_64/pack-cli/): Official Archlinux package in the 'Extra' repo.
 - [pack-cli-bin](https://aur.archlinux.org/packages/pack-cli-bin/): The latest release of `pack`, precompiled.
 - [pack-cli-git](https://aur.archlinux.org/packages/pack-cli-git/): An unreleased version of `pack`, compiled from source of the `main` branch.
 

.github/workflows/delivery/archlinux/pack-cli/PKGBUILD

@@ -1,22 +0,0 @@
-# Maintainer: Michael William Le Nguyen <michael at mail dot ttp dot codes>
-# Maintainer: Buildpacks Maintainers <cncf-buildpacks-maintainers at lists dot cncf dot io>
-pkgname=pack-cli
-pkgver={{PACK_VERSION}}
-pkgrel=1
-pkgdesc="CLI for building apps using Cloud Native Buildpacks"
-arch=('x86_64')
-url="https://buildpacks.io/"
-license=('Apache')
-makedepends=('go-pie')
-source=("{{SRC_TGZ_URL}}")
-sha512sums=("{{SRC_TGZ_SHA}}")
-build() {
-	export GOPATH="${srcdir}/go"
-	cd "${srcdir}/pack-${pkgver}"
-	PACK_VERSION="v${pkgver}" make build
-}
-package() {
-	export GOPATH="${srcdir}/go"
-	go clean -modcache
-	install -D -m755 "${srcdir}/pack-${pkgver}/out/pack" "${pkgdir}/usr/bin/pack"
-}

.github/workflows/delivery/docker/project.toml

@@ -1,7 +0,0 @@
-[project]
-version = "1.0.2"
-source-url = "https://github.com/buildpacks/pack"
-
-[[build.env]]
-name = "BP_GO_TARGETS"
-value = "./cmd/pack"

.github/workflows/delivery/homebrew/pack.rb

@@ -14,7 +14,10 @@ class Pack < Formula
   elsif OS.mac?
     url "{{MACOS_URL}}"
     sha256 "{{MACOS_SHA}}"
-  else 
+  elsif OS.linux? && Hardware::CPU.arm?
+    url "{{LINUX_ARM64_URL}}"
+    sha256 "{{LINUX_ARM64_SHA}}"
+  else
     url "{{LINUX_URL}}"
     sha256 "{{LINUX_SHA}}"
   end

.github/workflows/privileged-pr-process.yml

@@ -8,14 +8,14 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@main
+      - uses: actions/labeler@v4
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
   add-milestone:
     runs-on: ubuntu-latest
     steps:
       - name: Add milestone
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: assets
         with:
           script: |

CONTRIBUTING.md

@@ -32,8 +32,9 @@ Running user acceptance on a pull request is just as critical as reviewing the c
 #### Downloading PR binaries
 
 1. On GitHub's Pull Request view, click on the **Checks** tab.
-2. On the top-right, click **Artifacts**.
-3. Click on the zip file for the platform you are running.
+2. On the left panel, click on the **build** step.
+3. On the bottom, there is **Artifacts** section.
+4. Click on the zip file for the platform you are running.
 
 #### Setup
 

DEVELOPMENT.md

@@ -26,6 +26,29 @@ Alternatively, you can use Gitpod to run pre-configured dev environment in the c
 
 * Symlinks - Some of our tests attempt to create symlinks. On Windows, this requires the [permission to be provided](https://stackoverflow.com/a/24353758).
 
+### Testing GitHub actions on forks
+
+The pack release process involves chaining a series of GitHub actions together, such as:
+* The "build" workflow, which creates:
+    * .tgz files containing the pack binaries and shasums for the .tgz files
+    * a draft release with the above artifacts
+* The "delivery-docker" workflow, which builds and pushes OCI images containing the pack binary
+* The "benchmark" workflow, which runs performance checks for each commit and uploads reports to GitHub Pages
+
+It can be rather cumbersome to test changes to these workflows, as they are heavily intertwined. Thus, we recommend forking the buildpacks/pack repository on GitHub and running through the entire release process end-to-end.
+
+For the fork, it is necessary to complete the following preparations:
+
+* Add the following secrets:
+    * `DOCKER_PASSWORD` for the delivery-docker workflow, if not using ghcr.io
+    * `DOCKER_USERNAME` for the delivery-docker workflow, if not using ghcr.io
+    * `DEPLOY_KEY` for the release-merge workflow, as a SSH private key for repository access
+* Enable the issues feature on the repository and create `status/triage` and `type/bug` labels for the check-latest-release workflow
+* Create a branch named `gh-pages` for uploading benchmark reports for the benchmark workflow
+
+The `tools/test-fork.sh` script can be used to update the source code to reflect the state of the fork and disable workflows that should not run on the fork repository.
+It can be invoked like so: `./tools/test-fork.sh <registry repo name>`
+
 ## Tasks
 
 ### Building
@@ -104,15 +127,15 @@ make prepare-for-pr
 ### Acceptance Tests
 Some options users can provide to our acceptance tests are:
 
-| ENV_VAR      | Description                                                            | Default |
-|--------------|------------------------------------------------------------------------|---------|
-| ACCEPTANCE_SUITE_CONFIG        | A set of configurations for how to run the acceptance tests, describing the version of `pack` used for testing, the version of `pack` used to create the builders used in the test, and the version of `lifecycle` binaries used to test with Github |  `[{"pack": "current", "pack_create_builder": "current", "lifecycle": "default"}]'`     |
-| COMPILE_PACK_WITH_VERSION     | Tell `pack` what version to consider itself    | `dev`    |
-| GITHUB_TOKEN | A Github Token, used when downloading `pack` and `lifecycle` releases from Github during the test setup | "" |
-| LIFECYCLE_IMAGE        | Image reference to be used in untrusted builder workflows    | buildpacksio/lifecycle:<lifecycle version>  |
-| LIFECYCLE_PATH        | Path to a `.tgz` file filled with a set of `lifecycle` binaries    | The Github release for the default version of lifecycle in `pack`  |
-| PACK_PATH        | Path to a `pack` executable.  | A compiled version of the current branch      |
-| PREVIOUS_LIFECYCLE_IMAGE        | Image reference to be used in untrusted builder workflows, used to test compatibility of `pack` with the n-1 version of the `lifecycle`    | buildpacksio/lifecycle:<PREVIOUS_LIFECYCLE_PATH lifecycle version>, buildpacksio/lifecycle:<n-1 lifecycle version>  |
-| PREVIOUS_LIFECYCLE_PATH     |  Path to a `.tgz` file filled with a set of `lifecycle` binaries, used to test compatibility of `pack` with the n-1 version of the `lifecycle`    | The Github release for n-1 release of `lifecycle`     |
-| PREVIOUS_PACK_FIXTURES_PATH | Path to a set of fixtures, used to override the most up-to-date fixtures, in case of changed functionality  | `acceptance/testdata/pack_previous_fixtures_overrides`   |
-| PREVIOUS_PACK_PATH     | Path to a `pack` executable, used to test compatibility with n-1 version of `pack`          | The most recent release from `pack`'s Github release    |
+| ENV_VAR      | Description                                                            | Default                                                                                                                      |
+|--------------|------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|
+| ACCEPTANCE_SUITE_CONFIG        | A set of configurations for how to run the acceptance tests, describing the version of `pack` used for testing, the version of `pack` used to create the builders used in the test, and the version of `lifecycle` binaries used to test with Github | `[{"pack": "current", "pack_create_builder": "current", "lifecycle": "default"}]'`                                           |
+| COMPILE_PACK_WITH_VERSION     | Tell `pack` what version to consider itself    | `dev`                                                                                                                        |
+| GITHUB_TOKEN | A Github Token, used when downloading `pack` and `lifecycle` releases from Github during the test setup | ""                                                                                                                           |
+| LIFECYCLE_IMAGE        | Image reference to be used in untrusted builder workflows    | docker.io/buildpacksio/lifecycle:<lifecycle version>                                                                         |
+| LIFECYCLE_PATH        | Path to a `.tgz` file filled with a set of `lifecycle` binaries    | The Github release for the default version of lifecycle in `pack`                                                            |
+| PACK_PATH        | Path to a `pack` executable.  | A compiled version of the current branch                                                                                     |
+| PREVIOUS_LIFECYCLE_IMAGE        | Image reference to be used in untrusted builder workflows, used to test compatibility of `pack` with the n-1 version of the `lifecycle`    | docker.io/buildpacksio/lifecycle:<PREVIOUS_LIFECYCLE_PATH lifecycle version>, buildpacksio/lifecycle:<n-1 lifecycle version> |
+| PREVIOUS_LIFECYCLE_PATH     |  Path to a `.tgz` file filled with a set of `lifecycle` binaries, used to test compatibility of `pack` with the n-1 version of the `lifecycle`    | The Github release for n-1 release of `lifecycle`                                                                            |
+| PREVIOUS_PACK_FIXTURES_PATH | Path to a set of fixtures, used to override the most up-to-date fixtures, in case of changed functionality  | `acceptance/testdata/pack_previous_fixtures_overrides`                                                                       |
+| PREVIOUS_PACK_PATH     | Path to a `pack` executable, used to test compatibility with n-1 version of `pack`          | The most recent release from `pack`'s Github release                                                                         |

Dockerfile

@@ -1,11 +1,12 @@
-FROM golang:1.20 as builder
+ARG base_image=gcr.io/distroless/static
+
+FROM golang:1.24 as builder
 ARG pack_version
 ENV PACK_VERSION=$pack_version
 WORKDIR /app
 COPY . .
 RUN make build
 
-FROM scratch
+FROM ${base_image}
 COPY --from=builder /app/out/pack /usr/local/bin/pack
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 ENTRYPOINT [ "/usr/local/bin/pack" ]

Makefile

@@ -58,7 +58,7 @@ BINDIR:=/usr/bin/
 ## build: Build the program
 build: out
 	@echo "=====> Building..."
-	$(GOCMD) build -ldflags "-s -w -X 'github.com/buildpacks/pack.Version=${PACK_VERSION}' -extldflags ${LDFLAGS}" -trimpath -o ./out/$(PACK_BIN) -a ./cmd/pack
+	$(GOCMD) build -ldflags "-s -w -X 'github.com/buildpacks/pack/pkg/client.Version=${PACK_VERSION}' -extldflags '${LDFLAGS}'" -trimpath -o ./out/$(PACK_BIN) -a
 
 ## all: Run clean, verify, test, and build operations
 all: clean verify test build
@@ -160,12 +160,12 @@ install-goimports:
 ## install-golangci-lint: Install golangci-lint dependency
 install-golangci-lint:
 	@echo "=====> Installing golangci-lint..."
-	cd tools && $(GOCMD) install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.1
+	cd tools && $(GOCMD) install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.0.2
 
 ## mod-tidy: Tidy Go modules
 mod-tidy:
-	$(GOCMD) mod tidy  -compat=1.20
-	cd tools && $(GOCMD) mod tidy -compat=1.20
+	$(GOCMD) mod tidy  -compat=1.24
+	cd tools && $(GOCMD) mod tidy -compat=1.24
 
 ## tidy: Tidy modules and format the code
 tidy: mod-tidy format

README.md

@@ -34,9 +34,9 @@ Check out the command line documentation [here][pack-docs]
 
 To learn more about the details, check out the [specs repository][specs].
 
-[app-dev]: https://buildpacks.io/docs/app-developer-guide/
-[bp-author]: https://buildpacks.io/docs/buildpack-author-guide/
-[operator]: https://buildpacks.io/docs/operator-guide/
+[app-dev]: https://buildpacks.io/docs/for-app-developers/
+[bp-author]: https://buildpacks.io/docs/for-buildpack-authors/
+[operator]: https://buildpacks.io/docs/for-platform-operators/
 [buildpacks.io]: https://buildpacks.io/
 [install-pack]: https://buildpacks.io/docs/install-pack/
 [getting-started]: https://buildpacks.io/docs/app-journey

acceptance/assertions/image.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package assertions
 
@@ -60,7 +59,7 @@ func (a ImageAssertionManager) HasCreateTime(image string, expectedTime time.Tim
 	a.assert.TrueWithMessage(actualTime.Sub(expectedTime) < 5*time.Second && expectedTime.Sub(actualTime) < 5*time.Second, fmt.Sprintf("expected image create time %s to match expected time %s", actualTime, expectedTime))
 }
 
-func (a ImageAssertionManager) HasLabelWithData(image, label, data string) {
+func (a ImageAssertionManager) HasLabelContaining(image, label, data string) {
 	a.testObject.Helper()
 	inspect, err := a.imageManager.InspectLocal(image)
 	a.assert.Nil(err)
@@ -69,6 +68,15 @@ func (a ImageAssertionManager) HasLabelWithData(image, label, data string) {
 	a.assert.Contains(label, data)
 }
 
+func (a ImageAssertionManager) HasLabelNotContaining(image, label, data string) {
+	a.testObject.Helper()
+	inspect, err := a.imageManager.InspectLocal(image)
+	a.assert.Nil(err)
+	label, ok := inspect.Config.Labels[label]
+	a.assert.TrueWithMessage(ok, fmt.Sprintf("expected label %s to exist", label))
+	a.assert.NotContains(label, data)
+}
+
 func (a ImageAssertionManager) HasLengthLayers(image string, length int) {
 	a.testObject.Helper()
 	inspect, err := a.imageManager.InspectLocal(image)

acceptance/assertions/lifecycle_output.go

@@ -1,11 +1,11 @@
 //go:build acceptance
-// +build acceptance
 
 package assertions
 
 import (
 	"fmt"
 	"regexp"
+	"strings"
 	"testing"
 
 	h "github.com/buildpacks/pack/testhelpers"
@@ -85,8 +85,12 @@ func (l LifecycleOutputAssertionManager) IncludesSeparatePhasesWithRunExtension(
 	l.assert.ContainsAll(l.output, "[detector]", "[analyzer]", "[extender (run)]", "[exporter]")
 }
 
-func (l LifecycleOutputAssertionManager) IncludesLifecycleImageTag(tag string) {
+func (l LifecycleOutputAssertionManager) IncludesTagOrEphemeralLifecycle(tag string) {
 	l.testObject.Helper()
 
-	l.assert.Contains(l.output, tag)
+	if !strings.Contains(l.output, tag) {
+		if !strings.Contains(l.output, "pack.local/lifecyle") {
+			l.testObject.Fatalf("Unable to locate reference to lifecycle image within output")
+		}
+	}
 }

acceptance/assertions/output.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package assertions
 
@@ -32,6 +31,42 @@ func (o OutputAssertionManager) ReportsSuccessfulImageBuild(name string) {
 	o.assert.ContainsF(o.output, "Successfully built image '%s'", name)
 }
 
+func (o OutputAssertionManager) ReportsSuccessfulIndexLocallyCreated(name string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully created manifest list '%s'", name)
+}
+
+func (o OutputAssertionManager) ReportsSuccessfulIndexPushed(name string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully pushed manifest list '%s' to registry", name)
+}
+
+func (o OutputAssertionManager) ReportsSuccessfulManifestAddedToIndex(name string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully added image '%s' to index", name)
+}
+
+func (o OutputAssertionManager) ReportsSuccessfulIndexDeleted() {
+	o.testObject.Helper()
+
+	o.assert.Contains(o.output, "Successfully deleted manifest list(s) from local storage")
+}
+
+func (o OutputAssertionManager) ReportsSuccessfulIndexAnnotated(name, manifest string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully annotated image '%s' in index '%s'", name, manifest)
+}
+
+func (o OutputAssertionManager) ReportsSuccessfulRemoveManifestFromIndex(name string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully removed image(s) from index: '%s'", name)
+}
+
 func (o OutputAssertionManager) ReportSuccessfulQuietBuild(name string) {
 	o.testObject.Helper()
 	o.testObject.Log("quiet mode")
@@ -82,6 +117,12 @@ func (o OutputAssertionManager) ReportsRunImageStackNotMatchingBuilder(runImageS
 	)
 }
 
+func (o OutputAssertionManager) ReportsDeprecatedUseOfStack() {
+	o.testObject.Helper()
+
+	o.assert.Contains(o.output, "Warning: deprecated usage of stack")
+}
+
 func (o OutputAssertionManager) WithoutColors() {
 	o.testObject.Helper()
 	o.testObject.Log("has no color")
@@ -137,6 +178,12 @@ func (o OutputAssertionManager) IncludesUsagePrompt() {
 	o.assert.Contains(o.output, "Run 'pack --help' for usage.")
 }
 
+func (o OutputAssertionManager) ReportsBuilderCreated(name string) {
+	o.testObject.Helper()
+
+	o.assert.ContainsF(o.output, "Successfully created builder image '%s'", name)
+}
+
 func (o OutputAssertionManager) ReportsSettingDefaultBuilder(name string) {
 	o.testObject.Helper()
 
@@ -167,7 +214,7 @@ func (o OutputAssertionManager) IncludesTrustedBuildersHeading() {
 	o.assert.Contains(o.output, "Trusted Builders:")
 }
 
-const googleBuilder = "gcr.io/buildpacks/builder:v1"
+const googleBuilder = "gcr.io/buildpacks/builder:google-22"
 
 func (o OutputAssertionManager) IncludesGoogleBuilder() {
 	o.testObject.Helper()
@@ -182,8 +229,7 @@ func (o OutputAssertionManager) IncludesPrefixedGoogleBuilder() {
 }
 
 var herokuBuilders = []string{
-	"heroku/builder:22",
-	"heroku/buildpacks:20",
+	"heroku/builder:24",
 }
 
 func (o OutputAssertionManager) IncludesHerokuBuilders() {

acceptance/assertions/test_buildpack_output.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package assertions
 

acceptance/buildpacks/archive_buildpack.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package buildpacks
 

acceptance/buildpacks/folder_buildpack.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package buildpacks
 
@@ -47,4 +46,5 @@ var (
 	ExtFolderSimpleLayers      = folderBuildModule{name: "simple-layers-extension"}
 	MetaBpFolder               = folderBuildModule{name: "meta-buildpack"}
 	MetaBpDependency           = folderBuildModule{name: "meta-buildpack-dependency"}
+	MultiPlatformFolderBP      = folderBuildModule{name: "multi-platform-buildpack"}
 )

acceptance/buildpacks/manager.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package buildpacks
 
@@ -7,8 +6,6 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/buildpacks/pack/internal/builder"
-
 	"github.com/buildpacks/pack/testhelpers"
 )
 
@@ -20,17 +17,11 @@ type BuildModuleManager struct {
 
 type BuildModuleManagerModifier func(b *BuildModuleManager)
 
-func WithBuildpackAPIVersion(apiVersion string) func(b *BuildModuleManager) {
-	return func(b *BuildModuleManager) {
-		b.sourceDir = filepath.Join("testdata", "mock_buildpacks", apiVersion)
-	}
-}
-
 func NewBuildModuleManager(t *testing.T, assert testhelpers.AssertionManager, modifiers ...BuildModuleManagerModifier) BuildModuleManager {
 	m := BuildModuleManager{
 		testObject: t,
 		assert:     assert,
-		sourceDir:  filepath.Join("testdata", "mock_buildpacks", builder.DefaultBuildpackAPIVersion),
+		sourceDir:  filepath.Join("testdata", "mock_buildpacks"),
 	}
 
 	for _, mod := range modifiers {

acceptance/buildpacks/package_file_buildpack.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package buildpacks
 

acceptance/buildpacks/package_image_buildpack.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package buildpacks
 

acceptance/config/asset_manager.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 
@@ -354,9 +353,9 @@ func (b assetManagerBuilder) buildPack(compileVersion string) string {
 	b.assert.Nil(err)
 
 	cmd := exec.Command("go", "build",
+		// XXX the version setter is wrong here, there is no cmd.Version
 		"-ldflags", fmt.Sprintf("-X 'github.com/buildpacks/pack/cmd.Version=%s'", compileVersion),
 		"-o", packPath,
-		"./cmd/pack",
 	)
 	if filepath.Base(cwd) == "acceptance" {
 		cmd.Dir = filepath.Dir(cwd)

acceptance/config/github_asset_fetcher.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 

acceptance/config/input_configuration_manager.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 

acceptance/config/lifecycle_asset.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 

acceptance/config/pack_assets.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 

acceptance/config/run_combination.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package config
 

acceptance/invoke/pack.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package invoke
 
@@ -235,6 +234,13 @@ const (
 	ForceRebase
 	BuildpackFlatten
 	MetaBuildpackFolder
+	PlatformRetries
+	FlattenBuilderCreationV2
+	FixesRunImageMetadata
+	ManifestCommands
+	PlatformOption
+	MultiPlatformBuildersAndBuildPackages
+	StackWarning
 )
 
 var featureTests = map[Feature]func(i *PackInvoker) bool{
@@ -262,6 +268,27 @@ var featureTests = map[Feature]func(i *PackInvoker) bool{
 	MetaBuildpackFolder: func(i *PackInvoker) bool {
 		return i.atLeast("v0.30.0")
 	},
+	PlatformRetries: func(i *PackInvoker) bool {
+		return i.atLeast("v0.32.1")
+	},
+	FlattenBuilderCreationV2: func(i *PackInvoker) bool {
+		return i.atLeast("v0.33.1")
+	},
+	FixesRunImageMetadata: func(i *PackInvoker) bool {
+		return i.atLeast("v0.34.0")
+	},
+	ManifestCommands: func(i *PackInvoker) bool {
+		return i.atLeast("v0.34.0")
+	},
+	PlatformOption: func(i *PackInvoker) bool {
+		return i.atLeast("v0.34.0")
+	},
+	MultiPlatformBuildersAndBuildPackages: func(i *PackInvoker) bool {
+		return i.atLeast("v0.34.0")
+	},
+	StackWarning: func(i *PackInvoker) bool {
+		return i.atLeast("v0.37.0")
+	},
 }
 
 func (i *PackInvoker) SupportsFeature(f Feature) bool {

acceptance/invoke/pack_fixtures.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package invoke
 

acceptance/managers/image_manager.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package managers
 
@@ -23,10 +22,10 @@ var DefaultDuration = 10 * time.Second
 type ImageManager struct {
 	testObject *testing.T
 	assert     h.AssertionManager
-	dockerCli  client.CommonAPIClient
+	dockerCli  client.APIClient
 }
 
-func NewImageManager(t *testing.T, dockerCli client.CommonAPIClient) ImageManager {
+func NewImageManager(t *testing.T, dockerCli client.APIClient) ImageManager {
 	return ImageManager{
 		testObject: t,
 		assert:     h.NewAssertionManager(t),
@@ -44,7 +43,7 @@ func (im ImageManager) CleanupImages(imageNames ...string) {
 
 func (im ImageManager) InspectLocal(image string) (dockertypes.ImageInspect, error) {
 	im.testObject.Helper()
-	inspect, _, err := im.dockerCli.ImageInspectWithRaw(context.Background(), image)
+	inspect, err := im.dockerCli.ImageInspect(context.Background(), image)
 	return inspect, err
 }
 
@@ -90,7 +89,7 @@ func (im ImageManager) ExposePortOnImage(image, containerName string) TestContai
 	}, nil, nil, containerName)
 	im.assert.Nil(err)
 
-	err = im.dockerCli.ContainerStart(ctx, ctr.ID, dockertypes.ContainerStartOptions{})
+	err = im.dockerCli.ContainerStart(ctx, ctr.ID, container.StartOptions{})
 	im.assert.Nil(err)
 	return TestContainer{
 		testObject: im.testObject,
@@ -120,7 +119,7 @@ func (im ImageManager) CreateContainer(name string) TestContainer {
 
 type TestContainer struct {
 	testObject *testing.T
-	dockerCli  client.CommonAPIClient
+	dockerCli  client.APIClient
 	assert     h.AssertionManager
 	name       string
 	id         string
@@ -137,7 +136,7 @@ func (t TestContainer) RunWithOutput() string {
 func (t TestContainer) Cleanup() {
 	t.testObject.Helper()
 	t.dockerCli.ContainerKill(context.Background(), t.name, "SIGKILL")
-	t.dockerCli.ContainerRemove(context.Background(), t.name, dockertypes.ContainerRemoveOptions{Force: true})
+	t.dockerCli.ContainerRemove(context.Background(), t.name, container.RemoveOptions{Force: true})
 }
 
 func (t TestContainer) WaitForResponse(duration time.Duration) string {

acceptance/os/variables.go

@@ -1,5 +1,4 @@
 //go:build acceptance && !windows
-// +build acceptance,!windows
 
 package os
 

acceptance/os/variables_darwin.go

@@ -1,5 +1,4 @@
 //go:build acceptance && darwin && amd64
-// +build acceptance,darwin,amd64
 
 package os
 

acceptance/os/variables_darwin_arm64.go

@@ -1,5 +1,4 @@
 //go:build acceptance && darwin && arm64
-// +build acceptance,darwin,arm64
 
 package os
 

acceptance/os/variables_linux.go

@@ -1,5 +1,4 @@
 //go:build acceptance && linux
-// +build acceptance,linux
 
 package os
 

acceptance/os/variables_windows.go

@@ -1,5 +1,4 @@
 //go:build acceptance && windows
-// +build acceptance,windows
 
 package os
 

acceptance/suite_manager.go

@@ -1,5 +1,4 @@
 //go:build acceptance
-// +build acceptance
 
 package acceptance
 

acceptance/testdata/mock_buildpacks/descriptor-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "descriptor/bp"

acceptance/testdata/mock_buildpacks/internet-capable-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "internet/bp"

acceptance/testdata/mock_buildpacks/meta-buildpack-dependency/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "local/meta-bp-dep"

acceptance/testdata/mock_buildpacks/meta-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "local/meta-bp"

acceptance/testdata/mock_buildpacks/multi-platform-buildpack/buildpack.toml

@@ -0,0 +1,21 @@
+api = "0.10"
+
+[buildpack]
+  id = "simple/layers"
+  version = "simple-layers-version"
+  name = "Simple Layers Buildpack"
+
+[[targets]]
+os = "linux"
+arch = "amd64"
+
+[[targets]]
+os = "linux"
+arch = "arm64"
+
+[[targets]]
+os = "windows"
+arch = "amd64"
+
+[[stacks]]
+  id = "*"

acceptance/testdata/mock_buildpacks/nested-level-1-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "simple/nested-level-1"

acceptance/testdata/mock_buildpacks/nested-level-2-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "simple/nested-level-2"

acceptance/testdata/mock_buildpacks/noop-buildpack-2/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "noop.buildpack"

acceptance/testdata/mock_buildpacks/noop-buildpack/bin/build

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+echo "---> Build: NOOP Buildpack"

acceptance/testdata/mock_buildpacks/noop-buildpack/bin/build.bat

@@ -0,0 +1,3 @@
+@echo off
+
+echo ---- Build: NOOP Buildpack

acceptance/testdata/mock_buildpacks/noop-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "noop.buildpack"

acceptance/testdata/mock_buildpacks/not-in-builder-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "local/bp"

acceptance/testdata/mock_buildpacks/other-stack-buildpack/bin/detect

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+## always detect

acceptance/testdata/mock_buildpacks/other-stack-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "other/stack/bp"

acceptance/testdata/mock_buildpacks/read-env-buildpack/bin/build

@@ -16,7 +16,8 @@ if [[ -f "$platform_dir/env/ENV1_CONTENTS" ]]; then
     contents=$(cat "$platform_dir/env/ENV1_CONTENTS")
     echo "$contents" > "$launch_dir/env1-launch-layer/env1-launch-dep"
     ln -snf "$launch_dir/env1-launch-layer" env1-launch-deps
-    echo "launch = true" > "$launch_dir/env1-launch-layer.toml"
+    echo "[types]" > "$launch_dir/env1-launch-layer.toml"
+    echo "launch = true" >> "$launch_dir/env1-launch-layer.toml"
 fi
 
 ## makes a launch layer
@@ -26,7 +27,8 @@ if [[ -f "$platform_dir/env/ENV2_CONTENTS" ]]; then
     contents=$(cat "$platform_dir/env/ENV2_CONTENTS")
     echo "$contents" > "$launch_dir/env2-launch-layer/env2-launch-dep"
     ln -snf "$launch_dir/env2-launch-layer" env2-launch-deps
-    echo "launch = true" > "$launch_dir/env2-launch-layer.toml"
+    echo "[types]" > "$launch_dir/env2-launch-layer.toml"
+    echo "launch = true" >> "$launch_dir/env2-launch-layer.toml"
 fi
 
 echo "---> Done"

acceptance/testdata/mock_buildpacks/read-env-buildpack/bin/build.bat

@@ -11,7 +11,8 @@ if exist %platform_dir%\env\ENV1_CONTENTS (
     set /p contents=<%platform_dir%\env\ENV1_CONTENTS
     echo !contents!> %launch_dir%\env1-launch-layer\env1-launch-dep
     mklink /j env1-launch-deps %launch_dir%\env1-launch-layer
-    echo launch = true> %launch_dir%\env1-launch-layer.toml
+    echo [types] > %launch_dir%\env1-launch-layer.toml
+    echo launch = true >> %launch_dir%\env1-launch-layer.toml
 )
 
 :: makes a launch layer
@@ -21,7 +22,8 @@ if exist %platform_dir%\env\ENV2_CONTENTS (
     set /p contents=<%platform_dir%\env\ENV2_CONTENTS
     echo !contents!> %launch_dir%\env2-launch-layer\env2-launch-dep
     mklink /j env2-launch-deps %launch_dir%\env2-launch-layer
-    echo launch = true> %launch_dir%\env2-launch-layer.toml
+    echo [types] > %launch_dir%\env2-launch-layer.toml
+    echo launch = true >> %launch_dir%\env2-launch-layer.toml
 )
 
 echo --- Done

acceptance/testdata/mock_buildpacks/read-env-buildpack/buildpack.toml

@@ -1,4 +1,4 @@
-api = "0.2"
+api = "0.7"
 
 [buildpack]
   id = "read/env"

acceptance/testdata/mock_buildpacks/read-env-extension/bin/generate

@@ -35,6 +35,6 @@ if [[ -z "$EXT_RUN_SWITCH" ]]; then
 else
   echo "Generating run.Dockerfile for run image switch..."
   cat >>"${output_dir}/run.Dockerfile" <<EOL
-FROM some-not-exist-run-image!
+FROM busybox:latest
 EOL
 fi