Merge pull request #6202 from Mewsen/issue/6188

refactor(cli/compose/loader): extract ParseVolume() to its own package

.github/workflows/build.yml

@@ -121,6 +121,8 @@ jobs:
             type=semver,pattern={{version}}
             type=ref,event=branch
             type=ref,event=pr
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
       -
         name: Build and push image
         uses: docker/bake-action@v6

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
         name: Update Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.4"
+          go-version: "1.24.5"
       -
         name: Initialize CodeQL
         uses: github/codeql-action/init@v3

.github/workflows/test.yml

@@ -66,7 +66,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.4"
+          go-version: "1.24.5"
       -
         name: Test
         run: |

.golangci.yml

@@ -5,7 +5,7 @@ run:
   # which causes it to fallback to go1.17 semantics.
   #
   # TODO(thaJeztah): update "usetesting" settings to enable go1.24 features once our minimum version is go1.24
-  go: "1.24.4"
+  go: "1.24.5"
 
   timeout: 5m
 

Dockerfile

@@ -1,26 +1,37 @@
 # syntax=docker/dockerfile:1
 
 ARG BASE_VARIANT=alpine
-ARG ALPINE_VERSION=3.21
+
+# ALPINE_VERSION sets the version of the alpine base image to use, including for the golang image.
+# It must be a supported tag in the docker.io/library/alpine image repository
+# that's also available as alpine image variant for the Golang version used.
+ARG ALPINE_VERSION=3.22
 ARG BASE_DEBIAN_DISTRO=bookworm
 
-ARG GO_VERSION=1.24.4
+ARG GO_VERSION=1.24.5
 ARG XX_VERSION=1.6.1
 ARG GOVERSIONINFO_VERSION=v1.4.1
-ARG GOTESTSUM_VERSION=v1.12.0
+
+# GOTESTSUM_VERSION sets the version of gotestsum to install in the dev container.
+# It must be a valid tag in the https://github.com/gotestyourself/gotestsum repository.
+ARG GOTESTSUM_VERSION=v1.12.3
 
 # BUILDX_VERSION sets the version of buildx to use for the e2e tests.
 # It must be a tag in the docker.io/docker/buildx-bin image repository
 # on Docker Hub.
-ARG BUILDX_VERSION=0.24.0
-ARG COMPOSE_VERSION=v2.36.2
+ARG BUILDX_VERSION=0.25.0
+
+# COMPOSE_VERSION is the version of compose to install in the dev container.
+# It must be a tag in the docker.io/docker/compose-bin image repository
+# on Docker Hub.
+ARG COMPOSE_VERSION=v2.38.2
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build-base-alpine
 ENV GOTOOLCHAIN=local
 COPY --link --from=xx / /
-RUN apk add --no-cache bash clang lld llvm file git
+RUN apk add --no-cache bash clang lld llvm file git git-daemon
 WORKDIR /go/src/github.com/docker/cli
 
 FROM build-base-alpine AS build-alpine

cli-plugins/plugin/plugin.go

@@ -14,7 +14,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/connhelper"
 	"github.com/docker/cli/cli/debug"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/spf13/cobra"
 	"go.opentelemetry.io/otel"
 )

cli/command/builder/client_test.go

@@ -3,8 +3,8 @@ package builder
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/client"
 )
 
 type fakeClient struct {

cli/command/builder/prune.go

@@ -11,8 +11,8 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/internal/prompt"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/build"
 	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/build"
 	"github.com/spf13/cobra"
 )
 

cli/command/builder/prune_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/build"
+	"github.com/moby/moby/api/types/build"
 )
 
 func TestBuilderPromptTermination(t *testing.T) {

cli/command/checkpoint/client_test.go

@@ -3,8 +3,8 @@ package checkpoint
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/checkpoint"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/checkpoint"
+	"github.com/moby/moby/client"
 )
 
 type fakeClient struct {

cli/command/checkpoint/create.go

@@ -7,7 +7,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"github.com/spf13/cobra"
 )
 

cli/command/checkpoint/create_test.go

@@ -8,7 +8,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/checkpoint/formatter.go

@@ -2,7 +2,7 @@ package checkpoint
 
 import (
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 )
 
 const (

cli/command/checkpoint/formatter_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"gotest.tools/v3/assert"
 )
 

cli/command/checkpoint/list.go

@@ -7,7 +7,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"github.com/spf13/cobra"
 )
 

cli/command/checkpoint/list_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"

cli/command/checkpoint/remove.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"github.com/spf13/cobra"
 )
 

cli/command/checkpoint/remove_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/checkpoint"
+	"github.com/moby/moby/api/types/checkpoint"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/cli.go

@@ -23,10 +23,9 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/cli/version"
 	dopts "github.com/docker/cli/opts"
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/client"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -88,9 +87,9 @@ type DockerCli struct {
 	enableGlobalMeter, enableGlobalTracer bool
 }
 
-// DefaultVersion returns [api.DefaultVersion].
+// DefaultVersion returns [client.DefaultAPIVersion].
 func (*DockerCli) DefaultVersion() string {
-	return api.DefaultVersion
+	return client.DefaultAPIVersion
 }
 
 // CurrentVersion returns the API version currently negotiated, or the default
@@ -98,7 +97,7 @@ func (*DockerCli) DefaultVersion() string {
 func (cli *DockerCli) CurrentVersion() string {
 	_ = cli.initialize()
 	if cli.client == nil {
-		return api.DefaultVersion
+		return client.DefaultAPIVersion
 	}
 	return cli.client.ClientVersion()
 }

cli/command/cli_options.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 
 	"github.com/docker/cli/cli/streams"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/moby/term"
 	"github.com/pkg/errors"
 )

cli/command/cli_test.go

@@ -19,9 +19,8 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types"
+	"github.com/moby/moby/client"
 	"gotest.tools/v3/assert"
 )
 
@@ -34,7 +33,7 @@ func TestNewAPIClientFromFlags(t *testing.T) {
 	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
+	assert.Equal(t, apiClient.ClientVersion(), client.DefaultAPIVersion)
 }
 
 func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
@@ -47,7 +46,7 @@ func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
 	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), slug+host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
+	assert.Equal(t, apiClient.ClientVersion(), client.DefaultAPIVersion)
 }
 
 func TestNewAPIClientFromFlagsWithCustomHeaders(t *testing.T) {
@@ -71,7 +70,7 @@ func TestNewAPIClientFromFlagsWithCustomHeaders(t *testing.T) {
 	apiClient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
+	assert.Equal(t, apiClient.ClientVersion(), client.DefaultAPIVersion)
 
 	// verify User-Agent is not appended to the configfile. see https://github.com/docker/cli/pull/2756
 	assert.DeepEqual(t, configFile.HTTPHeaders, map[string]string{"My-Header": "Custom-Value"})
@@ -106,7 +105,7 @@ func TestNewAPIClientFromFlagsWithCustomHeadersFromEnv(t *testing.T) {
 	apiClient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), host)
-	assert.Equal(t, apiClient.ClientVersion(), api.DefaultVersion)
+	assert.Equal(t, apiClient.ClientVersion(), client.DefaultAPIVersion)
 
 	expectedHeaders := http.Header{
 		"One":        []string{"one-value"},

cli/command/completion/functions.go

@@ -5,11 +5,11 @@ import (
 	"strings"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/api/types/volume"
+	"github.com/moby/moby/client"
 	"github.com/spf13/cobra"
 )
 

cli/command/completion/functions_test.go

@@ -6,13 +6,13 @@ import (
 	"sort"
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/client"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/filters"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/api/types/volume"
+	"github.com/moby/moby/client"
 	"github.com/spf13/cobra"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"

cli/command/config/client_test.go

@@ -3,8 +3,8 @@ package config
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/client"
 )
 
 type fakeClient struct {

cli/command/config/cmd.go

@@ -4,7 +4,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"github.com/spf13/cobra"
 )
 

cli/command/config/create.go

@@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"github.com/moby/sys/sequential"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"

cli/command/config/create_test.go

@@ -12,7 +12,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"

cli/command/config/formatter.go

@@ -7,8 +7,8 @@ import (
 
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/cli/command/inspect"
-	"github.com/docker/docker/api/types/swarm"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/swarm"
 )
 
 const (

cli/command/config/formatter_test.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"gotest.tools/v3/assert"
 )
 

cli/command/config/inspect_test.go

@@ -10,7 +10,7 @@ import (
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/builders"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/golden"
 )

cli/command/config/ls.go

@@ -10,8 +10,8 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/swarm"
 	"github.com/fvbommel/sortorder"
+	"github.com/moby/moby/api/types/swarm"
 	"github.com/spf13/cobra"
 )
 

cli/command/config/ls_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/builders"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"

cli/command/container/attach.go

@@ -7,8 +7,8 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/moby/sys/signal"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"

cli/command/container/attach_test.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 )
 

cli/command/container/client_test.go

@@ -4,13 +4,13 @@ import (
 	"context"
 	"io"
 
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/system"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/filters"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/client"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 

cli/command/container/commit.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/commit_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/container/completion.go

@@ -8,7 +8,7 @@ import (
 	"sync"
 
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/moby/sys/capability"
 	"github.com/moby/sys/signal"
 	"github.com/spf13/cobra"

cli/command/container/completion_test.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/builders"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/moby/sys/signal"
 	"github.com/spf13/cobra"
 	"gotest.tools/v3/assert"

cli/command/container/cp.go

@@ -15,9 +15,9 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/streams"
-	"github.com/docker/docker/api/types/container"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
 	"github.com/moby/go-archive"
+	"github.com/moby/moby/api/types/container"
 	"github.com/morikuni/aec"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -398,7 +398,6 @@ func copyToContainer(ctx context.Context, dockerCLI command.Cli, copyConfig cpCo
 	}
 
 	options := container.CopyToContainerOptions{
-		AllowOverwriteDirWithFile: false,
 		CopyUIDGID: copyConfig.copyUIDGID,
 	}
 

cli/command/container/cp_test.go

@@ -9,9 +9,9 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
 	"github.com/moby/go-archive"
 	"github.com/moby/go-archive/compression"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/fs"

cli/command/container/create.go

@@ -24,11 +24,11 @@ import (
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/jsonstream"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
-	imagetypes "github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/mount"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	imagetypes "github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/mount"
+	"github.com/moby/moby/api/types/versions"
+	"github.com/moby/moby/client"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -248,15 +248,14 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerCfg *c
 		// 1. Mount the actual docker socket.
 		// 2. A synthezised ~/.docker/config.json with resolved tokens.
 
-		socket := dockerCli.DockerEndpoint().Host
-		if !strings.HasPrefix(socket, "unix://") {
-			return "", fmt.Errorf("flag --use-api-socket can only be used with unix sockets: docker endpoint %s incompatible", socket)
+		if dockerCli.ServerInfo().OSType == "windows" {
+			return "", errors.New("flag --use-api-socket can't be used with a Windows Docker Engine")
 		}
-		socket = strings.TrimPrefix(socket, "unix://") // should we confirm absolute path?
 
+		// hard-code engine socket path until https://github.com/moby/moby/pull/43459 gives us a discovery mechanism
 		containerCfg.HostConfig.Mounts = append(containerCfg.HostConfig.Mounts, mount.Mount{
 			Type:        mount.TypeBind,
-			Source:      socket,
+			Source:      "/var/run/docker.sock",
 			Target:      "/var/run/docker.sock",
 			BindOptions: &mount.BindOptions{},
 		})

cli/command/container/create_test.go

@@ -14,11 +14,11 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/system"
 	"github.com/google/go-cmp/cmp"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/network"
+	"github.com/moby/moby/api/types/system"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"

cli/command/container/diff.go

@@ -7,25 +7,17 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
-type diffOptions struct {
-	container string
-}
-
 // NewDiffCommand creates a new cobra.Command for `docker diff`
 func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
-	var opts diffOptions
-
 	return &cobra.Command{
 		Use:   "diff CONTAINER",
 		Short: "Inspect changes to files or directories on a container's filesystem",
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			opts.container = args[0]
-			return runDiff(cmd.Context(), dockerCli, &opts)
+			return runDiff(cmd.Context(), dockerCli, args[0])
 		},
 		Annotations: map[string]string{
 			"aliases": "docker container diff, docker diff",
@@ -34,17 +26,14 @@ func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 	}
 }
 
-func runDiff(ctx context.Context, dockerCli command.Cli, opts *diffOptions) error {
-	if opts.container == "" {
-		return errors.New("Container name cannot be empty")
-	}
-	changes, err := dockerCli.Client().ContainerDiff(ctx, opts.container)
+func runDiff(ctx context.Context, dockerCLI command.Cli, containerID string) error {
+	changes, err := dockerCLI.Client().ContainerDiff(ctx, containerID)
 	if err != nil {
 		return err
 	}
 	diffCtx := formatter.Context{
-		Output: dockerCli.Out(),
-		Format: NewDiffFormat("{{.Type}} {{.Path}}"),
+		Output: dockerCLI.Out(),
+		Format: newDiffFormat("{{.Type}} {{.Path}}"),
 	}
-	return DiffFormatWrite(diffCtx, changes)
+	return diffFormatWrite(diffCtx, changes)
 }

cli/command/container/diff_test.go

@@ -8,7 +8,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
@@ -77,17 +77,3 @@ func TestRunDiffClientError(t *testing.T) {
 	err := cmd.Execute()
 	assert.ErrorIs(t, err, clientError)
 }
-
-func TestRunDiffEmptyContainerError(t *testing.T) {
-	cli := test.NewFakeCli(&fakeClient{})
-
-	cmd := NewDiffCommand(cli)
-	cmd.SetOut(io.Discard)
-	cmd.SetErr(io.Discard)
-
-	containerID := ""
-	cmd.SetArgs([]string{containerID})
-
-	err := cmd.Execute()
-	assert.Error(t, err, "Container name cannot be empty")
-}

cli/command/container/exec.go

@@ -10,8 +10,8 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"

cli/command/container/exec_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/fs"

cli/command/container/formatter_diff.go

@@ -2,7 +2,7 @@ package container
 
 import (
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 )
 
 const (
@@ -13,7 +13,14 @@ const (
 )
 
 // NewDiffFormat returns a format for use with a diff Context
+//
+// Deprecated: this function was only used internally and will be removed in the next release.
 func NewDiffFormat(source string) formatter.Format {
+	return newDiffFormat(source)
+}
+
+// newDiffFormat returns a format for use with a diff [formatter.Context].
+func newDiffFormat(source string) formatter.Format {
 	if source == formatter.TableFormatKey {
 		return defaultDiffTableFormat
 	}
@@ -21,16 +28,22 @@ func NewDiffFormat(source string) formatter.Format {
 }
 
 // DiffFormatWrite writes formatted diff using the Context
-func DiffFormatWrite(ctx formatter.Context, changes []container.FilesystemChange) error {
-	render := func(format func(subContext formatter.SubContext) error) error {
+//
+// Deprecated: this function was only used internally and will be removed in the next release.
+func DiffFormatWrite(fmtCtx formatter.Context, changes []container.FilesystemChange) error {
+	return diffFormatWrite(fmtCtx, changes)
+}
+
+// diffFormatWrite writes formatted diff using the [formatter.Context].
+func diffFormatWrite(fmtCtx formatter.Context, changes []container.FilesystemChange) error {
+	return fmtCtx.Write(newDiffContext(), func(format func(subContext formatter.SubContext) error) error {
 		for _, change := range changes {
 			if err := format(&diffContext{c: change}); err != nil {
 				return err
 			}
 		}
 		return nil
-	}
-	return ctx.Write(newDiffContext(), render)
+	})
 }
 
 type diffContext struct {
@@ -39,12 +52,14 @@ type diffContext struct {
 }
 
 func newDiffContext() *diffContext {
-	diffCtx := diffContext{}
-	diffCtx.Header = formatter.SubHeaderContext{
+	return &diffContext{
+		HeaderContext: formatter.HeaderContext{
+			Header: formatter.SubHeaderContext{
 				"Type": changeTypeHeader,
 				"Path": pathHeader,
+			},
+		},
 	}
-	return &diffCtx
 }
 
 func (d *diffContext) MarshalJSON() ([]byte, error) {

cli/command/container/formatter_diff_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 )
 
@@ -16,7 +16,7 @@ func TestDiffContextFormatWrite(t *testing.T) {
 		expected string
 	}{
 		{
-			formatter.Context{Format: NewDiffFormat("table")},
+			formatter.Context{Format: newDiffFormat("table")},
 			`CHANGE TYPE   PATH
 C             /var/log/app.log
 A             /usr/app/app.js
@@ -24,7 +24,7 @@ D             /usr/app/old_app.js
 `,
 		},
 		{
-			formatter.Context{Format: NewDiffFormat("table {{.Path}}")},
+			formatter.Context{Format: newDiffFormat("table {{.Path}}")},
 			`PATH
 /var/log/app.log
 /usr/app/app.js
@@ -32,7 +32,7 @@ D             /usr/app/old_app.js
 `,
 		},
 		{
-			formatter.Context{Format: NewDiffFormat("{{.Type}}: {{.Path}}")},
+			formatter.Context{Format: newDiffFormat("{{.Type}}: {{.Path}}")},
 			`C: /var/log/app.log
 A: /usr/app/app.js
 D: /usr/app/old_app.js
@@ -50,7 +50,7 @@ D: /usr/app/old_app.js
 		t.Run(string(tc.context.Format), func(t *testing.T) {
 			out := bytes.NewBufferString("")
 			tc.context.Output = out
-			err := DiffFormatWrite(tc.context, diffs)
+			err := diffFormatWrite(tc.context, diffs)
 			if err != nil {
 				assert.Error(t, err, tc.expected)
 			} else {

cli/command/container/formatter_stats.go

@@ -5,8 +5,7 @@ import (
 	"sync"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/pkg/stringid"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
 )
 
 const (
@@ -176,7 +175,7 @@ func (c *statsContext) Name() string {
 
 func (c *statsContext) ID() string {
 	if c.trunc {
-		return stringid.TruncateID(c.s.ID)
+		return formatter.TruncateID(c.s.ID)
 	}
 	return c.s.ID
 }

cli/command/container/formatter_stats_test.go

@@ -5,13 +5,13 @@ import (
 	"testing"
 
 	"github.com/docker/cli/cli/command/formatter"
-	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/cli/internal/test"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestContainerStatsContext(t *testing.T) {
-	containerID := stringid.GenerateRandomID()
+	containerID := test.RandomID()
 
 	var ctx statsContext
 	tt := []struct {

cli/command/container/hijack.go

@@ -8,9 +8,8 @@ import (
 	"sync"
 
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/moby/moby/api/stdcopy"
+	"github.com/moby/moby/api/types"
 	"github.com/moby/term"
 	"github.com/sirupsen/logrus"
 )
@@ -19,6 +18,18 @@ import (
 // TODO: This could be moved to `pkg/term`.
 var defaultEscapeKeys = []byte{16, 17}
 
+// readCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
+// It calls the given callback function when closed.
+type readCloserWrapper struct {
+	io.Reader
+	closer func() error
+}
+
+// Close calls back the passed closer function
+func (r *readCloserWrapper) Close() error {
+	return r.closer()
+}
+
 // A hijackedIOStreamer handles copying input to and output from streams to the
 // connection.
 type hijackedIOStreamer struct {
@@ -100,7 +111,10 @@ func (h *hijackedIOStreamer) setupInput() (restore func(), err error) {
 		}
 	}
 
-	h.inputStream = ioutils.NewReadCloserWrapper(term.NewEscapeProxy(h.inputStream, escapeKeys), h.inputStream.Close)
+	h.inputStream = &readCloserWrapper{
+		Reader: term.NewEscapeProxy(h.inputStream, escapeKeys),
+		closer: h.inputStream.Close,
+	}
 
 	return restore, nil
 }

cli/command/container/list.go

@@ -11,7 +11,7 @@ import (
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/cli/templates"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

cli/command/container/list_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/builders"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"

cli/command/container/logs.go

@@ -7,8 +7,8 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/moby/moby/api/stdcopy"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/logs_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/container/opts.go

@@ -12,14 +12,13 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/cli/cli/compose/loader"
 	"github.com/docker/cli/internal/lazyregexp"
+	"github.com/docker/cli/internal/volumespec"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
-	mounttypes "github.com/docker/docker/api/types/mount"
-	networktypes "github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/strslice"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/mount"
+	"github.com/moby/moby/api/types/network"
 	"github.com/pkg/errors"
 	"github.com/spf13/pflag"
 	cdi "tags.cncf.io/container-device-interface/pkg/parser"
@@ -324,7 +323,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
 type containerConfig struct {
 	Config           *container.Config
 	HostConfig       *container.HostConfig
-	NetworkingConfig *networktypes.NetworkingConfig
+	NetworkingConfig *network.NetworkingConfig
 }
 
 // parse parses the args for the specified command and generates a Config,
@@ -365,7 +364,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	volumes := copts.volumes.GetMap()
 	// add any bind targets to the list of container volumes
 	for bind := range copts.volumes.GetMap() {
-		parsed, err := loader.ParseVolume(bind)
+		parsed, err := volumespec.Parse(bind)
 		if err != nil {
 			return nil, err
 		}
@@ -373,7 +372,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		if parsed.Source != "" {
 			toBind := bind
 
-			if parsed.Type == string(mounttypes.TypeBind) {
+			if parsed.Type == string(mount.TypeBind) {
 				if hostPart, targetPath, ok := strings.Cut(bind, ":"); ok {
 					if !filepath.IsAbs(hostPart) && strings.HasPrefix(hostPart, ".") {
 						if absHostPart, err := filepath.Abs(hostPart); err == nil {
@@ -400,17 +399,14 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		tmpfs[k] = v
 	}
 
-	var (
-		runCmd     strslice.StrSlice
-		entrypoint strslice.StrSlice
-	)
+	var runCmd, entrypoint []string
 
 	if len(copts.Args) > 0 {
 		runCmd = copts.Args
 	}
 
 	if copts.entrypoint != "" {
-		entrypoint = strslice.StrSlice{copts.entrypoint}
+		entrypoint = []string{copts.entrypoint}
 	} else if flags.Changed("entrypoint") {
 		// if `--entrypoint=` is parsed then Entrypoint is reset
 		entrypoint = []string{""}
@@ -551,9 +547,9 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		if haveHealthSettings {
 			return nil, errors.Errorf("--no-healthcheck conflicts with --health-* options")
 		}
-		healthConfig = &container.HealthConfig{Test: strslice.StrSlice{"NONE"}}
+		healthConfig = &container.HealthConfig{Test: []string{"NONE"}}
 	} else if haveHealthSettings {
-		var probe strslice.StrSlice
+		var probe []string
 		if copts.healthCmd != "" {
 			probe = []string{"CMD-SHELL", copts.healthCmd}
 		}
@@ -675,8 +671,8 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		UTSMode:        utsMode,
 		UsernsMode:     usernsMode,
 		CgroupnsMode:   cgroupnsMode,
-		CapAdd:         strslice.StrSlice(copts.capAdd.GetSlice()),
-		CapDrop:        strslice.StrSlice(copts.capDrop.GetSlice()),
+		CapAdd:         copts.capAdd.GetSlice(),
+		CapDrop:        copts.capDrop.GetSlice(),
 		GroupAdd:       copts.groupAdd.GetSlice(),
 		RestartPolicy:  restartPolicy,
 		SecurityOpt:    securityOpts,
@@ -710,8 +706,8 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		config.StdinOnce = true
 	}
 
-	networkingConfig := &networktypes.NetworkingConfig{
-		EndpointsConfig: make(map[string]*networktypes.EndpointSettings),
+	networkingConfig := &network.NetworkingConfig{
+		EndpointsConfig: make(map[string]*network.EndpointSettings),
 	}
 
 	networkingConfig.EndpointsConfig, err = parseNetworkOpts(copts)
@@ -739,9 +735,9 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 // this function may return _multiple_ endpoints, which is not currently supported
 // by the daemon, but may be in future; it's up to the daemon to produce an error
 // in case that is not supported.
-func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.EndpointSettings, error) {
+func parseNetworkOpts(copts *containerOptions) (map[string]*network.EndpointSettings, error) {
 	var (
-		endpoints                         = make(map[string]*networktypes.EndpointSettings, len(copts.netMode.Value()))
+		endpoints                         = make(map[string]*network.EndpointSettings, len(copts.netMode.Value()))
 		hasUserDefined, hasNonUserDefined bool
 	)
 
@@ -787,7 +783,7 @@ func parseNetworkOpts(copts *containerOptions) (map[string]*networktypes.Endpoin
 		// and only a single network is specified, omit the endpoint-configuration
 		// on the client (the daemon will still create it when creating the container)
 		if i == 0 && len(copts.netMode.Value()) == 1 {
-			if ep == nil || reflect.DeepEqual(*ep, networktypes.EndpointSettings{}) {
+			if ep == nil || reflect.DeepEqual(*ep, network.EndpointSettings{}) {
 				continue
 			}
 		}
@@ -845,7 +841,7 @@ func applyContainerOptions(n *opts.NetworkAttachmentOpts, copts *containerOption
 	return nil
 }
 
-func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*networktypes.EndpointSettings, error) {
+func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*network.EndpointSettings, error) {
 	if strings.TrimSpace(ep.Target) == "" {
 		return nil, errors.New("no name set for network")
 	}
@@ -858,7 +854,7 @@ func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*networktypes.End
 		}
 	}
 
-	epConfig := &networktypes.EndpointSettings{
+	epConfig := &network.EndpointSettings{
 		GwPriority: ep.GwPriority,
 	}
 	epConfig.Aliases = append(epConfig.Aliases, ep.Aliases...)
@@ -870,7 +866,7 @@ func parseNetworkAttachmentOpt(ep opts.NetworkAttachmentOpts) (*networktypes.End
 		epConfig.Links = ep.Links
 	}
 	if ep.IPv4Address != "" || ep.IPv6Address != "" || len(ep.LinkLocalIPs) > 0 {
-		epConfig.IPAMConfig = &networktypes.EndpointIPAMConfig{
+		epConfig.IPAMConfig = &network.EndpointIPAMConfig{
 			IPv4Address:  ep.IPv4Address,
 			IPv6Address:  ep.IPv6Address,
 			LinkLocalIPs: ep.LinkLocalIPs,

cli/command/container/opts_test.go

@@ -10,9 +10,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	networktypes "github.com/moby/moby/api/types/network"
 	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"

cli/command/container/pause.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/port_test.go

@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	"gotest.tools/v3/golden"
 )

cli/command/container/prune.go

@@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/internal/prompt"
 	"github.com/docker/cli/opts"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

cli/command/container/prune_test.go

@@ -7,8 +7,8 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/filters"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/filters"
 )
 
 func TestContainerPrunePromptTermination(t *testing.T) {

cli/command/container/restart.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/restart_test.go

@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/container/rm.go

@@ -10,7 +10,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/rm_test.go

@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 )
 

cli/command/container/run.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/moby/sys/signal"
 	"github.com/moby/term"
 	"github.com/pkg/errors"

cli/command/container/run_test.go

@@ -16,11 +16,11 @@ import (
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/moby/moby/api/types"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/network"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"

cli/command/container/signals.go

@@ -5,7 +5,7 @@ import (
 	"os"
 	gosignal "os/signal"
 
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/moby/sys/signal"
 	"github.com/sirupsen/logrus"
 )

cli/command/container/start.go

@@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/moby/sys/signal"
 	"github.com/moby/term"
 	"github.com/pkg/errors"

cli/command/container/stats.go

@@ -15,9 +15,9 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/formatter"
 	flagsHelper "github.com/docker/cli/cli/flags"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/events"
+	"github.com/moby/moby/api/types/filters"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )

cli/command/container/stats_helpers.go

@@ -7,8 +7,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

cli/command/container/stats_helpers_test.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 )
 

cli/command/container/stop.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/stop_test.go

@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/container/tty.go

@@ -9,8 +9,8 @@ import (
 	"time"
 
 	"github.com/docker/cli/cli/command"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/moby/sys/signal"
 	"github.com/sirupsen/logrus"
 )

cli/command/container/tty_test.go

@@ -8,7 +8,7 @@ import (
 
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/container/unpause.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/spf13/cobra"
 )
 

cli/command/container/update.go

@@ -9,7 +9,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
-	containertypes "github.com/docker/docker/api/types/container"
+	containertypes "github.com/moby/moby/api/types/container"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )

cli/command/container/utils.go

@@ -5,11 +5,11 @@ import (
 	"errors"
 	"strconv"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/events"
-	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/events"
+	"github.com/moby/moby/api/types/filters"
+	"github.com/moby/moby/api/types/versions"
+	"github.com/moby/moby/client"
 	"github.com/sirupsen/logrus"
 )
 

cli/command/container/utils_test.go

@@ -6,8 +6,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/docker/docker/api"
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
@@ -60,10 +60,10 @@ func TestWaitExitOrRemoved(t *testing.T) {
 		},
 	}
 
-	client := &fakeClient{waitFunc: waitFn, Version: api.DefaultVersion}
+	apiClient := &fakeClient{waitFunc: waitFn, Version: client.DefaultAPIVersion}
 	for _, tc := range tests {
 		t.Run(tc.cid, func(t *testing.T) {
-			statusC := waitExitOrRemoved(context.Background(), client, tc.cid, true)
+			statusC := waitExitOrRemoved(context.Background(), apiClient, tc.cid, true)
 			exitCode := <-statusC
 			assert.Check(t, is.Equal(tc.exitCode, exitCode))
 		})

cli/command/context/list.go

@@ -14,8 +14,8 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/cli/context/docker"
 	flagsHelper "github.com/docker/cli/cli/flags"
-	"github.com/docker/docker/client"
 	"github.com/fvbommel/sortorder"
+	"github.com/moby/moby/client"
 	"github.com/spf13/cobra"
 )
 

cli/command/context/options.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/context"
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 )
 
 const (

cli/command/context/use.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/context/store"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/spf13/cobra"
 )
 

cli/command/formatter/buildcache.go

@@ -6,9 +6,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/build"
 )
 
 const (
@@ -115,7 +114,7 @@ func (c *buildCacheContext) MarshalJSON() ([]byte, error) {
 func (c *buildCacheContext) ID() string {
 	id := c.v.ID
 	if c.trunc {
-		id = stringid.TruncateID(c.v.ID)
+		id = TruncateID(c.v.ID)
 	}
 	if c.v.InUse {
 		return id + "*"
@@ -131,7 +130,7 @@ func (c *buildCacheContext) Parent() string {
 		parent = c.v.Parent //nolint:staticcheck // Ignore SA1019: Field was deprecated in API v1.42, but kept for backward compatibility
 	}
 	if c.trunc {
-		return stringid.TruncateID(parent)
+		return TruncateID(parent)
 	}
 	return parent
 }

cli/command/formatter/container.go

@@ -13,9 +13,8 @@ import (
 
 	"github.com/containerd/platforms"
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/container"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -135,7 +134,7 @@ func (c *ContainerContext) MarshalJSON() ([]byte, error) {
 // option being set, the full or truncated ID is returned.
 func (c *ContainerContext) ID() string {
 	if c.trunc {
-		return stringid.TruncateID(c.c.ID)
+		return TruncateID(c.c.ID)
 	}
 	return c.c.ID
 }
@@ -172,7 +171,7 @@ func (c *ContainerContext) Image() string {
 		return "<no image>"
 	}
 	if c.trunc {
-		if trunc := stringid.TruncateID(c.c.ImageID); trunc == stringid.TruncateID(c.c.Image) {
+		if trunc := TruncateID(c.c.ImageID); trunc == TruncateID(c.c.Image) {
 			return trunc
 		}
 		// truncate digest if no-trunc option was not selected

cli/command/formatter/container_test.go

@@ -12,8 +12,7 @@ import (
 	"time"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stringid"
+	"github.com/moby/moby/api/types/container"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@@ -21,7 +20,7 @@ import (
 )
 
 func TestContainerPsContext(t *testing.T) {
-	containerID := stringid.GenerateRandomID()
+	containerID := test.RandomID()
 	unix := time.Now().Add(-65 * time.Second).Unix()
 
 	var ctx ContainerContext
@@ -34,7 +33,7 @@ func TestContainerPsContext(t *testing.T) {
 		{
 			container: container.Summary{ID: containerID},
 			trunc:     true,
-			expValue:  stringid.TruncateID(containerID),
+			expValue:  TruncateID(containerID),
 			call:      ctx.ID,
 		},
 		{

cli/command/formatter/disk_usage.go

@@ -7,11 +7,11 @@ import (
 	"text/template"
 
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/api/types/volume"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/api/types/image"
+	"github.com/moby/moby/api/types/volume"
 )
 
 const (

cli/command/formatter/displayutils.go

@@ -27,6 +27,25 @@ func charWidth(r rune) int {
 	}
 }
 
+const shortLen = 12
+
+// TruncateID returns a shorthand version of a string identifier for presentation,
+// after trimming digest algorithm prefix (if any).
+//
+// This function is a copy of [stringid.TruncateID] for presentation / formatting
+// purposes.
+//
+// [stringid.TruncateID]: https://github.com/moby/moby/blob/v28.3.2/pkg/stringid/stringid.go#L19
+func TruncateID(id string) string {
+	if i := strings.IndexRune(id, ':'); i >= 0 {
+		id = id[i+1:]
+	}
+	if len(id) > shortLen {
+		id = id[:shortLen]
+	}
+	return id
+}
+
 // Ellipsis truncates a string to fit within maxDisplayWidth, and appends ellipsis (…).
 // For maxDisplayWidth of 1 and lower, no ellipsis is appended.
 // For maxDisplayWidth of 1, first char of string will return even if its width > 1.

cli/command/formatter/displayutils_test.go

@@ -7,6 +7,49 @@ import (
 	is "gotest.tools/v3/assert/cmp"
 )
 
+func TestTruncateID(t *testing.T) {
+	tests := []struct {
+		doc, id, expected string
+	}{
+		{
+			doc:      "empty ID",
+			id:       "",
+			expected: "",
+		},
+		{
+			// IDs are expected to be 12 (short) or 64 characters, and not be numeric only,
+			// but TruncateID should handle these gracefully.
+			doc:      "invalid ID",
+			id:       "1234",
+			expected: "1234",
+		},
+		{
+			doc:      "full ID",
+			id:       "90435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a2",
+			expected: "90435eec5c4e",
+		},
+		{
+			doc:      "digest",
+			id:       "sha256:90435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a2",
+			expected: "90435eec5c4e",
+		},
+		{
+			doc:      "very long ID",
+			id:       "90435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a290435eec5c4e124e741ef731e118be2fc799a68aba0466ec17717f24ce2ae6a2",
+			expected: "90435eec5c4e",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.doc, func(t *testing.T) {
+			actual := TruncateID(tc.id)
+			if actual != tc.expected {
+				t.Errorf("expected: %q, got: %q", tc.expected, actual)
+			}
+		})
+	}
+}
+
 func TestEllipsis(t *testing.T) {
 	testcases := []struct {
 		source   string

cli/command/formatter/image.go

@@ -5,9 +5,8 @@ import (
 	"time"
 
 	"github.com/distribution/reference"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/pkg/stringid"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/image"
 )
 
 const (
@@ -216,7 +215,7 @@ func (c *imageContext) MarshalJSON() ([]byte, error) {
 
 func (c *imageContext) ID() string {
 	if c.trunc {
-		return stringid.TruncateID(c.i.ID)
+		return TruncateID(c.i.ID)
 	}
 	return c.i.ID
 }

cli/command/formatter/image_test.go

@@ -8,14 +8,13 @@ import (
 	"time"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/pkg/stringid"
+	"github.com/moby/moby/api/types/image"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestImageContext(t *testing.T) {
-	imageID := stringid.GenerateRandomID()
+	imageID := test.RandomID()
 	unix := time.Now().Unix()
 	zeroTime := int64(-62135596800)
 
@@ -27,7 +26,7 @@ func TestImageContext(t *testing.T) {
 	}{
 		{
 			imageCtx: imageContext{i: image.Summary{ID: imageID}, trunc: true},
-			expValue: stringid.TruncateID(imageID),
+			expValue: TruncateID(imageID),
 			call:     ctx.ID,
 		},
 		{

cli/command/formatter/volume.go

@@ -5,8 +5,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types/volume"
-	units "github.com/docker/go-units"
+	"github.com/docker/go-units"
+	"github.com/moby/moby/api/types/volume"
 )
 
 const (

cli/command/formatter/volume_test.go

@@ -11,14 +11,13 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test"
-	"github.com/docker/docker/api/types/volume"
-	"github.com/docker/docker/pkg/stringid"
+	"github.com/moby/moby/api/types/volume"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestVolumeContext(t *testing.T) {
-	volumeName := stringid.GenerateRandomID()
+	volumeName := test.RandomID()
 
 	var ctx volumeContext
 	cases := []struct {

cli/command/idresolver/client_test.go

@@ -3,8 +3,8 @@ package idresolver
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/client"
 )
 
 type fakeClient struct {

cli/command/idresolver/idresolver.go

@@ -6,8 +6,8 @@ package idresolver
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/swarm"
+	"github.com/moby/moby/client"
 	"github.com/pkg/errors"
 )
 

cli/command/idresolver/idresolver_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/docker/cli/internal/test/builders"
-	"github.com/docker/docker/api/types/swarm"
+	"github.com/moby/moby/api/types/swarm"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )

cli/command/image/build.go

@@ -1,8 +1,6 @@
 package image
 
 import (
-	"archive/tar"
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/json"
@@ -20,18 +18,14 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/command/image/build"
 	"github.com/docker/cli/cli/streams"
-	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/jsonstream"
-	"github.com/docker/cli/internal/lazyregexp"
 	"github.com/docker/cli/opts"
-	"github.com/docker/docker/api"
-	buildtypes "github.com/docker/docker/api/types/build"
-	"github.com/docker/docker/api/types/container"
-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/builder/remotecontext/urlutil"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/moby/go-archive"
+	buildtypes "github.com/moby/moby/api/types/build"
+	"github.com/moby/moby/api/types/container"
+	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -67,7 +61,6 @@ type buildOptions struct {
 	target         string
 	imageIDFile    string
 	platform       string
-	untrusted      bool
 }
 
 // dockerfileFromStdin returns true when the user specified that the Dockerfile
@@ -76,12 +69,6 @@ func (o buildOptions) dockerfileFromStdin() bool {
 	return o.dockerfileName == "-"
 }
 
-// contextFromStdin returns true when the user specified that the build context
-// should be read from stdin
-func (o buildOptions) contextFromStdin() bool {
-	return o.context == "-"
-}
-
 func newBuildOptions() buildOptions {
 	ulimits := make(map[string]*container.Ulimit)
 	return buildOptions{
@@ -152,7 +139,8 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command {
 	flags.SetAnnotation("target", annotation.ExternalURL, []string{"https://docs.docker.com/reference/cli/docker/buildx/build/#target"})
 	flags.StringVar(&options.imageIDFile, "iidfile", "", "Write the image ID to the file")
 
-	command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled())
+	flags.Bool("disable-content-trust", dockerCli.ContentTrustEnabled(), "Skip image verification (deprecated)")
+	_ = flags.MarkHidden("disable-content-trust")
 
 	flags.StringVar(&options.platform, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable")
 	flags.SetAnnotation("platform", "version", []string{"1.38"})
@@ -189,21 +177,24 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 		buildCtx      io.ReadCloser
 		dockerfileCtx io.ReadCloser
 		contextDir    string
-		tempDir       string
 		relDockerfile string
 		progBuff      io.Writer
 		buildBuff     io.Writer
 		remote        string
 	)
 
+	contextType, err := build.DetectContextType(options.context)
+	if err != nil {
+		return err
+	}
+
 	if options.dockerfileFromStdin() {
-		if options.contextFromStdin() {
+		if contextType == build.ContextTypeStdin {
 			return errors.New("invalid argument: can't use stdin for both build context and dockerfile")
 		}
 		dockerfileCtx = dockerCli.In()
 	}
 
-	specifiedContext := options.context
 	progBuff = dockerCli.Out()
 	buildBuff = dockerCli.Out()
 	if options.quiet {
@@ -217,13 +208,19 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 		}
 	}
 
-	switch {
-	case options.contextFromStdin():
+	switch contextType {
+	case build.ContextTypeStdin:
 		// buildCtx is tar archive. if stdin was dockerfile then it is wrapped
 		buildCtx, relDockerfile, err = build.GetContextFromReader(dockerCli.In(), options.dockerfileName)
-	case isLocalDir(specifiedContext):
-		contextDir, relDockerfile, err = build.GetContextFromLocalDir(specifiedContext, options.dockerfileName)
-		if err == nil && strings.HasPrefix(relDockerfile, ".."+string(filepath.Separator)) {
+		if err != nil {
+			return fmt.Errorf("unable to prepare context from STDIN: %w", err)
+		}
+	case build.ContextTypeLocal:
+		contextDir, relDockerfile, err = build.GetContextFromLocalDir(options.context, options.dockerfileName)
+		if err != nil {
+			return errors.Errorf("unable to prepare context: %s", err)
+		}
+		if strings.HasPrefix(relDockerfile, ".."+string(filepath.Separator)) {
 			// Dockerfile is outside of build-context; read the Dockerfile and pass it as dockerfileCtx
 			dockerfileCtx, err = os.Open(options.dockerfileName)
 			if err != nil {
@@ -231,24 +228,23 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 			}
 			defer dockerfileCtx.Close()
 		}
-	case urlutil.IsGitURL(specifiedContext):
-		tempDir, relDockerfile, err = build.GetContextFromGitURL(specifiedContext, options.dockerfileName)
-	case urlutil.IsURL(specifiedContext):
-		buildCtx, relDockerfile, err = build.GetContextFromURL(progBuff, specifiedContext, options.dockerfileName)
-	default:
-		return errors.Errorf("unable to prepare context: path %q not found", specifiedContext)
-	}
-
+	case build.ContextTypeGit:
+		var tempDir string
+		tempDir, relDockerfile, err = build.GetContextFromGitURL(options.context, options.dockerfileName)
 		if err != nil {
-		if options.quiet && urlutil.IsURL(specifiedContext) {
-			_, _ = fmt.Fprintln(dockerCli.Err(), progBuff)
-		}
 			return errors.Errorf("unable to prepare context: %s", err)
 		}
-
-	if tempDir != "" {
-		defer os.RemoveAll(tempDir)
+		defer func() {
+			_ = os.RemoveAll(tempDir)
+		}()
 		contextDir = tempDir
+	case build.ContextTypeRemote:
+		buildCtx, relDockerfile, err = build.GetContextFromURL(progBuff, options.context, options.dockerfileName)
+		if err != nil && options.quiet {
+			_, _ = fmt.Fprintln(dockerCli.Err(), progBuff)
+		}
+	default:
+		return errors.Errorf("unable to prepare context: path %q not found", options.context)
 	}
 
 	// read from a directory into tar archive
@@ -286,26 +282,6 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	var resolvedTags []*resolvedTag
-	if !options.untrusted {
-		translator := func(ctx context.Context, ref reference.NamedTagged) (reference.Canonical, error) {
-			return TrustedReference(ctx, dockerCli, ref)
-		}
-		// if there is a tar wrapper, the dockerfile needs to be replaced inside it
-		if buildCtx != nil {
-			// Wrap the tar archive to replace the Dockerfile entry with the rewritten
-			// Dockerfile which uses trusted pulls.
-			buildCtx = replaceDockerfileForContentTrust(ctx, buildCtx, relDockerfile, translator, &resolvedTags)
-		} else if dockerfileCtx != nil {
-			// if there was not archive context still do the possible replacements in Dockerfile
-			newDockerfile, _, err := rewriteDockerfileFromForContentTrust(ctx, dockerfileCtx, translator)
-			if err != nil {
-				return err
-			}
-			dockerfileCtx = io.NopCloser(bytes.NewBuffer(newDockerfile))
-		}
-	}
-
 	if options.compress {
 		buildCtx, err = build.Compress(buildCtx)
 		if err != nil {
@@ -402,26 +378,10 @@ func runBuild(ctx context.Context, dockerCli command.Cli, options buildOptions)
 			return err
 		}
 	}
-	if !options.untrusted {
-		// Since the build was successful, now we must tag any of the resolved
-		// images from the above Dockerfile rewrite.
-		for _, resolved := range resolvedTags {
-			if err := trust.TagTrusted(ctx, dockerCli.Client(), dockerCli.Err(), resolved.digestRef, resolved.tagRef); err != nil {
-				return err
-			}
-		}
-	}
 
 	return nil
 }
 
-func isLocalDir(c string) bool {
-	_, err := os.Stat(c)
-	return err == nil
-}
-
-type translatorFunc func(context.Context, reference.NamedTagged) (reference.Canonical, error)
-
 // validateTag checks if the given image name can be resolved.
 func validateTag(rawRepo string) (string, error) {
 	_, err := reference.ParseNormalizedNamed(rawRepo)
@@ -432,114 +392,6 @@ func validateTag(rawRepo string) (string, error) {
 	return rawRepo, nil
 }
 
-var dockerfileFromLinePattern = lazyregexp.New(`(?i)^[\s]*FROM[ \f\r\t\v]+(?P<image>[^ \f\r\t\v\n#]+)`)
-
-// resolvedTag records the repository, tag, and resolved digest reference
-// from a Dockerfile rewrite.
-type resolvedTag struct {
-	digestRef reference.Canonical
-	tagRef    reference.NamedTagged
-}
-
-// rewriteDockerfileFromForContentTrust rewrites the given Dockerfile by resolving images in
-// "FROM <image>" instructions to a digest reference. `translator` is a
-// function that takes a repository name and tag reference and returns a
-// trusted digest reference.
-// This should be called *only* when content trust is enabled
-func rewriteDockerfileFromForContentTrust(ctx context.Context, dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
-	scanner := bufio.NewScanner(dockerfile)
-	buf := bytes.NewBuffer(nil)
-
-	// Scan the lines of the Dockerfile, looking for a "FROM" line.
-	for scanner.Scan() {
-		line := scanner.Text()
-
-		matches := dockerfileFromLinePattern.FindStringSubmatch(line)
-		if matches != nil && matches[1] != api.NoBaseImageSpecifier {
-			// Replace the line with a resolved "FROM repo@digest"
-			var ref reference.Named
-			ref, err = reference.ParseNormalizedNamed(matches[1])
-			if err != nil {
-				return nil, nil, err
-			}
-			ref = reference.TagNameOnly(ref)
-			if ref, ok := ref.(reference.NamedTagged); ok {
-				trustedRef, err := translator(ctx, ref)
-				if err != nil {
-					return nil, nil, err
-				}
-
-				line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, "FROM "+reference.FamiliarString(trustedRef))
-				resolvedTags = append(resolvedTags, &resolvedTag{
-					digestRef: trustedRef,
-					tagRef:    ref,
-				})
-			}
-		}
-
-		_, err := fmt.Fprintln(buf, line)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	return buf.Bytes(), resolvedTags, scanner.Err()
-}
-
-// replaceDockerfileForContentTrust wraps the given input tar archive stream and
-// uses the translator to replace the Dockerfile which uses a trusted reference.
-// Returns a new tar archive stream with the replaced Dockerfile.
-func replaceDockerfileForContentTrust(ctx context.Context, inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
-	pipeReader, pipeWriter := io.Pipe()
-	go func() {
-		tarReader := tar.NewReader(inputTarStream)
-		tarWriter := tar.NewWriter(pipeWriter)
-
-		defer inputTarStream.Close()
-
-		for {
-			hdr, err := tarReader.Next()
-			if err == io.EOF {
-				// Signals end of archive.
-				_ = tarWriter.Close()
-				_ = pipeWriter.Close()
-				return
-			}
-			if err != nil {
-				_ = pipeWriter.CloseWithError(err)
-				return
-			}
-
-			content := io.Reader(tarReader)
-			if hdr.Name == dockerfileName {
-				// This entry is the Dockerfile. Since the tar archive was
-				// generated from a directory on the local filesystem, the
-				// Dockerfile will only appear once in the archive.
-				var newDockerfile []byte
-				newDockerfile, *resolvedTags, err = rewriteDockerfileFromForContentTrust(ctx, content, translator)
-				if err != nil {
-					_ = pipeWriter.CloseWithError(err)
-					return
-				}
-				hdr.Size = int64(len(newDockerfile))
-				content = bytes.NewBuffer(newDockerfile)
-			}
-
-			if err := tarWriter.WriteHeader(hdr); err != nil {
-				_ = pipeWriter.CloseWithError(err)
-				return
-			}
-
-			if _, err := io.Copy(tarWriter, content); err != nil {
-				_ = pipeWriter.CloseWithError(err)
-				return
-			}
-		}
-	}()
-
-	return pipeReader
-}
-
 func imageBuildOptions(dockerCli command.Cli, options buildOptions) buildtypes.ImageBuildOptions {
 	configFile := dockerCli.ConfigFile()
 	return buildtypes.ImageBuildOptions{

cli/command/image/build/context.go

@@ -4,6 +4,8 @@ import (
 	"archive/tar"
 	"bufio"
 	"bytes"
+	"crypto/rand"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"net/http"
@@ -14,11 +16,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/docker/builder/remotecontext/git"
-	"github.com/docker/docker/pkg/ioutils"
+	"github.com/docker/cli/cli/command/image/build/internal/git"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
-	"github.com/docker/docker/pkg/stringid"
 	"github.com/moby/go-archive"
 	"github.com/moby/go-archive/compression"
 	"github.com/moby/patternmatcher"
@@ -108,7 +108,7 @@ func DetectArchiveReader(input io.ReadCloser) (rc io.ReadCloser, isArchive bool,
 		return nil, false, errors.Errorf("failed to peek context header from STDIN: %v", err)
 	}
 
-	return ioutils.NewReadCloserWrapper(buf, func() error { return input.Close() }), IsArchive(magic), nil
+	return newReadCloserWrapper(buf, func() error { return input.Close() }), IsArchive(magic), nil
 }
 
 // WriteTempDockerfile writes a Dockerfile stream to a temporary file with a
@@ -169,7 +169,7 @@ func GetContextFromReader(rc io.ReadCloser, dockerfileName string) (out io.ReadC
 		return nil, "", err
 	}
 
-	return ioutils.NewReadCloserWrapper(tarArchive, func() error {
+	return newReadCloserWrapper(tarArchive, func() error {
 		err := tarArchive.Close()
 		os.RemoveAll(dockerfileDir)
 		return err
@@ -227,7 +227,7 @@ func GetContextFromURL(out io.Writer, remoteURL, dockerfileName string) (io.Read
 	// Pass the response body through a progress reader.
 	progReader := progress.NewProgressReader(response.Body, progressOutput, response.ContentLength, "", "Downloading build context from remote url: "+remoteURL)
 
-	return GetContextFromReader(ioutils.NewReadCloserWrapper(progReader, func() error { return response.Body.Close() }), dockerfileName)
+	return GetContextFromReader(newReadCloserWrapper(progReader, func() error { return response.Body.Close() }), dockerfileName)
 }
 
 // getWithStatusError does an http.Get() and returns an error if the
@@ -379,7 +379,7 @@ func AddDockerfileToBuildContext(dockerfileCtx io.ReadCloser, buildCtx io.ReadCl
 		return nil, "", err
 	}
 	now := time.Now()
-	randomName := ".dockerfile." + stringid.GenerateRandomID()[:20]
+	randomName := ".dockerfile." + randomSuffix()
 
 	buildCtx = archive.ReplaceFileTarWrapper(buildCtx, map[string]archive.TarModifierFunc{
 		// Add the dockerfile with a random filename
@@ -422,6 +422,15 @@ func AddDockerfileToBuildContext(dockerfileCtx io.ReadCloser, buildCtx io.ReadCl
 	return buildCtx, randomName, nil
 }
 
+// randomSuffix returns a unique, 20-character ID consisting of a-z, 0-9.
+func randomSuffix() string {
+	b := make([]byte, 32)
+	if _, err := rand.Read(b); err != nil {
+		panic(err) // This shouldn't happen
+	}
+	return hex.EncodeToString(b)[:20]
+}
+
 // Compress the build context for sending to the API
 func Compress(buildCtx io.ReadCloser) (io.ReadCloser, error) {
 	pipeReader, pipeWriter := io.Pipe()
@@ -444,3 +453,25 @@ func Compress(buildCtx io.ReadCloser) (io.ReadCloser, error) {
 
 	return pipeReader, nil
 }
+
+// readCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
+// It calls the given callback function when closed. It should be constructed
+// with [newReadCloserWrapper].
+type readCloserWrapper struct {
+	io.Reader
+	closer func() error
+}
+
+// Close calls back the passed closer function
+func (r *readCloserWrapper) Close() error {
+	return r.closer()
+}
+
+// newReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser.
+// It calls the given callback function when closed.
+func newReadCloserWrapper(r io.Reader, closer func() error) io.ReadCloser {
+	return &readCloserWrapper{
+		Reader: r,
+		closer: closer,
+	}
+}