From 815e17f19bc82f9ac183deeee24a8da1c43f0b71 Mon Sep 17 00:00:00 2001 From: crazy-max <1951866+crazy-max@users.noreply.github.com> Date: Thu, 18 Apr 2024 15:08:36 +0000 Subject: [PATCH] vendor: github.com/docker/buildx v0.14.0 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- _vendor/modules.txt | 4 +- data/buildx/docker_buildx_bake.yaml | 75 +++++++++++++++++++++- data/buildx/docker_buildx_build.yaml | 32 +++++++-- data/buildx/docker_buildx_debug_build.yaml | 4 +- go.mod | 6 +- go.sum | 2 + 6 files changed, 108 insertions(+), 15 deletions(-) diff --git a/_vendor/modules.txt b/_vendor/modules.txt index a89db1cf82..68f3dc93d3 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v26.0.0+incompatible # github.com/moby/buildkit v0.13.1 -# github.com/docker/buildx v0.13.1 -# github.com/docker/cli v26.0.0+incompatible +# github.com/docker/buildx v0.14.0 +# github.com/docker/cli v26.0.1-0.20240410153731-b6c552212837+incompatible # github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 # github.com/docker/scout-cli v1.7.0 diff --git a/data/buildx/docker_buildx_bake.yaml b/data/buildx/docker_buildx_bake.yaml index 69a6cb05c5..2393e6fd6f 100644 --- a/data/buildx/docker_buildx_bake.yaml +++ b/data/buildx/docker_buildx_bake.yaml @@ -41,7 +41,8 @@ options: swarm: false - option: metadata-file value_type: string - description: Write build result metadata to the file + description: Write build result metadata to a file + details_url: '#metadata-file' deprecated: false hidden: false experimental: false @@ -189,6 +190,77 @@ examples: |- See the [Bake file reference](/build/bake/reference/) for more details. + ### Write build results metadata to a file (--metadata-file) {#metadata-file} + + Similar to [`buildx build --metadata-file`](/reference/cli/docker/buildx/build/#metadata-file) but + writes a map of results for each target such as: + + ```hcl + # docker-bake.hcl + group "default" { + targets = ["db", "webapp-dev"] + } + + target "db" { + dockerfile = "Dockerfile.db" + tags = ["docker.io/username/db"] + } + + target "webapp-dev" { + dockerfile = "Dockerfile.webapp" + tags = ["docker.io/username/webapp"] + } + ``` + + ```console + $ docker buildx bake --load --metadata-file metadata.json . + $ cat metadata.json + ``` + + ```json + { + "db": { + "buildx.build.provenance": {}, + "buildx.build.ref": "mybuilder/mybuilder0/0fjb6ubs52xx3vygf6fgdl611", + "containerimage.config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66", + "containerimage.descriptor": { + "annotations": { + "config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66", + "org.opencontainers.image.created": "2022-02-08T21:28:03Z" + }, + "digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 506 + }, + "containerimage.digest": "sha256:19ffeab6f8bc9293ac2c3fdf94ebe28396254c993aea0b5a542cfb02e0883fa3" + }, + "webapp-dev": { + "buildx.build.provenance": {}, + "buildx.build.ref": "mybuilder/mybuilder0/kamngmcgyzebqxwu98b4lfv3n", + "containerimage.config.digest": "sha256:9651cc2b3c508f697c9c43b67b64c8359c2865c019e680aac1c11f4b875b67e0", + "containerimage.descriptor": { + "annotations": { + "config.digest": "sha256:9651cc2b3c508f697c9c43b67b64c8359c2865c019e680aac1c11f4b875b67e0", + "org.opencontainers.image.created": "2022-02-08T21:28:15Z" + }, + "digest": "sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 506 + }, + "containerimage.digest": "sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74" + } + } + ``` + + > **Note** + > + > Build record [provenance](/build/attestations/slsa-provenance/#provenance-attestation-example) + > (`buildx.build.provenance`) includes minimal provenance by default. Set the + > `BUILDX_METADATA_PROVENANCE` environment variable to customize this behavior: + > * `min` sets minimal provenance (default). + > * `max` sets full provenance. + > * `disabled`, `false` or `0` does not set any provenance. + ### Don't use cache when building the image (--no-cache) {#no-cache} Same as `build --no-cache`. Don't use cache when building the image. @@ -261,6 +333,7 @@ examples: |- * `context` * `dockerfile` * `labels` + * `load` * `no-cache` * `no-cache-filter` * `output` diff --git a/data/buildx/docker_buildx_build.yaml b/data/buildx/docker_buildx_build.yaml index f33955a058..d3def059f6 100644 --- a/data/buildx/docker_buildx_build.yaml +++ b/data/buildx/docker_buildx_build.yaml @@ -205,7 +205,7 @@ options: swarm: false - option: iidfile value_type: string - description: Write the image ID to the file + description: Write the image ID to a file deprecated: false hidden: false experimental: false @@ -264,7 +264,7 @@ options: swarm: false - option: metadata-file value_type: string - description: Write build result metadata to the file + description: Write build result metadata to a file details_url: '#metadata-file' deprecated: false hidden: false @@ -773,7 +773,7 @@ examples: |- Shorthand for [`--output=type=docker`](#docker). Will automatically load the single-platform build result to `docker images`. - ### Write build result metadata to the file (--metadata-file) {#metadata-file} + ### Write build result metadata to a file (--metadata-file) {#metadata-file} To output build metadata such as the image digest, pass the `--metadata-file` flag. The metadata will be written as a JSON object to the specified file. The @@ -786,6 +786,7 @@ examples: |- ```json { + "buildx.build.provenance": {}, "buildx.build.ref": "mybuilder/mybuilder0/0fjb6ubs52xx3vygf6fgdl611", "containerimage.config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66", "containerimage.descriptor": { @@ -801,6 +802,15 @@ examples: |- } ``` + > **Note** + > + > Build record [provenance](/build/attestations/slsa-provenance/#provenance-attestation-example) + > (`buildx.build.provenance`) includes minimal provenance by default. Set the + > `BUILDX_METADATA_PROVENANCE` environment variable to customize this behavior: + > * `min` sets minimal provenance (default). + > * `max` sets full provenance. + > * `disabled`, `false` or `0` does not set any provenance. + ### Ignore build cache for specific stages (--no-cache-filter) {#no-cache-filter} The `--no-cache-filter` lets you specify one or more stages of a multi-stage @@ -877,7 +887,7 @@ examples: |- ```console $ docker buildx build -o . . $ docker buildx build -o outdir . - $ docker buildx build -o - - > out.tar + $ docker buildx build -o - . > out.tar $ docker buildx build -o type=docker . $ docker buildx build -o type=docker,dest=- . > myimage.tar $ docker buildx build -t tonistiigi/foo -o type=registry @@ -1074,10 +1084,18 @@ examples: |- --secret=[type=TYPE[,KEY=VALUE] ``` - Exposes secret to the build. The secret can be used by the build using - [`RUN --mount=type=secret` mount](/reference/dockerfile/#run---mounttypesecret). + Exposes secrets (authentication credentials, tokens) to the build. + A secret can be mounted into the build using a `RUN --mount=type=secret` mount in the + [Dockerfile](/reference/dockerfile/#run---mounttypesecret). + For more information about how to use build secrets, see + [Build secrets](/build/building/secrets/). - If `type` is unset it will be detected. Supported types are: + Supported types are: + + - [`file`](#file) + - [`env`](#env) + + Buildx attempts to detect the `type` automatically if unset. #### `file` diff --git a/data/buildx/docker_buildx_debug_build.yaml b/data/buildx/docker_buildx_debug_build.yaml index baf0d91bf0..8e13dcd476 100644 --- a/data/buildx/docker_buildx_debug_build.yaml +++ b/data/buildx/docker_buildx_debug_build.yaml @@ -192,7 +192,7 @@ options: swarm: false - option: iidfile value_type: string - description: Write the image ID to the file + description: Write the image ID to a file deprecated: false hidden: false experimental: false @@ -250,7 +250,7 @@ options: swarm: false - option: metadata-file value_type: string - description: Write build result metadata to the file + description: Write build result metadata to a file deprecated: false hidden: false experimental: false diff --git a/go.mod b/go.mod index ea15999ffe..a9cebecf36 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.21 toolchain go1.21.1 require ( - github.com/docker/buildx v0.13.1 // indirect - github.com/docker/cli v26.0.0+incompatible // indirect + github.com/docker/buildx v0.14.0 // indirect + github.com/docker/cli v26.0.1-0.20240410153731-b6c552212837+incompatible // indirect github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 // indirect github.com/docker/scout-cli v1.7.0 // indirect github.com/moby/buildkit v0.13.1 // indirect @@ -14,7 +14,7 @@ require ( ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.13.1 + github.com/docker/buildx => github.com/docker/buildx v0.14.0 github.com/docker/cli => github.com/docker/cli v26.0.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.26.1 github.com/docker/scout-cli => github.com/docker/scout-cli v1.7.0 diff --git a/go.sum b/go.sum index d3730292ef..cd900fa824 100644 --- a/go.sum +++ b/go.sum @@ -66,6 +66,8 @@ github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2 h1:kuFvsZyZCYqxWB github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2/go.mod h1:f2n6vggoX4sNNZ0XoRZ0Wtv6J1/rbDTabgdHtpW9NNM= github.com/docker/buildx v0.13.1 h1:uZjBcb477zh02tnHk0rqNV/DZOxbf/OiHw6Mc8OhDYU= github.com/docker/buildx v0.13.1/go.mod h1:f2n6vggoX4sNNZ0XoRZ0Wtv6J1/rbDTabgdHtpW9NNM= +github.com/docker/buildx v0.14.0 h1:FxqcfE7xgeEC4oQlKLpuvfobRDVDXrHE3jByM+mdyqk= +github.com/docker/buildx v0.14.0/go.mod h1:Vy/2lC9QsJvo33+7KKkN/GDE5WxnVqW0/dpcN7ZqPJY= github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM= github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw=