Merge pull request #19570 from docker-tools-robot/dispatch/buildx-ref-v0.13.0

Update buildx reference to v0.13.0

_vendor/github.com/docker/buildx/docs/bake-reference.md

@@ -213,7 +213,7 @@ target "webapp" {
 The following table shows the complete list of attributes that you can assign to a target:
 
 | Name                                            | Type    | Description                                                          |
-| ----------------------------------------------- | ------- | -------------------------------------------------------------------- |
+|-------------------------------------------------|---------|----------------------------------------------------------------------|
 | [`args`](#targetargs)                           | Map     | Build arguments                                                      |
 | [`annotations`](#targetannotations)             | List    | Exporter annotations                                                 |
 | [`attest`](#targetattest)                       | List    | Build attestations                                                   |
@@ -233,9 +233,11 @@ The following table shows the complete list of attributes that you can assign to
 | [`platforms`](#targetplatforms)                 | List    | Target platforms                                                     |
 | [`pull`](#targetpull)                           | Boolean | Always pull images                                                   |
 | [`secret`](#targetsecret)                       | List    | Secrets to expose to the build                                       |
+| [`shm-size`](#targetshm-size)                   | List    | Size of `/dev/shm`                                                   |
 | [`ssh`](#targetssh)                             | List    | SSH agent sockets or keys to expose to the build                     |
 | [`tags`](#targettags)                           | List    | Image names and tags                                                 |
 | [`target`](#targettarget)                       | String  | Target build stage                                                   |
+| [`ulimits`](#targetulimits)                     | List    | Ulimit options                                                       |
 
 ### `target.args`
 
@@ -832,6 +834,29 @@ RUN --mount=type=secret,id=KUBECONFIG \
     KUBECONFIG=$(cat /run/secrets/KUBECONFIG) helm upgrade --install
 ```
 
+### `target.shm-size`
+
+Sets the size of the shared memory allocated for build containers when using
+`RUN` instructions.
+
+The format is `<number><unit>`. `number` must be greater than `0`. Unit is
+optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g`
+(gigabytes). If you omit the unit, the system uses bytes.
+
+This is the same as the `--shm-size` flag for `docker build`.
+
+```hcl
+target "default" {
+  shm-size = "128m"
+}
+```
+
+> **Note**
+>
+> In most cases, it is recommended to let the builder automatically determine
+> the appropriate configurations. Manual adjustments should only be considered
+> when specific performance tuning is required for complex build scenarios.
+
 ### `target.ssh`
 
 Defines SSH agent sockets or keys to expose to the build.
@@ -878,6 +903,32 @@ target "default" {
 }
 ```
 
+### `target.ulimits`
+
+Ulimits overrides the default ulimits of build's containers when using `RUN`
+instructions and are specified with a soft and hard limit as such:
+`<type>=<soft limit>[:<hard limit>]`, for example:
+
+```hcl
+target "app" {
+  ulimits = [
+    "nofile=1024:1024"
+  ]
+}
+```
+
+> **Note**
+>
+> If you do not provide a `hard limit`, the `soft limit` is used
+> for both values. If no `ulimits` are set, they are inherited from
+> the default `ulimits` set on the daemon.
+
+> **Note**
+>
+> In most cases, it is recommended to let the builder automatically determine
+> the appropriate configurations. Manual adjustments should only be considered
+> when specific performance tuning is required for complex build scenarios.
+
 ## Group
 
 Groups allow you to invoke multiple builds (targets) at once.

_vendor/modules.txt

@@ -1,6 +1,6 @@
 # github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible
-# github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34
+# github.com/moby/buildkit v0.13.0
-# github.com/docker/buildx v0.12.2-0.20240220084849-89154c7d3303
+# github.com/docker/buildx v0.13.0
 # github.com/docker/scout-cli v1.4.1
-# github.com/docker/cli v25.0.4-0.20240221083216-f67e569a8fb9+incompatible
+# github.com/docker/cli v26.0.0-rc1+incompatible
 # github.com/docker/compose/v2 v2.24.6

data/buildx/docker_buildx.yaml

@@ -8,6 +8,7 @@ cname:
     - docker buildx build
     - docker buildx create
     - docker buildx debug
+    - docker buildx dial-stdio
     - docker buildx du
     - docker buildx imagetools
     - docker buildx inspect
@@ -22,6 +23,7 @@ clink:
     - docker_buildx_build.yaml
     - docker_buildx_create.yaml
     - docker_buildx_debug.yaml
+    - docker_buildx_dial-stdio.yaml
     - docker_buildx_du.yaml
     - docker_buildx_imagetools.yaml
     - docker_buildx_inspect.yaml

data/buildx/docker_buildx_build.yaml

@@ -453,7 +453,7 @@ options:
     - option: shm-size
       value_type: bytes
       default_value: "0"
-      description: Size of `/dev/shm`
+      description: Shared memory size for build containers
       details_url: '#shm-size'
       deprecated: false
       hidden: false
@@ -613,7 +613,7 @@ examples: |-
     - `security.insecure` - Allows executions without sandbox. See
       [related Dockerfile extensions](/reference/dockerfile/#run---securitysandbox).
 
-    For entitlements to be enabled, the `buildkitd` daemon also needs to allow them
+    For entitlements to be enabled, the BuildKit daemon also needs to allow them
     with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](/reference/cli/docker/buildx/create/#buildkitd-flags)).
 
     ```console
@@ -786,6 +786,7 @@ examples: |-
 
     ```json
     {
+      "buildx.build.ref": "mybuilder/mybuilder0/0fjb6ubs52xx3vygf6fgdl611",
       "containerimage.config.digest": "sha256:2937f66a9722f7f4a2df583de2f8cb97fc9196059a410e7f00072fc918930e66",
       "containerimage.descriptor": {
         "annotations": {
@@ -882,6 +883,10 @@ examples: |-
     $ docker buildx build -t tonistiigi/foo -o type=registry
     ```
 
+    > **Note **
+    >
+    > Since BuildKit v0.13.0 multiple outputs can be specified by repeating the flag.
+
     Supported exported types are:
 
     #### `local`
@@ -1112,12 +1117,21 @@ examples: |-
     $ SECRET_TOKEN=token docker buildx build --secret id=SECRET_TOKEN .
     ```
 
-    ### Size of /dev/shm (--shm-size) {#shm-size}
+    ### Shared memory size for build containers (--shm-size) {#shm-size}
+
+    Sets the size of the shared memory allocated for build containers when using
+    `RUN` instructions.
 
     The format is `<number><unit>`. `number` must be greater than `0`. Unit is
     optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g`
     (gigabytes). If you omit the unit, the system uses bytes.
 
+    > **Note**
+    >
+    > In most cases, it is recommended to let the builder automatically determine
+    > the appropriate configurations. Manual adjustments should only be considered
+    > when specific performance tuning is required for complex build scenarios.
+
     ### SSH agent socket or keys to expose to the build (--ssh) {#ssh}
 
     ```text
@@ -1151,7 +1165,8 @@ examples: |-
 
     ### Set ulimits (--ulimit) {#ulimit}
 
-    `--ulimit` is specified with a soft and hard limit as such:
+    `--ulimit` overrides the default ulimits of build's containers when using `RUN`
+    instructions and are specified with a soft and hard limit as such:
     `<type>=<soft limit>[:<hard limit>]`, for example:
 
     ```console
@@ -1163,6 +1178,12 @@ examples: |-
     > If you don't provide a `hard limit`, the `soft limit` is used
     > for both values. If no `ulimits` are set, they're inherited from
     > the default `ulimits` set on the daemon.
+
+    > **Note**
+    >
+    > In most cases, it is recommended to let the builder automatically determine
+    > the appropriate configurations. Manual adjustments should only be considered
+    > when specific performance tuning is required for complex build scenarios.
 deprecated: false
 hidden: false
 experimental: false

data/buildx/docker_buildx_create.yaml

@@ -43,9 +43,19 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
+    - option: buildkitd-config
+      value_type: string
+      description: BuildKit daemon config file
+      details_url: '#buildkitd-config'
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
     - option: buildkitd-flags
       value_type: string
-      description: Flags for buildkitd daemon
+      description: BuildKit daemon flags
       details_url: '#buildkitd-flags'
       deprecated: false
       hidden: false
@@ -55,10 +65,9 @@ options:
       swarm: false
     - option: config
       value_type: string
-      description: BuildKit config file
+      description: BuildKit daemon config file
-      details_url: '#config'
       deprecated: false
-      hidden: false
+      hidden: true
       experimental: false
       experimentalcli: false
       kubernetes: false
@@ -153,29 +162,15 @@ examples: |-
     eager_beaver
     ```
 
-    ### Specify options for the buildkitd daemon (--buildkitd-flags) {#buildkitd-flags}
+    ### Specify a configuration file for the BuildKit daemon (--buildkitd-config) {#buildkitd-config}
 
     ```text
-    --buildkitd-flags FLAGS
+    --buildkitd-config FILE
     ```
 
-    Adds flags when starting the buildkitd daemon. They take precedence over the
+    Specifies the configuration file for the BuildKit daemon to use. The
-    configuration file specified by [`--config`](#config). See `buildkitd --help`
+    configuration can be overridden by [`--buildkitd-flags`](#buildkitd-flags).
-    for the available flags.
+    See an [example BuildKit daemon configuration file](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md).
-
-    ```text
-    --buildkitd-flags '--debug --debugaddr 0.0.0.0:6666'
-    ```
-
-    ### Specify a configuration file for the buildkitd daemon (--config) {#config}
-
-    ```text
-    --config FILE
-    ```
-
-    Specifies the configuration file for the buildkitd daemon to use. The configuration
-    can be overridden by [`--buildkitd-flags`](#buildkitd-flags).
-    See an [example buildkitd configuration file](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md).
 
     If you don't specify a configuration file, Buildx looks for one by default in:
 
@@ -188,6 +183,36 @@ examples: |-
     will be copied into the container under `/etc/buildkit/certs` and configuration
     will be updated to reflect that.
 
+    ### Specify options for the BuildKit daemon (--buildkitd-flags) {#buildkitd-flags}
+
+    ```text
+    --buildkitd-flags FLAGS
+    ```
+
+    Adds flags when starting the BuildKit daemon. They take precedence over the
+    configuration file specified by [`--buildkitd-config`](#buildkitd-config). See
+    `buildkitd --help` for the available flags.
+
+    ```text
+    --buildkitd-flags '--debug --debugaddr 0.0.0.0:6666'
+    ```
+
+    #### BuildKit daemon network mode
+
+    You can specify the network mode for the BuildKit daemon with either the
+    configuration file specified by [`--buildkitd-config`](#buildkitd-config) using the
+    `worker.oci.networkMode` option or `--oci-worker-net` flag here. The default
+    value is `auto` and can be one of `bridge`, `cni`, `host`:
+
+    ```text
+    --buildkitd-flags '--oci-worker-net bridge'
+    ```
+
+    > **Note**
+    >
+    > Network mode "bridge" is supported since BuildKit v0.13 and will become the
+    > default in next v0.14.
+
     ### Set the builder driver to use (--driver) {#driver}
 
     ```text
@@ -231,8 +256,8 @@ examples: |-
 
     #### `remote` driver
 
-    Uses a remote instance of buildkitd over an arbitrary connection. With this
+    Uses a remote instance of BuildKit daemon over an arbitrary connection. With
-    driver, you manually create and manage instances of buildkit yourself, and
+    this driver, you manually create and manage instances of buildkit yourself, and
     configure buildx to point at it.
 
     Unlike `docker` driver, built images will not automatically appear in

data/buildx/docker_buildx_debug_build.yaml

@@ -430,7 +430,7 @@ options:
     - option: shm-size
       value_type: bytes
       default_value: "0"
-      description: Size of `/dev/shm`
+      description: Shared memory size for build containers
       deprecated: false
       hidden: false
       experimental: false

data/buildx/docker_buildx_dial-stdio.yaml

@@ -0,0 +1,70 @@
+command: docker buildx dial-stdio
+short: Proxy current stdio streams to builder instance
+long: |-
+    dial-stdio uses the stdin and stdout streams of the command to proxy to the configured builder instance.
+    It is not intended to be used by humans, but rather by other tools that want to interact with the builder instance via BuildKit API.
+usage: docker buildx dial-stdio
+pname: docker buildx
+plink: docker_buildx.yaml
+options:
+    - option: platform
+      value_type: string
+      description: 'Target platform: this is used for node selection'
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+    - option: progress
+      value_type: string
+      default_value: quiet
+      description: Set type of progress output (auto, plain, tty).
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+inherited_options:
+    - option: builder
+      value_type: string
+      description: Override the configured builder instance
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+examples: |-
+    Example go program that uses the dial-stdio command wire up a buildkit client.
+    This is for example use only and may not be suitable for production use.
+
+    ```go
+    client.New(ctx, "", client.WithContextDialer(func(context.Context, string) (net.Conn, error) {
+        c1, c2 := net.Pipe()
+        cmd := exec.Command("docker", "buildx", "dial-stdio")
+        cmd.Stdin = c1
+        cmd.Stdout = c1
+
+        if err := cmd.Start(); err != nil {
+            c1.Close()
+            c2.Close()
+            return nil, err
+        }
+
+        go func() {
+            cmd.Wait()
+            c2.Close()
+        }()
+
+        return c2
+    }))
+    ```
+deprecated: false
+hidden: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+

data/buildx/docker_buildx_rm.yaml

@@ -33,7 +33,7 @@ options:
     - option: keep-daemon
       value_type: bool
       default_value: "false"
-      description: Keep the buildkitd daemon running
+      description: Keep the BuildKit daemon running
       details_url: '#keep-daemon'
       deprecated: false
       hidden: false
@@ -85,10 +85,10 @@ examples: |-
     $ docker buildx rm --all-inactive --force
     ```
 
-    ### Keep the buildkitd daemon running (--keep-daemon) {#keep-daemon}
+    ### Keep the BuildKit daemon running (--keep-daemon) {#keep-daemon}
 
     Keep the BuildKit daemon running after the buildx context is removed. This is
-    useful when you manage buildkitd daemons and buildx contexts independently.
+    useful when you manage BuildKit daemons and buildx contexts independently.
     Only supported by the
     [`docker-container`](/build/drivers/docker-container/)
     and [`kubernetes`](/build/drivers/kubernetes/) drivers.

go.mod

@@ -5,16 +5,16 @@ go 1.21
 toolchain go1.21.1
 
 require (
-	github.com/docker/buildx v0.12.2-0.20240220084849-89154c7d3303 // indirect
+	github.com/docker/buildx v0.13.0 // indirect
-	github.com/docker/cli v25.0.4-0.20240221083216-f67e569a8fb9+incompatible // indirect
+	github.com/docker/cli v26.0.0-rc1+incompatible // indirect
 	github.com/docker/compose/v2 v2.24.6 // indirect
 	github.com/docker/scout-cli v1.4.1 // indirect
-	github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 // indirect
+	github.com/moby/buildkit v0.13.0 // indirect
 	github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible // indirect
 )
 
 replace (
-	github.com/docker/buildx => github.com/docker/buildx v0.12.2-0.20240220084849-89154c7d3303
+	github.com/docker/buildx => github.com/docker/buildx v0.13.0
 	github.com/docker/cli => github.com/docker/cli v25.0.4-0.20240221083216-f67e569a8fb9+incompatible
 	github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.24.6
 	github.com/docker/scout-cli => github.com/docker/scout-cli v1.4.1

go.sum

@@ -60,6 +60,8 @@ github.com/docker/buildx v0.12.2-0.20240126114058-d43cf8c2c6b4 h1:aEFpoxTw5LIRjN
 github.com/docker/buildx v0.12.2-0.20240126114058-d43cf8c2c6b4/go.mod h1:SBLnQH9q+77aVvpvS5LLIly9+nHVlwscl5GEegGMD5g=
 github.com/docker/buildx v0.12.2-0.20240220084849-89154c7d3303 h1:J34paheV5gSKezhnVzwT5WwRQgPzBLYAdCYAFPoEYfU=
 github.com/docker/buildx v0.12.2-0.20240220084849-89154c7d3303/go.mod h1:OoLv85M5U/p8TWyCINtEilyy0A0XTN9COQgmuE0bWhw=
+github.com/docker/buildx v0.13.0 h1:nNbkgaxsWEZPX1P8yXN6dibAv7ADRMVqi0aohDFhLJY=
+github.com/docker/buildx v0.13.0/go.mod h1:f2n6vggoX4sNNZ0XoRZ0Wtv6J1/rbDTabgdHtpW9NNM=
 github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM=
 github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw=