diff --git a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md index f7cb953c89..5acd5138a7 100644 --- a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md +++ b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md @@ -2031,8 +2031,23 @@ ARG [=] The `ARG` instruction defines a variable that users can pass at build-time to the builder with the `docker build` command using the `--build-arg =` -flag. If a user specifies a build argument that was not -defined in the Dockerfile, the build outputs a warning. +flag. + +> **Warning** +> +> It isn't recommended to use build arguments for passing secrets such as +> user credentials, API tokens, etc. Build arguments are visible in the +> `docker history` command and in `max` mode provenance attestations, +> which are attached to the image by default if you use the Buildx GitHub Actions +> and your GitHub repository is public. +> +> Refer to the [`RUN --mount=type=secret`](#run---mounttypesecret) section to +> learn about secure ways to use secrets when building images. +{ .warning } + + +If you specify a build argument that wasn't defined in the Dockerfile, +the build outputs a warning. ```console [Warning] One or more build-args [foo] were not consumed. @@ -2048,16 +2063,6 @@ ARG buildno # ... ``` -> **Warning** -> -> It is not recommended to use build-time variables for passing secrets like -> GitHub keys, user credentials etc. Build-time variable values are visible to -> any user of the image with the `docker history` command. -> -> Refer to the [`RUN --mount=type=secret`](#run---mounttypesecret) section to -> learn about secure ways to use secrets when building images. -{ .warning } - ### Default values An `ARG` instruction can optionally include a default value: diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 8a99e2509e..21bf6fa42f 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,5 +1,5 @@ # github.com/moby/moby v25.0.0+incompatible -# github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f +# github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 # github.com/docker/buildx v0.12.2-0.20240126114058-d43cf8c2c6b4 # github.com/docker/scout-cli v1.3.0 # github.com/docker/cli v25.0.1+incompatible diff --git a/go.mod b/go.mod index 0410485856..eb5eec17e1 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,6 @@ require ( github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/compose/v2 v2.24.5 // indirect github.com/docker/scout-cli v1.3.0 // indirect - github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f // indirect + github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 // indirect github.com/moby/moby v25.0.0+incompatible // indirect ) diff --git a/go.sum b/go.sum index ad3b9a9b03..f435e73854 100644 --- a/go.sum +++ b/go.sum @@ -185,6 +185,8 @@ github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde h1:t6dpbzyD github.com/moby/buildkit v0.13.0-beta1.0.20240116143623-28ce478b1fde/go.mod h1:NK6kY+05bXjxhEmtGEMAwvSJ19gagBukPz6N4FFzlNs= github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f h1:weCt2sfZGVAeThzpVyv4ibC0oFfvSxtbiTE7W77wXpc= github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f/go.mod h1:vEcIVw63dZyhTgbcyQWXlZrtrKnvFoSI8LhfV+Vj0Jg= +github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 h1:9oIm9T7YyDxRAXvP7y605G3TZmPGZjFvRHbbMJcIDy8= +github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34/go.mod h1:tSWWhq1EDM0eB3ngMNDiH2hOOW9fXTyn2uXuOraCLlE= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/moby v24.0.2+incompatible h1:yH+5dRHH1x3XRKzl1THA2aGTy6CHYnkt5N924ADMax8= github.com/moby/moby v24.0.2+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=