vendor: github.com/moby/buildkit master

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2024-03-07 09:32:30 +01:00
parent 9074503b2a
commit e17fdb53a0
4 changed files with 218 additions and 161 deletions

View File

@ -608,19 +608,19 @@ RUN echo $VERSION > image_version
The `RUN` instruction will execute any commands to create a new layer on top of
the current image. The added layer is used in the next step in the Dockerfile.
`RUN` has two forms:
```dockerfile
RUN apt-get update
RUN apt-get install -y curl
# Shell form:
RUN [OPTIONS] <command> ...
# Exec form:
RUN [OPTIONS] [ "<command>", ... ]
```
You can specify `RUN` instructions using
[shell or exec forms](#shell-and-exec-form):
For more information about the differences between these two forms, see
[shell or exec forms](#shell-and-exec-form).
- `RUN ["executable","param1","param2"]` (exec form)
- `RUN command param1 param2` (shell form)
The shell form is most commonly used, and lets you more easily break up longer
The shell form is most commonly used, and lets you break up longer
instructions into multiple lines, either using newline [escapes](#escape), or
with [heredocs](#here-documents):
@ -631,6 +631,12 @@ apt-get install -y curl
EOF
```
The available `[OPTIONS]` for the `RUN` instruction are:
- [`--mount`](#run---mount)
- [`--network`](#run---network)
- [`--security`](#run---security)
### Cache invalidation for RUN instructions
The cache for `RUN` instructions isn't invalidated automatically during
@ -644,11 +650,11 @@ guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practi
The cache for `RUN` instructions can be invalidated by [`ADD`](#add) and [`COPY`](#copy) instructions.
## RUN --mount
### RUN --mount
> **Note**
>
> Added in [`docker/dockerfile:1.2`](#syntax)
```dockerfile
RUN --mount=[type=<TYPE>][,option=<value>[,option=<value>]...]
```
`RUN --mount` allows you to create filesystem mounts that the build can access.
This can be used to:
@ -657,9 +663,7 @@ This can be used to:
- Access build secrets or ssh-agent sockets
- Use a persistent package management cache to speed up your build
Syntax: `--mount=[type=<TYPE>][,option=<value>[,option=<value>]...]`
### Mount types
The supported mount types are:
| Type | Description |
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------- |
@ -804,18 +808,16 @@ $ docker buildx build --ssh default=$SSH_AUTH_SOCK .
You can also specify a path to `*.pem` file on the host directly instead of `$SSH_AUTH_SOCK`.
However, pem files with passphrases are not supported.
## RUN --network
### RUN --network
> **Note**
>
> Added in [`docker/dockerfile:1.1`](#syntax)
```dockerfile
RUN --network=<TYPE>
```
`RUN --network` allows control over which networking environment the command
is run in.
Syntax: `--network=<TYPE>`
### Network types
The supported network types are:
| Type | Description |
| -------------------------------------------- | -------------------------------------- |
@ -858,15 +860,18 @@ The command is run in the host's network environment (similar to
> and for a build request with [`--allow network.host` flag](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow).
{ .warning }
## RUN --security
### RUN --security
> **Note**
>
> Not yet available in stable syntax, use [`docker/dockerfile:1-labs`](#syntax) version.
### RUN --security=insecure
```dockerfile
RUN --security=<sandbox|insecure>
```
With `--security=insecure`, builder runs the command without sandbox in insecure
The default security mode is `sandbox`.
With `--security=insecure`, the builder runs the command without sandbox in insecure
mode, which allows to run flows requiring elevated privileges (e.g. containerd).
This is equivalent to running `docker run --privileged`.
@ -878,6 +883,8 @@ This is equivalent to running `docker run --privileged`.
> and for a build request with [`--allow security.insecure` flag](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow).
{ .warning }
Default sandbox mode can be activated via `--security=sandbox`, but that is no-op.
#### Example: check entitlements
```dockerfile
@ -890,10 +897,6 @@ RUN --security=insecure cat /proc/self/status | grep CapEff
#84 0.093 CapEff: 0000003fffffffff
```
### RUN --security=sandbox
Default sandbox mode can be activated via `--security=sandbox`, but that is no-op.
## CMD
The `CMD` instruction sets the command to be executed when running a container
@ -1135,28 +1138,22 @@ RUN apt-get update && apt-get install -y ...
## ADD
ADD has two forms:
```dockerfile
ADD [--chown=<user>:<group>] [--chmod=<perms>] [--checksum=<checksum>] <src>... <dest>
ADD [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]
```
ADD has two forms.
The latter form is required for paths containing whitespace.
> **Note**
>
> The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
> and doesn't work on Windows containers. Since user and group ownership concepts do
> not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
> translating user and group names to IDs restricts this feature to only be viable
> for Linux OS-based containers.
```dockerfile
ADD [OPTIONS] <src> ... <dest>
ADD [OPTIONS] ["<src>", ... "<dest>"]
```
> **Note**
>
> `--chmod` is supported since [Dockerfile 1.3](https://docs.docker.com/build/buildkit/dockerfile-frontend/).
> Only octal notation is currently supported. Non-octal support is tracked in
> [moby/buildkit#1951](https://github.com/moby/buildkit/issues/1951).
The available `[OPTIONS]` are:
- [`--keep-git-dir`](#add---keep-git-dir)
- [`--checksum`](#add---checksum)
- [`--chown`](#add---chown---chmod)
- [`--chmod`](#add---chown---chmod)
- [`--link`](#add---link)
- [`--exclude`](#add---exclude)
The `ADD` instruction copies new files, directories or remote file URLs from `<src>`
and adds them to the filesystem of the image at the path `<dest>`.
@ -1168,13 +1165,13 @@ the context of the build.
Each `<src>` may contain wildcards and matching will be done using Go's
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
To add all files starting with "hom":
To add all files in the root of the build context starting with "hom":
```dockerfile
ADD hom* /mydir/
```
In the example below, `?` is replaced with any single character, e.g., "home.txt".
In the following example, `?` is a single-character wildcard, matching e.g. "home.txt".
```dockerfile
ADD hom?.txt /mydir/
@ -1204,30 +1201,6 @@ named `arr[0].txt`, use the following;
ADD arr[[]0].txt /mydir/
```
All new files and directories are created with a UID and GID of 0, unless the
optional `--chown` flag specifies a given username, groupname, or UID/GID
combination to request specific ownership of the content added. The
format of the `--chown` flag allows for either username and groupname strings
or direct integer UID and GID in any combination. Providing a username without
groupname or a UID without GID will use the same numeric UID as the GID. If a
username or groupname is provided, the container's root filesystem
`/etc/passwd` and `/etc/group` files will be used to perform the translation
from name to integer UID or GID respectively. The following examples show
valid definitions for the `--chown` flag:
```dockerfile
ADD --chown=55:mygroup files* /somedir/
ADD --chown=bin files* /somedir/
ADD --chown=1 files* /somedir/
ADD --chown=10:11 files* /somedir/
ADD --chown=myuser:mygroup --chmod=655 files* /somedir/
```
If the container root filesystem doesn't contain either `/etc/passwd` or
`/etc/group` files and either user or group names are used in the `--chown`
flag, the build will fail on the `ADD` operation. Using numeric IDs requires
no lookup and doesn't depend on container root filesystem content.
In the case where `<src>` is a remote file URL, the destination will
have permissions of 600. If the remote file being retrieved has an HTTP
`Last-Modified` header, the timestamp from that header will be used
@ -1311,35 +1284,9 @@ doesn't support authentication.
- If `<dest>` doesn't exist, it's created, along with all missing directories
in its path.
### Verifying a remote file checksum `ADD --checksum=<checksum> <http src> <dest>`
### Adding private Git repositories
The checksum of a remote file can be verified with the `--checksum` flag:
```dockerfile
ADD --checksum=sha256:24454f830cdb571e2c4ad15481119c43b3cafd48dd869a9b2945d1036d1dc68d https://mirrors.edge.kernel.org/pub/linux/kernel/Historic/linux-0.01.tar.gz /
```
The `--checksum` flag only supports HTTP sources currently.
### Adding a Git repository `ADD <git ref> <dir>`
This form allows adding a Git repository to an image directly, without using the `git` command inside the image:
```dockerfile
ADD [--keep-git-dir=<boolean>] <git ref> <dir>
```
```dockerfile
# syntax=docker/dockerfile:1
FROM alpine
ADD --keep-git-dir=true https://github.com/moby/buildkit.git#v0.10.1 /buildkit
```
The `--keep-git-dir=true` flag adds the `.git` directory. This flag defaults to false.
### Adding a private git repository
To add a private repo via SSH, create a Dockerfile with the following form:
To add a private repository via SSH, create a Dockerfile with the following form:
```dockerfile
# syntax=docker/dockerfile:1
@ -1357,28 +1304,67 @@ $ docker build --ssh default
$ buildctl build --frontend=dockerfile.v0 --local context=. --local dockerfile=. --ssh default
```
## ADD --link
### ADD --keep-git-dir
```dockerfile
ADD [--keep-git-dir=<boolean>] <src> ... <dir>
```
When `<src>` is the HTTP or SSH address of a remote Git repository,
BuildKit adds the contents of the Git repository to the image
excluding the `.git` directory by default.
The `--keep-git-dir=true` flag lets you preserve the `.git` directory.
```dockerfile
# syntax=docker/dockerfile:1
FROM alpine
ADD --keep-git-dir=true https://github.com/moby/buildkit.git#v0.10.1 /buildkit
```
### ADD --checksum
```dockerfile
ADD [--checksum=<hash>] <src> ... <dir>
```
The `--checksum` flag lets you verify the checksum of a remote resource:
```dockerfile
ADD --checksum=sha256:24454f830cdb571e2c4ad15481119c43b3cafd48dd869a9b2945d1036d1dc68d https://mirrors.edge.kernel.org/pub/linux/kernel/Historic/linux-0.01.tar.gz /
```
The `--checksum` flag only supports HTTP sources currently.
### ADD --chown --chmod
See [`COPY --chown --chmod`](#copy---chown---chmod).
### ADD --link
See [`COPY --link`](#copy---link).
### ADD --exclude
See [`COPY --exclude`](#copy---exclude).
## COPY
COPY has two forms:
COPY has two forms.
The latter form is required for paths containing whitespace.
```dockerfile
COPY [--chown=<user>:<group>] [--chmod=<perms>] <src>... <dest>
COPY [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]
COPY [OPTIONS] <src> ... <dest>
COPY [OPTIONS] ["<src>", ... "<dest>"]
```
This latter form is required for paths containing whitespace
The available `[OPTIONS]` are:
> **Note**
>
> The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
> and doesn't work on Windows containers. Since user and group ownership concepts do
> not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
> translating user and group names to IDs restricts this feature to only be viable for
> Linux OS-based containers.
- [`--chown`](#copy---chown---chmod)
- [`--chmod`](#copy---chown---chmod)
- [`--link`](#copy---link)
- [`--parents`](#copy---parents)
- [`--exclude`](#copy---exclude)
The `COPY` instruction copies new files or directories from `<src>`
and adds them to the filesystem of the container at the path `<dest>`.
@ -1390,13 +1376,13 @@ of the build.
Each `<src>` may contain wildcards and matching will be done using Go's
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules. For example:
To add all files starting with "hom":
To add all files in the root of the build context starting with "hom":
```dockerfile
COPY hom* /mydir/
```
In the example below, `?` is replaced with any single character, e.g., "home.txt".
In the following example, `?` is a single-character wildcard, matching e.g. "home.txt".
```dockerfile
COPY hom?.txt /mydir/
@ -1426,30 +1412,6 @@ named `arr[0].txt`, use the following;
COPY arr[[]0].txt /mydir/
```
All new files and directories are created with a UID and GID of 0, unless the
optional `--chown` flag specifies a given username, groupname, or UID/GID
combination to request specific ownership of the copied content. The
format of the `--chown` flag allows for either username and groupname strings
or direct integer UID and GID in any combination. Providing a username without
groupname or a UID without GID will use the same numeric UID as the GID. If a
username or groupname is provided, the container's root filesystem
`/etc/passwd` and `/etc/group` files will be used to perform the translation
from name to integer UID or GID respectively. The following examples show
valid definitions for the `--chown` flag:
```dockerfile
COPY --chown=55:mygroup files* /somedir/
COPY --chown=bin files* /somedir/
COPY --chown=1 files* /somedir/
COPY --chown=10:11 files* /somedir/
COPY --chown=myuser:mygroup --chmod=644 files* /somedir/
```
If the container root filesystem doesn't contain either `/etc/passwd` or
`/etc/group` files and either user or group names are used in the `--chown`
flag, the build will fail on the `COPY` operation. Using numeric IDs requires
no lookup and does not depend on container root filesystem content.
> **Note**
>
> If you build using STDIN (`docker build - < somefile`), there is no
@ -1499,11 +1461,52 @@ attempted to be used instead.
> guide Leverage build cache](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache)
> for more information.
## COPY --link
### COPY --chown --chmod
> **Note**
>
> Added in [`docker/dockerfile:1.4`](#syntax)
> Only octal notation is currently supported. Non-octal support is tracked in
> [moby/buildkit#1951](https://github.com/moby/buildkit/issues/1951).
```dockerfile
COPY [--chown=<user>:<group>] [--chmod=<perms> ...] <src> ... <dest>
```
The `--chown` and `--chmod` features are only supported on Dockerfiles used to build Linux containers,
and doesn't work on Windows containers. Since user and group ownership concepts do
not translate between Linux and Windows, the use of `/etc/passwd` and `/etc/group` for
translating user and group names to IDs restricts this feature to only be viable for
Linux OS-based containers.
All files and directories copied from the build context are created with a UID and GID of 0.unless the
optional `--chown` flag specifies a given username, groupname, or UID/GID
combination to request specific ownership of the copied content. The
format of the `--chown` flag allows for either username and groupname strings
or direct integer UID and GID in any combination. Providing a username without
groupname or a UID without GID will use the same numeric UID as the GID. If a
username or groupname is provided, the container's root filesystem
`/etc/passwd` and `/etc/group` files will be used to perform the translation
from name to integer UID or GID respectively. The following examples show
valid definitions for the `--chown` flag:
```dockerfile
COPY --chown=55:mygroup files* /somedir/
COPY --chown=bin files* /somedir/
COPY --chown=1 files* /somedir/
COPY --chown=10:11 files* /somedir/
COPY --chown=myuser:mygroup --chmod=644 files* /somedir/
```
If the container root filesystem doesn't contain either `/etc/passwd` or
`/etc/group` files and either user or group names are used in the `--chown`
flag, the build will fail on the `COPY` operation. Using numeric IDs requires
no lookup and does not depend on container root filesystem content.
### COPY --link
```dockerfile
COPY [--link[=<boolean>]] <src> ... <dest>
```
Enabling this flag in `COPY` or `ADD` commands allows you to copy files with
enhanced semantics where your files remain independent on their own layer and
@ -1534,7 +1537,7 @@ COPY /foo /bar
and merging all the layers of both images together.
### Benefits of using `--link`
#### Benefits of using `--link`
Use `--link` to reuse already built layers in subsequent builds with
`--cache-from` even if the previous layers have changed. This is especially
@ -1555,7 +1558,7 @@ the files in the base image. In that case BuildKit will only build the layers
for the `COPY` commands and push them to the registry directly on top of the
layers of the base image.
### Incompatibilities with `--link=false`
#### Incompatibilities with `--link=false`
When using `--link` the `COPY/ADD` commands are not allowed to read any files
from the previous state. This means that if in previous state the destination
@ -1568,21 +1571,20 @@ path, using `--link` is always recommended. The performance of `--link` is
equivalent or better than the default behavior and, it creates much better
conditions for cache reuse.
## COPY --parents
### COPY --parents
> **Note**
>
> Available in [`docker/dockerfile-upstream:master-labs`](#syntax).
> Will be included in `docker/dockerfile:1.6-labs`.
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
```dockerfile
COPY [--parents[=<boolean>]] <src>... <dest>
COPY [--parents[=<boolean>]] <src> ... <dest>
```
The `--parents` flag preserves parent directories for `src` entries. This flag defaults to `false`.
```dockerfile
# syntax=docker/dockerfile-upstream:master-labs
# syntax=docker/dockerfile:1.7-labs
FROM scratch
COPY ./x/a.txt ./y/a.txt /no_parents/
@ -1593,8 +1595,28 @@ COPY --parents ./x/a.txt ./y/a.txt /parents/
# /parents/y/a.txt
```
This behavior is analogous to the [Linux `cp` utility's](https://www.man7.org/linux/man-pages/man1/cp.1.html)
`--parents` flag.
This behavior is similar to the [Linux `cp` utility's](https://www.man7.org/linux/man-pages/man1/cp.1.html)
`--parents` or [`rsync`](https://man7.org/linux/man-pages/man1/rsync.1.html) `--relative` flag.
As with Rsync, it is possible to limit which parent directories are preserved by
inserting a dot and a slash (`./`) into the source path. If such point exists, only parent
directories after it will be preserved. This may be especially useful copies between stages
with `--from` where the source paths need to be absolute.
```dockerfile
# syntax=docker/dockerfile:1.7-labs
FROM scratch
COPY --parents ./x/./y/*.txt /parents/
# Build context:
# ./x/y/a.txt
# ./x/y/b.txt
#
# Output:
# /parents/y/a.txt
# /parents/y/b.txt
```
Note that, without the `--parents` flag specified, any filename collision will
fail the Linux `cp` operation with an explicit error message
@ -1607,6 +1629,36 @@ to keep the layer count in the resulting image as low as possible. Therefore,
with the `--parents` flag, the Buildkit is capable of packing multiple
`COPY` instructions together, keeping the directory structure intact.
### COPY --exclude
> **Note**
>
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
```dockerfile
COPY [--exclude=<path> ...] <src> ... <dest>
```
The `--exclude` flag lets you specify a path expression for files to be excluded.
The path expression follows the same format as `<src>`,
supporting wildcards and matching using Go's
[filepath.Match](https://golang.org/pkg/path/filepath#Match) rules.
For example, to add all files starting with "hom", excluding files with a `.txt` extension:
```dockerfile
COPY --exclude=*.txt hom* /mydir/
```
You can specify the `--exclude` option multiple times for a `COPY` instruction.
Multiple `--excludes` are files matching its patterns not to be copied,
even if the files paths match the pattern specified in `<src>`.
To add all files starting with "hom", excluding files with either `.txt` or `.md` extensions:
```dockerfile
COPY --exclude=*.txt --exclude=*.md hom* /mydir/
```
## ENTRYPOINT
An `ENTRYPOINT` allows you to configure a container that will run as an executable.
@ -2619,10 +2671,6 @@ required such as `zsh`, `csh`, `tcsh` and others.
## Here-Documents
> **Note**
>
> Added in [`docker/dockerfile:1.4`](#syntax)
Here-documents allow redirection of subsequent Dockerfile lines to the input of
`RUN` or `COPY` commands. If such command contains a [here-document](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04)
the Dockerfile considers the next lines until the line only containing a

View File

@ -1,6 +1,6 @@
# github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible
# github.com/moby/buildkit v0.13.0
# github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2
# github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e
# github.com/docker/buildx v0.0.0-00010101000000-000000000000
# github.com/docker/scout-cli v1.4.1
# github.com/docker/cli v26.0.0-rc1+incompatible
# github.com/docker/compose/v2 v2.24.6
# github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000

7
go.mod
View File

@ -5,9 +5,9 @@ go 1.21
toolchain go1.21.1
require (
github.com/docker/buildx v0.13.1-0.20240307093612-37b7ad1465d2 // indirect
github.com/docker/buildx v0.12.0-rc2.0.20231219140829-617f538cb315 // indirect
github.com/docker/cli v26.0.0-rc1+incompatible // indirect
github.com/docker/compose/v2 v2.24.6 // indirect
github.com/docker/compose/v2 v2.0.0-00010101000000-000000000000 // indirect
github.com/docker/scout-cli v1.4.1 // indirect
github.com/moby/buildkit v0.13.0 // indirect
github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible // indirect
@ -18,6 +18,7 @@ replace (
github.com/docker/cli => github.com/docker/cli v25.0.4-0.20240221083216-f67e569a8fb9+incompatible
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.24.6
github.com/docker/scout-cli => github.com/docker/scout-cli v1.4.1
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34
github.com/moby/buildkit => github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e
github.com/moby/moby => github.com/moby/moby v25.0.3-0.20240203133757-341a7978a541+incompatible
)

8
go.sum
View File

@ -114,6 +114,7 @@ github.com/docker/compose/v2 v2.24.6 h1:V5fOXgga0hYy4wHsygCquO6/k++8q3WuckU7Qo1c
github.com/docker/compose/v2 v2.24.6/go.mod h1:ugV3/2KoKEeM98ZYF9vsYwnSExC4xLGxblAqXB6HUXQ=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
@ -199,6 +200,12 @@ github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f h1:weCt2sfZ
github.com/moby/buildkit v0.13.0-beta1.0.20240126101002-6bd81372ad6f/go.mod h1:vEcIVw63dZyhTgbcyQWXlZrtrKnvFoSI8LhfV+Vj0Jg=
github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34 h1:9oIm9T7YyDxRAXvP7y605G3TZmPGZjFvRHbbMJcIDy8=
github.com/moby/buildkit v0.13.0-beta3.0.20240201135300-d906167d0b34/go.mod h1:tSWWhq1EDM0eB3ngMNDiH2hOOW9fXTyn2uXuOraCLlE=
github.com/moby/buildkit v0.13.0-rc3.0.20240307012628-5a4c2975457b h1:lMLGJ3ErbAa5eGsVj7CkmN/2ByyyUFs3abfX99+C4pA=
github.com/moby/buildkit v0.13.0-rc3.0.20240307012628-5a4c2975457b/go.mod h1:P5zIr3pyh1VQoK751o5JFtogepVcLi9+77PTfmvJwls=
github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e h1:lEQehVlOgEMJ6bZvx3TWFjFE9Cic4fWJplNNQtYUX/A=
github.com/moby/buildkit v0.13.0-rc3.0.20240307092343-22d4212fed7e/go.mod h1:P5zIr3pyh1VQoK751o5JFtogepVcLi9+77PTfmvJwls=
github.com/moby/buildkit v0.13.0 h1:reVR1Y+rbNIUQ9jf0Q1YZVH5a/nhOixZsl+HJ9qQEGI=
github.com/moby/buildkit v0.13.0/go.mod h1:aNmNQKLBFYAOFuzQjR3VA27/FijlvtBD1pjNwTSN37k=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/moby v24.0.2+incompatible h1:yH+5dRHH1x3XRKzl1THA2aGTy6CHYnkt5N924ADMax8=
github.com/moby/moby v24.0.2+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
@ -224,6 +231,7 @@ github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYB
github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=