Compare commits

..

2 Commits
v3 ... v1.1.1

Author SHA1 Message Date
Tõnis Tiigi
ab83648e2e Merge pull request #106 from docker/deprecation-notice
Some checks failed
CI / build (push) Has been cancelled
Add deprecation notice (v2 available)
2020-09-08 14:11:29 -07:00
CrazyMax
35323d9aa4 Add deprecation notice (v2 available)
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2020-09-08 23:08:57 +02:00
70 changed files with 297 additions and 9017 deletions

View File

@@ -1,2 +0,0 @@
/coverage
/node_modules

View File

@@ -1,15 +0,0 @@
# This file is for unifying the coding style for different editors and IDEs.
# More information at http://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.md]
trim_trailing_whitespace = false

View File

@@ -1,23 +0,0 @@
{
"env": {
"node": true,
"es2021": true,
"jest/globals": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": "latest",
"sourceType": "module"
},
"plugins": [
"@typescript-eslint",
"jest",
"prettier"
]
}

2
.gitattributes vendored
View File

@@ -1,2 +0,0 @@
/dist/** linguist-generated=true
/lib/** linguist-generated=true

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
* @crazy-max

View File

@@ -1,31 +0,0 @@
## Contributing
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
Contributions to this project are [released](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license)
to the public under the [project's open source license](LICENSE).
## Submitting a pull request
1. [Fork](https://github.com/docker/build-push-action/fork) and clone the repository
2. Configure and install the dependencies: `yarn install`
3. Create a new branch: `git checkout -b my-branch-name`
4. Make your changes
5. Make sure the tests pass: `docker buildx bake test`
6. Format code and build javascript artifacts: `docker buildx bake pre-checkin`
7. Validate all code has correctly formatted and built: `docker buildx bake validate`
8. Push to your fork and [submit a pull request](https://github.com/docker/build-push-action/compare)
9. Pat your self on the back and wait for your pull request to be reviewed and merged.
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
- Make sure the `README.md` and any other relevant **documentation are kept up-to-date**.
- We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as **separate pull requests**.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
- [GitHub Help](https://docs.github.com/en)

View File

@@ -1,37 +0,0 @@
---
name: Bug report
about: Create a report to help us improve
---
### Troubleshooting
Before submitting a bug report please read the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
### Behaviour
#### Steps to reproduce this issue
1.
2.
3.
#### Expected behaviour
> Tell us what should happen
#### Actual behaviour
> Tell us what happens instead
### Configuration
* Repository URL (if public):
* Build URL (if public):
```yml
# paste your YAML workflow file here and remove sensitive data
```
### Logs
> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs) and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

31
.github/SUPPORT.md vendored
View File

@@ -1,31 +0,0 @@
# Support [![](https://isitmaintained.com/badge/resolution/docker/build-push-action.svg)](https://isitmaintained.com/project/docker/build-push-action)
First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
## Reporting an issue
Please do a search in [open issues](https://github.com/docker/build-push-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
:+1: - upvote
:-1: - downvote
If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
## Writing good bug reports and feature requests
File a single issue per problem and feature request.
* Do not enumerate multiple bugs or feature requests in the same issue.
* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
You are now ready to [create a new issue](https://github.com/docker/build-push-action/issues/new/choose)!
## Closure policy
* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
* Issues that go a week without a response from original poster are subject to closure at our discretion.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 19 KiB

View File

@@ -1,18 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "bot"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
allow:
- dependency-type: "production"
labels:
- "dependencies"
- "bot"

View File

@@ -1,870 +0,0 @@
name: ci
on:
workflow_dispatch:
inputs:
buildx-version:
description: 'Buildx version or Git context'
default: 'latest'
required: false
buildkit-image:
description: 'BuildKit image'
default: 'moby/buildkit:buildx-stable-1'
required: false
push:
branches:
- 'master'
pull_request:
branches:
- 'master'
env:
BUILDX_VERSION: latest
BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
jobs:
minimal:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./action
with:
file: ./test/Dockerfile
git-context:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
path: action
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push
id: docker_build
uses: ./action
with:
file: ./test/Dockerfile
builder: ${{ steps.buildx.outputs.name }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
name: Check digest
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
git-context-secret:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
path: action
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push
id: docker_build
uses: ./action
with:
file: ./test/Dockerfile
builder: ${{ steps.buildx.outputs.name }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
secrets: |
GIT_AUTH_TOKEN=${{ github.token }}
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar
"EMPTYLINE=aaaa
bbbb
ccc"
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
name: Check digest
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
path-context:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push
id: docker_build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
name: Check digest
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
error:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Stop docker
run: |
sudo systemctl stop docker
-
name: Build
id: docker_build
continue-on-error: true
uses: ./
with:
context: ./test
file: ./test/Dockerfile
-
name: Check
run: |
echo "${{ toJson(steps.docker_build) }}"
if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
echo "::error::Should have failed"
exit 1
fi
error-buildx:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
id: docker_build
continue-on-error: true
uses: ./
with:
context: ./test
file: ./test/Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: true
tags: localhost:5000/name/app:latest
-
name: Check
run: |
echo "${{ toJson(steps.docker_build) }}"
if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
echo "::error::Should have failed"
exit 1
fi
docker-driver:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Build
id: docker_build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
push: true
tags: localhost:5000/name/app:latest
export-docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
load: true
tags: myimage:latest
-
name: Inspect
run: |
docker image inspect myimage:latest
secret:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: .
file: ./test/secret.Dockerfile
secrets: |
MYSECRET=foo
INVALID_SECRET=
network:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: List networks
run: docker network ls
-
name: Build
uses: ./
with:
context: ./test
tags: name/app:latest
network: host
shm-size:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/shmsize.Dockerfile
tags: name/app:latest
shm-size: 2g
ulimit:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/ulimit.Dockerfile
tags: name/app:latest
ulimit: |
nofile=1024:1024
nproc=3
cgroup-parent:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/cgroup.Dockerfile
tags: name/app:latest
cgroup-parent: foo
add-hosts:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/addhost.Dockerfile
tags: name/app:latest
add-hosts: |
docker:10.180.0.1
foo:10.0.0.1
build-contexts:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/buildcontext.Dockerfile
build-contexts: |
alpine=docker-image://debian:stable-slim
tags: name/app:latest
no-cache-filters:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/nocachefilter.Dockerfile
no-cache-filters: build
tags: name/app:latest
cache-from: type=gha,scope=nocachefilter
cache-to: type=gha,scope=nocachefilter,mode=max
attests-compat:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- buildx: latest
buildkit: moby/buildkit:buildx-stable-1
- buildx: latest
buildkit: moby/buildkit:v0.10.6
- buildx: v0.9.1
buildkit: moby/buildkit:buildx-stable-1
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ matrix.buildx }}
driver-opts: |
network=host
image=${{ matrix.buildkit }}
-
name: Build
uses: ./
with:
context: ./test/go
file: ./test/go/Dockerfile
outputs: type=cacheonly
provenance:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
attrs:
- ''
- mode=max
- builder-id=foo
- false
- true
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test/go
file: ./test/go/Dockerfile
target: binary
outputs: type=oci,dest=/tmp/build.tar
provenance: ${{ matrix.attrs }}
cache-from: type=gha,scope=provenance
cache-to: type=gha,scope=provenance,mode=max
sbom:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- target: image
output: type=image,name=localhost:5000/name/app:latest,push=true
- target: binary
output: /tmp/buildx-build
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test/go
file: ./test/go/Dockerfile
target: ${{ matrix.target }}
outputs: ${{ matrix.output }}
sbom: true
cache-from: type=gha,scope=attests-${{ matrix.target }}
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
-
name: Inspect image
if: matrix.target == 'image'
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check output folder
if: matrix.target == 'binary'
run: |
tree /tmp/buildx-build
-
name: Print SBOM
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/sbom.spdx.json | jq
multi:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
dockerfile:
- multi
- multi-sudo
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push
id: docker_build
uses: ./
with:
context: ./test
file: ./test/${{ matrix.dockerfile }}.Dockerfile
builder: ${{ steps.buildx.outputs.name }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
name: Check digest
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
digest:
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: localhost:5000/name/app
strategy:
fail-fast: false
matrix:
driver:
- docker
- docker-container
load:
- true
- false
push:
- true
- false
exclude:
- driver: docker
load: true
push: true
- driver: docker-container
load: true
push: true
- driver: docker
load: false
push: false
- driver: docker-container
load: false
push: false
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver: ${{ matrix.driver }}
driver-opts: |
network=host
-
name: Build
id: docker_build
uses: ./
with:
context: ./test
load: ${{ matrix.load }}
push: ${{ matrix.push }}
tags: ${{ env.DOCKER_IMAGE }}:latest
platforms: ${{ matrix.platforms }}
-
name: Docker images
run: |
docker image ls --no-trunc
-
name: Check digest
if: ${{ matrix.push }}
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
-
name: Check manifest
if: ${{ matrix.push }}
run: |
set -x
docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }} --format '{{json .}}'
-
name: Check image ID
run: |
if [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
echo "::error::Image ID should not be empty"
exit 1
fi
-
name: Inspect image
if: ${{ matrix.load }}
run: |
set -x
docker image inspect ${{ steps.docker_build.outputs.imageid }}
registry-cache:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push
id: docker_build
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
builder: ${{ steps.buildx.outputs.name }}
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
cache-from: type=registry,ref=localhost:5000/name/app
cache-to: type=inline
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check digest
run: |
if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
echo "::error::Digest should not be empty"
exit 1
fi
github-cache:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
cache-from: type=gha,scope=ci-${{ matrix.buildx_version }}
cache-to: type=gha,scope=ci-${{ matrix.buildx_version }}
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
standalone:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Uninstall moby cli
run: |
sudo apt-get purge -y moby-cli moby-buildx
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile

View File

@@ -1,123 +0,0 @@
name: e2e
on:
workflow_dispatch:
inputs:
buildx-version:
description: 'Buildx version or Git context'
default: 'latest'
required: false
buildkit-image:
description: 'BuildKit image'
default: 'moby/buildkit:buildx-stable-1'
required: false
schedule:
- cron: '0 10 * * *'
push:
branches:
- 'master'
tags:
- v*
env:
BUILDX_VERSION: latest
BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
jobs:
docker:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
-
registry: ''
slug: ghactionstest/ghactionstest
username_secret: DOCKERHUB_USERNAME
password_secret: DOCKERHUB_TOKEN
-
registry: ghcr.io
slug: ghcr.io/docker-ghactiontest/test
username_secret: GHCR_USERNAME
password_secret: GHCR_PAT
-
registry: registry.gitlab.com
slug: registry.gitlab.com/test1716/test
username_secret: GITLAB_USERNAME
password_secret: GITLAB_TOKEN
-
registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
-
registry: public.ecr.aws
slug: public.ecr.aws/q3b5f1u4/test-docker-action
username_secret: AWS_ACCESS_KEY_ID
password_secret: AWS_SECRET_ACCESS_KEY
-
registry: us-east4-docker.pkg.dev
slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
username_secret: GAR_USERNAME
password_secret: GAR_JSON_KEY
-
registry: gcr.io
slug: gcr.io/sandbox-298914/test-docker-action
username_secret: GCR_USERNAME
password_secret: GCR_JSON_KEY
-
registry: officialgithubactions.azurecr.io
slug: officialgithubactions.azurecr.io/test-docker-action
username_secret: AZURE_CLIENT_ID
password_secret: AZURE_CLIENT_SECRET
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ matrix.slug }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Login to Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ${{ matrix.registry }}
username: ${{ secrets[matrix.username_secret] }}
password: ${{ secrets[matrix.password_secret] }}
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ matrix.slug }}:master
cache-to: type=inline
-
name: Inspect image
if: github.event_name != 'pull_request'
run: |
docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

View File

@@ -1,74 +0,0 @@
# This workflow is provided just as an example and not for repo testing/verification
name: example
on:
schedule:
- cron: '0 10 * * 0'
push:
branches:
- '**'
tags:
- 'v*.*.*'
pull_request:
env:
DOCKER_IMAGE: localhost:5000/name/app
jobs:
docker:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: network=host
-
name: Build and export to Docker client
uses: ./
with:
context: ./test
file: ./test/Dockerfile
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
-
name: Build and push to local registry
uses: ./
with:
context: ./test
file: ./test/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
-
name: Inspect image
run: |
docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
-
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}'

37
.github/workflows/main.yml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: CI
on:
push:
branches:
- master
tags:
- '*'
pull_request:
jobs:
build:
name: build
runs-on: ubuntu-latest
timeout-minutes: 3
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run local registry
run: docker run -d -p 5000:5000 registry:2
- name: Build and push image
uses: ./
env:
DOCKER_BUILDKIT: 1
with:
registry: localhost:5000
repository: temp/workflow
tags: foo
- name: Remove local image
run: docker image rm localhost:5000/temp/workflow:foo
- name: Run image from registry
run: docker run localhost:5000/temp/workflow:foo

View File

@@ -1,32 +0,0 @@
name: test
on:
push:
branches:
- 'master'
pull_request:
branches:
- 'master'
jobs:
test:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Validate
uses: docker/bake-action@v2
with:
targets: validate
-
name: Test
uses: docker/bake-action@v2
with:
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v3
with:
file: ./coverage/clover.xml

View File

@@ -1,72 +0,0 @@
name: virtual-env
on:
workflow_dispatch:
schedule:
- cron: '0 10 * * *'
push:
branches:
- 'master'
paths:
- '.github/workflows/virtual-env.yml'
pull_request:
branches:
- 'master'
paths:
- '.github/workflows/virtual-env.yml'
jobs:
os:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- ubuntu-22.04
- ubuntu-20.04
- ubuntu-18.04
steps:
-
name: File system
run: df -ah
-
name: Mounts
run: mount
-
name: Node info
run: node -p process
-
name: NPM version
run: npm version
-
name: List install packages
run: apt list --installed
-
name: Docker daemon conf
run: |
cat /etc/docker/daemon.json
-
name: Docker info
run: docker info
-
name: Docker version
run: docker version
-
name: Cgroups
run: |
sudo apt-get install -y cgroup-tools
lscgroup
-
name: buildx version
run: docker buildx version
-
name: containerd version
run: containerd --version
-
name: Docker images
run: docker image ls
-
name: Dump context
if: always()
uses: crazy-max/ghaction-dump-context@v1

95
.gitignore vendored
View File

@@ -1,95 +0,0 @@
node_modules
lib
# Jetbrains
/.idea
/*.iml
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

View File

@@ -1,11 +0,0 @@
{
"printWidth": 240,
"tabWidth": 2,
"useTabs": false,
"semi": true,
"singleQuote": true,
"trailingComma": "none",
"bracketSpacing": false,
"arrowParens": "avoid",
"parser": "typescript"
}

3
Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM alpine:3
ENTRYPOINT ["echo", "docker github actions"]

412
README.md
View File

@@ -1,247 +1,243 @@
[![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)
[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
# build-push-action
## About
Builds and pushes Docker images and will log in to a Docker registry if required.
GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)
with full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)
builder toolkit. This includes multi-platform build, secrets, remote cache, etc.
and different builder deployment/namespacing options.
Suggestions and issues can be posted on the repositories [issues page](https://github.com/docker/build-push-action/issues).
![Screenshot](.github/build-push-action.png)
[Inputs](#Inputs)
* [repository](#repository)
* [username](#username)
* [password](#password)
* [registry](#registry)
* [tags](#tags)
* [tag_with_ref](#tag_with_ref)
* [tag_with_sha](#tag_with_sha)
* [path](#path)
* [dockerfile](#dockerfile)
* [target](#target)
* [always_pull](#always_pull)
* [build_args](#build_args)
* [cache_froms](#cache_froms)
* [labels](#labels)
* [add_git_labels](#add_git_labels)
* [push](#push)
___
[Example usage](#Example-usage)
* [Usage](#usage)
* [Git context](#git-context)
* [Path context](#path-context)
* [Examples](#examples)
* [Customizing](#customizing)
* [inputs](#inputs)
* [outputs](#outputs)
* [Troubleshooting](#troubleshooting)
* [Contributing](#contributing)
## Inputs
## Usage
### `repository`
In the examples below we are also using 3 other actions:
**Required** Docker repository to tag the image with.
* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will
create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).
This is **not required but recommended** using it to be able to build
multi-platform images, export cache, etc.
* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be
useful if you want to add emulation support with QEMU to be able to build
against more platforms.
* [`login`](https://github.com/docker/login-action) action will take care to
log in against a Docker registry.
### `username`
### Git context
Username used to log in to a Docker registry. If not set then no login will occur.
By default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),
so you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
action to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).
### `password`
The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
Password or personal access token used to log in to a Docker registry. If not set then no login will occur.
### `registry`
Server address of Docker registry. If not set then will default to Docker Hub.
### `tags`
Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags.
Example:
```yaml
name: ci
on:
push:
branches:
- 'main'
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v3
with:
push: true
tags: user/app:latest
tags: tag1,tag2
```
Be careful because **any file mutation in the steps that precede the build step
will be ignored, including processing of the `.dockerignore` file** since
the context is based on the Git reference. However, you can use the
[Path context](#path-context) using the [`context` input](#inputs) alongside
the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
this restriction.
### `tag_with_ref`
Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
to the default Git context:
Boolean value. Defaults to `false`.
Automatically tags the built image with the git reference. The format of the tag depends on the type of git reference with all forward slashes replaced with `-`.
For pushes to a branch the reference will be `refs/heads/{branch-name}` and the tag will be `{branch-name}`. If `{branch-name}` is master then the tag will be `latest`.
For pull requests the reference will be `refs/pull/{pull-request}` and the tag will be `pr-{pull-request}`.
For git tags the reference will be `refs/tags/{git-tag}` and the tag will be `{git-tag}`.
Examples:
|Git Reference|Image tag|
|---|---|
|`refs/heads/master`|`latest`|
|`refs/heads/mybranch`|`mybranch`|
|`refs/heads/my/branch`|`my-branch`|
|`refs/pull/2/merge`|`pr-2-merge`|
|`refs/tags/v1.0.0`|`v1.0.0`|
### `tag_with_sha`
Boolean value. Defaults to `false`.
Automatically tags the built image with the git short SHA prefixed with `sha-`.
Example:
|Git SHA|Image tag|
|---|---|
|`676cae2f85471aeff6776463c72881ebd902dcf9`|`sha-676cae2`|
### `path`
Path to the build context. Defaults to `.`
### `dockerfile`
Path to the Dockerfile. Defaults to `{path}/Dockerfile`
Note when set this path is **not** relative to the `path` input but is instead relative to the current working directory.
### `target`
Sets the target stage to build.
### `always_pull`
Boolean value. Defaults to `false`.
Always attempt to pull a newer version of the image.
### `build_args`
Comma-delimited list of build-time variables.
Example:
```yaml
-
# Setting up Docker Buildx with docker-container driver is required
# at the moment to be able to use a subdirectory with Git context
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Build and push
uses: docker/build-push-action@v3
with:
context: "{{defaultContext}}:mysubdir"
push: true
tags: user/app:latest
build_args: arg1=value1,arg2=value2
```
> **Warning**
>
> Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0).
> If you're using the `docker` builder (default if `setup-buildx-action` not used),
> then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
> Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
> required to use the `setup-buildx-action` at the moment.
### `cache_froms`
Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/examples/#secrets)
named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
Comma-delimited list of images to consider as cache sources.
Example:
```yaml
cache_froms: myorg/baseimage:latest
```
### `labels`
Comma-delimited list of labels to add to the built image.
Example:
```yaml
-
name: Build and push
uses: docker/build-push-action@v3
with:
push: true
tags: user/app:latest
secrets: |
GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
labels: label_name_1=label_value_1,label_name_2=label_value_2
```
### Path context
### `add_git_labels`
Boolean value. Defaults to `false`.
Adds labels with git repository information to the built image based on the standards set out in https://github.com/opencontainers/image-spec/blob/master/annotations.md.
The labels are:
|Label key|Example value|Description|
|---|---|---|
|`org.opencontainers.image.created`|`2020-03-06T23:00:00Z`|Date and time on which the image was built (string, date-time as defined by RFC 3339).|
|`org.opencontainers.image.source`|`https://github.com/myorg/myrepository`|URL to the GitHub repository.|
|`org.opencontainers.image.revision`|`676cae2f85471aeff6776463c72881ebd902dcf9`|The full git SHA of this commit.|
### `push`
Boolean value. Defaults to `true`.
Whether to push the built image.
## Example usage
The following will build the root Dockerfile, tag the image as `myorg/myrepository:latest`, log in to Docker Hub using GitHub secrets, and push the image to the Docker Hub repository `myorg/myrepository`:
```yaml
name: ci
steps:
- name: Checkout code
uses: actions/checkout@v2
on:
push:
branches:
- 'main'
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: user/app:latest
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tags: latest
```
## Examples
The following will build the root Dockerfile, tag the image with the git reference and SHA as described above, log in to Docker Hub using GitHub secrets, and push the image to the Docker Hub repository `myorg/myrepository`:
See https://docs.docker.com/build/ci/github-actions/examples/.
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
## Customizing
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
tag_with_sha: true
```
### inputs
The following will only push the image when the event that kicked off the workflow was a push of a git tag:
Following inputs can be used as `step.with` keys
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
> `List` type is a newline-delimited string
> ```yaml
> cache-from: |
> user/app:cache
> type=local,src=path/to/dir
> ```
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
push: ${{ startsWith(github.ref, 'refs/tags/') }}
```
> `CSV` type is a comma-delimited string
> ```yaml
> tags: name/app:latest,name/app:1.0.0
> ```
The following builds the `mytarget` stage and pushes that:
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
| Name | Type | Description |
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
| `build-contexts` | List | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`) |
| `cache-from` | List | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`) |
| `cache-to` | List | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`) |
| `cgroup-parent` | String | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
| `context` | String | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
| `file` | String | Path to the Dockerfile. (default `{context}/Dockerfile`) |
| `labels` | List | List of metadata for an image |
| `load` | Bool | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`) |
| `network` | String | Set the networking mode for the `RUN` instructions during build |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache-filters` | List/CSV | Do not cache specified stages |
| `outputs`¹ | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
| `tags` | List/CSV | List of tags |
| `target` | String | Sets the target stage to build |
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: myorg/myrepository
tag_with_ref: true
target: mytarget
```
> **Note**
>
> * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555)
The following will build the root Dockerfile, tag the image as `myorg/myrepository:latest`, log in to Google Container Registry using GitHub secrets (where `DOCKER_PASSWORD` is a [JSON key](https://cloud.google.com/container-registry/docs/advanced-authentication#json-key)), and push the image to the GCR repository `myorg/myrepository`:
```yaml
steps:
- name: Checkout code
uses: actions/checkout@v2
### outputs
Following outputs are available
| Name | Type | Description |
|------------|---------|-----------------------|
| `imageid` | String | Image ID |
| `digest` | String | Image digest |
| `metadata` | JSON | Build result metadata |
## Troubleshooting
See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
## Contributing
Want to contribute? Awesome! You can find information about contributing to
this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
- name: Build and push Docker images
uses: docker/build-push-action@v1
with:
username: _json_key
password: ${{ secrets.DOCKER_PASSWORD }}
registry: gcr.io
repository: myorg/myrepository
tags: latest
```

View File

@@ -1,137 +0,0 @@
# Troubleshooting
* [Cannot push to a registry](#cannot-push-to-a-registry)
* [BuildKit container logs](#buildkit-container-logs)
* [With containerd](#with-containerd)
* [`repository name must be lowercase`](#repository-name-must-be-lowercase)
## Cannot push to a registry
While pushing to a registry, you may encounter these kinds of issues:
* `failed commit on ref "layer-sha256:...": invalid content digest in response: invalid checksum digest format`
* `failed commit on ref "layer-sha256:...": no response`
* `failed commit on ref "manifest-sha256:...": unexpected status: 400 Bad Request`
* `failed commit on ref "manifest-sha256:...": unexpected status: 401 Unauthorized`
* `unexpected response: 401 Unauthorized`
These issues are not directly related to this action but are rather linked to
[Buildx](https://github.com/docker/buildx), [BuildKit](https://github.com/moby/buildkit),
[containerd](https://github.com/containerd/containerd) or the registry on which
you're pushing your image. The quality of error message depends on the registry
and are usually not very informative.
### BuildKit container logs
To help you solve this, you have to [enable debugging in the setup-buildx](https://github.com/docker/setup-buildx-action#buildkit-container-logs)
action step and attach BuildKit container logs to your issue.
### With containerd
Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd)
using the following workflow. If it works then open an issue on [BuildKit](https://github.com/moby/buildkit)
repository.
```yaml
name: containerd
on:
push:
jobs:
containerd:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
-
name: Set up containerd
uses: crazy-max/ghaction-setup-containerd@v2
-
name: Build Docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm64
tags: docker.io/user/app:latest
outputs: type=oci,dest=/tmp/image.tar
-
name: Import image in containerd
run: |
sudo ctr i import --base-name docker.io/user/app --digests --all-platforms /tmp/image.tar
-
name: Push image with containerd
run: |
sudo ctr --debug i push --user "${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" docker.io/user/app:latest
```
## `repository name must be lowercase`
You may encounter this issue if you're using `github.repository` as a repo slug
in your tag:
```
#6 exporting to image
#6 exporting layers
#6 exporting layers 1.2s done
#6 exporting manifest sha256:b47f7dfb97b89ccd5de553af3c8cd94c4795884cbe5693e93946b1d95a7b1d12 0.0s done
#6 exporting config sha256:995e93fab8196893192f08a38deea6769dc4d98f86cf705eccc24ec96a3e271c 0.0s done
#6 ERROR: invalid reference format: repository name must be lowercase
------
> exporting to image:
------
error: failed to solve: invalid reference format: repository name must be lowercase
```
or a cache reference:
```
#10 importing cache manifest from ghcr.io/My-Org/repo:main
#10 ERROR: invalid reference format: repository name must be lowercase
```
To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
to generate sanitized tags:
```yaml
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository }}
tags: latest
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
```
Or a dedicated step to sanitize the slug:
```yaml
- name: Sanitize repo slug
uses: actions/github-script@v6
id: repo_slug
with:
result-encoding: string
script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.repo_slug.outputs.result }}:latest
```

View File

@@ -1,146 +0,0 @@
import {describe, expect, it, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
import * as semver from 'semver';
import * as exec from '@actions/exec';
import * as buildx from '../src/buildx';
import * as context from '../src/context';
const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
const imageID = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
const metadata = `{
"containerimage.config.digest": "sha256:059b68a595b22564a1cbc167af369349fdc2ecc1f7bc092c2235cbf601a795fd",
"containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
}`;
jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
if (!fs.existsSync(tmpDir)) {
fs.mkdirSync(tmpDir, {recursive: true});
}
return tmpDir;
});
jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
return tmpNameSync;
});
describe('getImageID', () => {
it('matches', async () => {
const imageIDFile = await buildx.getImageIDFile();
await fs.writeFileSync(imageIDFile, imageID);
const expected = await buildx.getImageID();
expect(expected).toEqual(imageID);
});
});
describe('getMetadata', () => {
it('matches', async () => {
const metadataFile = await buildx.getMetadataFile();
await fs.writeFileSync(metadataFile, metadata);
const expected = await buildx.getMetadata();
expect(expected).toEqual(metadata);
});
});
describe('getDigest', () => {
it('matches', async () => {
const metadataFile = await buildx.getMetadataFile();
await fs.writeFileSync(metadataFile, metadata);
const expected = await buildx.getDigest(metadata);
expect(expected).toEqual('sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c');
});
});
describe('isLocalOrTarExporter', () => {
test.each([
[['type=registry,ref=user/app'], false],
[['type=docker'], false],
[['type=local,dest=./release-out'], true],
[['type=tar,dest=/tmp/image.tar'], true],
[['type=docker', 'type=tar,dest=/tmp/image.tar'], true],
[['"type=tar","dest=/tmp/image.tar"'], true],
[['" type= local" , dest=./release-out'], true],
[['.'], true]
])('given %p returns %p', async (outputs: Array<string>, expected: boolean) => {
expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
});
});
describe('isAvailable', () => {
const execSpy = jest.spyOn(exec, 'getExecOutput');
buildx.isAvailable();
// eslint-disable-next-line jest/no-standalone-expect
expect(execSpy).toHaveBeenCalledWith(`docker`, ['buildx'], {
silent: true,
ignoreReturnCode: true
});
});
describe('isAvailable standalone', () => {
const execSpy = jest.spyOn(exec, 'getExecOutput');
buildx.isAvailable(true);
// eslint-disable-next-line jest/no-standalone-expect
expect(execSpy).toHaveBeenCalledWith(`buildx`, [], {
silent: true,
ignoreReturnCode: true
});
});
describe('getVersion', () => {
it('valid', async () => {
const version = await buildx.getVersion();
expect(semver.valid(version)).not.toBeNull();
});
});
describe('parseVersion', () => {
test.each([
['github.com/docker/buildx 0.4.1+azure bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
['github.com/docker/buildx v0.4.1 bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
['github.com/docker/buildx v0.4.2 fb7b670b764764dc4716df3eba07ffdae4cc47b2', '0.4.2'],
['github.com/docker/buildx f117971 f11797113e5a9b86bd976329c5dbb8a8bfdfadfa', 'f117971']
])('given %p', async (stdout, expected) => {
expect(buildx.parseVersion(stdout)).toEqual(expected);
});
});
describe('satisfies', () => {
test.each([
['0.4.1', '>=0.3.2', true],
['bda4882a65349ca359216b135896bddc1d92461c', '>0.1.0', false],
['f117971', '>0.6.0', true]
])('given %p', async (version, range, expected) => {
expect(buildx.satisfies(version, range)).toBe(expected);
});
});
describe('getSecret', () => {
test.each([
['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', false],
['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
['aaaaaaaa', false, '', '', true],
['aaaaaaaa=', false, '', '', true],
['=bbbbbbb', false, '', '', true],
[`foo=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`, true, 'foo', 'bar', false],
[`notfound=secret`, true, '', '', true]
])('given %p key and %p secret', async (kvp, file, exKey, exValue, invalid) => {
try {
let secret: string;
if (file) {
secret = await buildx.getSecretFile(kvp);
} else {
secret = await buildx.getSecretString(kvp);
}
expect(true).toBe(!invalid);
expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
expect(fs.readFileSync(tmpNameSync, 'utf-8')).toEqual(exValue);
} catch (err) {
// eslint-disable-next-line jest/no-conditional-expect
expect(true).toBe(invalid);
}
});
});

View File

@@ -1,856 +0,0 @@
import {beforeEach, describe, expect, it, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
import * as buildx from '../src/buildx';
import * as context from '../src/context';
const pgp = `-----BEGIN PGP PRIVATE KEY BLOCK-----
lQdGBF6tzaABEACjFbX7PFEG6vDPN2MPyxYW7/3o/sonORj4HXUFjFxxJxktJ3x3
N1ayHPJ1lqIeoiY7jVbq0ZdEVGkd3YsKG9ZMdZkzGzY6PQPC/+M8OnzOiOPwUdWc
+Tdhh115LvVz0MMKYiab6Sn9cgxj9On3LCQKpjvMDpPo9Ttf6v2GQIw8h2ACvdzQ
71LtIELS/I+dLbfZiwpUu2fhQT13EJkEnYMOYwM5jNUd66P9itUc7MrOWjkicrKP
oF1dQaCM+tuKuxvD8WLdiwU5x60NoGkJHHUehKQXl2dVzjpqEqHKEBJt9tfJ9lpE
YIisgwB8o3pes0fgCehjW2zI95/o9+ayJ6nl4g5+mSvWRXEu66h71nwM0Yuvquk8
3me7qhYfDrDdCwcxS5BS1hwakTgUQLD99FZjbx1j8sq96I65O0GRdyU2PR8KIjwu
JrkTH4ZlKxK3FQghUhFoA5GkiDb+eClmRMSni5qg+81T4XChmUkEprA3eWCHL+Ma
xRNNxLS+r6hH9HG5JBxpV3iaTI9HHpnQKhEeaLXqsUTDZliN9hP7Ywo8bpUB8j2d
oWYwDV4dPyMKr6Fb8RDCh2q5gJGbVp8w/NmmBTeL+IP2fFggJkRfyumv3Ul7x66L
tBFQ4rYo4JUUrGweSTneG6REIgxH66hIrNl6Vo/D1ZyknTe1dMOu/BTkkQARAQAB
/gcDAqra8KO+h3bfyu90vxTL1ro4x/x9il7VBcWlIR4cBP7Imgxv+T4hwPIu8P1x
lOlxLNWegFOV0idoTy1o3VLLBev/F+IlspX4A+2XEIddR6nZnKFi0Lv2L4TKgE9E
VJJTszmviDIRLMLN9dWzDfA8hj5tR5Inot92CHRF414AS22JHvlhbFSLQnjqsN+C
n1cQpNOJhkxsSfZsxjnFa/70y/u8v0o8mzyLZmk9HpzRHGzoz8IfpLp8OTqBR9u6
zzoKLy16zZO55OKbj7h8uVZvDUq9l8iDICpqWMdZqBJIl56MBexYKgYxh3YO/8v2
oXli+8Xuaq5QLiCN3yT7IbKoYzplnFfaJwFiMh7R1iPLXaYAZ0qdRijlbtseTK1m
oHNkwUbxVzjkh4LfE8UpmMwZn5ZjWni3230SoiXuKy0OHkGvwGvWWAL1mEuoYuUI
mFMcH5MnixP8oQYZKDj2IR/yEeOpdU6B/tr3Tk1NidLf7pUMqG7Ff1NU6dAUeBpa
9xahITMjHvrhgMISY4IYZep5cEnVw8lQTpUJtW/ePMzrFhu3sA7oNdj9joW/VMfz
H7MHwwavtICsYqoqV3lnjX4EC9dW6o8PTUg2u956dmtK7KAyUK/+w2aLNGT28ChN
jhRYHvHzB9Kw5asqI/lTM49eqslBqYQMTTjdBphkYuSZQzNMf291j/ZmoLhD1A1a
S8tUnNygKV4D1cJYgSXfzhFoU8ib/0SPo+KqQ+CzGS+wxXg6WNBA6wepTjpnVVx3
4JADP8IJcDC3P0iwAreWjSy15F1cvemFFB0SLNUkyZGzsxtKzbM1+8khl68+eazC
LzRj0rxfIF5znWjX1QFhKxCk6eF0IWDY0+b3DBkmChME9YDXJ3TthcqA7JgcX4JI
M4/wdqhgerJYOmj+i2Q0M+Bu02icOJYMwTMMsDVl7XGHkaCuRgZ54eZAUH7JFwUm
1Ct3tcaqiTMmz0ngHVqBTauzgqKDvzwdVqdfg05H364nJMay/3omR6GayIb5CwSo
xdNVwG3myPPradT9MP09mDr4ys2zcnQmCkvTVBF6cMZ1Eh6PQQ8CyQWv0zkaBnqj
JrM1hRpgW4ZlRosSIjCaaJjolN5QDcXBM9TbW9ww+ZYstazN2bV1ZQ7BEjlHQPa1
BhzMsvqkbETHsIpDNF52gZKn3Q9eIX05BeadzpHUb5/XOheIHVIdhSaTlgl/qQW5
hQgPGSzSV6KhXEY7aevTdvOgq++WiELkjfz2f2lQFesTjFoQWEvxVDUmLxHtEhaN
DOuh4H3mX5Opn3pLQmqWVhJTbFdx+g5qQd0NCW4mDaTFWTRLFLZQsSJxDSeg9xrY
gmaii8NhMZRwquADW+6iU6KfraBhngi7HRz4TfqPr9ma/KUY464cqim1fnwXejyx
jsb5YHR9R66i+F6P/ysF5w+QuVdDt1fnf9GLay0r6qxpA8ft2vGPcDs4806Huj+7
Aq5VeJaNkCuh3GR3xVnCFAz/7AtkO6xKuZm8B3q904UuMdSmkhWbaobIuF/B2B6S
eawIXQHEOplK3ic26d8Ckf4gbjeORfELcMAEi5nGXpTThCdmxQApCLxAYYnTfQT1
xhlDwT9xPEabo98mIwJJsAU5VsTDYW+qfo4qIx8gYoSKc9Xu3yVh3n+9k43Gcm5V
9lvK1slijf+TzODZt/jsmkF8mPjXyP5KOI+xQp/m4PxW3pp57YrYj/Rnwga+8DKX
jMsW7mLAAZ/e+PY6z/s3x1Krfk+Bb5Ph4mI0zjw5weQdtyEToRgveda0GEpvZSBU
ZXN0ZXIgPGpvZUBmb28uYmFyPokCNgQQAQgAIAUCXq3NoAYLCQcIAwIEFQgKAgQW
AgEAAhkBAhsDAh4BAAoJEH2FHrctc72gxtQP/AulaClIcn/kDt43mhYnyLglPfbo
AqPlU26chXolBg0Wo0frFY3aIs5SrcWEf8aR4XLwCFGyi3vya0CUxjghN5tZBYqo
vswbT00zP3ohxxlJFCRRR9bc7OZXCgTddtfVf6EKrUAzIkbWyAhaJnwJy/1UGpSw
SEO/KpastrVKf3sv1wqOeFQ4DFyjaNda+xv3dVWS8db7KogqJiPFZXrQK3FKVIxS
fxRSmKaYN7//d+xwVAEY++RrnL/o8B2kV6N68cCpQWJELyYnJzis9LBcWd/3wiYh
efTyY+ePKUjcB+kEZnyJfLc7C2hll2e7UJ0fxv+k8vHReRhrNWmGRXsjNRxiw3U0
hfvxD/C8nyqAbeTHp4XDX78Tc3XCysAqIYboIL+RyewDMjjLj5vzUYAdUdtyNaD7
C6M2R6pN1GAt52CJmC/Z6F7W7GFGoYOdEkVdMQDsjCwScyEUNlGj9Zagw5M2EgSe
6gaHgMgTzsMzCc4W6WV5RcS55cfDNOXtxPsMJTt4FmXrjl11prBzpMfpU5a9zxDZ
oi54ZZ8VPE6jsT4Lzw3sni3c83wm28ArM20AzZ1vh7fk3Sfd0u4Yaz7s9JlEm5+D
34tEyli28+QjCQc18EfQUiJqiYEJRxJXJ3esvMHfYi45pV/Eh5DgRW1305fUJV/6
+rGpg0NejsHoZdZPnQdGBF6tzaABEAC4mVXTkVk6Kdfa4r5zlzsoIrR27laUlMkb
OBMt+aokqS+BEbmTnMg6xIAmcUT5uvGAc8S/WhrPoYfc15fTUyHIz8ZbDoAg0LO6
0Io4VkAvNJNEnsSV9VdLBh/XYlc4K49JqKyWTL4/FJFAGbsmHY3b+QU90AS6FYRv
KeBAoiyebrjx0vmzb8E8h3xthVLN+AfMlR1ickY62zvnpkbncSMY/skur1D2KfbF
3sFprty2pEtjFcyB5+18l2IyyHGOlEUw1PZdOAV4/Myh1EZRgYBPs80lYTJALCVF
IdOakH33WJCImtNZB0AbDTABG+JtMjQGscOa0qzf1Y/7tlhgCrynBBdaIJTx95TD
21BUHcHOu5yTIS6Ulysxfkv611+BiOKHgdq7DVGP78VuzA7bCjlP1+vHqIt3cnIa
t2tEyuZ/XF4uc3/i4g0uP9r7AmtET7Z6SKECWjpVv+UEgLx5Cv+ql+LSKYQMvU9a
i3B1F9fatn3FSLVYrL4aRxu4TSw9POb0/lgDNmN3lGQOsjGCZPibkHjgPEVxKuiq
9Oi38/VTQ0ZKAmHwBTq1WTZIrPrCW0/YMQ6yIJZulwQ9Yx1cgzYzEfg04fPXlXMi
vkvNpKbYIICzqj0/DVztz9wgpW6mnd0A2VX2dqbMM0fJUCHA6pj8AvXY4R+9Q4rj
eWRK9ycInQARAQAB/gcDApjt7biRO0PEyrrAiUwDMsJL4/CVMu11qUWEPjKe2Grh
ZTW3N+m3neKPRULu+LUtndUcEdVWUCoDzAJ7MwihZtV5vKST/5Scd2inonOaJqoA
nS3wnEMN/Sc93HAZiZnFx3NKjQVNCwbuEs45mXkkcjLm2iadrTL8fL4acsu5IsvD
LbDwVOPeNnHKl6Hr20e39fK0FuJEyH49JM6U3B1/8385sJB8+E24+hvSF81aMddh
Ne4Bc3ZYiYaKxe1quPNKC0CQhAZiT7LsMfkInXr0hY1I+kISNXEJ1dPYOEWiv0Ze
jD5Pupn34okKNEeBCx+dK8BmUCi6Jgs7McUA7hN0D/YUS++5fuR55UQq2j8Ui0tS
P8GDr86upH3PgEL0STh9fYfJ7TesxurwonWjlmmT62Myl4Pr+RmpS6PXOnhtcADm
eGLpzhTveFj4JBLMpyYHgBTqcs12zfprATOpsI/89kmQoGCZpG6+AbfSHqNNPdy2
eqUCBhOZlIIda1z/cexmU3f/gBqyflFf8fkvmlO4AvI8aMH3OpgHdWnzh+AB51xj
kmdD/oWel9v7Dz4HoZUfwFaLZ0fE3P9voD8e+sCwqQwVqRY4L/BOYPD5noVOKgOj
ABNKu5uKrobj6rFUi6DTUCjFGcmoF1Sc06xFNaagUNggRbmlC/dz22RWdDUYv5ra
N6TxIDkGC0cK6ujyK0nes3DN0aHjgwWuMXDYkN3UckiebI4Cv/eF9jvUKOSiIcy1
RtxdazZS4dYg2LBMeJKVkPi5elsNyw2812nEY3du/nEkQYXfYgWOF27OR+g4Y9Yw
1BiqJ1TTjbQnd/khOCrrbzDH1mw00+1XVsT6wjObuYqqxPPS87UrqmMf6OdoYfPm
zEOnNLBnsJ5VQM3A3pcT40RfdBrZRO8LjGhzKTreyq3C+jz0RLa5HNE8GgOhGyck
ME4h+RhXlE8KGM+tTo6PA1NJSrEt+8kZzxjP4rIEn0aVthCkNXK12inuXtnHm0ao
iLUlQOsfPFEnzl0TUPd7+z7j/wB+XiKU/AyEUuB0mvdxdKtqXvajahOyhLjzHQhz
ZnNlgANGtiqcSoJmkJ8yAvhrtQX51fQLftxbArRW1RYk/5l+Gy3azR+gUC17M6JN
jrUYxn0zlAxDGFH7gACHUONwVekcuEffHzgu2lk7MyO1Y+lPnwabqjG0eWWHuU00
hskJlXyhj7DeR12bwjYkyyjG62GvOH02g3OMvUgNGH+K321Dz539csCh/xwtg7Wt
U3YAphU7htQ1dPDfk1IRs7DQo2L+ZTE57vmL5m0l6fTataEWBPUXkygfQFUJOM6Q
yY76UEZww1OSDujNeY171NSTzXCVkUeAdAMXgjaHXWLK2QUQUoXbYX/Kr7Vvt9Fu
Jh6eGjjp7dSjQ9+DW8CAB8vxd93gsQQGWYjmGu8khkEmx6OdZhmSbDbe915LQTb9
sPhk2s5/Szsvr5W2JJ2321JI6KXBJMZvPC5jEBWmRzOYkRd2vloft+CSMfXF+Zfd
nYtc6R3dvb9vcjo+a9wFtfcoDsO0MaPSM+9GB25MamdatmGX6iLOy9Re1UABwUi/
VhTWNkP5uzqx0sDwHEIa2rYOwxpIZDwwjM3oOASCW1DDBQ0BI9KNjfIeL3ubx2mS
2x8hFU9qSK4umoDNbzOqGPSlkdbiPcNjF2ZcSN1qQZiYdwLL5dw6APNyBVjxTN1J
gkCdJ/HwAY+r93Lbl5g8gz8d0vJEyfn//34sn9u+toSTw55GcG9Ks1kSKIeDNh0h
MiPm3HmJAh8EGAEIAAkFAl6tzaACGwwACgkQfYUety1zvaBV9hAAgliX36pXJ59g
3I9/4R68e/fGg0FMM6D+01yCeiKApOYRrJ0cYKn7ITDYmHhlGGpBAie90UsqX12h
hdLP7LoQx7sjTyzQt6JmpA8krIwi2ON7FKBkdYb8IYx4mE/5vKnYT4/SFnwTmnZY
+m+NzK2U/qmhq8JyO8gozdAKJUcgz49IVv2Ij0tQ4qaPbyPwQxIDyKnT758nJhB1
jTqo+oWtER8q3okzIlqcArqn5rDaNJx+DRYL4E/IddyHQAiUWUka8usIUqeW5reu
zoPUE2CCfOJSGArkqHQQqMx0WEzjQTwAPaHrQbera4SbiV/o4CLCV/u5p1Qnig+Q
iUsakmlD299t//125LIQEa5qzd9hRC7u1uJS7VdW8eGIEcZ0/XT/sr+z23z0kpZH
D3dXPX0BwM4IP9xu31CNg10x0rKwjbxy8VaskFEelpqpu+gpAnxqMd1evpeUHcOd
r5RgPgkNFfba9Nbxf7uEX+HOmsOM+kdtSmdGIvsBZjVnW31nnoDMp49jG4OynjrH
cRuoM9sxdr6UDqb22CZ3/e0YN4UaZM3YDWMVaP/QBVgvIFcdByqNWezpd9T4ZUII
MZlaV1uRnHg6B/zTzhIdMM80AXz6Uv6kw4S+Lt7HlbrnMT7uKLuvzH7cle0hcIUa
PejgXO0uIRolYQ3sz2tMGhx1MfBqH64=
=WbwB
-----END PGP PRIVATE KEY BLOCK-----`;
jest.spyOn(context, 'defaultContext').mockImplementation((): string => {
return 'https://github.com/docker/build-push-action.git#refs/heads/test-jest';
});
jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
if (!fs.existsSync(tmpDir)) {
fs.mkdirSync(tmpDir, {recursive: true});
}
return tmpDir;
});
jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
return path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
});
jest.spyOn(buildx, 'satisfiesBuildKitVersion').mockResolvedValueOnce(true);
describe('getArgs', () => {
beforeEach(() => {
process.env = Object.keys(process.env).reduce((object, key) => {
if (!key.startsWith('INPUT_')) {
object[key] = process.env[key];
}
return object;
}, {});
});
// prettier-ignore
test.each([
[
0,
'0.4.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'.'
]
],
[
1,
'0.4.2',
new Map<string, string>([
['build-args', `MY_ARG=val1,val2,val3
ARG=val
"MULTILINE=aaaa
bbbb
ccc"`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--build-arg', 'MY_ARG=val1,val2,val3',
'--build-arg', 'ARG=val',
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
]
],
[
2,
'0.4.2',
new Map<string, string>([
['tags', 'name/app:7.4, name/app:latest'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--tag', 'name/app:7.4',
'--tag', 'name/app:latest',
'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
]
],
[
3,
'0.4.2',
new Map<string, string>([
['context', '.'],
['labels', 'org.opencontainers.image.title=buildkit\norg.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--label', 'org.opencontainers.image.title=buildkit',
'--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
'--output', 'type=local,dest=./release-out',
'.'
]
],
[
4,
'0.4.1',
new Map<string, string>([
['context', '.'],
['platforms', 'linux/amd64,linux/arm64'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--platform', 'linux/amd64,linux/arm64',
'.'
]
],
[
5,
'0.4.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'.'
]
],
[
6,
'0.4.2',
new Map<string, string>([
['context', '.'],
['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'.'
]
],
[
7,
'0.4.2',
new Map<string, string>([
['github-token', 'abcdefghijklmno0123456789'],
['outputs', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--output', '.',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
]
],
[
8,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--platform', 'linux/amd64,linux/arm64',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
9,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar
"EMPTYLINE=aaaa
bbbb
ccc"`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--platform', 'linux/amd64,linux/arm64',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
10,
'0.4.2',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['platforms', 'linux/amd64,linux/arm64'],
['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc
FOO=bar
EMPTYLINE=aaaa
bbbb
ccc`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--platform', 'linux/amd64,linux/arm64',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--builder', 'builder-git-context-2',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
11,
'0.5.1',
new Map<string, string>([
['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
['tag', 'localhost:5000/name/app:latest'],
['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`],
['file', './test/Dockerfile'],
['builder', 'builder-git-context-2'],
['network', 'host'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--builder', 'builder-git-context-2',
'--network', 'host',
'--push',
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
[
12,
'0.4.2',
new Map<string, string>([
['context', '.'],
['labels', 'org.opencontainers.image.title=filter_results_top_n\norg.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--label', 'org.opencontainers.image.title=filter_results_top_n',
'--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
'--output', 'type=local,dest=./release-out',
'.'
]
],
[
13,
'0.6.0',
new Map<string, string>([
['context', '.'],
['tag', 'localhost:5000/name/app:latest'],
['file', './test/Dockerfile'],
['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
['network', 'host'],
['load', 'false'],
['no-cache', 'false'],
['push', 'true'],
['pull', 'false'],
]),
[
'build',
'--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'--network', 'host',
'--push',
'.'
]
],
[
14,
'0.7.0',
new Map<string, string>([
['context', '.'],
['file', './test/Dockerfile'],
['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
['cgroup-parent', 'foo'],
['shm-size', '2g'],
['ulimit', `nofile=1024:1024
nproc=3`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1',
'--cgroup-parent', 'foo',
'--file', './test/Dockerfile',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--shm-size', '2g',
'--ulimit', 'nofile=1024:1024',
'--ulimit', 'nproc=3',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
15,
'0.7.0',
new Map<string, string>([
['context', '{{defaultContext}}:docker'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'https://github.com/docker/build-push-action.git#refs/heads/test-jest:docker'
]
],
[
16,
'0.8.2',
new Map<string, string>([
['github-token', 'abcdefghijklmno0123456789'],
['context', '{{defaultContext}}:subdir'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'https://github.com/docker/build-push-action.git#refs/heads/test-jest:subdir'
]
],
[
17,
'0.8.2',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'true'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
18,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--provenance", 'false',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
19,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'true'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
20,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'mode=max'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
21,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--provenance", 'false',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
22,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'builder-id=foo'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--provenance", 'builder-id=foo',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
23,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['outputs', 'type=docker'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--output", 'type=docker',
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
[
24,
'0.10.0',
new Map<string, string>([
['context', '.'],
['load', 'true'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', '/tmp/.docker-build-push-jest/iidfile',
"--load",
'--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
'.'
]
],
])(
'[%d] given %p with %p as inputs, returns %p',
async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
inputs.forEach((value: string, name: string) => {
setInput(name, value);
});
const defContext = context.defaultContext();
const inp = await context.getInputs(defContext);
const res = await context.getArgs(inp, defContext, buildxVersion);
expect(res).toEqual(expected);
}
);
});
describe('getInputList', () => {
it('single line correctly', async () => {
await setInput('foo', 'bar');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar']);
});
it('multiline correctly', async () => {
setInput('foo', 'bar\nbaz');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz']);
});
it('empty lines correctly', async () => {
setInput('foo', 'bar\n\nbaz');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz']);
});
it('comma correctly', async () => {
setInput('foo', 'bar,baz');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz']);
});
it('empty result correctly', async () => {
setInput('foo', 'bar,baz,');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz']);
});
it('different new lines correctly', async () => {
setInput('foo', 'bar\r\nbaz');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz']);
});
it('different new lines and comma correctly', async () => {
setInput('foo', 'bar\r\nbaz,bat');
const res = await context.getInputList('foo');
expect(res).toEqual(['bar', 'baz', 'bat']);
});
it('multiline and ignoring comma correctly', async () => {
setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
const res = await context.getInputList('cache-from', true);
expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
});
it('different new lines and ignoring comma correctly', async () => {
setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
const res = await context.getInputList('cache-from', true);
expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
});
it('multiline values', async () => {
setInput(
'secrets',
`GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar`
);
const res = await context.getInputList('secrets', true);
expect(res).toEqual([
'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
`MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc`,
'FOO=bar'
]);
});
it('multiline values with empty lines', async () => {
setInput(
'secrets',
`GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
"MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc"
FOO=bar
"EMPTYLINE=aaaa
bbbb
ccc"`
);
const res = await context.getInputList('secrets', true);
expect(res).toEqual([
'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
`MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc`,
'FOO=bar',
`EMPTYLINE=aaaa
bbbb
ccc`
]);
});
it('multiline values without quotes', async () => {
setInput(
'secrets',
`GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
MYSECRET=aaaaaaaa
bbbbbbb
ccccccccc
FOO=bar`
);
const res = await context.getInputList('secrets', true);
expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
});
it('large multiline values', async () => {
setInput(
'secrets',
`"GPG_KEY=${pgp}"
FOO=bar`
);
const res = await context.getInputList('secrets', true);
expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']);
});
it('multiline values escape quotes', async () => {
setInput(
'secrets',
`GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
"MYSECRET=aaaaaaaa
bbbb""bbb
ccccccccc"
FOO=bar`
);
const res = await context.getInputList('secrets', true);
expect(res).toEqual([
'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
`MYSECRET=aaaaaaaa
bbbb"bbb
ccccccccc`,
'FOO=bar'
]);
});
});
describe('asyncForEach', () => {
it('executes async tasks sequentially', async () => {
const testValues = [1, 2, 3, 4, 5];
const results: number[] = [];
await context.asyncForEach(testValues, async value => {
results.push(value);
});
expect(results).toEqual(testValues);
});
});
// See: https://github.com/actions/toolkit/blob/a1b068ec31a042ff1e10a522d8fdf0b8869d53ca/packages/core/src/core.ts#L89
function getInputName(name: string): string {
return `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
}
function setInput(name: string, value: string): void {
process.env[getInputName(name)] = value;
}

View File

@@ -1,16 +0,0 @@
import {describe, expect, it, jest} from '@jest/globals';
import * as docker from '../src/docker';
import * as exec from '@actions/exec';
describe('isAvailable', () => {
it('cli', () => {
const execSpy = jest.spyOn(exec, 'getExecOutput');
docker.isAvailable();
// eslint-disable-next-line jest/no-standalone-expect
expect(execSpy).toHaveBeenCalledWith(`docker`, undefined, {
silent: true,
ignoreReturnCode: true
});
});
});

View File

@@ -1 +0,0 @@
bar

View File

@@ -1,117 +1,67 @@
# https://help.github.com/en/articles/metadata-syntax-for-github-actions
name: Build and push Docker images
description: Build and push Docker images with Buildx
author: docker
description: Builds and pushes Docker images and will log in to a Docker registry if required
author: Docker
branding:
icon: 'anchor'
color: 'blue'
runs:
using: docker
image: docker://docker/github-actions:v1
args:
- build-push
inputs:
add-hosts:
description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
username:
description: Username used to log in to a Docker registry. If not set then no login will occur
required: false
allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
password:
description: Password or personal access token used to log in to a Docker registry. If not set then no login will occur
required: false
attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false
build-args:
description: "List of build-time variables"
required: false
build-contexts:
description: "List of additional build contexts (e.g., name=path)"
required: false
builder:
description: "Builder instance"
required: false
cache-from:
description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
required: false
cache-to:
description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
required: false
cgroup-parent:
description: "Optional parent cgroup for the container used in the build"
required: false
context:
description: "Build's context is the set of files located in the specified PATH or URL"
required: false
file:
description: "Path to the Dockerfile"
required: false
labels:
description: "List of metadata for an image"
required: false
load:
description: "Load is a shorthand for --output=type=docker"
required: false
default: 'false'
network:
description: "Set the networking mode for the RUN instructions during build"
required: false
no-cache:
description: "Do not use cache when building the image"
required: false
default: 'false'
no-cache-filters:
description: "Do not cache specified stages"
required: false
outputs:
description: "List of output destinations (format: type=local,dest=path)"
required: false
platforms:
description: "List of target platforms for build"
required: false
provenance:
description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
required: false
pull:
description: "Always attempt to pull all referenced images"
required: false
default: 'false'
push:
description: "Push is a shorthand for --output=type=registry"
required: false
default: 'false'
sbom:
description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
required: false
secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false
secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false
shm-size:
description: "Size of /dev/shm (e.g., 2g)"
required: false
ssh:
description: "List of SSH agent socket or keys to expose to the build"
registry:
description: Server address of Docker registry. If not set then will default to Docker Hub
required: false
repository:
deprecationMessage: 'v2 beta is now available through docker/build-push-action@v2'
description: Docker repository to tag the image with
required: true
tags:
description: "List of tags"
description: Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
required: false
tag_with_ref:
description: Automatically tags the built image with the git reference as per the readme
required: false
default: false
tag_with_sha:
description: Automatically tags the built image with the git short SHA as per the readme
required: false
default: false
path:
description: Path to the build context
required: false
default: "."
dockerfile:
description: Path to the Dockerfile (Default is '{path}/Dockerfile')
required: false
target:
description: "Sets the target stage to build"
description: Sets the target stage to build
required: false
ulimit:
description: "Ulimit options (e.g., nofile=1024:1024)"
always_pull:
description: Always attempt to pull a newer version of the image
required: false
github-token:
description: "GitHub Token used to authenticate against a repository for Git context"
default: ${{ github.token }}
default: false
build_args:
description: Comma-delimited list of build-time variables
required: false
outputs:
imageid:
description: 'Image ID'
digest:
description: 'Image digest'
metadata:
description: 'Build result metadata'
runs:
using: 'node16'
main: 'dist/index.js'
post: 'dist/index.js'
cache_froms:
description: Comma-delimited list of images to consider as cache sources
required: false
labels:
description: Comma-delimited list of labels to add to the built image
required: false
add_git_labels:
description: Adds labels with git repository information to the built image
required: false
default: false
push:
description: Whether to push the image
required: false
default: true

View File

@@ -1,3 +0,0 @@
comment: false
github_checks:
annotations: false

View File

@@ -1,76 +0,0 @@
# syntax=docker/dockerfile:1
ARG NODE_VERSION=16
ARG DOCKER_VERSION=20.10.13
ARG BUILDX_VERSION=0.8.0
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /
FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
FROM scratch AS build-update
COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
yarn run lint
FROM docker:${DOCKER_VERSION} as docker
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
FROM deps AS test
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/node_modules \
--mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
--mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
yarn run test --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

22
dist/index.js vendored

File diff suppressed because one or more lines are too long

1
dist/index.js.map vendored

File diff suppressed because one or more lines are too long

1083
dist/licenses.txt vendored

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@@ -1,53 +0,0 @@
group "default" {
targets = ["build"]
}
group "pre-checkin" {
targets = ["vendor-update", "format", "build"]
}
group "validate" {
targets = ["lint", "build-validate", "vendor-validate"]
}
target "build" {
dockerfile = "dev.Dockerfile"
target = "build-update"
output = ["."]
}
target "build-validate" {
dockerfile = "dev.Dockerfile"
target = "build-validate"
output = ["type=cacheonly"]
}
target "format" {
dockerfile = "dev.Dockerfile"
target = "format-update"
output = ["."]
}
target "lint" {
dockerfile = "dev.Dockerfile"
target = "lint"
output = ["type=cacheonly"]
}
target "vendor-update" {
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]
}
target "vendor-validate" {
dockerfile = "dev.Dockerfile"
target = "vendor-validate"
output = ["type=cacheonly"]
}
target "test" {
dockerfile = "dev.Dockerfile"
target = "test-coverage"
output = ["./coverage"]
}

View File

@@ -1,3 +0,0 @@
# Cache
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#cache)

View File

@@ -1,3 +0,0 @@
# Copy images between registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#copy-images-between-registries)

View File

@@ -1,3 +0,0 @@
# Update Docker Hub repo description
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#update-docker-hub-repository-description)

View File

@@ -1,3 +0,0 @@
# Export image to Docker
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#export-image-to-docker)

View File

@@ -1,3 +0,0 @@
# Isolated builders
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders)

View File

@@ -1,3 +0,0 @@
# Local registry
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#local-registry)

View File

@@ -1,3 +0,0 @@
# Multi-platform image
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#multi-platform-images)

View File

@@ -1,3 +0,0 @@
# Named contexts
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#named-contexts)

View File

@@ -1,3 +0,0 @@
# Push to multi-registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#push-to-multi-registries)

View File

@@ -1,3 +0,0 @@
# Secrets
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#secrets)

View File

@@ -1,3 +0,0 @@
# Share built image between jobs
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#share-built-image-between-jobs)

View File

@@ -1,3 +0,0 @@
# Handle tags and labels
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#manage-tags-and-labels)

View File

@@ -1,3 +0,0 @@
# Test your image before pushing it
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/examples/#test-your-image-before-pushing-it)

View File

@@ -1,23 +0,0 @@
process.env = Object.assign({}, process.env, {
RUNNER_TEMP: '/tmp/github_runner',
RUNNER_TOOL_CACHE: '/tmp/github_tool_cache',
GITHUB_REPOSITORY: 'docker/build-push-action',
GITHUB_RUN_ID: '123456789'
}) as {
[key: string]: string;
};
module.exports = {
clearMocks: false,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
setupFiles: ['dotenv/config'],
testMatch: ['**/*.test.ts'],
transform: {
'^.+\\.ts$': 'ts-jest'
},
moduleNameMapper: {
'^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
},
verbose: true
};

View File

@@ -1,59 +0,0 @@
{
"name": "docker-build-push",
"description": "Build and push Docker images",
"main": "lib/main.js",
"scripts": {
"build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "eslint src/**/*.ts __tests__/**/*.ts",
"format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
"test": "jest --coverage",
"all": "yarn run build && yarn run format && yarn test"
},
"repository": {
"type": "git",
"url": "git+https://github.com/docker/build-push-action.git"
},
"keywords": [
"actions",
"docker",
"build",
"push"
],
"author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "Apache-2.0",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/exec": "^1.1.1",
"@actions/github": "^5.1.1",
"csv-parse": "^5.3.3",
"handlebars": "^4.7.7",
"jwt-decode": "^3.1.2",
"semver": "^7.3.7",
"tmp": "^0.2.1"
},
"devDependencies": {
"@types/csv-parse": "^1.2.2",
"@types/node": "^16.11.26",
"@types/semver": "^7.3.9",
"@types/tmp": "^0.2.3",
"@typescript-eslint/eslint-plugin": "^5.14.0",
"@typescript-eslint/parser": "^5.14.0",
"@vercel/ncc": "^0.33.3",
"dotenv": "^16.0.0",
"eslint": "^8.11.0",
"eslint-config-prettier": "^8.5.0",
"eslint-plugin-jest": "^26.1.1",
"eslint-plugin-prettier": "^4.0.0",
"jest": "^27.2.5",
"prettier": "^2.3.1",
"ts-jest": "^27.1.2",
"ts-node": "^10.7.0",
"typescript": "^4.4.4"
}
}

View File

@@ -1,282 +0,0 @@
import {parse} from 'csv-parse/sync';
import fs from 'fs';
import path from 'path';
import * as semver from 'semver';
import * as exec from '@actions/exec';
import * as context from './context';
export type Builder = {
name?: string;
driver?: string;
nodes: Node[];
};
export type Node = {
name?: string;
endpoint?: string;
'driver-opts'?: Array<string>;
status?: string;
'buildkitd-flags'?: string;
buildkit?: string;
platforms?: string;
};
export async function getImageIDFile(): Promise<string> {
return path.join(context.tmpDir(), 'iidfile').split(path.sep).join(path.posix.sep);
}
export async function getImageID(): Promise<string | undefined> {
const iidFile = await getImageIDFile();
if (!fs.existsSync(iidFile)) {
return undefined;
}
return fs.readFileSync(iidFile, {encoding: 'utf-8'}).trim();
}
export async function getMetadataFile(): Promise<string> {
return path.join(context.tmpDir(), 'metadata-file').split(path.sep).join(path.posix.sep);
}
export async function getMetadata(): Promise<string | undefined> {
const metadataFile = await getMetadataFile();
if (!fs.existsSync(metadataFile)) {
return undefined;
}
const content = fs.readFileSync(metadataFile, {encoding: 'utf-8'}).trim();
if (content === 'null') {
return undefined;
}
return content;
}
export async function getDigest(metadata: string | undefined): Promise<string | undefined> {
if (metadata === undefined) {
return undefined;
}
const metadataJSON = JSON.parse(metadata);
if (metadataJSON['containerimage.digest']) {
return metadataJSON['containerimage.digest'];
}
return undefined;
}
export async function getSecretString(kvp: string): Promise<string> {
return getSecret(kvp, false);
}
export async function getSecretFile(kvp: string): Promise<string> {
return getSecret(kvp, true);
}
export async function getSecret(kvp: string, file: boolean): Promise<string> {
const delimiterIndex = kvp.indexOf('=');
const key = kvp.substring(0, delimiterIndex);
let value = kvp.substring(delimiterIndex + 1);
if (key.length == 0 || value.length == 0) {
throw new Error(`${kvp} is not a valid secret`);
}
if (file) {
if (!fs.existsSync(value)) {
throw new Error(`secret file ${value} not found`);
}
value = fs.readFileSync(value, {encoding: 'utf-8'});
}
const secretFile = context.tmpNameSync({
tmpdir: context.tmpDir()
});
fs.writeFileSync(secretFile, value);
return `id=${key},src=${secretFile}`;
}
export function isLocalOrTarExporter(outputs: string[]): boolean {
const records = parse(outputs.join(`\n`), {
delimiter: ',',
trim: true,
columns: false,
relaxColumnCount: true
});
for (const record of records) {
// Local if no type is defined
// https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43
if (record.length == 1 && !record[0].startsWith('type=')) {
return true;
}
for (const [key, value] of record.map(chunk => chunk.split('=').map(item => item.trim()))) {
if (key == 'type' && (value == 'local' || value == 'tar')) {
return true;
}
}
}
return false;
}
export function hasGitAuthToken(secrets: string[]): boolean {
for (const secret of secrets) {
if (secret.startsWith('GIT_AUTH_TOKEN=')) {
return true;
}
}
return false;
}
export async function isAvailable(standalone?: boolean): Promise<boolean> {
const cmd = getCommand([], standalone);
return await exec
.getExecOutput(cmd.command, cmd.args, {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
return false;
}
return res.exitCode == 0;
})
// eslint-disable-next-line @typescript-eslint/no-unused-vars
.catch(error => {
return false;
});
}
export async function satisfiesBuildKitVersion(builderName: string, range: string, standalone?: boolean): Promise<boolean> {
const builderInspect = await inspect(builderName, standalone);
for (const node of builderInspect.nodes) {
if (!node.buildkit) {
return false;
}
// BuildKit version reported by moby is in the format of `v0.11.0-moby`
if (builderInspect.driver == 'docker' && !node.buildkit.endsWith('-moby')) {
return false;
}
const version = node.buildkit.replace(/-moby$/, '');
if (!semver.satisfies(version, range)) {
return false;
}
}
return true;
}
async function inspect(name: string, standalone?: boolean): Promise<Builder> {
const cmd = getCommand(['inspect', name], standalone);
return await exec
.getExecOutput(cmd.command, cmd.args, {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
return parseInspect(res.stdout);
});
}
async function parseInspect(data: string): Promise<Builder> {
const builder: Builder = {
nodes: []
};
let node: Node = {};
for (const line of data.trim().split(`\n`)) {
const [key, ...rest] = line.split(':');
const value = rest.map(v => v.trim()).join(':');
if (key.length == 0 || value.length == 0) {
continue;
}
switch (key.toLowerCase()) {
case 'name': {
if (builder.name == undefined) {
builder.name = value;
} else {
if (Object.keys(node).length > 0) {
builder.nodes.push(node);
node = {};
}
node.name = value;
}
break;
}
case 'driver': {
builder.driver = value;
break;
}
case 'endpoint': {
node.endpoint = value;
break;
}
case 'driver options': {
node['driver-opts'] = (value.match(/(\w+)="([^"]*)"/g) || []).map(v => v.replace(/^(.*)="(.*)"$/g, '$1=$2'));
break;
}
case 'status': {
node.status = value;
break;
}
case 'flags': {
node['buildkitd-flags'] = value;
break;
}
case 'buildkit': {
node.buildkit = value;
break;
}
case 'platforms': {
let platforms: Array<string> = [];
// if a preferred platform is being set then use only these
// https://docs.docker.com/engine/reference/commandline/buildx_inspect/#get-information-about-a-builder-instance
if (value.includes('*')) {
for (const platform of value.split(', ')) {
if (platform.includes('*')) {
platforms.push(platform.replace('*', ''));
}
}
} else {
// otherwise set all platforms available
platforms = value.split(', ');
}
node.platforms = platforms.join(',');
break;
}
}
}
if (Object.keys(node).length > 0) {
builder.nodes.push(node);
}
return builder;
}
export async function getVersion(standalone?: boolean): Promise<string> {
const cmd = getCommand(['version'], standalone);
return await exec
.getExecOutput(cmd.command, cmd.args, {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
return parseVersion(res.stdout.trim());
});
}
export function parseVersion(stdout: string): string {
const matches = /\sv?([0-9a-f]{7}|[0-9.]+)/.exec(stdout);
if (!matches) {
throw new Error(`Cannot parse buildx version`);
}
return matches[1];
}
export function satisfies(version: string, range: string): boolean {
return semver.satisfies(version, range) || /^[0-9a-f]{7}$/.exec(version) !== null;
}
export function getCommand(args: Array<string>, standalone?: boolean) {
return {
command: standalone ? 'buildx' : 'docker',
args: standalone ? args : ['buildx', ...args]
};
}

View File

@@ -1,340 +0,0 @@
import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import * as tmp from 'tmp';
import * as buildx from './buildx';
import * as core from '@actions/core';
import * as github from '@actions/github';
import {parse} from 'csv-parse/sync';
import * as handlebars from 'handlebars';
let _defaultContext, _tmpDir: string;
export interface Inputs {
addHosts: string[];
allow: string[];
attests: string[];
buildArgs: string[];
buildContexts: string[];
builder: string;
cacheFrom: string[];
cacheTo: string[];
cgroupParent: string;
context: string;
file: string;
labels: string[];
load: boolean;
network: string;
noCache: boolean;
noCacheFilters: string[];
outputs: string[];
platforms: string[];
provenance: string;
pull: boolean;
push: boolean;
sbom: string;
secrets: string[];
secretFiles: string[];
shmSize: string;
ssh: string[];
tags: string[];
target: string;
ulimit: string[];
githubToken: string;
}
export function defaultContext(): string {
if (!_defaultContext) {
let ref = github.context.ref;
if (github.context.sha && ref && !ref.startsWith('refs/')) {
ref = `refs/heads/${github.context.ref}`;
}
if (github.context.sha && !ref.startsWith(`refs/pull/`)) {
ref = github.context.sha;
}
_defaultContext = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}.git#${ref}`;
}
return _defaultContext;
}
export function tmpDir(): string {
if (!_tmpDir) {
_tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);
}
return _tmpDir;
}
export function tmpNameSync(options?: tmp.TmpNameOptions): string {
return tmp.tmpNameSync(options);
}
export function provenanceBuilderID(): string {
return `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}/actions/runs/${github.context.runId}`;
}
export async function getInputs(defaultContext: string): Promise<Inputs> {
return {
addHosts: await getInputList('add-hosts'),
allow: await getInputList('allow'),
attests: await getInputList('attests', true),
buildArgs: await getInputList('build-args', true),
buildContexts: await getInputList('build-contexts', true),
builder: core.getInput('builder'),
cacheFrom: await getInputList('cache-from', true),
cacheTo: await getInputList('cache-to', true),
cgroupParent: core.getInput('cgroup-parent'),
context: core.getInput('context') || defaultContext,
file: core.getInput('file'),
labels: await getInputList('labels', true),
load: core.getBooleanInput('load'),
network: core.getInput('network'),
noCache: core.getBooleanInput('no-cache'),
noCacheFilters: await getInputList('no-cache-filters'),
outputs: await getInputList('outputs', true),
platforms: await getInputList('platforms'),
provenance: getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'),
secrets: await getInputList('secrets', true),
secretFiles: await getInputList('secret-files', true),
shmSize: core.getInput('shm-size'),
ssh: await getInputList('ssh'),
tags: await getInputList('tags'),
target: core.getInput('target'),
ulimit: await getInputList('ulimit', true),
githubToken: core.getInput('github-token')
};
}
export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {
const context = handlebars.compile(inputs.context)({defaultContext});
// prettier-ignore
return [
...await getBuildArgs(inputs, defaultContext, context, buildxVersion, standalone),
...await getCommonArgs(inputs, buildxVersion),
context
];
}
async function getBuildArgs(inputs: Inputs, defaultContext: string, context: string, buildxVersion: string, standalone?: boolean): Promise<Array<string>> {
const args: Array<string> = ['build'];
await asyncForEach(inputs.addHosts, async addHost => {
args.push('--add-host', addHost);
});
if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(','));
}
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
await asyncForEach(inputs.attests, async attest => {
args.push('--attest', attest);
});
}
await asyncForEach(inputs.buildArgs, async buildArg => {
args.push('--build-arg', buildArg);
});
if (buildx.satisfies(buildxVersion, '>=0.8.0')) {
await asyncForEach(inputs.buildContexts, async buildContext => {
args.push('--build-context', buildContext);
});
}
await asyncForEach(inputs.cacheFrom, async cacheFrom => {
args.push('--cache-from', cacheFrom);
});
await asyncForEach(inputs.cacheTo, async cacheTo => {
args.push('--cache-to', cacheTo);
});
if (inputs.cgroupParent) {
args.push('--cgroup-parent', inputs.cgroupParent);
}
if (inputs.file) {
args.push('--file', inputs.file);
}
if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
args.push('--iidfile', await buildx.getImageIDFile());
}
await asyncForEach(inputs.labels, async label => {
args.push('--label', label);
});
await asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
args.push('--no-cache-filter', noCacheFilter);
});
await asyncForEach(inputs.outputs, async output => {
args.push('--output', output);
});
if (inputs.platforms.length > 0) {
args.push('--platform', inputs.platforms.join(','));
}
if (buildx.satisfies(buildxVersion, '>=0.10.0')) {
if (inputs.provenance) {
args.push('--provenance', inputs.provenance);
} else if ((await buildx.satisfiesBuildKitVersion(inputs.builder, '>=0.11.0', standalone)) && !hasDockerExport(inputs)) {
// If provenance not specified but BuildKit version compatible for
// attestation, disable provenance anyway. Also needs to make sure user
// doesn't want to explicitly load the image to docker.
// While this action successfully pushes OCI compliant images to
// well-known registries, some runtimes (e.g. Google Cloud Run and AWS
// Lambda) are not able to pull resulting image from their own registry...
// See also https://github.com/docker/buildx/issues/1533
args.push('--provenance', 'false');
}
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
}
}
await asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', await buildx.getSecretString(secret));
} catch (err) {
core.warning(err.message);
}
});
await asyncForEach(inputs.secretFiles, async secretFile => {
try {
args.push('--secret', await buildx.getSecretFile(secretFile));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && context.startsWith(defaultContext)) {
args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
}
if (inputs.shmSize) {
args.push('--shm-size', inputs.shmSize);
}
await asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh);
});
await asyncForEach(inputs.tags, async tag => {
args.push('--tag', tag);
});
if (inputs.target) {
args.push('--target', inputs.target);
}
await asyncForEach(inputs.ulimit, async ulimit => {
args.push('--ulimit', ulimit);
});
return args;
}
async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
const args: Array<string> = [];
if (inputs.builder) {
args.push('--builder', inputs.builder);
}
if (inputs.load) {
args.push('--load');
}
if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
args.push('--metadata-file', await buildx.getMetadataFile());
}
if (inputs.network) {
args.push('--network', inputs.network);
}
if (inputs.noCache) {
args.push('--no-cache');
}
if (inputs.pull) {
args.push('--pull');
}
if (inputs.push) {
args.push('--push');
}
return args;
}
export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
const res: Array<string> = [];
const items = core.getInput(name);
if (items == '') {
return res;
}
const records = await parse(items, {
columns: false,
relaxQuotes: true,
relaxColumnCount: true,
skipEmptyLines: true
});
for (const record of records as Array<string[]>) {
if (record.length == 1) {
res.push(record[0]);
continue;
} else if (!ignoreComma) {
res.push(...record);
continue;
}
res.push(record.join(','));
}
return res.filter(item => item).map(pat => pat.trim());
}
export const asyncForEach = async (array, callback) => {
for (let index = 0; index < array.length; index++) {
await callback(array[index], index, array);
}
};
function getProvenanceInput(name: string): string {
const input = core.getInput(name);
if (!input) {
// if input is not set, default values will be set later.
return input;
}
const builderID = provenanceBuilderID();
try {
return core.getBooleanInput(name) ? `builder-id=${builderID}` : 'false';
} catch (err) {
// not a valid boolean, so we assume it's a string
return getProvenanceAttrs(input);
}
}
function getProvenanceAttrs(input: string): string {
const builderID = provenanceBuilderID();
// parse attributes from input
const fields = parse(input, {
relaxColumnCount: true,
skipEmptyLines: true
})[0];
// check if builder-id attribute exists in the input
for (const field of fields) {
const parts = field
.toString()
.split(/(?<=^[^=]+?)=/)
.map(item => item.trim());
if (parts[0] == 'builder-id') {
return input;
}
}
// if not add builder-id attribute
return `${input},builder-id=${builderID}`;
}
function hasDockerExport(inputs: Inputs): boolean {
if (inputs.load) {
return true;
}
for (const output of inputs.outputs) {
const fields = parse(output, {
relaxColumnCount: true,
skipEmptyLines: true
})[0];
for (const field of fields) {
const parts = field
.toString()
.split(/(?<=^[^=]+?)=/)
.map(item => item.trim());
if (parts.length != 2) {
continue;
}
if (parts[0] == 'type' && parts[1] == 'docker') {
return true;
}
}
}
return false;
}

View File

@@ -1,19 +0,0 @@
import * as exec from '@actions/exec';
export async function isAvailable(): Promise<boolean> {
return await exec
.getExecOutput('docker', undefined, {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
return false;
}
return res.exitCode == 0;
})
// eslint-disable-next-line @typescript-eslint/no-unused-vars
.catch(error => {
return false;
});
}

View File

@@ -1,9 +0,0 @@
import jwt_decode, {JwtPayload} from 'jwt-decode';
interface Jwt extends JwtPayload {
ac?: string;
}
export const parseRuntimeToken = (token: string): Jwt => {
return jwt_decode<Jwt>(token);
};

View File

@@ -1,105 +0,0 @@
import * as fs from 'fs';
import * as buildx from './buildx';
import * as context from './context';
import * as docker from './docker';
import * as github from './github';
import * as stateHelper from './state-helper';
import * as core from '@actions/core';
import * as exec from '@actions/exec';
async function run(): Promise<void> {
try {
const defContext = context.defaultContext();
const inputs: context.Inputs = await context.getInputs(defContext);
// standalone if docker cli not available
const standalone = !(await docker.isAvailable());
await core.group(`GitHub Actions runtime token access controls`, async () => {
const actionsRuntimeToken = process.env['ACTIONS_RUNTIME_TOKEN'];
if (actionsRuntimeToken) {
core.info(JSON.stringify(JSON.parse(github.parseRuntimeToken(actionsRuntimeToken).ac as string), undefined, 2));
} else {
core.info(`ACTIONS_RUNTIME_TOKEN not set`);
}
});
core.startGroup(`Docker info`);
if (standalone) {
core.info(`Docker info skipped in standalone mode`);
} else {
await exec.exec('docker', ['version'], {
failOnStdErr: false
});
await exec.exec('docker', ['info'], {
failOnStdErr: false
});
}
core.endGroup();
if (!(await buildx.isAvailable(standalone))) {
core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
return;
}
stateHelper.setTmpDir(context.tmpDir());
const buildxVersion = await buildx.getVersion(standalone);
await core.group(`Buildx version`, async () => {
const versionCmd = buildx.getCommand(['version'], standalone);
await exec.exec(versionCmd.command, versionCmd.args, {
failOnStdErr: false
});
});
const args: string[] = await context.getArgs(inputs, defContext, buildxVersion, standalone);
const buildCmd = buildx.getCommand(args, standalone);
await exec
.getExecOutput(buildCmd.command, buildCmd.args, {
ignoreReturnCode: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
}
});
const imageID = await buildx.getImageID();
const metadata = await buildx.getMetadata();
const digest = await buildx.getDigest(metadata);
if (imageID) {
await core.group(`ImageID`, async () => {
core.info(imageID);
core.setOutput('imageid', imageID);
});
}
if (digest) {
await core.group(`Digest`, async () => {
core.info(digest);
core.setOutput('digest', digest);
});
}
if (metadata) {
await core.group(`Metadata`, async () => {
core.info(metadata);
core.setOutput('metadata', metadata);
});
}
} catch (error) {
core.setFailed(error.message);
}
}
async function cleanup(): Promise<void> {
if (stateHelper.tmpDir.length > 0) {
core.startGroup(`Removing temp folder ${stateHelper.tmpDir}`);
fs.rmSync(stateHelper.tmpDir, {recursive: true});
core.endGroup();
}
}
if (!stateHelper.IsPost) {
run();
} else {
cleanup();
}

View File

@@ -1,12 +0,0 @@
import * as core from '@actions/core';
export const IsPost = !!process.env['STATE_isPost'];
export const tmpDir = process.env['STATE_tmpDir'] || '';
export function setTmpDir(tmpDir: string) {
core.saveState('tmpDir', tmpDir);
}
if (!IsPost) {
core.saveState('isPost', 'true');
}

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN echo "Hello world!"

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN cat /etc/hosts

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /etc/*release

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM alpine
RUN cat /proc/self/cgroup

View File

@@ -1,16 +0,0 @@
FROM golang:1.19-alpine AS base
ENV CGO_ENABLED=0
RUN apk add --no-cache file git
WORKDIR /src
FROM base as build
COPY go.mod go.sum ./
RUN go mod download -x
COPY . .
RUN go build -ldflags "-s -w" -o /usr/bin/app .
FROM scratch AS binary
COPY --from=build /usr/bin/app /bin/app
FROM alpine:3.17 AS image
COPY --from=build /usr/bin/app /bin/app

View File

@@ -1,19 +0,0 @@
module github.com/docker/build-push-action/test/go
go 1.18
require github.com/labstack/echo/v4 v4.9.1
require (
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/labstack/gommon v0.4.0 // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v1.2.1 // indirect
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
)

View File

@@ -1,38 +0,0 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/labstack/echo/v4 v4.9.1 h1:GliPYSpzGKlyOhqIbG8nmHBo3i1saKWFOgh41AN3b+Y=
github.com/labstack/echo/v4 v4.9.1/go.mod h1:Pop5HLc+xoc4qhTZ1ip6C0RtP7Z+4VzRLWZZFKqbbjo=
github.com/labstack/gommon v0.4.0 h1:y7cvthEAEbU0yHOf4axH8ZG2NH8knB9iNSoTO8dyIk8=
github.com/labstack/gommon v0.4.0/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs=
github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4=
github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f h1:OfiFi4JbukWwe3lzw+xunroH1mnC1e2Gy5cxNJApiSY=
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b h1:1VkfZQv42XQlA/jchYumAnv1UPo6RgF9rJFkTgZIxO4=
golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE=
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

View File

@@ -1,31 +0,0 @@
package main
import (
"net/http"
"os"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
)
func main() {
e := echo.New()
e.Use(middleware.Logger())
e.Use(middleware.Recover())
e.GET("/", func(c echo.Context) error {
return c.HTML(http.StatusOK, "Hello World")
})
e.GET("/ping", func(c echo.Context) error {
return c.JSON(http.StatusOK, struct{ Status string }{Status: "OK"})
})
httpPort := os.Getenv("HTTP_PORT")
if httpPort == "" {
httpPort = "8080"
}
e.Logger.Fatal(e.Start(":" + httpPort))
}

View File

@@ -1,20 +0,0 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
RUN apk --update --no-cache add \
shadow \
sudo \
&& addgroup -g 1200 buildx \
&& adduser -u 1200 -G buildx -s /sbin/nologin -D buildx \
&& echo 'buildx ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& rm -rf /tmp/* /var/cache/apk/*
USER buildx
RUN sudo chown buildx. /log
USER root
FROM alpine
COPY --from=build /log /log
RUN ls -al /log

View File

@@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
FROM alpine
COPY --from=build /log /log

View File

@@ -1,9 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox AS base
RUN echo "Hello world!" > /hello
FROM alpine AS build
COPY --from=base /hello /hello
RUN uname -a
FROM build

View File

@@ -1,4 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN --mount=type=secret,id=MYSECRET \
echo "MYSECRET=$(cat /run/secrets/MYSECRET)"

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN mount | grep /dev/shm

View File

@@ -1,3 +0,0 @@
# syntax=docker/dockerfile:1
FROM busybox
RUN ulimit -a

View File

@@ -1,19 +0,0 @@
{
"compilerOptions": {
"target": "es6",
"module": "commonjs",
"newLine": "lf",
"outDir": "./lib",
"rootDir": "./src",
"esModuleInterop": true,
"forceConsistentCasingInFileNames": true,
"strict": true,
"noImplicitAny": false,
"useUnknownInCatchVariables": false,
},
"exclude": [
"node_modules",
"**/*.test.ts",
"jest.config.ts"
]
}

3803
yarn.lock

File diff suppressed because it is too large Load Diff