actions/build-push-action
1
0
Fork 0
mirror of https://github.com/docker/build-push-action.git synced 2024-11-09 20:05:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions:v5
Branches Tags
actions:master
actions:dependabot/npm_and_yarn/docker/actions-toolkit-0.43.0
actions:dependabot/npm_and_yarn/actions/core-1.11.1
actions:releases/v5
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v6.9.0
actions:v6.8.0
actions:v6.7.0
actions:v6.6.1
actions:v6.6.0
actions:v6.5.0
actions:v6.4.1
actions:v6.4.0
actions:v6.3.0
actions:v6.2.0
actions:v6.1.0
actions:v6.0.2
actions:v6.0.1
actions:v6
actions:v6.0.0
actions:v5.4.0
actions:v5.3.0
actions:v5.2.0
actions:v5
actions:v5.1.0
actions:v5.0.0
actions:v4.2.1
actions:v4
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3
actions:v3.3.1
actions:v3.3.0
actions:v3.2.0
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2
actions:v2.10.0
actions:v2.9.0
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.0
actions:v2.0.1
actions:v1.1.2
actions:v1
actions:v2.0.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0
actions:v1.0.0
..
compare: actions:v4
Branches Tags
actions:dependabot/npm_and_yarn/docker/actions-toolkit-0.43.0
actions:master
actions:dependabot/npm_and_yarn/actions/core-1.11.1
actions:releases/v5
actions:releases/v4
actions:releases/v3
actions:releases/v2
actions:releases/v1
actions:v6.9.0
actions:v6.8.0
actions:v6.7.0
actions:v6.6.1
actions:v6.6.0
actions:v6.5.0
actions:v6.4.1
actions:v6.4.0
actions:v6.3.0
actions:v6.2.0
actions:v6.1.0
actions:v6.0.2
actions:v6.0.1
actions:v6
actions:v6.0.0
actions:v5.4.0
actions:v5.3.0
actions:v5.2.0
actions:v5
actions:v5.1.0
actions:v5.0.0
actions:v4.2.1
actions:v4
actions:v4.2.0
actions:v4.1.1
actions:v4.1.0
actions:v4.0.0
actions:v3
actions:v3.3.1
actions:v3.3.0
actions:v3.2.0
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2
actions:v2.10.0
actions:v2.9.0
actions:v2.8.0
actions:v2.7.0
actions:v2.6.1
actions:v2.6.0
actions:v2.5.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.0
actions:v2.0.1
actions:v1.1.2
actions:v1
actions:v2.0.0
actions:v1.1.1
actions:v1.1.0
actions:v1.0.1
actions:v1.0
actions:v1.0.0

No commits in common. "v5" and "v4" have entirely different histories.
v5 ... v4

39 changed files with 4404 additions and 9590 deletions
Show Stats Expand all files Collapse all files

12
.dockerignore
View File

@ -1,12 +1,2 @@
/coverage
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
/node_modules

3
.eslintignore
View File

@ -1,3 +0,0 @@
/dist/**
/coverage/**
/node_modules/**

5
.eslintrc.json
View File

@ -1,19 +1,18 @@
{
"env": {
"node": true,
"es6": true,
"es2021": true,
"jest": true
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended",
"plugin:jest/recommended",
"plugin:prettier/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2023,
"ecmaVersion": "latest",
"sourceType": "module"
},
"plugins": [

2
.gitattributes vendored
View File

@ -1,4 +1,2 @@
/.yarn/releases/** binary
/.yarn/plugins/** binary
/dist/** linguist-generated=true
/lib/** linguist-generated=true

11
.github/workflows/.e2e-run.yml vendored
View File

@ -75,11 +75,10 @@ jobs:
if: inputs.type == 'local'
run: |
sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
sudo chown $(id -u):$(id -g) -R ~/.docker
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY_SLUG || inputs.slug }}
tags: |
@ -88,13 +87,13 @@ jobs:
type=raw,gh-runid-${{ github.run_id }}
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ matrix.buildx_version }}
buildkitd-config: /tmp/buildkitd.toml
config: /tmp/buildkitd.toml
buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
driver-opts: |
image=${{ matrix.buildkit_image }}
@ -102,7 +101,7 @@ jobs:
-
name: Login to Registry
if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}

350
.github/workflows/ci.yml vendored
View File

@ -38,7 +38,7 @@ jobs:
path: action
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -64,11 +64,11 @@ jobs:
path: action
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -113,11 +113,11 @@ jobs:
path: action
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -170,11 +170,11 @@ jobs:
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -220,7 +220,7 @@ jobs:
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v4
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
@ -233,7 +233,7 @@ jobs:
type=sha
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -302,10 +302,10 @@ jobs:
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -378,7 +378,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -393,31 +393,6 @@ jobs:
MYSECRET=foo
INVALID_SECRET=
secret-envs:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build
uses: ./
env:
ENV_SECRET: foo
with:
context: .
file: ./test/secret.Dockerfile
secret-envs: |
MYSECRET=ENV_SECRET
INVALID_SECRET=
network:
runs-on: ubuntu-latest
steps:
@ -426,7 +401,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -450,7 +425,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -472,7 +447,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -497,7 +472,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -520,7 +495,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -545,7 +520,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -579,7 +554,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ matrix.buildx }}
driver-opts: |
@ -598,31 +573,19 @@ jobs:
strategy:
fail-fast: false
matrix:
include:
- target: image
output: type=image,name=localhost:5000/name/app:latest,push=true
attr: mode=max
- target: image
output: type=image,name=localhost:5000/name/app:latest,push=true
attr: ''
- target: binary
output: /tmp/buildx-build
attr: mode=max
- target: binary
output: /tmp/buildx-build
attr: ''
services:
registry:
image: registry:2
ports:
- 5000:5000
attrs:
- ''
- mode=max
- builder-id=foo
- false
- true
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -634,24 +597,11 @@ jobs:
with:
context: ./test/go
file: ./test/go/Dockerfile
target: ${{ matrix.target }}
outputs: ${{ matrix.output }}
provenance: ${{ matrix.attr }}
-
name: Inspect Provenance
if: matrix.target == 'image'
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}'
-
name: Check output folder
if: matrix.target == 'binary'
run: |
tree /tmp/buildx-build
-
name: Print local Provenance
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
target: binary
outputs: type=oci,dest=/tmp/build.tar
provenance: ${{ matrix.attrs }}
cache-from: type=gha,scope=provenance
cache-to: type=gha,scope=provenance,mode=max
sbom:
runs-on: ubuntu-latest
@ -674,7 +624,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -692,17 +642,22 @@ jobs:
cache-from: type=gha,scope=attests-${{ matrix.target }}
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
-
name: Inspect SBOM
name: Inspect image
if: matrix.target == 'image'
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}'
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check output folder
if: matrix.target == 'binary'
run: |
tree /tmp/buildx-build
-
name: Print local SBOM
name: Print provenance
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
-
name: Print SBOM
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/sbom.spdx.json | jq
@ -726,11 +681,11 @@ jobs:
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -795,7 +750,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver: ${{ matrix.driver }}
@ -865,10 +820,10 @@ jobs:
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -914,10 +869,10 @@ jobs:
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -942,63 +897,6 @@ jobs:
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
local-cache:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Cache Build
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-local-test-${{ github.sha }}
restore-keys: |
${{ runner.os }}-local-test-
-
name: Build and push
uses: ./
with:
context: ./test
file: ./test/multi.Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
localhost:5000/name/app:latest
localhost:5000/name/app:1.0.0
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
-
name: Inspect
run: |
docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'
-
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
standalone:
runs-on: ubuntu-latest
steps:
@ -1015,7 +913,7 @@ jobs:
fi
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -1036,7 +934,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -1058,7 +956,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver: docker
@ -1092,7 +990,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -1155,7 +1053,7 @@ jobs:
echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -1187,7 +1085,7 @@ jobs:
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
@ -1202,145 +1100,3 @@ jobs:
with:
context: ./test
file: ./test/Dockerfile
annotations:
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: localhost:5000/name/app
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-
name: Build and push to local registry
uses: ./
with:
context: ./test
file: ./test/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
annotations: |
index:com.example.key=value
index:com.example.key2=value2
manifest:com.example.key3=value3
-
name: Check manifest
run: |
docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
multi-output:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
outputs: |
type=image,name=localhost:5000/name/app:latest,push=true
type=docker,name=app:local
type=oci,dest=/tmp/oci.tar
-
name: Check registry
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check docker
run: |
docker image inspect app:local
-
name: Check oci
run: |
set -ex
mkdir -p /tmp/oci-out
tar xf /tmp/oci.tar -C /tmp/oci-out
tree -nh /tmp/oci-out
load-and-push:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
driver-opts: |
network=host
image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build
uses: ./
with:
context: ./test
file: ./test/Dockerfile
load: true
push: true
tags: localhost:5000/name/app:latest
-
name: Check registry
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
-
name: Check docker
run: |
docker image inspect localhost:5000/name/app:latest

4
.github/workflows/e2e.yml vendored
View File

@ -90,8 +90,8 @@ jobs:
type: remote
-
name: Artifactory
registry: infradock.jfrog.io
slug: infradock.jfrog.io/test-ghaction/build-push-action
registry: sforzando-build-team-local.jfrog.io
slug: sforzando-build-team-local.jfrog.io/build-push-action-e2e
username_secret: ARTIFACTORY_USERNAME
password_secret: ARTIFACTORY_TOKEN
type: remote

5
.github/workflows/test.yml vendored
View File

@ -20,12 +20,11 @@ jobs:
uses: actions/checkout@v4
-
name: Test
uses: docker/bake-action@v4
uses: docker/bake-action@v3
with:
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v3
with:
file: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

2
.github/workflows/validate.yml vendored
View File

@ -40,6 +40,6 @@ jobs:
uses: actions/checkout@v4
-
name: Validate
uses: docker/bake-action@v4
uses: docker/bake-action@v3
with:
targets: ${{ matrix.target }}

66
.gitignore vendored
View File

@ -1,5 +1,7 @@
# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
node_modules
lib
# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
@ -7,7 +9,6 @@ npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -18,14 +19,34 @@ pids
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
@ -35,19 +56,36 @@ jspm_packages/
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
# dotenv environment variables file
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
.env.test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/

6
.prettierignore
View File

@ -1,6 +0,0 @@
# Dependency directories
node_modules/
jspm_packages/
# yarn v2
.yarn/

BIN
.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs vendored
View File

Binary file not shown.

13
.yarnrc.yml
View File

@ -1,13 +0,0 @@
logFilters:
- code: YN0013
level: discard
- code: YN0019
level: discard
- code: YN0076
level: discard
nodeLinker: node-modules
plugins:
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
spec: "@yarnpkg/plugin-interactive-tools"

48
README.md
View File

@ -31,9 +31,6 @@ ___
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
* [Customizing](#customizing)
* [inputs](#inputs)
* [outputs](#outputs)
@ -77,19 +74,19 @@ jobs:
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
-
name: Login to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
push: true
tags: user/app:latest
@ -111,16 +108,24 @@ to the default Git context:
# Setting up Docker Buildx with docker-container driver is required
# at the moment to be able to use a subdirectory with Git context
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
-
name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:mysubdir"
push: true
tags: user/app:latest
```
> **Warning**
>
> Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0).
> If you're using the `docker` builder (default if `setup-buildx-action` not used),
> then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
> Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
> required to use the `setup-buildx-action` at the moment.
Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
so it does not need to be passed. If you want to authenticate against another
private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
@ -129,7 +134,7 @@ named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
```yaml
-
name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
push: true
tags: user/app:latest
@ -153,22 +158,22 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
-
name: Login to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
push: true
@ -189,9 +194,6 @@ jobs:
* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
## Customizing
@ -215,7 +217,6 @@ Following inputs can be used as `step.with` keys
|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
| `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) |
| `annotations` | List | List of annotation to set to the image |
| `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) |
| `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
| `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) |
@ -230,14 +231,13 @@ Following inputs can be used as `step.with` keys
| `network` | String | Set the networking mode for the `RUN` instructions during build |
| `no-cache` | Bool | Do not use cache when building the image (default `false`) |
| `no-cache-filters` | List/CSV | Do not cache specified stages |
| `outputs` | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `outputs`¹ | List | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`) |
| `platforms` | List/CSV | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build |
| `provenance` | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`) |
| `pull` | Bool | Always attempt to pull all referenced images (default `false`) |
| `push` | Bool | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`) |
| `sbom` | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`) |
| `secrets` | List | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
| `secret-envs` | List/CSV | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`) |
| `secret-files` | List | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
| `shm-size` | String | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`) |
| `ssh` | List | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build |
@ -246,9 +246,13 @@ Following inputs can be used as `step.with` keys
| `ulimit` | List | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) |
| `github-token` | String | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
> **Note**
>
> * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555)
### outputs
The following outputs are available:
Following outputs are available
| Name | Type | Description |
|------------|---------|-----------------------|

14
TROUBLESHOOTING.md
View File

@ -45,13 +45,13 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: --debug
-
@ -59,7 +59,7 @@ jobs:
uses: crazy-max/ghaction-setup-containerd@v2
-
name: Build Docker image
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
@ -112,7 +112,7 @@ to generate sanitized tags:
tags: latest
- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
push: true
@ -130,7 +130,7 @@ Or a dedicated step to sanitize the slug:
script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v4
with:
context: .
push: true
@ -156,7 +156,7 @@ Sometimes when your workflows are heavy consumers of disk storage, it can happen
```yaml
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
with:
driver: docker
```

262
__tests__/context.test.ts
View File

@ -1,16 +1,13 @@
import {beforeEach, describe, expect, jest, test} from '@jest/globals';
import * as fs from 'fs';
import * as path from 'path';
import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder';
import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
import * as context from '../src/context';
@ -38,16 +35,6 @@ jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean>
return true;
});
const metadataJson = path.join(tmpDir, 'metadata.json');
jest.spyOn(Build.prototype, 'getMetadataFilePath').mockImplementation((): string => {
return metadataJson;
});
const imageIDFilePath = path.join(tmpDir, 'iidfile.txt');
jest.spyOn(Build.prototype, 'getImageIDFilePath').mockImplementation((): string => {
return imageIDFilePath;
});
jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
return {
name: 'builder2',
@ -91,7 +78,7 @@ describe('getArgs', () => {
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'.'
]
],
@ -114,7 +101,7 @@ ccc"`],
'--build-arg', 'MY_ARG=val1,val2,val3',
'--build-arg', 'ARG=val',
'--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'https://github.com/docker/build-push-action.git#refs/heads/master'
]
],
@ -130,7 +117,7 @@ ccc"`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--tag', 'name/app:7.4',
'--tag', 'name/app:latest',
'https://github.com/docker/build-push-action.git#refs/heads/master'
@ -185,7 +172,7 @@ ccc"`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'.'
]
],
@ -202,7 +189,7 @@ ccc"`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'.'
]
@ -243,7 +230,7 @@ ccc"`],
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--builder', 'builder-git-context-2',
@ -277,7 +264,7 @@ ccc"`],
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`,
@ -314,7 +301,7 @@ ccc`],
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--platform', 'linux/amd64,linux/arm64',
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--secret', `id=MYSECRET,src=${tmpName}`,
@ -343,7 +330,7 @@ ccc`],
[
'build',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=MY_SECRET,src=${tmpName}`,
'--builder', 'builder-git-context-2',
'--network', 'host',
@ -390,8 +377,8 @@ ccc`],
'--add-host', 'docker:10.180.0.1',
'--add-host', 'foo:10.0.0.1',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'--network', 'host',
'--push',
'.'
@ -419,11 +406,11 @@ nproc=3`],
'--add-host', 'foo:10.0.0.1',
'--cgroup-parent', 'foo',
'--file', './test/Dockerfile',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--shm-size', '2g',
'--ulimit', 'nofile=1024:1024',
'--ulimit', 'nproc=3',
'--metadata-file', metadataJson,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -439,8 +426,8 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
]
],
@ -457,9 +444,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
'--metadata-file', metadataJson,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
]
],
@ -476,8 +463,8 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -493,9 +480,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -512,9 +499,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -531,9 +518,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -550,9 +537,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', 'type=provenance,disabled=true',
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--provenance", 'false',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -569,9 +556,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', 'type=provenance,builder-id=foo',
'--metadata-file', metadataJson,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--provenance", 'builder-id=foo',
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -588,9 +575,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
"--output", 'type=docker',
'--metadata-file', metadataJson,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -606,9 +593,9 @@ nproc=3`],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--load',
'--metadata-file', metadataJson,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],
@ -626,176 +613,9 @@ nproc=3`],
[
'build',
'--build-arg', 'FOO=bar#baz',
'--iidfile', imageIDFilePath,
'--iidfile', path.join(tmpDir, 'iidfile'),
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
26,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', `MY_SECRET=MY_SECRET_ENV
ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
27,
'0.10.0',
new Map<string, string>([
['context', '.'],
['no-cache', 'false'],
['load', 'true'],
['push', 'false'],
['pull', 'false'],
['secret-envs', 'MY_SECRET=MY_SECRET_ENV,ANOTHER_SECRET=ANOTHER_SECRET_ENV']
]),
[
'build',
'--secret', 'id=MY_SECRET,env=MY_SECRET_ENV',
'--secret', 'id=ANOTHER_SECRET,env=ANOTHER_SECRET_ENV',
'--iidfile', imageIDFilePath,
'--load',
'--metadata-file', metadataJson,
'.'
]
],
[
28,
'0.11.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'.'
]
],
[
29,
'0.12.0',
new Map<string, string>([
['context', '.'],
['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'],
['outputs', 'type=local,dest=./release-out'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--annotation', 'example1=www',
'--annotation', 'index:example2=xxx',
'--annotation', 'manifest:example3=yyy',
'--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz',
'--output', 'type=local,dest=./release-out',
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'.'
]
],
[
30,
'0.12.0',
new Map<string, string>([
['context', '.'],
['outputs', `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
]),
[
'build',
'--iidfile', imageIDFilePath,
"--output", `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`,
'--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'.'
]
],
[
31,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['provenance', 'mode=max'],
['sbom', 'true'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--attest', `type=sbom,disabled=false`,
'--metadata-file', metadataJson,
'.'
]
],
[
32,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
['provenance', 'mode=max'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'.'
]
],
[
33,
'0.13.1',
new Map<string, string>([
['context', '.'],
['load', 'false'],
['no-cache', 'false'],
['push', 'false'],
['pull', 'false'],
['attests', 'type=provenance,mode=min'],
]),
[
'build',
'--iidfile', imageIDFilePath,
'--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
'--metadata-file', metadataJson,
'--metadata-file', path.join(tmpDir, 'metadata-file'),
'.'
]
],

8
action.yml
View File

@ -13,9 +13,6 @@ inputs:
allow:
description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
required: false
annotations:
description: "List of annotation to set to the image"
required: false
attests:
description: "List of attestation parameters (e.g., type=sbom,generator=image)"
required: false
@ -83,9 +80,6 @@ inputs:
secrets:
description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
required: false
secret-envs:
description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
required: false
secret-files:
description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
required: false
@ -118,6 +112,6 @@ outputs:
description: 'Build result metadata'
runs:
using: 'node20'
using: 'node16'
main: 'dist/index.js'
post: 'dist/index.js'

56
dev.Dockerfile
View File

@ -1,20 +1,15 @@
# syntax=docker/dockerfile:1
ARG NODE_VERSION=20
ARG NODE_VERSION=16
ARG DOCKER_VERSION=20.10.13
ARG BUILDX_VERSION=0.8.0
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
WORKDIR /src
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache <<EOT
corepack enable
yarn --version
yarn config set --home enableTelemetry 0
EOT
FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
@ -23,19 +18,18 @@ COPY --from=deps /vendor /
FROM deps AS vendor-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
set -e
git add -A
cp -rf /vendor/* .
if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
git status --porcelain -- yarn.lock
exit 1
fi
EOT
FROM deps AS build
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run build && mkdir /out && cp -Rf dist /out/
@ -44,37 +38,39 @@ COPY --from=build /out /
FROM build AS build-validate
RUN --mount=type=bind,target=.,rw <<EOT
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
set -e
git add -A
cp -rf /out/* .
if [ -n "$(git status --porcelain -- dist)" ]; then
echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
git status --porcelain -- dist
exit 1
fi
EOT
FROM deps AS format
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run format \
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
&& mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
FROM scratch AS format-update
COPY --from=format /out /
FROM deps AS lint
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run lint
FROM docker:${DOCKER_VERSION} as docker
FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
FROM deps AS test
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn run test --coverage --coverageDirectory=/tmp/coverage
--mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
--mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
yarn run test --coverageDirectory=/tmp/coverage
FROM scratch AS test-coverage
COPY --from=test /tmp/coverage /

90
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

2101
dist/licenses.txt generated vendored
View File

File diff suppressed because it is too large Load Diff

4
docker-bake.hcl
View File

@ -3,7 +3,7 @@ group "default" {
}
group "pre-checkin" {
targets = ["vendor", "format", "build"]
targets = ["vendor-update", "format", "build"]
}
group "validate" {
@ -34,7 +34,7 @@ target "lint" {
output = ["type=cacheonly"]
}
target "vendor" {
target "vendor-update" {
dockerfile = "dev.Dockerfile"
target = "vendor-update"
output = ["."]

3
docs/advanced/cache.md Normal file
View File

@ -0,0 +1,3 @@
# Cache
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/cache/)

3
docs/advanced/copy-between-registries.md Normal file
View File

@ -0,0 +1,3 @@
# Copy images between registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)

3
docs/advanced/dockerhub-desc.md Normal file
View File

@ -0,0 +1,3 @@
# Update Docker Hub repo description
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)

3
docs/advanced/export-docker.md Normal file
View File

@ -0,0 +1,3 @@
# Export image to Docker
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/export-docker/)

3
docs/advanced/isolated-builders.md Normal file
View File

@ -0,0 +1,3 @@
# Isolated builders
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders)

3
docs/advanced/local-registry.md Normal file
View File

@ -0,0 +1,3 @@
# Local registry
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/local-registry/)

3
docs/advanced/multi-platform.md Normal file
View File

@ -0,0 +1,3 @@
# Multi-platform image
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/multi-platform/)

3
docs/advanced/named-contexts.md Normal file
View File

@ -0,0 +1,3 @@
# Named contexts
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/named-contexts/)

3
docs/advanced/push-multi-registries.md Normal file
View File

@ -0,0 +1,3 @@
# Push to multi-registries
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)

3
docs/advanced/secrets.md Normal file
View File

@ -0,0 +1,3 @@
# Secrets
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/secrets/)

3
docs/advanced/share-image-jobs.md Normal file
View File

@ -0,0 +1,3 @@
# Share built image between jobs
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)

3
docs/advanced/tags-labels.md Normal file
View File

@ -0,0 +1,3 @@
# Handle tags and labels
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)

3
docs/advanced/test-before-push.md Normal file
View File

@ -0,0 +1,3 @@
# Test your image before pushing it
This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/test-before-push/)

55
package.json
View File

@ -1,16 +1,13 @@
{
"name": "docker-build-push",
"description": "Build and push Docker images",
"main": "src/main.ts",
"main": "lib/main.js",
"scripts": {
"build": "ncc build --source-map --minify --license licenses.txt",
"lint": "yarn run prettier && yarn run eslint",
"format": "yarn run prettier:fix && yarn run eslint:fix",
"eslint": "eslint --max-warnings=0 .",
"eslint:fix": "eslint --fix .",
"prettier": "prettier --check \"./**/*.ts\"",
"prettier:fix": "prettier --write \"./**/*.ts\"",
"test": "jest"
"build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
"lint": "eslint src/**/*.ts __tests__/**/*.ts",
"format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
"test": "jest --coverage",
"all": "yarn run build && yarn run format && yarn test"
},
"repository": {
"type": "git",
@ -22,27 +19,33 @@
"build",
"push"
],
"author": "Docker Inc.",
"author": "Docker",
"contributors": [
{
"name": "CrazyMax",
"url": "https://crazymax.dev"
}
],
"license": "Apache-2.0",
"packageManager": "yarn@3.6.3",
"dependencies": {
"@actions/core": "^1.10.1",
"@docker/actions-toolkit": "0.24.0",
"@actions/core": "^1.10.0",
"@docker/actions-toolkit": "^0.8.0",
"handlebars": "^4.7.7"
},
"devDependencies": {
"@types/node": "^20.12.12",
"@typescript-eslint/eslint-plugin": "^7.9.0",
"@typescript-eslint/parser": "^7.9.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-jest": "^28.5.0",
"eslint-plugin-prettier": "^5.1.3",
"jest": "^29.7.0",
"prettier": "^3.2.5",
"ts-jest": "^29.1.2",
"ts-node": "^10.9.2",
"typescript": "^5.4.5"
"@types/csv-parse": "^1.2.2",
"@types/node": "^16.18.21",
"@typescript-eslint/eslint-plugin": "^5.56.0",
"@typescript-eslint/parser": "^5.56.0",
"@vercel/ncc": "^0.36.1",
"eslint": "^8.36.0",
"eslint-config-prettier": "^8.8.0",
"eslint-plugin-jest": "^27.2.1",
"eslint-plugin-prettier": "^4.2.1",
"jest": "^29.5.0",
"prettier": "^2.8.7",
"ts-jest": "^29.0.5",
"ts-node": "^10.9.1",
"typescript": "^4.9.5"
}
}

180
src/context.ts
View File

@ -1,30 +1,28 @@
import * as core from '@actions/core';
import * as handlebars from 'handlebars';
import {Build} from '@docker/actions-toolkit/lib/buildx/build';
import {Context} from '@docker/actions-toolkit/lib/context';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {Util} from '@docker/actions-toolkit/lib/util';
export interface Inputs {
'add-hosts': string[];
addHosts: string[];
allow: string[];
annotations: string[];
attests: string[];
'build-args': string[];
'build-contexts': string[];
buildArgs: string[];
buildContexts: string[];
builder: string;
'cache-from': string[];
'cache-to': string[];
'cgroup-parent': string;
cacheFrom: string[];
cacheTo: string[];
cgroupParent: string;
context: string;
file: string;
labels: string[];
load: boolean;
network: string;
'no-cache': boolean;
'no-cache-filters': string[];
noCache: boolean;
noCacheFilters: string[];
outputs: string[];
platforms: string[];
provenance: string;
@ -32,50 +30,47 @@ export interface Inputs {
push: boolean;
sbom: string;
secrets: string[];
'secret-envs': string[];
'secret-files': string[];
'shm-size': string;
secretFiles: string[];
shmSize: string;
ssh: string[];
tags: string[];
target: string;
ulimit: string[];
'github-token': string;
githubToken: string;
}
export async function getInputs(): Promise<Inputs> {
return {
'add-hosts': Util.getInputList('add-hosts'),
addHosts: Util.getInputList('add-hosts'),
allow: Util.getInputList('allow'),
annotations: Util.getInputList('annotations', {ignoreComma: true}),
attests: Util.getInputList('attests', {ignoreComma: true}),
'build-args': Util.getInputList('build-args', {ignoreComma: true}),
'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}),
buildArgs: Util.getInputList('build-args', {ignoreComma: true}),
buildContexts: Util.getInputList('build-contexts', {ignoreComma: true}),
builder: core.getInput('builder'),
'cache-from': Util.getInputList('cache-from', {ignoreComma: true}),
'cache-to': Util.getInputList('cache-to', {ignoreComma: true}),
'cgroup-parent': core.getInput('cgroup-parent'),
cacheFrom: Util.getInputList('cache-from', {ignoreComma: true}),
cacheTo: Util.getInputList('cache-to', {ignoreComma: true}),
cgroupParent: core.getInput('cgroup-parent'),
context: core.getInput('context') || Context.gitContext(),
file: core.getInput('file'),
labels: Util.getInputList('labels', {ignoreComma: true}),
load: core.getBooleanInput('load'),
network: core.getInput('network'),
'no-cache': core.getBooleanInput('no-cache'),
'no-cache-filters': Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
noCache: core.getBooleanInput('no-cache'),
noCacheFilters: Util.getInputList('no-cache-filters'),
outputs: Util.getInputList('outputs', {ignoreComma: true}),
platforms: Util.getInputList('platforms'),
provenance: Build.getProvenanceInput('provenance'),
provenance: BuildxInputs.getProvenanceInput('provenance'),
pull: core.getBooleanInput('pull'),
push: core.getBooleanInput('push'),
sbom: core.getInput('sbom'),
secrets: Util.getInputList('secrets', {ignoreComma: true}),
'secret-envs': Util.getInputList('secret-envs'),
'secret-files': Util.getInputList('secret-files', {ignoreComma: true}),
'shm-size': core.getInput('shm-size'),
secretFiles: Util.getInputList('secret-files', {ignoreComma: true}),
shmSize: core.getInput('shm-size'),
ssh: Util.getInputList('ssh'),
tags: Util.getInputList('tags'),
target: core.getInput('target'),
ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
'github-token': core.getInput('github-token')
githubToken: core.getInput('github-token')
};
}
@ -93,55 +88,44 @@ export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<s
async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = ['build'];
await Util.asyncForEach(inputs['add-hosts'], async addHost => {
await Util.asyncForEach(inputs.addHosts, async addHost => {
args.push('--add-host', addHost);
});
if (inputs.allow.length > 0) {
args.push('--allow', inputs.allow.join(','));
}
if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
await Util.asyncForEach(inputs.annotations, async annotation => {
args.push('--annotation', annotation);
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
await Util.asyncForEach(inputs.attests, async attest => {
args.push('--attest', attest);
});
} else if (inputs.annotations.length > 0) {
core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
}
await Util.asyncForEach(inputs['build-args'], async buildArg => {
await Util.asyncForEach(inputs.buildArgs, async buildArg => {
args.push('--build-arg', buildArg);
});
if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
await Util.asyncForEach(inputs['build-contexts'], async buildContext => {
await Util.asyncForEach(inputs.buildContexts, async buildContext => {
args.push('--build-context', buildContext);
});
} else if (inputs['build-contexts'].length > 0) {
core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
}
await Util.asyncForEach(inputs['cache-from'], async cacheFrom => {
await Util.asyncForEach(inputs.cacheFrom, async cacheFrom => {
args.push('--cache-from', cacheFrom);
});
await Util.asyncForEach(inputs['cache-to'], async cacheTo => {
await Util.asyncForEach(inputs.cacheTo, async cacheTo => {
args.push('--cache-to', cacheTo);
});
if (inputs['cgroup-parent']) {
args.push('--cgroup-parent', inputs['cgroup-parent']);
if (inputs.cgroupParent) {
args.push('--cgroup-parent', inputs.cgroupParent);
}
await Util.asyncForEach(inputs['secret-envs'], async secretEnv => {
try {
args.push('--secret', Build.resolveSecretEnv(secretEnv));
} catch (err) {
core.warning(err.message);
}
});
if (inputs.file) {
args.push('--file', inputs.file);
}
if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath());
if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
}
await Util.asyncForEach(inputs.labels, async label => {
args.push('--label', label);
});
await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => {
await Util.asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
args.push('--no-cache-filter', noCacheFilter);
});
await Util.asyncForEach(inputs.outputs, async output => {
@ -151,29 +135,44 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
args.push('--platform', inputs.platforms.join(','));
}
if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
args.push(...(await getAttestArgs(inputs, toolkit)));
} else {
core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored.");
if (inputs.provenance) {
args.push('--provenance', inputs.provenance);
} else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified and BuildKit version compatible for
// attestation, set default provenance. Also needs to make sure user
// doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
} else {
// for a public repository, we set max provenance mode.
args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`));
}
}
if (inputs.sbom) {
args.push('--sbom', inputs.sbom);
}
}
await Util.asyncForEach(inputs.secrets, async secret => {
try {
args.push('--secret', Build.resolveSecretString(secret));
args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
} catch (err) {
core.warning(err.message);
}
});
await Util.asyncForEach(inputs['secret-files'], async secretFile => {
await Util.asyncForEach(inputs.secretFiles, async secretFile => {
try {
args.push('--secret', Build.resolveSecretFile(secretFile));
args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
} catch (err) {
core.warning(err.message);
}
});
if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`));
if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
}
if (inputs['shm-size']) {
args.push('--shm-size', inputs['shm-size']);
if (inputs.shmSize) {
args.push('--shm-size', inputs.shmSize);
}
await Util.asyncForEach(inputs.ssh, async ssh => {
args.push('--ssh', ssh);
@ -199,12 +198,12 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
args.push('--load');
}
if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath());
args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
}
if (inputs.network) {
args.push('--network', inputs.network);
}
if (inputs['no-cache']) {
if (inputs.noCache) {
args.push('--no-cache');
}
if (inputs.pull) {
@ -215,52 +214,3 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
}
return args;
}
async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
const args: Array<string> = [];
// check if provenance attestation is set in attests input
let hasAttestProvenance = false;
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (Build.hasAttestationType('provenance', attest)) {
hasAttestProvenance = true;
}
});
let provenanceSet = false;
let sbomSet = false;
if (inputs.provenance) {
args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
provenanceSet = true;
} else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
// if provenance not specified in provenance or attests inputs and BuildKit
// version compatible for attestation, set default provenance. Also needs
// to make sure user doesn't want to explicitly load the image to docker.
if (GitHub.context.payload.repository?.private ?? false) {
// if this is a private repository, we set the default provenance
// attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
} else {
// for a public repository, we set max provenance mode.
args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
}
}
if (inputs.sbom) {
args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
sbomSet = true;
}
// set attests but check if provenance or sbom types already set as
// provenance and sbom inputs take precedence over attests input.
await Util.asyncForEach(inputs.attests, async (attest: string) => {
if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
args.push('--attest', Build.resolveAttestationAttrs(attest));
} else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
args.push('--attest', Build.resolveProvenanceAttrs(attest));
} else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
args.push('--attest', attest);
}
});
return args;
}

30
src/main.ts
View File

@ -3,14 +3,13 @@ import * as path from 'path';
import * as stateHelper from './state-helper';
import * as core from '@actions/core';
import * as actionsToolkit from '@docker/actions-toolkit';
import {Context} from '@docker/actions-toolkit/lib/context';
import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
import {Exec} from '@docker/actions-toolkit/lib/exec';
import {GitHub} from '@docker/actions-toolkit/lib/github';
import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
import * as context from './context';
@ -18,8 +17,6 @@ actionsToolkit.run(
// main
async () => {
const inputs: context.Inputs = await context.getInputs();
core.debug(`inputs: ${JSON.stringify(inputs)}`);
const toolkit = new Toolkit();
await core.group(`GitHub Actions runtime token ACs`, async () => {
@ -51,7 +48,7 @@ actionsToolkit.run(
if (dockerConfig && dockerConfig.proxies) {
for (const host in dockerConfig.proxies) {
let prefix = '';
if (Object.keys(dockerConfig.proxies).length > 1) {
if (dockerConfig.proxies.length > 1) {
prefix = ' ';
core.info(host);
}
@ -75,18 +72,8 @@ actionsToolkit.run(
await toolkit.buildx.printVersion();
});
await core.group(`Builder info`, async () => {
const builder = await toolkit.builder.inspect(inputs.builder);
core.info(JSON.stringify(builder, null, 2));
});
const args: string[] = await context.getArgs(inputs, toolkit);
core.debug(`context.getArgs: ${JSON.stringify(args)}`);
const buildCmd = await toolkit.buildx.getCommand(args);
core.debug(`buildCmd.command: ${buildCmd.command}`);
core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`);
await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
ignoreReturnCode: true
}).then(res => {
@ -95,9 +82,9 @@ actionsToolkit.run(
}
});
const imageID = toolkit.buildxBuild.resolveImageID();
const metadata = toolkit.buildxBuild.resolveMetadata();
const digest = toolkit.buildxBuild.resolveDigest();
const imageID = BuildxInputs.resolveBuildImageID();
const metadata = BuildxInputs.resolveBuildMetadata();
const digest = BuildxInputs.resolveDigest();
if (imageID) {
await core.group(`ImageID`, async () => {
@ -113,9 +100,8 @@ actionsToolkit.run(
}
if (metadata) {
await core.group(`Metadata`, async () => {
const metadatadt = JSON.stringify(metadata, null, 2);
core.info(metadatadt);
core.setOutput('metadata', metadatadt);
core.info(metadata);
core.setOutput('metadata', metadata);
});
}
},

10626
yarn.lock
View File

File diff suppressed because it is too large Load Diff