Merge pull request #504 from docker/dependabot/npm_and_yarn/semver-7.7.1

chore(deps): Bump semver from 7.6.3 to 7.7.1

.dockerignore

@@ -1,2 +1,12 @@
 /coverage
-/node_modules
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.eslintignore

@@ -0,0 +1,3 @@
+/dist/**
+/coverage/**
+/node_modules/**

.eslintrc.json

@@ -1,18 +1,19 @@
 {
   "env": {
     "node": true,
-    "es2021": true,
-    "jest/globals": true
+    "es6": true,
+    "jest": true
   },
   "extends": [
     "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
     "plugin:@typescript-eslint/recommended",
     "plugin:jest/recommended",
     "plugin:prettier/recommended"
   ],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "ecmaVersion": "latest",
+    "ecmaVersion": 2023,
     "sourceType": "module"
   },
   "plugins": [

.gitattributes

@@ -1,3 +1,5 @@
+/.yarn/releases/** binary
+/.yarn/plugins/** binary
 /__tests__/fixtures/** -linguist-detectable
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true

.github/CODEOWNERS

@@ -1 +0,0 @@
-*	@crazy-max

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+# Code of conduct
+
+- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,101 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Bug Report
+description: Report a bug
+labels:
+  - status/triage
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report a bug!
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
+
+  - type: checkboxes
+    attributes:
+      label: Contributing guidelines
+      description: >
+        Make sure you've read the contributing guidelines before proceeding.
+      options:
+        - label: I've read the [contributing guidelines](https://github.com/docker/metadata-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: "I've found a bug, and:"
+      description: |
+        Make sure that your request fulfills all of the following requirements.
+        If one requirement cannot be satisfied, explain in detail why.
+      options:
+        - label: The documentation does not mention anything about my problem
+        - label: There are no open or closed issues that are related to my problem
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: >
+        Provide a brief description of the bug in 1-2 sentences.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: >
+        Describe precisely what you'd expect to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Actual behaviour
+      description: >
+        Describe precisely what is actually happening.
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Repository URL
+      description: >
+        Enter the URL of the repository where you are experiencing the
+        issue. If your repository is private, provide a link to a minimal
+        repository that reproduces the issue.
+
+  - type: input
+    attributes:
+      label: Workflow run URL
+      description: >
+        Enter the URL of the GitHub Action workflow run if public (e.g.
+        `https://github.com/<user>/<repo>/actions/runs/<id>`)
+
+  - type: textarea
+    attributes:
+      label: YAML workflow
+      description: |
+        Provide the YAML of the workflow that's causing the issue.
+        Make sure to remove any sensitive information.
+      render: yaml
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Workflow logs
+      description: >
+        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
+        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
+        and make sure to remove any sensitive information.
+
+  - type: textarea
+    attributes:
+      label: BuildKit logs
+      description: >
+        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
+      render: text
+
+  - type: textarea
+    attributes:
+      label: Additional info
+      description: |
+        Provide any additional information that could be useful.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,34 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
----
-
-### Behaviour
-
-#### Steps to reproduce this issue
-
-1.
-2.
-3.
-
-#### Expected behaviour
-
-> Tell us what should happen
-
-#### Actual behaviour
-
-> Tell us what happens instead
-
-### Configuration
-
-* Repository URL (if public): 
-* Build URL (if public): 
-
-```yml
-# paste your YAML workflow file here and remove sensitive data
-```
-
-### Logs
-
-> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
-> and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,9 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: true
+contact_links:
+  - name: Questions and Discussions
+    url: https://github.com/docker/metadata-action/discussions/new
+    about: Use Github Discussions to ask questions and/or open discussion topics.
+  - name: Documentation
+    url: https://docs.docker.com/build/ci/github-actions/
+    about: Read the documentation.

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,15 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Feature request
+description: Missing functionality? Come tell us about it!
+labels:
+  - kind/enhancement
+  - status/triage
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the feature you want to see?
+    validations:
+      required: true

.github/SECURITY.md

@@ -0,0 +1,12 @@
+# Reporting security issues
+
+The project maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+**Please _DO NOT_ file a public issue**, instead send your report privately to
+[security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated, and we will publicly thank you for it.
+We also like to send gifts—if you'd like Docker swag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.

.github/SUPPORT.md

@@ -1,32 +0,0 @@
-# Support [![](https://isitmaintained.com/badge/resolution/docker/metadata-action.svg)](https://isitmaintained.com/project/docker/metadata-action)
-
-## Reporting an issue
-
-Please do a search in [open issues](https://github.com/docker/metadata-action/issues?utf8=%E2%9C%93&q=) to see if the
-issue or feature request has already been filed.
-
-If you find your issue already exists, make relevant comments and add your
-[reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place
-of a "+1" comment.
-
-:+1: - upvote
-
-:-1: - downvote
-
-If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
-
-## Writing good bug reports and feature requests
-
-File a single issue per problem and feature request.
-
-* Do not enumerate multiple bugs or feature requests in the same issue.
-* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
-
-The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
-
-You are now ready to [create a new issue](https://github.com/docker/metadata-action/issues/new/choose)!
-
-## Closure policy
-
-* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
-* Issues that go a week without a response from original poster are subject to closure at our discretion.

.github/dependabot.yml

@@ -11,6 +11,7 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    versioning-strategy: "increase"
     allow:
       - dependency-type: "production"
     labels:

.github/workflows/ci.yml

@@ -1,8 +1,12 @@
 name: ci
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   schedule:
-    - cron: '0 */4 * * *' # every 4 hours
+    - cron: '0 10 * * *'
   push:
     branches:
       - 'master'
@@ -10,20 +14,42 @@ on:
     tags:
       - 'v*.*.*'
   pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'
 
 env:
   DOCKER_IMAGE: localhost:5000/name/app
+  BUILDX_VERSION: latest
 
 jobs:
+  context:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        context:
+          - workflow
+          - git
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          context: ${{ matrix.context }}
+
   multi-images:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -54,7 +80,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -84,7 +116,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -112,7 +150,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -137,7 +181,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -154,7 +204,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -164,12 +220,18 @@ jobs:
             name=ghcr.io/name/app,enable=${{ github.event_name == 'pull_request' }}
             name=ghcr.io/name/release,enable=${{ startsWith(github.ref, 'refs/tags/') }}
 
-  labels:
+  custom-labels-annotations:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -182,13 +244,24 @@ jobs:
             org.opencontainers.image.title=MyCustomTitle
             org.opencontainers.image.description=this is a "good" example
             org.opencontainers.image.vendor=MyCompany
+          annotations: |
+            maintainer=Foo
+            org.opencontainers.image.title=MyFooTitle
+            org.opencontainers.image.description=this is a "foo" example
+            org.opencontainers.image.vendor=MyFooCompany
 
   global-exps:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -196,6 +269,8 @@ jobs:
           images: |
             ${{ env.DOCKER_IMAGE }}
             ghcr.io/name/app
+          labels: |
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
           tags: |
             type=sha
             type=raw,value=gexp-branch-{{branch}}
@@ -209,7 +284,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -227,14 +308,6 @@ jobs:
           echo "version=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
           echo "revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}"
           echo "created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}"
-      -
-        name: JSON build arg
-        uses: docker/build-push-action@v3
-        with:
-          context: ./test
-          file: ./test/json.Dockerfile
-          build-args: |
-            BUILDINFO=${{ steps.meta.outputs.json }}
 
   docker-push:
     runs-on: ubuntu-latest
@@ -246,7 +319,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver-opts: network=host
       -
         name: Docker meta
         id: docker_meta
@@ -263,17 +342,9 @@ jobs:
             type=semver,pattern=v{{major}}.{{minor}}
             type=semver,pattern=v{{major}}
             type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          driver-opts: network=host
       -
         name: Build and push to local registry
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: ./test
           file: ./test/Dockerfile
@@ -290,17 +361,18 @@ jobs:
         name: Check manifest
         run: |
           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   bake:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
       -
         name: Docker meta
         id: docker_meta
@@ -318,19 +390,14 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
             type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
       -
         name: Build
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v6
         with:
           files: |
             ./test/docker-bake.hcl
-            ${{ steps.docker_meta.outputs.bake-file }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-labels }}
           targets: |
             release
 
@@ -345,7 +412,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -357,7 +430,7 @@ jobs:
           sep-tags: ${{ matrix.sep }}
       -
         name: Tags
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             console.log(`${{ steps.meta.outputs.tags }}`);
@@ -367,7 +440,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -378,9 +457,11 @@ jobs:
             ghcr.io/name/app
           labels: |
             maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
       -
         name: Build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: ./test
           file: ./test/output.Dockerfile
@@ -388,4 +469,165 @@ jobs:
             DOCKER_METADATA_OUTPUT_VERSION
             DOCKER_METADATA_OUTPUT_TAGS
             DOCKER_METADATA_OUTPUT_LABELS
+            DOCKER_METADATA_OUTPUT_ANNOTATIONS
             DOCKER_METADATA_OUTPUT_JSON
+
+  no-output-env:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_METADATA_SET_OUTPUT_ENV: false
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        id: meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          labels: |
+            maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
+      -
+        name: No output environment variables set
+        shell: bash
+        run: |
+          [[ "$(printenv | grep "^DOCKER_METADATA_OUTPUT_" | wc -l)" -eq 0 ]] || exit 1
+
+  bake-annotations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./test/docker-bake.hcl
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-annotations }}
+          targets: |
+            release
+
+  no-images:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+      -
+        name: Print envs
+        run: env|sort
+
+  bake-path-context:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: latest
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          files: |
+            ./test/docker-bake.hcl
+            ${{ steps.docker_meta.outputs.bake-file-tags }}
+            ${{ steps.docker_meta.outputs.bake-file-labels }}
+          targets: |
+            release
+
+  sha-short:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        short-length:
+          - ''
+          - 16
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: ${{ matrix.short-length }}
+
+  dump:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Dump context
+        uses: crazy-max/ghaction-dump-context@v2

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -1,34 +1,28 @@
 name: test
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
   pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'
 
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Validate
-        uses: docker/bake-action@v2
-        with:
-          targets: validate
       -
         name: Test
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v6
         with:
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         with:
           file: ./coverage/clover.xml
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/validate.yml

@@ -0,0 +1,43 @@
+name: validate
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+  pull_request:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.generate.outputs.targets }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: List targets
+        id: generate
+        uses: docker/bake-action/subaction/list-targets@v6
+        with:
+          target: validate
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Validate
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}

.gitignore

@@ -1,12 +1,5 @@
-/.dev
-node_modules/
-lib
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 
-# Jetbrains
-/.idea
-/*.iml
-
-# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
 # Dependency directories
+node_modules/
 jspm_packages/
 
-# TypeScript v1 declaration files
-typings/
-
 # TypeScript cache
 *.tsbuildinfo
 
@@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
 
-# parcel-bundler cache (https://parceljs.org/)
-.cache
-
-# next.js build output
-.next
-
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.prettierignore

@@ -0,0 +1,6 @@
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/

.yarnrc.yml

@@ -0,0 +1,13 @@
+logFilters:
+  - code: YN0013
+    level: discard
+  - code: YN0019
+    level: discard
+  - code: YN0076
+    level: discard
+
+nodeLinker: node-modules
+
+plugins:
+  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+    spec: "@yarnpkg/plugin-interactive-tools"

README.md

@@ -22,6 +22,7 @@ ___
   * [inputs](#inputs)
   * [outputs](#outputs)
   * [environment variables](#environment-variables)
+* [`context` input](#context-input)
 * [`images` input](#images-input)
 * [`flavor` input](#flavor-input)
 * [`tags` input](#tags-input)
@@ -44,9 +45,11 @@ ___
     * [`{{base_ref}}`](#base_ref)
     * [`{{is_default_branch}}`](#is_default_branch)
     * [`{{date '<format>' tz='<timezone>'}}`](#date-format-tztimezone)
+    * [`{{commit_date '<format>' tz='<timezone>'}}`](#commit_date-format-tztimezone)
   * [Major version zero](#major-version-zero)
   * [JSON output object](#json-output-object)
-  * [Overwrite labels](#overwrite-labels)
+  * [Overwrite labels and annotations](#overwrite-labels-and-annotations)
+  * [Annotations](#annotations)
 * [Contributing](#contributing)
 
 ## Usage
@@ -73,23 +76,23 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: name/app
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -127,11 +130,11 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             name/app
@@ -143,13 +146,13 @@ jobs:
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -203,13 +206,10 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             name/app
@@ -221,16 +221,16 @@ jobs:
             type=sha
       -
         name: Build
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v6
         with:
           files: |
             ./docker-bake.hcl
-            ${{ steps.meta.outputs.bake-file }}
+            cwd://${{ steps.meta.outputs.bake-file }}
           targets: build
 ```
 
-Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with
-`refs/tags/v1.2.3` ref:
+Content of `${{ steps.meta.outputs.bake-file }}` file, combining tags and
+labels, will look like this with `refs/tags/v1.2.3` ref:
 
 ```json
 {
@@ -261,11 +261,27 @@ Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with
 }
 ```
 
+You can also use the `bake-file-tags` and `bake-file-labels` outputs if you
+just want to use tags and/or labels respectively. The following example is
+similar to the previous one:
+
+```yaml
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-labels }}
+          targets: build
+```
+
 ## Customizing
 
 ### inputs
 
-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys:
 
 > `List` type is a newline-delimited string
 > ```yaml
@@ -275,40 +291,49 @@ Following inputs can be used as `step.with` keys
 >   org.opencontainers.image.vendor=MyCompany
 > ```
 
-| Name                | Type   | Description                                              |
-|---------------------|--------|----------------------------------------------------------|
-| `images`            | List   | List of Docker images to use as base name for tags       |
-| `tags`              | List   | List of [tags](#tags-input) as key-value pair attributes |
-| `flavor`            | List   | [Flavor](#flavor-input) to apply                         |
-| `labels`            | List   | List of custom labels                                    |
-| `sep-tags`          | String | Separator to use for tags output (default `\n`)          |
-| `sep-labels`        | String | Separator to use for labels output (default `\n`)        |
-| `bake-target`       | String | Bake target name (default `docker-metadata-action`)      |
+| Name              | Type   | Description                                                                  |
+|-------------------|--------|------------------------------------------------------------------------------|
+| `context`         | String | Where to get context data. Allowed options are: `workflow` (default), `git`. |
+| `images`          | List   | List of Docker images to use as base name for tags                           |
+| `tags`            | List   | List of [tags](#tags-input) as key-value pair attributes                     |
+| `flavor`          | List   | [Flavor](#flavor-input) to apply                                             |
+| `labels`          | List   | List of custom labels                                                        |
+| `annotations`     | List   | List of custom annotations                                                   |
+| `sep-tags`        | String | Separator to use for tags output (default `\n`)                              |
+| `sep-labels`      | String | Separator to use for labels output (default `\n`)                            |
+| `sep-annotations` | String | Separator to use for annotations output (default `\n`)                       |
+| `bake-target`     | String | Bake target name (default `docker-metadata-action`)                          |
 
 ### outputs
 
-Following outputs are available
+The following outputs are available:
 
-| Name          | Type    | Description                                                                                |
-|---------------|---------|--------------------------------------------------------------------------------------------|
-| `version`     | String  | Docker image version                                                                       |
-| `tags`        | String  | Docker tags                                                                                |
-| `labels`      | String  | Docker labels                                                                              |
-| `json`        | String  | JSON output of tags and labels                                                             |
-| `bake-file`   | File    | [Bake file definition](https://docs.docker.com/build/customize/bake/file-definition/) path |
+| Name                    | Type   | Description                                                                                                                                                     |
+|-------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `version`               | String | Docker image version                                                                                                                                            |
+| `tags`                  | String | Docker tags                                                                                                                                                     |
+| `labels`                | String | Docker labels                                                                                                                                                   |
+| `annotations`           | String | [Annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md)                                                                                 |
+| `json`                  | String | JSON output of tags and labels                                                                                                                                  |
+| `bake-file-tags`        | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with tags                                                                            |
+| `bake-file-labels`      | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with labels                                                                          |
+| `bake-file-annotations` | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with [annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md) |
 
-Alternatively, each output is also exported as an environment variable:
+Alternatively, each output is also exported as an environment variable when `DOCKER_METADATA_SET_OUTPUT_ENV` is `true`:
 
 * `DOCKER_METADATA_OUTPUT_VERSION`
 * `DOCKER_METADATA_OUTPUT_TAGS`
 * `DOCKER_METADATA_OUTPUT_LABELS`
+* `DOCKER_METADATA_OUTPUT_ANNOTATIONS`
 * `DOCKER_METADATA_OUTPUT_JSON`
-* `DOCKER_METADATA_OUTPUT_BAKE_FILE`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_TAGS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_LABELS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_ANNOTATIONS`
 
 So it can be used with our [Docker Build Push action](https://github.com/docker/build-push-action/):
 
 ```yaml
-- uses: docker/build-push-action@v3
+- uses: docker/build-push-action@v6
   with:
     build-args: |
       DOCKER_METADATA_OUTPUT_JSON
@@ -316,9 +341,26 @@ So it can be used with our [Docker Build Push action](https://github.com/docker/
 
 ### environment variables
 
-| Name                          | Type | Description                                                                                                |
-|-------------------------------|------|------------------------------------------------------------------------------------------------------------|
-| `DOCKER_METADATA_PR_HEAD_SHA` | Bool | If `true`, set associated head SHA instead of commit SHA that triggered the workflow on pull request event |
+| Name                                 | Type   | Description                                                                                                                                  |
+|--------------------------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------|
+| `DOCKER_METADATA_PR_HEAD_SHA`        | Bool   | If `true`, set associated head SHA instead of commit SHA that triggered the workflow on pull request event                                   |
+| `DOCKER_METADATA_SHORT_SHA_LENGTH`   | Number | Specifies the length of the [short commit SHA](#typesha) to ensure uniqueness. Default is `7`, but can be increased for larger repositories. |
+| `DOCKER_METADATA_ANNOTATIONS_LEVELS` | String | Comma separated list of annotations levels to set for annotations output separated (default `manifest`)                                      |
+| `DOCKER_METADATA_SET_OUTPUT_ENV`     | Bool   | If `true`, sets each output as an environment variable (default `true`)                                                                      |
+
+## `context` input
+
+`context` defines where to get context metadata:
+
+```yaml
+# default
+context: workflow
+# or
+context: git
+```
+
+* `workflow`: Get context metadata from the workflow (GitHub context). See https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+* `git`: Get context metadata from the workflow and overrides some of them with current Git context, such as `ref` and `sha`.
 
 ## `images` input
 
@@ -343,6 +385,8 @@ images: |
 * `name=<string>` image base name
 * `enable=<true|false>` enable this entry (default `true`)
 
+If `images` is empty, tags will be generated without base name.
+
 ## `flavor` input
 
 `flavor` defines a global behavior for [`tags`](#tags-input):
@@ -661,7 +705,26 @@ tags: |
   type=sha,format=long
 ```
 
-Output Git short commit (or long if specified) as Docker tag like `sha-ad132f5`.
+Output Git short commit (or long if specified) as Docker tag like
+`sha-860c190`.
+
+By default, the length of the short commit SHA is `7` characters. You can
+increase this length for larger repositories by setting the
+[`DOCKER_METADATA_SHORT_SHA_LENGTH` environment variable](#environment-variables):
+
+```yaml
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 12
+```
 
 Extended attributes and default values:
 
@@ -695,6 +758,7 @@ generated by default (`auto` mode) for:
 
 * [`type=ref,event=tag`](#typeref)
 * [`type=semver,pattern=...`](#typesemver)
+* [`type=pep440,pattern=...`](#typepep440)
 * [`type=match,pattern=...`](#typematch)
 
 For conditionally tagging with latest for a specific branch name, e.g. if your
@@ -736,7 +800,8 @@ Each tags `type` attribute has a default priority:
 ### Global expressions
 
 The following [Handlebars' template](https://handlebarsjs.com/guide/) expressions
-for `prefix`, `suffix`, `value` and `enable` attributes are available:
+for `prefix`, `suffix`, `value` and `enable` attributes of `tags` input are
+available:
 
 ```yaml
 tags: |
@@ -746,6 +811,13 @@ tags: |
   type=raw,value=mytag-{{branch}}-{{sha}}
 ```
 
+They can also be applied to `labels` and `annotations` inputs:
+
+```yaml
+labels: |
+  org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+```
+
 #### `{{branch}}`
 
 Returns the branch name that triggered the workflow run. Will be empty if not 
@@ -808,6 +880,20 @@ Default `tz` is UTC.
 | `{{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
 | `{{date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |
 
+#### `{{commit_date '<format>' tz='<timezone>'}}`
+
+Returns the date when the current git commit is committed, rendered by its
+[moment format](https://momentjs.com/docs/#/displaying/format/). It falls back
+to the current date if the commit date is not available.
+
+Default `tz` is UTC.
+
+| Expression                                          | Output example                          |
+|-----------------------------------------------------|-----------------------------------------|
+| `{{commit_date 'YYYYMMDD'}}`                        | `20200110`                              |
+| `{{commit_date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
+| `{{commit_date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |
+
 ### Major version zero
 
 Major version zero (`0.y.z`) is for initial development and **may** change at
@@ -835,13 +921,13 @@ that you can reuse them further in your workflow using the [`fromJSON` function]
 ```yaml
       -
         name: Docker meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         id: meta
         with:
           images: name/app
       -
         name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -851,16 +937,17 @@ that you can reuse them further in your workflow using the [`fromJSON` function]
             REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
 ```
 
-### Overwrite labels
+### Overwrite labels and annotations
 
 If some [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-labels generated are not suitable, you can overwrite them like this:
+generated are not suitable as labels/annotations, you can overwrite them like
+this:
 
 ```yaml
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: name/app
           labels: |
@@ -870,6 +957,78 @@ labels generated are not suitable, you can overwrite them like this:
             org.opencontainers.image.vendor=MyCompany
 ```
 
+### Annotations
+
+Since Buildx 0.12, it is possible to set annotations to your image through the
+`--annotation` flag.
+
+With the [`build-push-action`](https://github.com/docker/build-push-action/),
+you can set the `annotations` input with the value of the `annotations` output
+of the `metadata-action`:
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+```
+
+The same can be done with the [`bake-action`](https://github.com/docker/bake-action/):
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-annotations }}
+          targets: build
+```
+
+Note that annotations can be attached at many different levels within a manifest.
+By default, the generated annotations will be attached to image manifests,
+but different registries may expect annotations at different places;
+a common practice is to read annotations at _image indexes_ if present,
+which are often used by multi-arch builds to index platform-specific images.
+If you want to specify level(s) for your annotations, you can use the
+[`DOCKER_METADATA_ANNOTATIONS_LEVELS` environment variable](#environment-variables)
+with a comma separated list of all levels the annotations should be attached to (defaults to `manifest`).
+The following configuration demonstrates the ability to attach annotations to both image manifests and image indexes,
+though your registry may only need annotations at the index level. (That is, `index` alone may be enough.)
+Please consult the documentation of your registry.
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+```
+
+More information about annotations in the [BuildKit documentation](https://github.com/moby/buildkit/blob/master/docs/annotations.md).
+
 ## Contributing
 
 Want to contribute? Awesome! You can find information about contributing to

UPGRADE.md

@@ -1,300 +0,0 @@
-# Upgrade notes
-
-## v2 to v3
-
-* Repository has been moved to docker org. Replace `crazy-max/ghaction-docker-meta@v2`
-  with `docker/metadata-action@v4`
-* The default bake target has been changed: `ghaction-docker-meta` > `docker-metadata-action`
-
-## v1 to v2
-
-* [inputs](#inputs)
-  * [`tag-sha`](#tag-sha)
-  * [`tag-edge` / `tag-edge-branch`](#tag-edge--tag-edge-branch)
-  * [`tag-semver`](#tag-semver)
-  * [`tag-match` / `tag-match-group`](#tag-match--tag-match-group)
-  * [`tag-latest`](#tag-latest)
-  * [`tag-schedule`](#tag-schedule)
-  * [`tag-custom` / `tag-custom-only`](#tag-custom--tag-custom-only)
-  * [`label-custom`](#label-custom)
-* [Basic workflow](#basic-workflow)
-* [Semver workflow](#semver-workflow)
-
-### inputs
-
-| New        | Unchanged       | Removed            |
-|------------|-----------------|--------------------|
-| `tags`     | `images`        | `tag-sha`          |
-| `flavor`   | `sep-tags`      | `tag-edge`         |
-| `labels`   | `sep-labels`    | `tag-edge-branch`  |
-|            |                 | `tag-semver`       |
-|            |                 | `tag-match`        |
-|            |                 | `tag-match-group`  |
-|            |                 | `tag-latest`       |
-|            |                 | `tag-schedule`     |
-|            |                 | `tag-custom`       |
-|            |                 | `tag-custom-only`  |
-|            |                 | `label-custom`     |
-
-#### `tag-sha`
-
-```yaml
-tags: |
-  type=sha
-```
-
-#### `tag-edge` / `tag-edge-branch`
-
-```yaml
-tags: |
-  # default branch
-  type=edge
-  # specify branch
-  type=edge,branch=main
-```
-
-#### `tag-semver`
-
-```yaml
-tags: |
-  type=semver,pattern={{version}}
-```
-
-#### `tag-match` / `tag-match-group`
-
-```yaml
-tags: |
-  type=match,pattern=v(.*),group=1
-```
-
-#### `tag-latest`
-
-`tag-latest` is now handled through the [`flavor` input](README.md#flavor-input):
-
-```yaml
-flavor: |
-  latest=auto
-```
-
-See also the notes about ["latest tag" behavior](README.md#latest-tag)
-
-#### `tag-schedule`
-
-```yaml
-tags: |
-  # default tag (nightly)
-  type=schedule
-  # specific pattern
-  type=schedule,pattern={{date 'YYYYMMDD'}}
-```
-
-#### `tag-custom` / `tag-custom-only`
-
-```yaml
-tags: |
-  type=raw,value=foo
-  type=raw,value=bar
-  # or
-  type=raw,foo
-  type=raw,bar
-  # or
-  foo
-  bar
-```
-
-#### `label-custom`
-
-Same behavior for `labels`:
-
-```yaml
-labels: |
-  maintainer=CrazyMax
-```
-
-### Basic workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-### Semver workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-          tag-semver: |
-            {{version}}
-            {{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```

__mocks__/@actions/github.ts

@@ -0,0 +1,223 @@
+import {jest} from '@jest/globals';
+
+export const context = {
+  repo: {
+    owner: 'docker',
+    repo: 'actions-toolkit'
+  },
+  ref: 'refs/heads/master',
+  runId: 123,
+  payload: {
+    after: '860c1904a1ce19322e91ac35af1ab07466440c37',
+    base_ref: null,
+    before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
+    commits: [
+      {
+        author: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        committer: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        distinct: true,
+        id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+        message: 'hello dev',
+        timestamp: '2022-04-19T11:27:24+02:00',
+        tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+        url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+      }
+    ],
+    compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
+    created: false,
+    deleted: false,
+    forced: false,
+    head_commit: {
+      author: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      committer: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      distinct: true,
+      id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+      message: 'hello dev',
+      timestamp: '2022-04-19T11:27:24+02:00',
+      tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+      url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+    },
+    organization: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+      description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
+      events_url: 'https://api.github.com/orgs/docker/events',
+      hooks_url: 'https://api.github.com/orgs/docker/hooks',
+      id: 5429470,
+      issues_url: 'https://api.github.com/orgs/docker/issues',
+      login: 'docker',
+      members_url: 'https://api.github.com/orgs/docker/members{/member}',
+      node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+      public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
+      repos_url: 'https://api.github.com/orgs/docker/repos',
+      url: 'https://api.github.com/orgs/docker'
+    },
+    pusher: {
+      email: 'github@crazymax.dev',
+      name: 'crazy-max'
+    },
+    ref: 'refs/heads/dev',
+    repository: {
+      allow_forking: true,
+      archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
+      archived: false,
+      assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
+      blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
+      branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
+      clone_url: 'https://github.com/docker/test-docker-action.git',
+      collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
+      comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
+      commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
+      compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
+      contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
+      contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
+      created_at: 1596792180,
+      default_branch: 'master',
+      deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
+      description: 'Test "Docker" Actions',
+      disabled: false,
+      downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
+      events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
+      fork: false,
+      forks: 1,
+      forks_count: 1,
+      forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
+      full_name: 'docker/test-docker-action',
+      git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
+      git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
+      git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
+      git_url: 'git://github.com/docker/test-docker-action.git',
+      has_downloads: true,
+      has_issues: true,
+      has_pages: false,
+      has_projects: true,
+      has_wiki: true,
+      homepage: '',
+      hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
+      html_url: 'https://github.com/docker/test-docker-action',
+      id: 285789493,
+      is_template: false,
+      issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
+      issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
+      issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
+      keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
+      labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
+      language: 'JavaScript',
+      languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
+      license: {
+        key: 'mit',
+        name: 'MIT License',
+        node_id: 'MDc6TGljZW5zZTEz',
+        spdx_id: 'MIT',
+        url: 'https://api.github.com/licenses/mit'
+      },
+      master_branch: 'master',
+      merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
+      milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
+      mirror_url: null,
+      name: 'test-docker-action',
+      node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
+      notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
+      open_issues: 6,
+      open_issues_count: 6,
+      organization: 'docker',
+      owner: {
+        avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+        email: 'info@docker.com',
+        events_url: 'https://api.github.com/users/docker/events{/privacy}',
+        followers_url: 'https://api.github.com/users/docker/followers',
+        following_url: 'https://api.github.com/users/docker/following{/other_user}',
+        gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
+        gravatar_id: '',
+        html_url: 'https://github.com/docker',
+        id: 5429470,
+        login: 'docker',
+        name: 'docker',
+        node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+        organizations_url: 'https://api.github.com/users/docker/orgs',
+        received_events_url: 'https://api.github.com/users/docker/received_events',
+        repos_url: 'https://api.github.com/users/docker/repos',
+        site_admin: false,
+        starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
+        subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
+        type: 'Organization',
+        url: 'https://api.github.com/users/docker'
+      },
+      private: true,
+      pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
+      pushed_at: 1650360446,
+      releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
+      size: 796,
+      ssh_url: 'git@github.com:docker/test-docker-action.git',
+      stargazers: 0,
+      stargazers_count: 0,
+      stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
+      statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
+      subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
+      subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
+      svn_url: 'https://github.com/docker/test-docker-action',
+      tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
+      teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
+      topics: [],
+      trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
+      updated_at: '2022-04-19T09:05:09Z',
+      url: 'https://github.com/docker/test-docker-action',
+      visibility: 'private',
+      watchers: 0,
+      watchers_count: 0
+    },
+    sender: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
+      events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
+      followers_url: 'https://api.github.com/users/crazy-max/followers',
+      following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
+      gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
+      gravatar_id: '',
+      html_url: 'https://github.com/crazy-max',
+      id: 1951866,
+      login: 'crazy-max',
+      node_id: 'MDQ6VXNlcjE5NTE4NjY=',
+      organizations_url: 'https://api.github.com/users/crazy-max/orgs',
+      received_events_url: 'https://api.github.com/users/crazy-max/received_events',
+      repos_url: 'https://api.github.com/users/crazy-max/repos',
+      site_admin: false,
+      starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
+      subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
+      type: 'User',
+      url: 'https://api.github.com/users/crazy-max'
+    }
+  }
+};
+
+export const getOctokit = jest.fn(() => ({
+  rest: {
+    repos: {
+      getCommit: jest.fn(() =>
+        Promise.resolve({
+          data: {
+            commit: {
+              committer: {
+                date: '2024-11-13T13:42:28Z'
+              }
+            }
+          }
+        })
+      )
+    }
+  }
+}));

__tests__/context.test.ts

@@ -1,167 +1,141 @@
-import {describe, expect, it, jest} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, test, it, jest} from '@jest/globals';
+import * as dotenv from 'dotenv';
 import * as fs from 'fs';
 import * as path from 'path';
+import {Context} from '@actions/github/lib/context';
+import {Git} from '@docker/actions-toolkit/lib/git';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 
-import * as context from '../src/context';
+import {ContextSource, getContext, getInputs, Inputs} from '../src/context';
 
-jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-metadata-action-jest').split(path.sep).join(path.posix.sep);
-  if (!fs.existsSync(tmpDir)) {
-    fs.mkdirSync(tmpDir, {recursive: true});
-  }
-  return tmpDir;
-});
+const toolkit = new Toolkit({githubToken: 'fake-github-token'});
 
-describe('getInputList', () => {
-  it('single line correctly', async () => {
-    await setInput('foo', 'bar');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar']);
-  });
-
-  it('multiline correctly', async () => {
-    setInput('foo', 'bar\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty lines correctly', async () => {
-    setInput('foo', 'bar\n\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('comment correctly', async () => {
-    setInput('foo', 'bar\n#com\n"#taken"\nhello#comment\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', '#taken', 'hello', 'baz']);
-  });
-
-  it('comma correctly', async () => {
-    setInput('foo', 'bar,baz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty result correctly', async () => {
-    setInput('foo', 'bar,baz,');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines correctly', async () => {
-    setInput('foo', 'bar\r\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines and comma correctly', async () => {
-    setInput('foo', 'bar\r\nbaz,bat');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz', 'bat']);
-  });
-
-  it('multiline and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
-    const res = context.getInputList('cache-from', true);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('different new lines and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
-    const res = context.getInputList('cache-from', true);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('multiline values', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
-
-  it('multiline values with empty lines', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar
-"EMPTYLINE=aaaa
-
-bbbb
-ccc"`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar',
-      `EMPTYLINE=aaaa
-
-bbbb
-ccc`
-    ]);
-  });
-
-  it('multiline values without quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
-  });
-
-  it('multiline values escape quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbb""bbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbb"bbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
+beforeEach(() => {
+  jest.clearAllMocks();
+  jest.spyOn(GitHub, 'context', 'get').mockImplementation((): Context => {
+    return new Context();
   });
 });
 
-describe('asyncForEach', () => {
-  it('executes async tasks sequentially', async () => {
-    const testValues = [1, 2, 3, 4, 5];
-    const results: number[] = [];
+describe('getInputs', () => {
+  beforeEach(() => {
+    process.env = Object.keys(process.env).reduce((object, key) => {
+      if (!key.startsWith('INPUT_')) {
+        object[key] = process.env[key];
+      }
+      return object;
+    }, {});
+  });
 
-    await context.asyncForEach(testValues, async value => {
-      results.push(value);
+  // prettier-ignore
+  test.each([
+    [
+      0,
+      new Map<string, string>([
+        ['images', 'moby/buildkit\nghcr.io/moby/mbuildkit'],
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'docker-metadata-action',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: '\n',
+        sepTags: '\n',
+        sepAnnotations: '\n',
+        tags: [],
+      } as Inputs
+    ],
+    [
+      1,
+      new Map<string, string>([
+        ['bake-target', 'metadata'],
+        ['images', 'moby/buildkit'],
+        ['sep-labels', ','],
+        ['sep-tags', ','],
+        ['sep-annotations', ',']
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'metadata',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: ',',
+        sepTags: ',',
+        sepAnnotations: ',',
+        tags: [],
+      } as Inputs
+    ],
+    [
+      2,
+      new Map<string, string>([
+        ['images', 'moby/buildkit\n#comment\nghcr.io/moby/mbuildkit'],
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'docker-metadata-action',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: '\n',
+        sepTags: '\n',
+        sepAnnotations: '\n',
+        tags: [],
+      } as Inputs
+    ],
+  ])(
+    '[%d] given %p as inputs, returns %p',
+    async (num: number, inputs: Map<string, string>, expected: Inputs) => {
+      inputs.forEach((value: string, name: string) => {
+        setInput(name, value);
+      });
+      expect(await getInputs()).toEqual(expected);
+    }
+  );
+});
+
+describe('getContext', () => {
+  const originalEnv = process.env;
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {
+      ...originalEnv,
+      ...dotenv.parse(fs.readFileSync(path.join(__dirname, 'fixtures/event_create_branch.env')))
+    };
+  });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
+
+  it('workflow', async () => {
+    const context = await getContext(ContextSource.workflow, toolkit);
+    expect(context.ref).toEqual('refs/heads/dev');
+    expect(context.sha).toEqual('5f3331d7f7044c18ca9f12c77d961c4d7cf3276a');
+    expect(context.commitDate).toEqual(new Date('2024-11-13T13:42:28.000Z'));
+  });
+
+  it('git', async () => {
+    jest.spyOn(Git, 'context').mockImplementation((): Promise<Context> => {
+      return Promise.resolve({
+        ref: 'refs/heads/git-test',
+        sha: 'git-test-sha'
+      } as Context);
     });
-
-    expect(results).toEqual(testValues);
+    jest.spyOn(Git, 'commitDate').mockImplementation(async (): Promise<Date> => {
+      return new Date('2023-01-01T13:42:28.000Z');
+    });
+    const context = await getContext(ContextSource.git, toolkit);
+    expect(context.ref).toEqual('refs/heads/git-test');
+    expect(context.sha).toEqual('git-test-sha');
+    expect(context.commitDate).toEqual(new Date('2023-01-01T13:42:28.000Z'));
   });
 });
 

__tests__/flavor.test.ts

@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Flavor, Transform} from '../src/flavor';
 
 describe('transform', () => {

__tests__/github.test.ts

@@ -1,14 +0,0 @@
-import {describe, expect, jest, it} from '@jest/globals';
-import * as github from '../src/github';
-
-import * as repoFixture from './fixtures/repo.json';
-jest.spyOn(github, 'repo').mockImplementation((): Promise<github.ReposGetResponseData> => {
-  return <Promise<github.ReposGetResponseData>>(repoFixture as unknown);
-});
-
-describe('repo', () => {
-  it('returns GitHub repository', async () => {
-    const repo = await github.repo(process.env.GITHUB_TOKEN || '');
-    expect(repo.name).not.toBeNull();
-  });
-});

__tests__/image.test.ts

@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Transform, Image} from '../src/image';
 
 describe('transform', () => {
@@ -86,7 +87,7 @@ describe('transform', () => {
     [
       [`name/foo,name=name/bar,enable=true`], undefined, true
     ]
-  ])('given %p', async (l: string[], expected: Image[], invalid: boolean) => {
+  ])('given %p', async (l: string[], expected: Image[] | undefined, invalid: boolean) => {
     try {
       const images = Transform(l);
       expect(images).toEqual(expected);

__tests__/tag.test.ts

@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Transform, Parse, Tag, Type, RefEvent, ShaFormat, DefaultPriorities} from '../src/tag';
 
 describe('transform', () => {

action.yml

@@ -7,9 +7,13 @@ branding:
   color: 'blue'
 
 inputs:
+  context:
+    description: 'Where to get context data. Allowed options are "workflow"  (default), "git".'
+    default: "workflow"
+    required: true
   images:
     description: 'List of Docker images to use as base name for tags'
-    required: true
+    required: false
   tags:
     description: 'List of tags as key-value pair attributes'
     required: false
@@ -19,12 +23,18 @@ inputs:
   labels:
     description: 'List of custom labels'
     required: false
+  annotations:
+    description: 'List of custom annotations'
+    required: false
   sep-tags:
     description: 'Separator to use for tags output (default \n)'
     required: false
   sep-labels:
     description: 'Separator to use for labels output (default \n)'
     required: false
+  sep-annotations:
+    description: 'Separator to use for annotations output (default \n)'
+    required: false
   bake-target:
     description: 'Bake target name (default docker-metadata-action)'
     required: false
@@ -40,11 +50,19 @@ outputs:
     description: 'Generated Docker tags'
   labels:
     description: 'Generated Docker labels'
-  bake-file:
-    description: 'Bake definiton file'
+  annotations:
+    description: 'Generated annotations'
   json:
     description: 'JSON output of tags and labels'
+  bake-file-tags:
+    description: 'Bake definition file with tags'
+  bake-file-labels:
+    description: 'Bake definition file with labels'
+  bake-file-annotations:
+    description: 'Bake definition file with annotations'
+  bake-file:
+    description: 'Bake definition file with tags and labels'
 
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'

dev.Dockerfile

@@ -1,13 +1,20 @@
 # syntax=docker/dockerfile:1
 
-ARG NODE_VERSION=16
+ARG NODE_VERSION=20
 
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache <<EOT
+  corepack enable
+  yarn --version
+  yarn config set --home enableTelemetry 0
+EOT
 
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn install && mkdir /vendor && cp yarn.lock /vendor
 
@@ -16,18 +23,19 @@ COPY --from=deps /vendor /
 
 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
-git add -A
-cp -rf /vendor/* .
-if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
-  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
-  git status --porcelain -- yarn.lock
-  exit 1
-fi
+  set -e
+  git add -A
+  cp -rf /vendor/* .
+  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
+    git status --porcelain -- yarn.lock
+    exit 1
+  fi
 EOT
 
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run build && mkdir /out && cp -Rf dist /out/
 
@@ -36,36 +44,37 @@ COPY --from=build /out /
 
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
-git add -A
-cp -rf /out/* .
-if [ -n "$(git status --porcelain -- dist)" ]; then
-  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
-  git status --porcelain -- dist
-  exit 1
-fi
+  set -e
+  git add -A
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- dist)" ]; then
+    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+    git status --porcelain -- dist
+    exit 1
+  fi
 EOT
 
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 
 FROM scratch AS format-update
 COPY --from=format /out /
 
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run lint
 
 FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverageDirectory=/tmp/coverage
+  yarn run test --coverage --coverageDirectory=/tmp/coverage
 
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /

docker-bake.hcl

@@ -1,9 +1,15 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
   targets = ["build"]
 }
 
 group "pre-checkin" {
-  targets = ["vendor-update", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }
 
 group "validate" {
@@ -11,42 +17,49 @@ group "validate" {
 }
 
 target "build" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
-target "vendor-update" {
+target "vendor" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

jest.config.ts

@@ -1,5 +1,21 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-metadata-action-'));
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/metadata-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
+}) as {
+  [key: string]: string;
+};
+
 module.exports = {
   clearMocks: true,
+  testEnvironment: 'node',
   moduleFileExtensions: ['js', 'ts'],
   setupFiles: ['dotenv/config'],
   testMatch: ['**/*.test.ts'],
@@ -9,5 +25,7 @@ module.exports = {
   moduleNameMapper: {
     '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
   },
+  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
+  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
   verbose: true
 };

package.json

@@ -1,13 +1,16 @@
 {
   "name": "docker-metadata-action",
   "description": "GitHub Action to extract metadata (tags, labels) for Docker",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
   "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
-    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
-    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
-    "test": "jest --coverage",
-    "all": "yarn run build && yarn run format && yarn test"
+    "build": "ncc build --source-map --minify --license licenses.txt",
+    "lint": "yarn run prettier && yarn run eslint",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "eslint": "eslint --max-warnings=0 .",
+    "eslint:fix": "eslint --fix .",
+    "prettier": "prettier --check \"./**/*.ts\"",
+    "prettier:fix": "prettier --write \"./**/*.ts\"",
+    "test": "jest"
   },
   "repository": {
     "type": "git",
@@ -20,40 +23,36 @@
     "tag",
     "label"
   ],
-  "author": "Docker",
-  "contributors": [
-    {
-      "name": "CrazyMax",
-      "url": "https://crazymax.dev"
-    }
-  ],
+  "author": "Docker Inc.",
   "license": "Apache-2.0",
+  "packageManager": "yarn@3.6.3",
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/github": "^5.1.1",
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.0",
+    "@docker/actions-toolkit": "^0.56.0",
     "@renovate/pep440": "^1.0.0",
-    "csv-parse": "^5.3.3",
-    "handlebars": "^4.7.7",
-    "moment": "^2.29.4",
-    "moment-timezone": "^0.5.40",
-    "semver": "^7.3.7"
+    "csv-parse": "^5.6.0",
+    "handlebars": "^4.7.8",
+    "moment": "^2.30.1",
+    "moment-timezone": "^0.5.47",
+    "semver": "^7.7.1"
   },
   "devDependencies": {
     "@types/csv-parse": "^1.2.2",
-    "@types/node": "^16.11.26",
-    "@types/semver": "^7.3.9",
-    "@typescript-eslint/eslint-plugin": "^5.14.0",
-    "@typescript-eslint/parser": "^5.14.0",
-    "@vercel/ncc": "^0.33.3",
-    "dotenv": "^16.0.0",
-    "eslint": "^8.11.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-jest": "^26.1.1",
-    "eslint-plugin-prettier": "^4.0.0",
-    "jest": "^27.2.5",
-    "prettier": "^2.3.1",
-    "ts-jest": "^27.1.2",
-    "ts-node": "^10.7.0",
-    "typescript": "^4.4.4"
+    "@types/node": "^20.12.12",
+    "@types/semver": "^7.5.8",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
+    "@typescript-eslint/parser": "^7.9.0",
+    "@vercel/ncc": "^0.38.1",
+    "dotenv": "^16.4.5",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-jest": "^28.5.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "jest": "^29.7.0",
+    "prettier": "^3.2.5",
+    "ts-jest": "^29.1.2",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.5"
   }
 }

src/context.ts

@@ -1,74 +1,136 @@
-import * as fs from 'fs';
-import * as os from 'os';
-import * as path from 'path';
 import * as core from '@actions/core';
-import {parse} from 'csv-parse/sync';
+import {Context as GithubContext} from '@actions/github/lib/context';
+import {Util} from '@docker/actions-toolkit/lib/util';
+import {Git} from '@docker/actions-toolkit/lib/git';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 
-let _tmpDir: string;
+export interface Context extends GithubContext {
+  commitDate: Date;
+}
 
 export interface Inputs {
+  context: ContextSource;
   images: string[];
   tags: string[];
   flavor: string[];
   labels: string[];
+  annotations: string[];
   sepTags: string;
   sepLabels: string;
+  sepAnnotations: string;
   bakeTarget: string;
   githubToken: string;
 }
 
-export function tmpDir(): string {
-  if (!_tmpDir) {
-    _tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-metadata-action-')).split(path.sep).join(path.posix.sep);
-  }
-  return _tmpDir;
-}
-
 export function getInputs(): Inputs {
   return {
-    images: getInputList('images', true),
-    tags: getInputList('tags', true),
-    flavor: getInputList('flavor', true),
-    labels: getInputList('labels', true),
+    context: (core.getInput('context') || ContextSource.workflow) as ContextSource,
+    images: Util.getInputList('images', {ignoreComma: true, comment: '#'}),
+    tags: Util.getInputList('tags', {ignoreComma: true, comment: '#'}),
+    flavor: Util.getInputList('flavor', {ignoreComma: true, comment: '#'}),
+    labels: Util.getInputList('labels', {ignoreComma: true, comment: '#'}),
+    annotations: Util.getInputList('annotations', {ignoreComma: true, comment: '#'}),
     sepTags: core.getInput('sep-tags', {trimWhitespace: false}) || `\n`,
     sepLabels: core.getInput('sep-labels', {trimWhitespace: false}) || `\n`,
+    sepAnnotations: core.getInput('sep-annotations', {trimWhitespace: false}) || `\n`,
     bakeTarget: core.getInput('bake-target') || `docker-metadata-action`,
     githubToken: core.getInput('github-token')
   };
 }
 
-export function getInputList(name: string, ignoreComma?: boolean): string[] {
-  const res: Array<string> = [];
-
-  const items = core.getInput(name);
-  if (items == '') {
-    return res;
-  }
-
-  const records = parse(items, {
-    columns: false,
-    relaxQuotes: true,
-    comment: '#',
-    relaxColumnCount: true,
-    skipEmptyLines: true
-  });
-
-  for (const record of records as Array<string[]>) {
-    if (record.length == 1) {
-      res.push(record[0]);
-      continue;
-    } else if (!ignoreComma) {
-      res.push(...record);
-      continue;
-    }
-    res.push(record.join(','));
-  }
-
-  return res.filter(item => item).map(pat => pat.trim());
+export enum ContextSource {
+  workflow = 'workflow',
+  git = 'git'
 }
 
-export const asyncForEach = async (array, callback) => {
-  for (let index = 0; index < array.length; index++) {
-    await callback(array[index], index, array);
+export async function getContext(source: ContextSource, toolkit: Toolkit): Promise<Context> {
+  switch (source) {
+    case ContextSource.workflow:
+      return await getContextFromWorkflow(toolkit);
+    case ContextSource.git:
+      return await getContextFromGit();
+    default:
+      throw new Error(`Invalid context source: ${source}`);
   }
-};
+}
+
+async function getContextFromWorkflow(toolkit: Toolkit): Promise<Context> {
+  const context = GitHub.context;
+
+  // Needs to override Git reference with pr ref instead of upstream branch ref
+  // for pull_request_target event
+  // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+  if (/pull_request_target/.test(context.eventName)) {
+    context.ref = `refs/pull/${context.payload.number}/merge`;
+  }
+
+  // DOCKER_METADATA_PR_HEAD_SHA env var can be used to set associated head
+  // SHA instead of commit SHA that triggered the workflow on pull request
+  // event.
+  if (/true/i.test(process.env.DOCKER_METADATA_PR_HEAD_SHA || '')) {
+    if ((/pull_request/.test(context.eventName) || /pull_request_target/.test(context.eventName)) && context.payload?.pull_request?.head?.sha != undefined) {
+      context.sha = context.payload.pull_request.head.sha;
+    }
+  }
+
+  return {
+    commitDate: await getCommitDateFromWorkflow(context.sha, toolkit),
+    ...context
+  } as Context;
+}
+
+async function getContextFromGit(): Promise<Context> {
+  const ctx = await Git.context();
+
+  return {
+    commitDate: await Git.commitDate(ctx.sha),
+    ...ctx
+  } as Context;
+}
+
+async function getCommitDateFromWorkflow(sha: string, toolkit: Toolkit): Promise<Date> {
+  const event = GitHub.context.payload as unknown as {
+    // branch push
+    commits?: Array<{
+      timestamp: string;
+      // commit sha
+      id: string;
+    }>;
+    // tags
+    head_commit?: {
+      timestamp: string;
+      // commit sha
+      id: string;
+    };
+  };
+
+  if (event.commits) {
+    const commitDate = event.commits.find(x => x.id === sha)?.timestamp;
+    if (commitDate) {
+      return new Date(commitDate);
+    }
+  }
+
+  if (event.head_commit) {
+    if (event.head_commit.id === sha) {
+      return new Date(event.head_commit.timestamp);
+    }
+  }
+
+  // fallback to github api for commit date
+  try {
+    const commit = await toolkit.github.octokit.rest.repos.getCommit({
+      owner: GitHub.context.repo.owner,
+      repo: GitHub.context.repo.repo,
+      ref: sha
+    });
+    if (commit.data.commit.committer?.date) {
+      return new Date(commit.data.commit.committer.date);
+    }
+    throw new Error('Committer date not found');
+  } catch (error) {
+    core.debug(`Failed to get commit date from GitHub API: ${error.message}`);
+    return new Date();
+  }
+}

src/github.ts

@@ -1,16 +0,0 @@
-import * as github from '@actions/github';
-import {Context} from '@actions/github/lib/context';
-import {components as OctoOpenApiTypes} from '@octokit/openapi-types';
-
-export type ReposGetResponseData = OctoOpenApiTypes['schemas']['repository'];
-
-export function context(): Context {
-  return github.context;
-}
-
-export async function repo(token: string): Promise<ReposGetResponseData> {
-  return github
-    .getOctokit(token)
-    .rest.repos.get({...github.context.repo})
-    .then(response => response.data as ReposGetResponseData);
-}

src/main.ts

@@ -1,34 +1,37 @@
 import * as fs from 'fs';
-import {getInputs, Inputs} from './context';
-import * as github from './github';
-import {Meta, Version} from './meta';
 import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
+import * as actionsToolkit from '@docker/actions-toolkit';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';
 
-async function run() {
-  try {
-    const inputs: Inputs = await getInputs();
-    if (inputs.images.length == 0) {
-      throw new Error(`images input required`);
-    }
+import {getContext, getInputs, Inputs} from './context';
+import {Meta, Version} from './meta';
 
-    const context: Context = github.context();
-    const repo: github.ReposGetResponseData = await github.repo(inputs.githubToken);
-    core.startGroup(`Context info`);
-    core.info(`eventName: ${context.eventName}`);
-    core.info(`sha: ${context.sha}`);
-    core.info(`ref: ${context.ref}`);
-    core.info(`workflow: ${context.workflow}`);
-    core.info(`action: ${context.action}`);
-    core.info(`actor: ${context.actor}`);
-    core.info(`runNumber: ${context.runNumber}`);
-    core.info(`runId: ${context.runId}`);
-    core.endGroup();
+actionsToolkit.run(
+  // main
+  async () => {
+    const inputs: Inputs = getInputs();
+    const toolkit = new Toolkit({githubToken: inputs.githubToken});
+    const context = await getContext(inputs.context, toolkit);
+    const repo = await toolkit.github.repoData();
+    const setOutput = outputEnvEnabled() ? setOutputAndEnv : core.setOutput;
+
+    await core.group(`Context info`, async () => {
+      core.info(`eventName: ${context.eventName}`);
+      core.info(`sha: ${context.sha}`);
+      core.info(`ref: ${context.ref}`);
+      core.info(`workflow: ${context.workflow}`);
+      core.info(`action: ${context.action}`);
+      core.info(`actor: ${context.actor}`);
+      core.info(`runNumber: ${context.runNumber}`);
+      core.info(`runId: ${context.runId}`);
+      core.info(`commitDate: ${context.commitDate}`);
+    });
 
     if (core.isDebug()) {
-      core.startGroup(`Webhook payload`);
-      core.info(JSON.stringify(context.payload, null, 2));
-      core.endGroup();
+      await core.group(`Webhook payload`, async () => {
+        core.info(JSON.stringify(context.payload, null, 2));
+      });
     }
 
     const meta: Meta = new Meta(inputs, context, repo);
@@ -37,9 +40,9 @@ async function run() {
     if (meta.version.main == undefined || meta.version.main.length == 0) {
       core.warning(`No Docker image version has been generated. Check tags input.`);
     } else {
-      core.startGroup(`Docker image version`);
-      core.info(version.main || '');
-      core.endGroup();
+      await core.group(`Docker image version`, async () => {
+        core.info(version.main || '');
+      });
     }
     setOutput('version', version.main || '');
 
@@ -48,44 +51,70 @@ async function run() {
     if (tags.length == 0) {
       core.warning('No Docker tag has been generated. Check tags input.');
     } else {
-      core.startGroup(`Docker tags`);
-      for (const tag of tags) {
-        core.info(tag);
-      }
-      core.endGroup();
+      await core.group(`Docker tags`, async () => {
+        for (const tag of tags) {
+          core.info(tag);
+        }
+      });
     }
     setOutput('tags', tags.join(inputs.sepTags));
 
     // Docker labels
     const labels: Array<string> = meta.getLabels();
-    core.startGroup(`Docker labels`);
-    for (const label of labels) {
-      core.info(label);
-    }
-    core.endGroup();
-    setOutput('labels', labels.join(inputs.sepLabels));
+    await core.group(`Docker labels`, async () => {
+      for (const label of labels) {
+        core.info(label);
+      }
+      setOutput('labels', labels.join(inputs.sepLabels));
+    });
+
+    // Annotations
+    const annotationsRaw: Array<string> = meta.getAnnotations();
+    const annotationsLevels = process.env.DOCKER_METADATA_ANNOTATIONS_LEVELS || 'manifest';
+    await core.group(`Annotations`, async () => {
+      const annotations: Array<string> = [];
+      for (const level of annotationsLevels.split(',')) {
+        annotations.push(
+          ...annotationsRaw.map(label => {
+            const v = `${level}:${label}`;
+            core.info(v);
+            return v;
+          })
+        );
+      }
+      setOutput(`annotations`, annotations.join(inputs.sepAnnotations));
+    });
 
     // JSON
-    const jsonOutput = meta.getJSON();
-    core.startGroup(`JSON output`);
-    core.info(JSON.stringify(jsonOutput, null, 2));
-    core.endGroup();
-    setOutput('json', JSON.stringify(jsonOutput));
+    const jsonOutput = meta.getJSON(annotationsLevels.split(','));
+    await core.group(`JSON output`, async () => {
+      core.info(JSON.stringify(jsonOutput, null, 2));
+      setOutput('json', JSON.stringify(jsonOutput));
+    });
 
-    // Bake file definition
-    const bakeFile: string = meta.getBakeFile();
-    core.startGroup(`Bake file definition`);
-    core.info(fs.readFileSync(bakeFile, 'utf8'));
-    core.endGroup();
-    setOutput('bake-file', bakeFile);
-  } catch (error) {
-    core.setFailed(error.message);
+    // Bake files
+    for (const kind of ['tags', 'labels', 'annotations:' + annotationsLevels]) {
+      const outputName = kind.split(':')[0];
+      const bakeFile: string = meta.getBakeFile(kind);
+      await core.group(`Bake file definition (${outputName})`, async () => {
+        core.info(fs.readFileSync(bakeFile, 'utf8'));
+        setOutput(`bake-file-${outputName}`, bakeFile);
+      });
+    }
+
+    // Bake file with tags and labels
+    setOutput(`bake-file`, `${meta.getBakeFileTagsLabels()}`);
   }
-}
+);
 
-function setOutput(name: string, value: string) {
+function setOutputAndEnv(name: string, value: string) {
   core.setOutput(name, value);
   core.exportVariable(`DOCKER_METADATA_OUTPUT_${name.replace(/\W/g, '_').toUpperCase()}`, value);
 }
 
-run();
+function outputEnvEnabled(): boolean {
+  if (process.env.DOCKER_METADATA_SET_OUTPUT_ENV) {
+    return Util.parseBool(process.env.DOCKER_METADATA_SET_OUTPUT_ENV);
+  }
+  return true;
+}

src/meta.ts

@@ -4,13 +4,16 @@ import * as path from 'path';
 import moment from 'moment-timezone';
 import * as pep440 from '@renovate/pep440';
 import * as semver from 'semver';
-import {Inputs, tmpDir} from './context';
-import {ReposGetResponseData} from './github';
+import * as core from '@actions/core';
+import {Context as ToolkitContext} from '@docker/actions-toolkit/lib/context';
+import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
+
+import {Inputs, Context} from './context';
 import * as icl from './image';
 import * as tcl from './tag';
 import * as fcl from './flavor';
-import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
+
+const defaultShortShaLength = 7;
 
 export interface Version {
   main: string | undefined;
@@ -23,29 +26,13 @@ export class Meta {
 
   private readonly inputs: Inputs;
   private readonly context: Context;
-  private readonly repo: ReposGetResponseData;
+  private readonly repo: GitHubRepo;
   private readonly images: icl.Image[];
   private readonly tags: tcl.Tag[];
   private readonly flavor: fcl.Flavor;
   private readonly date: Date;
 
-  constructor(inputs: Inputs, context: Context, repo: ReposGetResponseData) {
-    // Needs to override Git reference with pr ref instead of upstream branch ref
-    // for pull_request_target event
-    // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
-    if (/pull_request_target/.test(context.eventName)) {
-      context.ref = `refs/pull/${context.payload.number}/merge`;
-    }
-
-    // DOCKER_METADATA_PR_HEAD_SHA env var can be used to set associated head
-    // SHA instead of commit SHA that triggered the workflow on pull request
-    // event.
-    if (/true/i.test(process.env.DOCKER_METADATA_PR_HEAD_SHA || '')) {
-      if ((/pull_request/.test(context.eventName) || /pull_request_target/.test(context.eventName)) && context.payload?.pull_request?.head?.sha != undefined) {
-        context.sha = context.payload.pull_request.head.sha;
-      }
-    }
-
+  constructor(inputs: Inputs, context: Context, repo: GitHubRepo) {
     this.inputs = inputs;
     this.context = context;
     this.repo = repo;
@@ -127,6 +114,7 @@ export class Meta {
     }
 
     const currentDate = this.date;
+    const commitDate = this.context.commitDate;
     const vraw = this.setValue(
       handlebars.compile(tag.attrs['pattern'])({
         date: function (format, options) {
@@ -142,6 +130,20 @@ export class Meta {
             }
           });
           return m.tz(tz).format(format);
+        },
+        commit_date: function (format, options) {
+          const m = moment(commitDate);
+          let tz = 'UTC';
+          Object.keys(options.hash).forEach(key => {
+            switch (key) {
+              case 'tz':
+                tz = options.hash[key];
+                break;
+              default:
+                throw new Error(`Unknown ${key} attribute`);
+            }
+          });
+          return m.tz(tz).format(format);
         }
       }),
       tag
@@ -168,7 +170,7 @@ export class Meta {
 
     let latest = false;
     const sver = semver.parse(vraw, {
-      includePrerelease: true
+      loose: true
     });
     if (semver.prerelease(vraw)) {
       if (Meta.isRawStatement(tag.attrs['pattern'])) {
@@ -321,7 +323,7 @@ export class Meta {
 
     let val = this.context.sha;
     if (tag.attrs['format'] === tcl.ShaFormat.Short) {
-      val = this.context.sha.substring(0, 7);
+      val = Meta.shortSha(this.context.sha);
     }
 
     const vraw = this.setValue(val, tag);
@@ -370,54 +372,69 @@ export class Meta {
     return val;
   }
 
-  private setGlobalExp(val): string {
-    const ctx = this.context;
+  private setGlobalExp(val: string): string {
+    const context = this.context;
     const currentDate = this.date;
+    const commitDate = this.context.commitDate;
     return handlebars.compile(val)({
       branch: function () {
-        if (!/^refs\/heads\//.test(ctx.ref)) {
+        if (!/^refs\/heads\//.test(context.ref)) {
           return '';
         }
-        return ctx.ref.replace(/^refs\/heads\//g, '');
+        return context.ref.replace(/^refs\/heads\//g, '');
       },
       tag: function () {
-        if (!/^refs\/tags\//.test(ctx.ref)) {
+        if (!/^refs\/tags\//.test(context.ref)) {
           return '';
         }
-        return ctx.ref.replace(/^refs\/tags\//g, '');
+        return context.ref.replace(/^refs\/tags\//g, '');
       },
       sha: function () {
-        return ctx.sha.substring(0, 7);
+        return Meta.shortSha(context.sha);
       },
       base_ref: function () {
-        if (/^refs\/tags\//.test(ctx.ref) && ctx.payload?.base_ref != undefined) {
-          return ctx.payload.base_ref.replace(/^refs\/heads\//g, '');
+        if (/^refs\/tags\//.test(context.ref) && context.payload?.base_ref != undefined) {
+          return context.payload.base_ref.replace(/^refs\/heads\//g, '');
         }
         // FIXME: keep this for backward compatibility even if doesn't always seem
         //  to return the expected branch. See the comment below.
-        if (/^refs\/pull\//.test(ctx.ref) && ctx.payload?.pull_request?.base?.ref != undefined) {
-          return ctx.payload.pull_request.base.ref;
+        if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
+          return context.payload.pull_request.base.ref;
         }
         return '';
       },
+      commit_date: function (format, options) {
+        const m = moment(commitDate);
+        let tz = 'UTC';
+        Object.keys(options.hash).forEach(key => {
+          switch (key) {
+            case 'tz':
+              tz = options.hash[key];
+              break;
+            default:
+              throw new Error(`Unknown ${key} attribute`);
+          }
+        });
+        return m.tz(tz).format(format);
+      },
       is_default_branch: function () {
-        const branch = ctx.ref.replace(/^refs\/heads\//g, '');
+        const branch = context.ref.replace(/^refs\/heads\//g, '');
         // TODO: "base_ref" is available in the push payload but doesn't always seem to
         //  return the expected branch when the push tag event occurs. It's also not
         //  documented in GitHub docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
         //  more context: https://github.com/docker/metadata-action/pull/192#discussion_r854673012
-        // if (/^refs\/tags\//.test(ctx.ref) && ctx.payload?.base_ref != undefined) {
-        //   branch = ctx.payload.base_ref.replace(/^refs\/heads\//g, '');
+        // if (/^refs\/tags\//.test(context.ref) && context.payload?.base_ref != undefined) {
+        //   branch = context.payload.base_ref.replace(/^refs\/heads\//g, '');
         // }
         if (branch == undefined || branch.length == 0) {
           return 'false';
         }
-        if (ctx.payload?.repository?.default_branch == branch) {
+        if (context.payload?.repository?.default_branch == branch) {
           return 'true';
         }
         // following events always trigger for last commit on default branch
         // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
-        if (/create/.test(ctx.eventName) || /discussion/.test(ctx.eventName) || /issues/.test(ctx.eventName) || /schedule/.test(ctx.eventName)) {
+        if (/create/.test(context.eventName) || /discussion/.test(context.eventName) || /issues/.test(context.eventName) || /schedule/.test(context.eventName)) {
           return 'true';
         }
         return 'false';
@@ -454,22 +471,43 @@ export class Meta {
     if (!this.version.main) {
       return [];
     }
-    const tags: Array<string> = [];
-    for (const imageName of this.getImageNames()) {
-      tags.push(`${imageName}:${this.version.main}`);
+
+    const generateTags = (imageName: string, version: string): Array<string> => {
+      const tags: Array<string> = [];
+      const prefix = imageName !== '' ? `${imageName}:` : '';
+      tags.push(`${prefix}${version}`);
       for (const partial of this.version.partial) {
-        tags.push(`${imageName}:${partial}`);
+        tags.push(`${prefix}${partial}`);
       }
       if (this.version.latest) {
         const latestTag = `${this.flavor.prefixLatest ? this.flavor.prefix : ''}latest${this.flavor.suffixLatest ? this.flavor.suffix : ''}`;
-        tags.push(`${imageName}:${Meta.sanitizeTag(latestTag)}`);
+        tags.push(`${prefix}${Meta.sanitizeTag(latestTag)}`);
       }
+      return tags;
+    };
+
+    const tags: Array<string> = [];
+    const images = this.getImageNames();
+    if (images.length > 0) {
+      for (const imageName of images) {
+        tags.push(...generateTags(imageName, this.version.main));
+      }
+    } else {
+      tags.push(...generateTags('', this.version.main));
     }
     return tags;
   }
 
   public getLabels(): Array<string> {
-    const labels: Array<string> = [
+    return this.getOCIAnnotationsWithCustoms(this.inputs.labels);
+  }
+
+  public getAnnotations(): Array<string> {
+    return this.getOCIAnnotationsWithCustoms(this.inputs.annotations);
+  }
+
+  private getOCIAnnotationsWithCustoms(extra: string[]): Array<string> {
+    const res: Array<string> = [
       `org.opencontainers.image.title=${this.repo.name || ''}`,
       `org.opencontainers.image.description=${this.repo.description || ''}`,
       `org.opencontainers.image.url=${this.repo.html_url || ''}`,
@@ -479,11 +517,28 @@ export class Meta {
       `org.opencontainers.image.revision=${this.context.sha || ''}`,
       `org.opencontainers.image.licenses=${this.repo.license?.spdx_id || ''}`
     ];
-    labels.push(...this.inputs.labels);
-    return labels;
+    extra.forEach(label => {
+      res.push(this.setGlobalExp(label));
+    });
+
+    return Array.from(
+      new Map<string, string>(
+        res
+          .map(label => label.split('='))
+          // eslint-disable-next-line @typescript-eslint/no-unused-vars
+          .filter(([_key, ...values]) => values.length > 0)
+          .map(([key, ...values]) => [key, values.join('=')] as [string, string])
+      )
+    )
+      .sort((a, b) => a[0].localeCompare(b[0]))
+      .map(([key, value]) => `${key}=${value}`);
   }
 
-  public getJSON(): unknown {
+  public getJSON(alevels: string[]): unknown {
+    const annotations: Array<string> = [];
+    for (const level of alevels) {
+      annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+    }
     return {
       tags: this.getTags(),
       labels: this.getLabels().reduce((res, label) => {
@@ -493,39 +548,74 @@ export class Meta {
         }
         res[matches[1]] = matches[2];
         return res;
-      }, {})
+      }, {}),
+      annotations: annotations
     };
   }
 
-  public getBakeFile(): string {
-    const bakeFile = path.join(tmpDir(), 'docker-metadata-action-bake.json').split(path.sep).join(path.posix.sep);
-    fs.writeFileSync(
-      bakeFile,
-      JSON.stringify(
+  public getBakeFile(kind: string): string {
+    if (kind == 'tags') {
+      return this.generateBakeFile(
         {
-          target: {
-            [this.inputs.bakeTarget]: {
-              tags: this.getTags(),
-              labels: this.getLabels().reduce((res, label) => {
-                const matches = label.match(/([^=]*)=(.*)/);
-                if (!matches) {
-                  return res;
-                }
-                res[matches[1]] = matches[2];
-                return res;
-              }, {}),
-              args: {
-                DOCKER_META_IMAGES: this.getImageNames().join(','),
-                DOCKER_META_VERSION: this.version.main
-              }
-            }
+          tags: this.getTags(),
+          args: {
+            DOCKER_META_IMAGES: this.getImageNames().join(','),
+            DOCKER_META_VERSION: this.version.main
           }
         },
-        null,
-        2
-      )
-    );
+        kind
+      );
+    } else if (kind == 'labels') {
+      return this.generateBakeFile(
+        {
+          labels: this.getLabels().reduce((res, label) => {
+            const matches = label.match(/([^=]*)=(.*)/);
+            if (!matches) {
+              return res;
+            }
+            res[matches[1]] = matches[2];
+            return res;
+          }, {})
+        },
+        kind
+      );
+    } else if (kind.startsWith('annotations:')) {
+      const name = kind.split(':')[0];
+      const annotations: Array<string> = [];
+      for (const level of kind.split(':')[1].split(',')) {
+        annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+      }
+      return this.generateBakeFile(
+        {
+          annotations: annotations
+        },
+        name
+      );
+    }
+    throw new Error(`Unknown bake file type: ${kind}`);
+  }
 
+  public getBakeFileTagsLabels(): string {
+    return this.generateBakeFile({
+      tags: this.getTags(),
+      labels: this.getLabels().reduce((res, label) => {
+        const matches = label.match(/([^=]*)=(.*)/);
+        if (!matches) {
+          return res;
+        }
+        res[matches[1]] = matches[2];
+        return res;
+      }, {}),
+      args: {
+        DOCKER_META_IMAGES: this.getImageNames().join(','),
+        DOCKER_META_VERSION: this.version.main
+      }
+    });
+  }
+
+  private generateBakeFile(dt, suffix?: string): string {
+    const bakeFile = path.join(ToolkitContext.tmpDir(), `docker-metadata-action-bake${suffix ? `-${suffix}` : ''}.json`);
+    fs.writeFileSync(bakeFile, JSON.stringify({target: {[this.inputs.bakeTarget]: dt}}, null, 2));
     return bakeFile;
   }
 
@@ -536,4 +626,18 @@ export class Meta {
   private static sanitizeTag(tag: string): string {
     return tag.replace(/[^a-zA-Z0-9._-]+/g, '-');
   }
+
+  private static shortSha(sha: string): string {
+    let shortShaLength = defaultShortShaLength;
+    if (process.env.DOCKER_METADATA_SHORT_SHA_LENGTH) {
+      if (isNaN(Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH))) {
+        throw new Error(`DOCKER_METADATA_SHORT_SHA_LENGTH is not a valid number: ${process.env.DOCKER_METADATA_SHORT_SHA_LENGTH}`);
+      }
+      shortShaLength = Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH);
+    }
+    if (shortShaLength >= sha.length) {
+      return sha;
+    }
+    return sha.substring(0, shortShaLength);
+  }
 }

test/json.Dockerfile

@@ -1,6 +0,0 @@
-# syntax=docker/dockerfile:1
-FROM alpine
-RUN apk add --no-cache coreutils jq
-ARG BUILDINFO
-RUN printenv BUILDINFO
-RUN echo $BUILDINFO | jq

test/output.Dockerfile

@@ -4,9 +4,11 @@ RUN apk add --no-cache coreutils jq
 ARG DOCKER_METADATA_OUTPUT_VERSION
 ARG DOCKER_METADATA_OUTPUT_TAGS
 ARG DOCKER_METADATA_OUTPUT_LABELS
+ARG DOCKER_METADATA_OUTPUT_ANNOTATIONS
 ARG DOCKER_METADATA_OUTPUT_JSON
 RUN printenv DOCKER_METADATA_OUTPUT_VERSION
 RUN printenv DOCKER_METADATA_OUTPUT_TAGS
 RUN printenv DOCKER_METADATA_OUTPUT_LABELS
+RUN printenv DOCKER_METADATA_OUTPUT_ANNOTATIONS
 RUN printenv DOCKER_METADATA_OUTPUT_JSON
 RUN echo $DOCKER_METADATA_OUTPUT_JSON | jq

tsconfig.json

@@ -1,20 +1,22 @@
 {
   "compilerOptions": {
+    "esModuleInterop": true,
     "target": "es6",
     "module": "commonjs",
+    "strict": true,
     "newLine": "lf",
     "outDir": "./lib",
     "rootDir": "./src",
-    "esModuleInterop": true,
     "forceConsistentCasingInFileNames": true,
-    "strict": true,
     "noImplicitAny": false,
     "resolveJsonModule": true,
     "useUnknownInCatchVariables": false,
   },
   "exclude": [
+    "./__mocks__/**/*",
+    "./__tests__/**/*",
+    "./lib/**/*",
     "node_modules",
-    "**/*.test.ts",
     "jest.config.ts"
   ]
 }