Merge pull request #316 from crazy-max/fix-no-default-attest

handle no default attestations env var

.github/workflows/ci-subaction.yml

@@ -38,9 +38,15 @@ jobs:
         with:
           workdir: ./test/group
       -
-        name: Show matrix
-        run: |
-          echo matrix=${{ steps.gen.outputs.matrix }}
+        name: Check targets
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const targets = `${{ steps.gen.outputs.targets }}`;
+            if (!targets) {
+              core.setFailed('No targets generated');
+            }
+            core.info(`targets=${targets}`);
 
   list-targets-group-matrix:
     runs-on: ubuntu-latest
@@ -56,6 +62,38 @@ jobs:
           workdir: ./test/group-matrix
           target: validate
       -
-        name: Show matrix
-        run: |
-          echo matrix=${{ steps.gen.outputs.matrix }}
+        name: Check targets
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const targets = `${{ steps.gen.outputs.targets }}`;
+            if (!targets) {
+              core.setFailed('No targets generated');
+            }
+            core.info(`targets=${targets}`);
+
+  list-targets-multi-files:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Matrix gen
+        id: gen
+        uses: ./subaction/list-targets
+        with:
+          workdir: ./test/multi-files
+          files: |
+            docker-bake.json
+            docker-bake.hcl
+      -
+        name: Check targets
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const targets = `${{ steps.gen.outputs.targets }}`;
+            if (!targets) {
+              core.setFailed('No targets generated');
+            }
+            core.info(`targets=${targets}`);

.github/workflows/ci.yml

@@ -32,8 +32,8 @@ on:
       - 'subaction/**'
 
 env:
-  BUILDX_VERSION: latest
-  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
+  BUILDX_VERSION: edge
+  BUILDKIT_IMAGE: moby/buildkit:latest
 
 jobs:
   bake:
@@ -69,6 +69,7 @@ jobs:
         name: Build and push
         uses: ./
         with:
+          source: .
           builder: ${{ steps.buildx.outputs.name }}
           files: |
             ./test/config.hcl
@@ -87,6 +88,7 @@ jobs:
         continue-on-error: true
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
           set: |
@@ -108,6 +110,7 @@ jobs:
         continue-on-error: true
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
       -
@@ -144,10 +147,11 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
 
-  source:
+  remote:
     runs-on: ubuntu-latest
     steps:
       -
@@ -188,6 +192,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
+          source: .
           targets: binary
           provenance: ${{ matrix.attrs }}
           set: |
@@ -229,6 +234,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
+          source: .
           targets: ${{ matrix.target }}
           sbom: true
           set: |
@@ -275,6 +281,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
+          source: .
           set: |
             *.platform=linux/amd64
             *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
@@ -304,6 +311,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/group
+          source: .
           push: true
           set: |
             t1.tags=localhost:5000/name/app:t1
@@ -324,6 +332,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
 
@@ -361,6 +370,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
           targets: app-proxy
@@ -396,6 +406,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
 
@@ -415,8 +426,6 @@ jobs:
       -
         name: Build
         uses: ./
-        with:
-          source: "{{defaultContext}}"
 
   git-context-and-local:
     runs-on: ubuntu-latest
@@ -439,7 +448,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: "{{defaultContext}}"
           files: |
             cwd://${{ steps.meta.outputs.bake-file }}
 
@@ -466,6 +474,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
+          source: .
           set: |
             *.output=type=image,name=localhost:5000/name/app:latest,push=true
             *.output=type=docker,name=app:local
@@ -509,6 +518,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
+          source: .
           targets: image
           load: true
           push: true
@@ -563,6 +573,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: .
           files: |
             ./test/config.hcl
           targets: app
@@ -648,7 +659,7 @@ jobs:
       fail-fast: false
       matrix:
         buildx-version:
-          - latest
+          - edge
           - v0.14.1
     steps:
       -
@@ -666,6 +677,7 @@ jobs:
         uses: ./
         with:
           workdir: ./test
+          source: .
           files: |
             ./lint.hcl
 
@@ -687,7 +699,54 @@ jobs:
         uses: ./
         with:
           workdir: ./test
+          source: .
           files: |
             ./lint.hcl
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
+
+  allow:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        buildx-version:
+          - edge
+          - v0.19.0
+          - v0.18.0
+          - v0.17.1
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ matrix.buildx-version }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          allow: network.host
+          targets: app-entitlements
+
+  no-default-attestations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: 1

.github/workflows/pr-assign-author.yml

@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -26,12 +26,13 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Test
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
+          source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
-          file: ./coverage/clover.xml
+          files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/validate.yml

@@ -36,11 +36,8 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}

README.md

@@ -14,8 +14,8 @@ as a high-level build command.
 ___
 
 * [Usage](#usage)
-  * [Path context](#path-context)
   * [Git context](#git-context)
+  * [Path context](#path-context)
 * [Summaries](#summaries)
 * [Customizing](#customizing)
   * [inputs](#inputs)
@@ -27,84 +27,51 @@ ___
 
 ## Usage
 
-### Path context
-
-By default, this action will use the local bake definition (`source: .`), so
-you need to use the [`actions/checkout`](https://github.com/actions/checkout/)
-action to check out the repository.
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  bake:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/bake-action@v5
-        with:
-          push: true
-```
-
 ### Git context
 
-Git context can be provided using the [`source` input](#inputs). This means
-that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
+to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
+does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
 action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
 will do this directly.
 
+The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
 ```yaml
 name: ci
 
 on:
   push:
-    branches:
-      - 'master'
 
 jobs:
   bake:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
       -
         name: Login to DockerHub
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       -
         name: Build and push
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
-          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
           push: true
+          set: |
+            *.tags=user/app:latest
 ```
 
 Be careful because **any file mutation in the steps that precede the build step
 will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the Git reference. However, you can use the
-[Path context](#path-context) alongside the [`actions/checkout`](https://github.com/actions/checkout/)
-action to remove this restriction.
+[Path context](#path-context) using the [`source` input](#inputs) alongside
+the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
 
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
@@ -113,10 +80,12 @@ to the default Git context:
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
           source: "{{defaultContext}}:mysubdir"
           push: true
+          set: |
+            *.tags=user/app:latest
 ```
 
 Building from the current repository automatically uses the `GITHUB_TOKEN`
@@ -131,14 +100,49 @@ another private repository for remote definitions, you can set the
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
-          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
           push: true
+          set: |
+            *.tags=user/app:latest
         env:
           BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
 ```
 
+### Path context
+
+```yaml
+name: ci
+
+on:
+  push:
+
+jobs:
+  bake:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build and push
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          push: true
+          set: |
+            *.tags=user/app:latest
+```
+
 ## Summaries
 
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
@@ -153,6 +157,19 @@ additional details about the build execution for all the bake targets,
 including build stats, logs, outputs, and more. The build record can be
 imported to Docker Desktop for inspecting the build in greater detail.
 
+> [!WARNING]
+>
+> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
+> action in your workflow, you need to ignore the build record artifacts
+> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
+> otherwise the action will fail:
+> ```yaml
+> - uses: actions/download-artifact@v4
+>   with:
+>     pattern: "!*.dockerbuild"
+> ```
+> More info: https://github.com/actions/toolkit/pull/1874
+
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 
@@ -184,6 +201,7 @@ The following inputs can be used as `step.with` keys
 |----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `builder`      | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                        |
 | `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition)    |
+| `allow`        | List/CSV    | Allow build to access specified resources (e.g., `network.host`)                                                                                                   |
 | `files`        | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                                                     |
 | `workdir`      | String      | Working directory of execution                                                                                                                                     |
 | `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
@@ -193,7 +211,7 @@ The following inputs can be used as `step.with` keys
 | `provenance`   | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance`                                      |
 | `push`         | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                                           |
 | `sbom`         | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                                             |
-| `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`)                        |
+| `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`)                      |
 | `github-token` | String      | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
 
 ### outputs

__tests__/context.test.ts

@@ -1,4 +1,4 @@
-import {beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 
@@ -122,6 +122,7 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
 });
 
 describe('getArgs', () => {
+  const originalEnv = process.env;
   beforeEach(() => {
     process.env = Object.keys(process.env).reduce((object, key) => {
       if (!key.startsWith('INPUT_')) {
@@ -130,6 +131,9 @@ describe('getArgs', () => {
       return object;
     }, {});
   });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
 
   // prettier-ignore
   test.each([
@@ -137,6 +141,7 @@ describe('getArgs', () => {
       0,
       '0.4.1',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -144,12 +149,14 @@ describe('getArgs', () => {
       ]),
       [
         'bake',
-      ]
+      ],
+      undefined
     ],
     [
       1,
       '0.8.2',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -158,12 +165,14 @@ describe('getArgs', () => {
       [
         'bake',
         '--metadata-file', metadataJson
-      ]
+      ],
+      undefined
     ],
     [
       2,
       '0.8.2',
       new Map<string, string>([
+        ['source', '.'],
         ['targets', 'webapp\nvalidate'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -174,12 +183,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         'webapp', 'validate'
-      ]
+      ],
+      undefined
     ],
     [
       3,
       '0.8.2',
       new Map<string, string>([
+        ['source', '.'],
         ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -191,12 +202,14 @@ describe('getArgs', () => {
         '--set', '*.cache-from=type=gha',
         '--set', '*.cache-to=type=gha',
         '--metadata-file', metadataJson
-      ]
+      ],
+      undefined
     ],
     [
       4,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -206,12 +219,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
+      ],
+      undefined
     ],
     [
       5,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -222,12 +237,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ]
+      ],
+      undefined
     ],
     [
       6,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -238,12 +255,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ]
+      ],
+      undefined
     ],
     [
       7,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -254,12 +273,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'false'
-      ]
+      ],
+      undefined
     ],
     [
       8,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -270,12 +291,14 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'builder-id=foo'
-      ]
+      ],
+      undefined
     ],
     [
       9,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -290,12 +313,14 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ]
+      ],
+      undefined
     ],
     [
       10,
       '0.10.0',
       new Map<string, string>([
+        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -309,13 +334,13 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ]
+      ],
+      undefined
     ],
     [
       11,
       '0.10.0',
       new Map<string, string>([
-        ['source', '{{defaultContext}}'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -328,11 +353,74 @@ describe('getArgs', () => {
         '--file', './foo.hcl',
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
+      ],
+      undefined
+    ],
+    [
+      12,
+      '0.17.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['allow', 'network.host'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'bake',
+        '--allow', 'network.host',
+        '--metadata-file', metadataJson,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+      ],
+      undefined
+    ],
+    [
+      13,
+      '0.15.0',
+      new Map<string, string>([
+        ['source', '{{defaultContext}}:subdir'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['files', './foo.hcl'],
+      ]),
+      [
+        'bake',
+        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
+        '--file', './foo.hcl',
+        '--metadata-file', metadataJson,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ],
+      undefined
+    ],
+    [
+      14,
+      '0.15.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson
+      ],
+      new Map<string, string>([
+        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
+      ])
     ],
   ])(
     '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+      if (envs) {
+        envs.forEach((value: string, name: string) => {
+          process.env[name] = value;
+        });
+      }
       inputs.forEach((value: string, name: string) => {
         setInput(name, value);
       });

action.yml

@@ -13,6 +13,9 @@ inputs:
   source:
     description: "Context to build from. Can be either local or a remote bake definition"
     required: false
+  allow:
+    description: "Allow build to access specified resources (e.g., network.host)"
+    required: false
   files:
     description: "List of bake definition files"
     required: false

dist/licenses.txt

@@ -2358,9 +2358,6 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 
-dot-object
-MIT
-
 encoding
 MIT
 Copyright (c) 2012-2014 Andris Reinman
@@ -3691,9 +3688,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
-twirp-ts
-MIT
-
 undici
 MIT
 MIT License

docker-bake.hcl

@@ -1,3 +1,9 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
   targets = ["build"]
 }
@@ -11,42 +17,49 @@ group "validate" {
 }
 
 target "build" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
 target "vendor" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

package.json

@@ -26,8 +26,8 @@
   "license": "Apache-2.0",
   "packageManager": "yarn@3.6.3",
   "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@docker/actions-toolkit": "^0.37.1",
+    "@actions/core": "^1.11.1",
+    "@docker/actions-toolkit": "^0.59.0",
     "handlebars": "^4.7.8"
   },
   "devDependencies": {

src/context.ts

@@ -11,6 +11,7 @@ import {Util} from '@docker/actions-toolkit/lib/util';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 
 export interface Inputs {
+  allow: string[];
   builder: string;
   files: string[];
   workdir: string;
@@ -28,6 +29,7 @@ export interface Inputs {
 
 export async function getInputs(): Promise<Inputs> {
   return {
+    allow: Util.getInputList('allow'),
     builder: core.getInput('builder'),
     files: Util.getInputList('files'),
     workdir: core.getInput('workdir') || '.',
@@ -80,6 +82,15 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
   if (inputs.source) {
     args.push(inputs.source);
   }
+  if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
+    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
+      // allow filesystem entitlements by default
+      inputs.allow.push('fs=*');
+    }
+    await Util.asyncForEach(inputs.allow, async allow => {
+      args.push('--allow', allow);
+    });
+  }
   await Util.asyncForEach(inputs.files, async file => {
     args.push('--file', file);
   });
@@ -92,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
     if (inputs.provenance) {
       args.push('--provenance', inputs.provenance);
-    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+    } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
       // if provenance not specified and BuildKit version compatible for
       // attestation, set default provenance. Also needs to make sure user
       // doesn't want to explicitly load the image to docker.
@@ -136,8 +147,18 @@ function getSourceInput(name: string): string {
   let source = handlebars.compile(core.getInput(name))({
     defaultContext: Context.gitContext()
   });
+  if (!source) {
+    source = Context.gitContext();
+  }
   if (source === '.') {
     source = '';
   }
   return source;
 }
+
+function noDefaultAttestations(): boolean {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
+  }
+  return false;
+}

src/main.ts

@@ -95,6 +95,7 @@ actionsToolkit.run(
     await core.group(`Parsing raw definition`, async () => {
       definition = await toolkit.buildxBake.getDefinition(
         {
+          allow: inputs.allow,
           files: inputs.files,
           load: inputs.load,
           noCache: inputs['no-cache'],
@@ -126,9 +127,14 @@ actionsToolkit.run(
     };
 
     await core.group(`Bake definition`, async () => {
-      await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], {
+      await Exec.getExecOutput(buildCmd.command, [...buildCmd.args, '--print'], {
         cwd: inputs.workdir,
-        env: buildEnv
+        env: buildEnv,
+        ignoreReturnCode: true
+      }).then(res => {
+        if (res.stderr.length > 0 && res.exitCode != 0) {
+          throw Error(res.stderr);
+        }
       });
     });
 

subaction/list-targets/README.md

@@ -42,7 +42,7 @@ jobs:
       -
         name: List targets
         id: generate
-        uses: docker/bake-action/subaction/list-targets@v4
+        uses: docker/bake-action/subaction/list-targets@v6
         with:
           target: validate
 
@@ -60,7 +60,7 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}
 ```

subaction/list-targets/action.yml

@@ -29,7 +29,7 @@ runs:
       with:
         script: |
           let def;
-          const files = `${{ inputs.files }}` ? `${{ inputs.files }}`.split(',') : [];
+          const files = `${{ inputs.files }}` ? `${{ inputs.files }}`.split(/[\r?\n,]+/).filter(Boolean) : [];
           const target = `${{ inputs.target }}`;
 
           await core.group(`Validating definition`, async () => {

test/config.hcl

@@ -42,3 +42,8 @@ target "app-proxy" {
   inherits = ["app"]
   dockerfile = "proxy.Dockerfile"
 }
+
+target "app-entitlements" {
+  inherits = ["app"]
+  entitlements = ["network.host"]
+}

test/multi-files/docker-bake.hcl

@@ -0,0 +1,15 @@
+group "default" {
+  targets = ["t3"]
+}
+
+target "t3" {
+  name = "${item.tag}"
+  matrix = {
+    item = t3
+  }
+  args = {
+    VERSION = "${item.version}"
+    DUMMY_ARG = "${item.arg}"
+  }
+  tags = ["${item.tag}"]
+}

test/multi-files/docker-bake.json

@@ -0,0 +1,14 @@
+{
+  "t3": [
+    {
+      "version": "v1",
+      "arg": "v1-value",
+      "tag": "v1-tag"
+    },
+    {
+      "version": "v2",
+      "arg": "v2-value",
+      "tag": "v2-tag"
+    }
+  ]
+}

yarn.lock

@@ -12,9 +12,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/artifact@npm:^2.1.9":
-  version: 2.1.9
-  resolution: "@actions/artifact@npm:2.1.9"
+"@actions/artifact@npm:^2.3.2":
+  version: 2.3.2
+  resolution: "@actions/artifact@npm:2.3.2"
   dependencies:
     "@actions/core": ^1.10.0
     "@actions/github": ^5.1.1
@@ -26,19 +26,17 @@ __metadata:
     "@octokit/request-error": ^5.0.0
     "@protobuf-ts/plugin": ^2.2.3-alpha.1
     archiver: ^7.0.1
-    crypto: ^1.0.1
     jwt-decode: ^3.1.2
-    twirp-ts: ^2.5.0
     unzip-stream: ^0.3.1
-  checksum: b01404aa6b4d47186e04a64c0002100ff68a8473eafb811a3d49275a7e1135d1981ccaf527b81c4856f6da764beabe7489fd296bb287906fd7c1964dfaeef3df
+  checksum: 78ee41b43800accb2f3527e1733217c43d53693e7f96ce2470b16890fb84f5c2ebaaa6048ccdb6cfe188b54c02779ec99623c6932558e757f6829cfde203cf2c
   languageName: node
   linkType: hard
 
-"@actions/cache@npm:^3.2.4":
-  version: 3.2.4
-  resolution: "@actions/cache@npm:3.2.4"
+"@actions/cache@npm:^4.0.3":
+  version: 4.0.3
+  resolution: "@actions/cache@npm:4.0.3"
   dependencies:
-    "@actions/core": ^1.10.0
+    "@actions/core": ^1.11.1
     "@actions/exec": ^1.0.1
     "@actions/glob": ^0.1.0
     "@actions/http-client": ^2.1.1
@@ -46,13 +44,13 @@ __metadata:
     "@azure/abort-controller": ^1.1.0
     "@azure/ms-rest-js": ^2.6.0
     "@azure/storage-blob": ^12.13.0
+    "@protobuf-ts/plugin": ^2.9.4
     semver: ^6.3.1
-    uuid: ^3.3.3
-  checksum: 5bf5f7541bea4906b553440a9ffee5699e11dfb729365c6cb0bbd37e147a1a0993369fdad16bfa3e2b01ec7fa57dac66276278bfd4a389009246a75ea953e61d
+  checksum: ee9c2a21a70bd3f35c63f302af478e23f135c26deb77ea2e4eed29c62766a4b201fc7435651c0d56fa504c02d203107e3bdfda1dba18a3ee09338e1dfc3f2fe8
   languageName: node
   linkType: hard
 
-"@actions/core@npm:^1.10.0, @actions/core@npm:^1.10.1, @actions/core@npm:^1.2.6":
+"@actions/core@npm:^1.10.0, @actions/core@npm:^1.2.6":
   version: 1.10.1
   resolution: "@actions/core@npm:1.10.1"
   dependencies:
@@ -62,6 +60,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@actions/core@npm:^1.11.1":
+  version: 1.11.1
+  resolution: "@actions/core@npm:1.11.1"
+  dependencies:
+    "@actions/exec": ^1.1.1
+    "@actions/http-client": ^2.0.1
+  checksum: 9ac7a3e0b478bfefd862dcb4ddaa1d8c3f9076bb1931d3d280918d1749e7783480c6a009c1b009c8bf5093e2d77d9f4e023d70416145bf246f0071736d4ef839
+  languageName: node
+  linkType: hard
+
 "@actions/exec@npm:^1.0.0, @actions/exec@npm:^1.0.1, @actions/exec@npm:^1.1.1":
   version: 1.1.1
   resolution: "@actions/exec@npm:1.1.1"
@@ -105,7 +113,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/http-client@npm:^2.0.1, @actions/http-client@npm:^2.1.0, @actions/http-client@npm:^2.1.1, @actions/http-client@npm:^2.2.0, @actions/http-client@npm:^2.2.1":
+"@actions/http-client@npm:^2.0.1, @actions/http-client@npm:^2.1.0, @actions/http-client@npm:^2.1.1, @actions/http-client@npm:^2.2.0":
   version: 2.2.1
   resolution: "@actions/http-client@npm:2.2.1"
   dependencies:
@@ -115,6 +123,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@actions/http-client@npm:^2.2.3":
+  version: 2.2.3
+  resolution: "@actions/http-client@npm:2.2.3"
+  dependencies:
+    tunnel: ^0.0.6
+    undici: ^5.25.4
+  checksum: 5d395df575d30ae599efa10dd715e72944b015e753db61f0a823f737acbb0e99743d4a9f25e812b18ec8cc34f86c73565d075c449e01ffa891577b6595212dde
+  languageName: node
+  linkType: hard
+
 "@actions/io@npm:^1.0.1, @actions/io@npm:^1.1.1, @actions/io@npm:^1.1.3":
   version: 1.1.3
   resolution: "@actions/io@npm:1.1.3"
@@ -122,17 +140,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/tool-cache@npm:^2.0.1":
-  version: 2.0.1
-  resolution: "@actions/tool-cache@npm:2.0.1"
+"@actions/tool-cache@npm:^2.0.2":
+  version: 2.0.2
+  resolution: "@actions/tool-cache@npm:2.0.2"
   dependencies:
-    "@actions/core": ^1.2.6
+    "@actions/core": ^1.11.1
     "@actions/exec": ^1.0.0
     "@actions/http-client": ^2.0.1
     "@actions/io": ^1.1.1
     semver: ^6.1.0
-    uuid: ^3.3.2
-  checksum: 33f6393b9b163e4af2b9759e8d37cda4f018f10ddda3643355bb8a9f92d732e5bdff089cf8036b46d181e1ef2b3210b895b2f746fdf54487afe88f1d340aa9e1
+  checksum: c2bab4297be752bdda9dd61f8159a201ad0d37d026134b960f1edcc9418a80387f44d1f24a070fe992c44dcfc28a152f70600e76669bb0578132789a6f37a596
   languageName: node
   linkType: hard
 
@@ -1048,32 +1065,32 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@docker/actions-toolkit@npm:^0.37.1":
-  version: 0.37.1
-  resolution: "@docker/actions-toolkit@npm:0.37.1"
+"@docker/actions-toolkit@npm:^0.59.0":
+  version: 0.59.0
+  resolution: "@docker/actions-toolkit@npm:0.59.0"
   dependencies:
-    "@actions/artifact": ^2.1.9
-    "@actions/cache": ^3.2.4
-    "@actions/core": ^1.10.1
+    "@actions/artifact": ^2.3.2
+    "@actions/cache": ^4.0.3
+    "@actions/core": ^1.11.1
     "@actions/exec": ^1.1.1
     "@actions/github": ^6.0.0
-    "@actions/http-client": ^2.2.1
+    "@actions/http-client": ^2.2.3
     "@actions/io": ^1.1.3
-    "@actions/tool-cache": ^2.0.1
+    "@actions/tool-cache": ^2.0.2
     "@azure/storage-blob": ^12.15.0
     "@octokit/core": ^5.1.0
     "@octokit/plugin-rest-endpoint-methods": ^10.4.0
     async-retry: ^1.3.3
-    csv-parse: ^5.5.6
+    csv-parse: ^5.6.0
     gunzip-maybe: ^1.4.2
     handlebars: ^4.7.8
     he: ^1.2.0
     js-yaml: ^4.1.0
     jwt-decode: ^4.0.0
-    semver: ^7.6.3
+    semver: ^7.7.1
     tar-stream: ^3.1.7
     tmp: ^0.2.3
-  checksum: 7024fb86cc72e95df681ccdfdd44f3828f447e759138d5b70bff4f29cb4cb83fc487674adcff3c0c31cdf2e5fa5f1ee55bb6fbd01981fa053b8809e2639580a3
+  checksum: 0956071aa04e04132b789d47ba57813c566115bea9fdedf3c648d0a0da8ce12350de9cd2a796ce1da7b64b995ae073bfe344b0f63c6f331a45e60195e15680a6
   languageName: node
   linkType: hard
 
@@ -1876,7 +1893,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@protobuf-ts/plugin-framework@npm:^2.0.7, @protobuf-ts/plugin-framework@npm:^2.9.4":
+"@protobuf-ts/plugin-framework@npm:^2.9.4":
   version: 2.9.4
   resolution: "@protobuf-ts/plugin-framework@npm:2.9.4"
   dependencies:
@@ -1886,7 +1903,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@protobuf-ts/plugin@npm:^2.2.3-alpha.1":
+"@protobuf-ts/plugin@npm:^2.2.3-alpha.1, @protobuf-ts/plugin@npm:^2.9.4":
   version: 2.9.4
   resolution: "@protobuf-ts/plugin@npm:2.9.4"
   dependencies:
@@ -2762,16 +2779,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"camel-case@npm:^4.1.2":
-  version: 4.1.2
-  resolution: "camel-case@npm:4.1.2"
-  dependencies:
-    pascal-case: ^3.1.2
-    tslib: ^2.0.3
-  checksum: bcbd25cd253b3cbc69be3f535750137dbf2beb70f093bdc575f73f800acc8443d34fd52ab8f0a2413c34f1e8203139ffc88428d8863e4dfe530cfb257a379ad6
-  languageName: node
-  linkType: hard
-
 "camelcase@npm:^5.3.1":
   version: 5.3.1
   resolution: "camelcase@npm:5.3.1"
@@ -2931,13 +2938,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"commander@npm:^6.1.0":
-  version: 6.2.1
-  resolution: "commander@npm:6.2.1"
-  checksum: d7090410c0de6bc5c67d3ca41c41760d6d268f3c799e530aafb73b7437d1826bbf0d2a3edac33f8b57cc9887b4a986dce307fa5557e109be40eadb7c43b21742
-  languageName: node
-  linkType: hard
-
 "compress-commons@npm:^6.0.2":
   version: 6.0.2
   resolution: "compress-commons@npm:6.0.2"
@@ -3025,27 +3025,20 @@ __metadata:
   linkType: hard
 
 "cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
-  version: 7.0.3
-  resolution: "cross-spawn@npm:7.0.3"
+  version: 7.0.6
+  resolution: "cross-spawn@npm:7.0.6"
   dependencies:
     path-key: ^3.1.0
     shebang-command: ^2.0.0
     which: ^2.0.1
-  checksum: 671cc7c7288c3a8406f3c69a3ae2fc85555c04169e9d611def9a675635472614f1c0ed0ef80955d5b6d4e724f6ced67f0ad1bb006c2ea643488fcfef994d7f52
+  checksum: 8d306efacaf6f3f60e0224c287664093fa9185680b2d195852ba9a863f85d02dcc737094c6e512175f8ee0161f9b87c73c6826034c2422e39de7d6569cf4503b
   languageName: node
   linkType: hard
 
-"crypto@npm:^1.0.1":
-  version: 1.0.1
-  resolution: "crypto@npm:1.0.1"
-  checksum: 087fe3165bd94c333a49e6ed66a0193911f63eac38a24f379b3001a5fe260a59c413646e53a0f67875ba13902b2686d81dc703cb2c147a4ec727dcdc04e5645e
-  languageName: node
-  linkType: hard
-
-"csv-parse@npm:^5.5.6":
-  version: 5.5.6
-  resolution: "csv-parse@npm:5.5.6"
-  checksum: ee06f97f674487dc1d001b360de8ea510a41b9d971abf43bcf9c3be22c83a3634df0d3ebfbe52fd49d145077066be7ff9f25de3fc6b71aefb973099b04147a25
+"csv-parse@npm:^5.6.0":
+  version: 5.6.0
+  resolution: "csv-parse@npm:5.6.0"
+  checksum: 173e176bdaf212bab37d0f6d39a06d039d24a1c0ee40b9f1023ebf8b36095934807deeb493c0fb58592b39b0682ccd0be5c9e8d2b137c08807e7031595ea7a51
   languageName: node
   linkType: hard
 
@@ -3147,8 +3140,8 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "docker-buildx-bake@workspace:."
   dependencies:
-    "@actions/core": ^1.10.1
-    "@docker/actions-toolkit": ^0.37.1
+    "@actions/core": ^1.11.1
+    "@docker/actions-toolkit": ^0.59.0
     "@types/node": ^20.12.12
     "@typescript-eslint/eslint-plugin": ^7.9.0
     "@typescript-eslint/parser": ^7.9.0
@@ -3175,18 +3168,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"dot-object@npm:^2.1.4":
-  version: 2.1.5
-  resolution: "dot-object@npm:2.1.5"
-  dependencies:
-    commander: ^6.1.0
-    glob: ^7.1.6
-  bin:
-    dot-object: bin/dot-object
-  checksum: 3e5a681bbea32dfc1cd0b1254adc93531bd462f7474a355e981738ef37253e4bc5c9482926289ef4d3c6ef9adb0a7ed894725ed3a69aa22063343dc2a57dd764
-  languageName: node
-  linkType: hard
-
 "duplexify@npm:^3.5.0, duplexify@npm:^3.6.0":
   version: 3.7.1
   resolution: "duplexify@npm:3.7.1"
@@ -3818,7 +3799,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"glob@npm:^7.1.3, glob@npm:^7.1.6":
+"glob@npm:^7.1.3":
   version: 7.2.3
   resolution: "glob@npm:7.2.3"
   dependencies:
@@ -4920,15 +4901,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lower-case@npm:^2.0.2":
-  version: 2.0.2
-  resolution: "lower-case@npm:2.0.2"
-  dependencies:
-    tslib: ^2.0.3
-  checksum: 83a0a5f159ad7614bee8bf976b96275f3954335a84fad2696927f609ddae902802c4f3312d86668722e668bef41400254807e1d3a7f2e8c3eede79691aa1f010
-  languageName: node
-  linkType: hard
-
 "lru-cache@npm:^10.0.1, lru-cache@npm:^10.2.0":
   version: 10.2.1
   resolution: "lru-cache@npm:10.2.1"
@@ -5211,16 +5183,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"no-case@npm:^3.0.4":
-  version: 3.0.4
-  resolution: "no-case@npm:3.0.4"
-  dependencies:
-    lower-case: ^2.0.2
-    tslib: ^2.0.3
-  checksum: 0b2ebc113dfcf737d48dde49cfebf3ad2d82a8c3188e7100c6f375e30eafbef9e9124aadc3becef237b042fd5eb0aad2fd78669c20972d045bbe7fea8ba0be5c
-  languageName: node
-  linkType: hard
-
 "node-fetch@npm:^2.6.7":
   version: 2.6.9
   resolution: "node-fetch@npm:2.6.9"
@@ -5415,16 +5377,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"pascal-case@npm:^3.1.2":
-  version: 3.1.2
-  resolution: "pascal-case@npm:3.1.2"
-  dependencies:
-    no-case: ^3.0.4
-    tslib: ^2.0.3
-  checksum: ba98bfd595fc91ef3d30f4243b1aee2f6ec41c53b4546bfa3039487c367abaa182471dcfc830a1f9e1a0df00c14a370514fa2b3a1aacc68b15a460c31116873e
-  languageName: node
-  linkType: hard
-
 "path-exists@npm:^4.0.0":
   version: 4.0.0
   resolution: "path-exists@npm:4.0.0"
@@ -5463,13 +5415,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"path-to-regexp@npm:^6.2.0":
-  version: 6.2.2
-  resolution: "path-to-regexp@npm:6.2.2"
-  checksum: b7b0005c36f5099f9ed1fb20a820d2e4ed1297ffe683ea1d678f5e976eb9544f01debb281369dabdc26da82e6453901bf71acf2c7ed14b9243536c2a45286c33
-  languageName: node
-  linkType: hard
-
 "path-type@npm:^4.0.0":
   version: 4.0.0
   resolution: "path-type@npm:4.0.0"
@@ -5541,15 +5486,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"prettier@npm:^2.5.1":
-  version: 2.8.8
-  resolution: "prettier@npm:2.8.8"
-  bin:
-    prettier: bin-prettier.js
-  checksum: b49e409431bf129dd89238d64299ba80717b57ff5a6d1c1a8b1a28b590d998a34e083fa13573bc732bb8d2305becb4c9a4407f8486c81fa7d55100eb08263cf8
-  languageName: node
-  linkType: hard
-
 "prettier@npm:^3.2.5":
   version: 3.2.5
   resolution: "prettier@npm:3.2.5"
@@ -5865,12 +5801,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"semver@npm:^7.6.3":
-  version: 7.6.3
-  resolution: "semver@npm:7.6.3"
+"semver@npm:^7.7.1":
+  version: 7.7.1
+  resolution: "semver@npm:7.7.1"
   bin:
     semver: bin/semver.js
-  checksum: 4110ec5d015c9438f322257b1c51fe30276e5f766a3f64c09edd1d7ea7118ecbc3f379f3b69032bacf13116dc7abc4ad8ce0d7e2bd642e26b0d271b56b61a7d8
+  checksum: 586b825d36874007c9382d9e1ad8f93888d8670040add24a28e06a910aeebd673a2eb9e3bf169c6679d9245e66efb9057e0852e70d9daa6c27372aab1dda7104
   languageName: node
   linkType: hard
 
@@ -6353,16 +6289,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ts-poet@npm:^4.5.0":
-  version: 4.15.0
-  resolution: "ts-poet@npm:4.15.0"
-  dependencies:
-    lodash: ^4.17.15
-    prettier: ^2.5.1
-  checksum: 93490e8b5921e23ac65afdecc00b4dd53f3560d7d9c19778a3f0bd9a300ba7ca71585a989d564508313bc73e8c431413714d513ebca2d5c428f909ec36bcf6e9
-  languageName: node
-  linkType: hard
-
 "tslib@npm:^1.10.0":
   version: 1.14.1
   resolution: "tslib@npm:1.14.1"
@@ -6370,7 +6296,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tslib@npm:^2.0.3, tslib@npm:^2.2.0, tslib@npm:^2.6.2":
+"tslib@npm:^2.2.0, tslib@npm:^2.6.2":
   version: 2.6.2
   resolution: "tslib@npm:2.6.2"
   checksum: 329ea56123005922f39642318e3d1f0f8265d1e7fcb92c633e0809521da75eeaca28d2cf96d7248229deb40e5c19adf408259f4b9640afd20d13aecc1430f3ad
@@ -6384,30 +6310,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"twirp-ts@npm:^2.5.0":
-  version: 2.5.0
-  resolution: "twirp-ts@npm:2.5.0"
-  dependencies:
-    "@protobuf-ts/plugin-framework": ^2.0.7
-    camel-case: ^4.1.2
-    dot-object: ^2.1.4
-    path-to-regexp: ^6.2.0
-    ts-poet: ^4.5.0
-    yaml: ^1.10.2
-  peerDependencies:
-    "@protobuf-ts/plugin": ^2.5.0
-    ts-proto: ^1.81.3
-  peerDependenciesMeta:
-    "@protobuf-ts/plugin":
-      optional: true
-    ts-proto:
-      optional: true
-  bin:
-    protoc-gen-twirp_ts: protoc-gen-twirp_ts
-  checksum: e7cf87d77ab4d2cd327c9d8307e82ff61afc5af56883aed5fb6ac7d57999b646945e11158be87c10f0340aeef2efde6eb896f2efd60599498f17b4f310d66e4f
-  languageName: node
-  linkType: hard
-
 "type-check@npm:^0.4.0, type-check@npm:~0.4.0":
   version: 0.4.0
   resolution: "type-check@npm:0.4.0"
@@ -6568,15 +6470,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"uuid@npm:^3.3.2, uuid@npm:^3.3.3":
-  version: 3.4.0
-  resolution: "uuid@npm:3.4.0"
-  bin:
-    uuid: ./bin/uuid
-  checksum: 58de2feed61c59060b40f8203c0e4ed7fd6f99d42534a499f1741218a1dd0c129f4aa1de797bcf822c8ea5da7e4137aa3673431a96dae729047f7aca7b27866f
-  languageName: node
-  linkType: hard
-
 "uuid@npm:^8.3.0, uuid@npm:^8.3.2":
   version: 8.3.2
   resolution: "uuid@npm:8.3.2"
@@ -6743,13 +6636,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"yaml@npm:^1.10.2":
-  version: 1.10.2
-  resolution: "yaml@npm:1.10.2"
-  checksum: ce4ada136e8a78a0b08dc10b4b900936912d15de59905b2bf415b4d33c63df1d555d23acb2a41b23cf9fb5da41c256441afca3d6509de7247daa062fd2c5ea5f
-  languageName: node
-  linkType: hard
-
 "yargs-parser@npm:^21.0.1, yargs-parser@npm:^21.1.1":
   version: 21.1.1
   resolution: "yargs-parser@npm:21.1.1"