Merge pull request #290 from crazy-max/v4_backport_buildx-version-support

[v4] mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5
chore: update generated content
2026-06-05 17:48:40 +02:00 · 2025-01-21 16:07:27 +01:00 · 2025-01-21 14:03:47 +01:00 · 2025-01-21 14:03:01 +01:00
39 changed files with 7004 additions and 4732 deletions
@@ -25,112 +25,37 @@ on:
      - 'test/**'
 jobs:
-  list-targets:
+  list-targets-group:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
            testdir: group
            expected: >
              ["t1","t2"]
          -
            testdir: group-matrix
            target: validate
            expected: >
              ["lint-default","lint-labs","lint-nydus","lint-proto","lint-yaml","validate-doctoc","validate-vendor"]
          -
            testdir: multi-files
            files: |
              docker-bake.json
              docker-bake.hcl
            expected: >
              ["v1-tag","v2-tag"]
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Matrix gen
        id: gen
        uses: ./subaction/list-targets
        with:
-          workdir: ./test/${{ matrix.testdir }}
+          workdir: ./test/group
          files: ${{ matrix.files }}
          target: ${{ matrix.target }}
      -
-        name: Check output
+        name: Show matrix
-        uses: actions/github-script@v8
+        run: |
-        env:
+          echo matrix=${{ steps.gen.outputs.matrix }}
          INPUT_TARGETS: ${{ steps.gen.outputs.targets }}
          INPUT_EXPECTED: ${{ matrix.expected }}
        with:
          script: |
            const targets = JSON.stringify(JSON.parse(core.getInput('targets')));
            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
            if (targets !== expected) {
              throw new Error(`Targets do not match expected values: ${targets} != ${expected}`);
            } else {
              core.info(`✅`);
            }
-  matrix:
+  list-targets-group-matrix:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
            testdir: group
            expected: >
              [{"target":"t1"},{"target":"t2"}]
          -
            testdir: group-matrix
            target: validate
            expected: >
              [{"target":"lint-default"},{"target":"lint-labs"},{"target":"lint-nydus"},{"target":"lint-proto"},{"target":"lint-yaml"},{"target":"validate-doctoc"},{"target":"validate-vendor"}]
          -
            testdir: group-with-platform
            target: validate
            expected: >
              [{"target":"lint"},{"target":"lint-gopls"},{"target":"validate-docs"},{"target":"validate-vendor"}]
          -
            testdir: group-with-platform
            target: validate
            fields: platforms
            expected: >
              [{"target":"lint","platforms":"darwin/amd64"},{"target":"lint","platforms":"darwin/arm64"},{"target":"lint","platforms":"linux/amd64"},{"target":"lint","platforms":"linux/arm64"},{"target":"lint","platforms":"linux/s390x"},{"target":"lint","platforms":"linux/ppc64le"},{"target":"lint","platforms":"linux/riscv64"},{"target":"lint","platforms":"windows/amd64"},{"target":"lint","platforms":"windows/arm64"},{"target":"lint-gopls","platforms":"darwin/amd64"},{"target":"lint-gopls","platforms":"darwin/arm64"},{"target":"lint-gopls","platforms":"linux/amd64"},{"target":"lint-gopls","platforms":"linux/arm64"},{"target":"lint-gopls","platforms":"linux/s390x"},{"target":"lint-gopls","platforms":"linux/ppc64le"},{"target":"lint-gopls","platforms":"linux/riscv64"},{"target":"lint-gopls","platforms":"windows/amd64"},{"target":"lint-gopls","platforms":"windows/arm64"},{"target":"validate-docs"},{"target":"validate-vendor"}]
          -
            testdir: group-with-platform
            target: validate
            fields: platforms,dockerfile
            expected: >
               [{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"validate-docs","dockerfile":"./hack/dockerfiles/docs.Dockerfile"},{"target":"validate-vendor","dockerfile":"./hack/dockerfiles/vendor.Dockerfile"}]
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Matrix gen
        id: gen
-        uses: ./subaction/matrix
+        uses: ./subaction/list-targets
        with:
-          workdir: ./test/${{ matrix.testdir }}
+          workdir: ./test/group-matrix
-          target: ${{ matrix.target }}
+          target: validate
          fields: ${{ matrix.fields }}
      -
-        name: Check output
+        name: Show matrix
-        uses: actions/github-script@v8
+        run: |
-        env:
+          echo matrix=${{ steps.gen.outputs.matrix }}
          INPUT_MATRIX: ${{ steps.gen.outputs.matrix }}
          INPUT_EXPECTED: ${{ matrix.expected }}
        with:
          script: |
            const matrix = JSON.stringify(JSON.parse(core.getInput('matrix')));
            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
            if (matrix !== expected) {
              throw new Error(`Matrix do not match expected values: ${matrix} != ${expected}`);
            } else {
              core.info(`✅`);
            }
@@ -32,8 +32,8 @@ on:
      - 'subaction/**'
 env:
-  BUILDX_VERSION: edge
+  BUILDX_VERSION: v0.18.0
-  BUILDKIT_IMAGE: moby/buildkit:latest
+  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
 jobs:
  bake:
@@ -52,7 +52,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
@@ -69,7 +69,6 @@ jobs:
        name: Build and push
        uses: ./
        with:
          source: .
          builder: ${{ steps.buildx.outputs.name }}
          files: |
            ./test/config.hcl
@@ -82,13 +81,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        continue-on-error: true
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          set: |
@@ -99,7 +103,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Stop docker
        run: |
@@ -110,12 +120,12 @@ jobs:
        continue-on-error: true
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
      -
        name: Check
        run: |
          echo "${{ toJson(steps.bake) }}"
          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
            echo "::error::Should have failed"
            exit 1
@@ -126,7 +136,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Uninstall docker cli
        run: |
@@ -146,16 +156,21 @@ jobs:
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
-  remote:
+  source:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        uses: ./
@@ -177,7 +192,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -191,7 +206,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: binary
          provenance: ${{ matrix.attrs }}
          set: |
@@ -219,7 +233,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -233,7 +247,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: ${{ matrix.target }}
          sbom: true
          set: |
@@ -274,13 +287,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        uses: ./
        with:
          workdir: ./test/go
          source: .
          set: |
            *.platform=linux/amd64
            *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
@@ -296,7 +314,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -310,7 +328,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/group
          source: .
          push: true
          set: |
            t1.tags=localhost:5000/name/app:t1
@@ -321,7 +338,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Set malformed docker config
        run: |
@@ -331,7 +354,6 @@ jobs:
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
@@ -350,7 +372,7 @@ jobs:
          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set proxy config
        run: |
@@ -369,7 +391,6 @@ jobs:
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          targets: app-proxy
@@ -389,7 +410,7 @@ jobs:
          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -405,7 +426,6 @@ jobs:
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
@@ -414,7 +434,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -425,13 +445,15 @@ jobs:
      -
        name: Build
        uses: ./
        with:
          source: "{{defaultContext}}"
  git-context-and-local:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -447,6 +469,7 @@ jobs:
        name: Build
        uses: ./
        with:
          source: "{{defaultContext}}"
          files: |
            cwd://${{ steps.meta.outputs.bake-file }}
@@ -460,7 +483,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -473,7 +496,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          set: |
            *.output=type=image,name=localhost:5000/name/app:latest,push=true
            *.output=type=docker,name=app:local
@@ -504,7 +526,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -517,7 +539,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: image
          load: true
          push: true
@@ -532,358 +553,30 @@ jobs:
        run: |
          docker image inspect localhost:5000/name/app:latest
-  summary-disable:
+  error-buildx-latest:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          version: v0.20.0
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_SUMMARY: false
  summary-disable-deprecated:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_NO_SUMMARY: true
  summary-not-supported:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: v0.12.1
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
  record-upload-disable:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_RECORD_UPLOAD: false
  record-retention-days:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        days:
          - 2
          - 0
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
  export-legacy:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        legacy:
          - false
          - true
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
  checks:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        buildx-version:
          - edge
          - v0.14.1
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
            ./lint.hcl
  annotations-disabled:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
            ./lint.hcl
        env:
          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
  allow:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        buildx-version:
          - edge
          - v0.19.0
          - v0.18.0
          - v0.17.1
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          allow: network.host
          targets: app-entitlements
  no-default-attestations:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
        env:
          BUILDX_NO_DEFAULT_ATTESTATIONS: 1
  call-check:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        id: bake
        continue-on-error: true
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
-            ./lint.hcl
+            ./test/config.hcl
          call: check
          targets: lint
      -
        name: Check
        run: |
          echo "${{ toJson(steps.bake) }}"
          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
            echo "::error::Should have failed"
            exit 1
          fi
  call-check-multi:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        id: bake
        continue-on-error: true
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
            ./lint.hcl
          call: check
      -
        name: Check
        run: |
          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
            echo "::error::Should have failed"
            exit 1
          fi
  call-check-nowarning:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        id: bake
        continue-on-error: true
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          call: check
  attest-override:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build and push
        uses: ./
        with:
          workdir: ./test/attest
          source: .
@@ -1,17 +0,0 @@
 name: pr-assign-author
 permissions:
  contents: read
 on:
  pull_request_target:
    types:
      - opened
      - reopened
 jobs:
  run:
    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
    permissions:
      contents: read
      pull-requests: write
@@ -1,21 +0,0 @@
 name: publish
 on:
  release:
    types:
      - published
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      -
        name: Checkout
        uses: actions/checkout@v6
      -
        name: Publish
        uses: actions/publish-immutable-action@v0.0.4
@@ -23,16 +23,15 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: Test
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v4
        with:
          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
        with:
-          files: ./coverage/clover.xml
+          file: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -19,7 +19,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      -
        name: List targets
        id: generate
@@ -36,8 +36,11 @@ jobs:
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v4
        with:
          targets: ${{ matrix.target }}
@@ -1,9 +1,3 @@
 # https://yarnpkg.com/configuration/yarnrc
 compressionLevel: mixed
 enableGlobalCache: false
 enableHardenedMode: true
 logFilters:
  - code: YN0013
    level: discard
@@ -11,7 +5,9 @@ logFilters:
    level: discard
  - code: YN0076
    level: discard
  - code: YN0086
    level: discard
 nodeLinker: node-modules
 plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
    spec: "@yarnpkg/plugin-interactive-tools"
@@ -14,64 +14,95 @@ as a high-level build command.
 ___
 * [Usage](#usage)
  * [Git context](#git-context)
  * [Path context](#path-context)
-* [Summaries](#summaries)
+  * [Git context](#git-context)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
  * [environment variables](#environment-variables)
 * [Subactions](#subactions)
-  * [`matrix`](subaction/matrix)
+  * [`list-targets`](#list-targets)
 * [Contributing](#contributing)
 ## Usage
-### Git context
+### Path context
-Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
+By default, this action will use the local bake definition (`source: .`), so
-to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
+you need to use the [`actions/checkout`](https://github.com/actions/checkout/)
-does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository.
 action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
 will do this directly.
 The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Login to DockerHub
+        name: Checkout
-        uses: docker/login-action@v3
+        uses: actions/checkout@v4
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v4
        with:
          push: true
-          set: |
+```
-            *.tags=user/app:latest
+
 ### Git context
 Git context can be provided using the [`source` input](#inputs). This means
 that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
 action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
 will do this directly.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/bake-action@v4
        with:
          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
          push: true
 ```
 Be careful because **any file mutation in the steps that precede the build step
 will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the Git reference. However, you can use the
-[Path context](#path-context) using the [`source` input](#inputs) alongside
+[Path context](#path-context) alongside the [`actions/checkout`](https://github.com/actions/checkout/)
-the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+action to remove this restriction.
 this restriction.
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
@@ -80,12 +111,10 @@ to the default Git context:
 ```yaml
      -
        name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v4
        with:
          source: "{{defaultContext}}:mysubdir"
          push: true
          set: |
            *.tags=user/app:latest
 ```
 Building from the current repository automatically uses the `GITHUB_TOKEN`
@@ -100,82 +129,14 @@ another private repository for remote definitions, you can set the
 ```yaml
      -
        name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v4
        with:
          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
          push: true
          set: |
            *.tags=user/app:latest
        env:
          BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
 ```
 ### Path context
 ```yaml
 name: ci
 on:
  push:
 jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
        uses: docker/bake-action@v6
        with:
          source: .
          push: true
          set: |
            *.tags=user/app:latest
 ```
 ## Summaries
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
 that provides a detailed overview of the build execution. The summary shows an
 overview of all the steps executed during the build, including the build
 inputs, bake definition, and eventual errors.
 ![build-push-action job summary](./.github/bake-summary.png)
 The summary also includes a link for downloading a build record archive with
 additional details about the build execution for all the bake targets,
 including build stats, logs, outputs, and more. The build record can be
 imported to Docker Desktop for inspecting the build in greater detail.
 > [!WARNING]
 >
 > If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
 > action in your workflow, you need to ignore the build record artifacts
 > if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
 > otherwise the action will fail:
 > ```yaml
 > - uses: actions/download-artifact@v4
 >   with:
 >     pattern: "!*.dockerbuild"
 > ```
 > More info: https://github.com/actions/toolkit/pull/1874
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 For more information about summaries, refer to the
 [documentation](https://docs.docker.com/go/build-summary/).
 ## Customizing
 ### inputs
@@ -200,19 +161,17 @@ The following inputs can be used as `step.with` keys
 | Name           | Type        | Description                                                                                                                                                        |
 |----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `builder`      | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                        |
-| `workdir`      | String      | Working directory of execution                                                                                                                                     |
+| `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition)    |
 | `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/bake/remote-definition/)                              |
 | `allow`        | List/CSV    | Allow build to access specified resources (e.g., `network.host`)                                                                                                   |
 | `call`         | String      | Set method for evaluating build (e.g., check)                                                                                                                      |
 | `files`        | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                                                     |
 | `workdir`      | String      | Working directory of execution                                                                                                                                     |
 | `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
 | `no-cache`     | Bool        | Do not use cache when building the image (default `false`)                                                                                                         |
 | `pull`         | Bool        | Always attempt to pull a newer version of the image (default `false`)                                                                                              |
 | `load`         | Bool        | Load is a shorthand for `--set=*.output=type=docker` (default `false`)                                                                                             |
 | `provenance`   | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance`                                      |
 | `push`         | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                                           |
 | `sbom`         | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                                             |
-| `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`)                      |
+| `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`)                        |
 | `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
 | `github-token` | String      | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
 ### outputs
@@ -223,19 +182,78 @@ The following outputs are available
 |------------|------|-----------------------|
 | `metadata` | JSON | Build result metadata |
 ### environment variables
 | Name                                 | Type   | Default | Description                                                                                                                                                                                                                                                        |
 |--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `DOCKER_BUILD_CHECKS_ANNOTATIONS`    | Bool   | `true`  | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/)                                                                                                                                                         |
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
 | `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
 ## Subactions
-* [`matrix`](subaction/matrix)
+### `list-targets`
 This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
 so you can distribute your builds across multiple runners.
 ```hcl
 # docker-bake.hcl
 group "validate" {
  targets = ["lint", "doctoc"]
 }
 target "lint" {
  target = "lint"
 }
 target "doctoc" {
  target = "doctoc"
 }
 ```
 ```yaml
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: List targets
        id: generate
        uses: docker/bake-action/subaction/list-targets@v4
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Validate
        uses: docker/bake-action@v4
        with:
          targets: ${{ matrix.target }}
 ```
 #### inputs
 | Name         | Type        | Description                                                                                                                                 |
 |--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
 | `workdir`    | String      | Working directory to use (defaults to `.`)                                                                                                  |
 | `files`      | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                              |
 | `target`     | String      | The target to use within the bake file                                                                                                      |
 #### outputs
 The following outputs are available
 | Name       | Type     | Description                |
 |------------|----------|----------------------------|
 | `targets`  | List/CSV | List of extracted targest  |
 ## Contributing
@@ -1,4 +1,4 @@
-import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -122,7 +122,6 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
 });
 describe('getArgs', () => {
  const originalEnv = process.env;
  beforeEach(() => {
    process.env = Object.keys(process.env).reduce((object, key) => {
      if (!key.startsWith('INPUT_')) {
@@ -131,9 +130,6 @@ describe('getArgs', () => {
      return object;
    }, {});
  });
  afterEach(() => {
    process.env = originalEnv;
  });
  // prettier-ignore
  test.each([
@@ -141,7 +137,6 @@ describe('getArgs', () => {
      0,
      '0.4.1',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -149,14 +144,12 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-      ],
+      ]
      undefined
    ],
    [
      1,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -165,14 +158,12 @@ describe('getArgs', () => {
      [
        'bake',
        '--metadata-file', metadataJson
-      ],
+      ]
      undefined
    ],
    [
      2,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['targets', 'webapp\nvalidate'],
        ['load', 'false'],
        ['no-cache', 'false'],
@@ -183,14 +174,12 @@ describe('getArgs', () => {
        'bake',
        '--metadata-file', metadataJson,
        'webapp', 'validate'
-      ],
+      ]
      undefined
    ],
    [
      3,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
        ['load', 'false'],
        ['no-cache', 'false'],
@@ -202,14 +191,12 @@ describe('getArgs', () => {
        '--set', '*.cache-from=type=gha',
        '--set', '*.cache-to=type=gha',
        '--metadata-file', metadataJson
-      ],
+      ]
      undefined
    ],
    [
      4,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -218,17 +205,13 @@ describe('getArgs', () => {
      [
        'bake',
        '--metadata-file', metadataJson,
-        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
-        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ]
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
      ],
      undefined
    ],
    [
      5,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -238,15 +221,13 @@ describe('getArgs', () => {
      [
        'bake',
        '--metadata-file', metadataJson,
-        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`
-      ],
+      ]
      undefined
    ],
    [
      6,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -256,15 +237,13 @@ describe('getArgs', () => {
      [
        'bake',
        '--metadata-file', metadataJson,
-        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`
-      ],
+      ]
      undefined
    ],
    [
      7,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -275,14 +254,12 @@ describe('getArgs', () => {
        'bake',
        '--metadata-file', metadataJson,
        "--provenance", 'false'
-      ],
+      ]
      undefined
    ],
    [
      8,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -293,14 +270,12 @@ describe('getArgs', () => {
        'bake',
        '--metadata-file', metadataJson,
        "--provenance", 'builder-id=foo'
-      ],
+      ]
      undefined
    ],
    [
      9,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -313,18 +288,14 @@ describe('getArgs', () => {
        '--set', '*.platform=linux/amd64,linux/ppc64le,linux/s390x',
        '--set', `*.output=type=image,"name=moby/buildkit:v0.11.0,moby/buildkit:latest",push=true`,
        '--metadata-file', metadataJson,
-        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        'image-all'
-      ],
+      ]
      undefined
    ],
    [
      10,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -336,17 +307,15 @@ describe('getArgs', () => {
        'bake',
        '--set', `*.labels.foo=bar=#baz`,
        '--metadata-file', metadataJson,
-        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        'image-all'
-      ],
+      ]
      undefined
    ],
    [
      11,
      '0.10.0',
      new Map<string, string>([
        ['source', '{{defaultContext}}'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -358,81 +327,12 @@ describe('getArgs', () => {
        'https://github.com/docker/build-push-action.git#refs/heads/master',
        '--file', './foo.hcl',
        '--metadata-file', metadataJson,
-        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
-        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ]
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
      ],
      undefined
    ],
    [
      12,
      '0.17.0',
      new Map<string, string>([
        ['source', '.'],
        ['allow', 'network.host'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
      ]),
      [
        'bake',
        '--allow', 'network.host',
        '--metadata-file', metadataJson,
        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
      ],
      undefined
    ],
    [
      13,
      '0.15.0',
      new Map<string, string>([
        ['source', '{{defaultContext}}:subdir'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
        ['files', './foo.hcl'],
      ]),
      [
        'bake',
        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
        '--file', './foo.hcl',
        '--metadata-file', metadataJson,
        '--set', `lint.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-docs.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
        '--set', `validate-vendor.attest=type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
      ],
      undefined
    ],
    [
      14,
      '0.15.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false']
      ]),
      [
        'bake',
        '--metadata-file', metadataJson
      ],
      new Map<string, string>([
        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
      ])
    ],
  ])(
    '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
      if (envs) {
        envs.forEach((value: string, name: string) => {
          process.env[name] = value;
        });
      }
      inputs.forEach((value: string, name: string) => {
        setInput(name, value);
      });
@@ -10,21 +10,18 @@ inputs:
  builder:
    description: "Builder instance"
    required: false
  source:
    description: "Context to build from. Can be either local or a remote bake definition"
    required: false
  files:
    description: "List of bake definition files"
    required: false
  workdir:
    description: "Working directory of bake execution"
    required: false
    default: '.'
-  source:
+  targets:
-    description: "Context to build from. Can be either local or a remote bake definition"
+    description: "List of bake targets"
    required: false
  allow:
    description: "Allow build to access specified resources (e.g., network.host)"
    required: false
  call:
    description: "Set method for evaluating build (e.g., check)"
    required: false
  files:
    description: "List of bake definition files"
    required: false
  no-cache:
    description: "Do not use cache when building the image"
@@ -51,9 +48,6 @@ inputs:
  set:
    description: "List of targets values to override (eg. targetpattern.key=value)"
    required: false
  targets:
    description: "List of bake targets"
    required: false
  github-token:
    description: "API token used to authenticate to a Git repository for remote definitions"
    default: ${{ github.token }}
@@ -1,302 +0,0 @@
 "use strict";
 exports.id = 606;
 exports.ids = [606];
 exports.modules = {
 /***/ 606:
 /***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   "default": () => (/* binding */ pMap)
 /* harmony export */ });
 /* unused harmony exports pMapIterable, pMapSkip */
 async function pMap(
 	iterable,
 	mapper,
 	{
 		concurrency = Number.POSITIVE_INFINITY,
 		stopOnError = true,
 		signal,
 	} = {},
 ) {
 	return new Promise((resolve_, reject_) => {
 		if (iterable[Symbol.iterator] === undefined && iterable[Symbol.asyncIterator] === undefined) {
 			throw new TypeError(`Expected \`input\` to be either an \`Iterable\` or \`AsyncIterable\`, got (${typeof iterable})`);
 		}
 		if (typeof mapper !== 'function') {
 			throw new TypeError('Mapper function is required');
 		}
 		if (!((Number.isSafeInteger(concurrency) && concurrency >= 1) || concurrency === Number.POSITIVE_INFINITY)) {
 			throw new TypeError(`Expected \`concurrency\` to be an integer from 1 and up or \`Infinity\`, got \`${concurrency}\` (${typeof concurrency})`);
 		}
 		const result = [];
 		const errors = [];
 		const skippedIndexesMap = new Map();
 		let isRejected = false;
 		let isResolved = false;
 		let isIterableDone = false;
 		let resolvingCount = 0;
 		let currentIndex = 0;
 		const iterator = iterable[Symbol.iterator] === undefined ? iterable[Symbol.asyncIterator]() : iterable[Symbol.iterator]();
 		const signalListener = () => {
 			reject(signal.reason);
 		};
 		const cleanup = () => {
 			signal?.removeEventListener('abort', signalListener);
 		};
 		const resolve = value => {
 			resolve_(value);
 			cleanup();
 		};
 		const reject = reason => {
 			isRejected = true;
 			isResolved = true;
 			reject_(reason);
 			cleanup();
 		};
 		if (signal) {
 			if (signal.aborted) {
 				reject(signal.reason);
 			}
 			signal.addEventListener('abort', signalListener, {once: true});
 		}
 		const next = async () => {
 			if (isResolved) {
 				return;
 			}
 			const nextItem = await iterator.next();
 			const index = currentIndex;
 			currentIndex++;
 			// Note: `iterator.next()` can be called many times in parallel.
 			// This can cause multiple calls to this `next()` function to
 			// receive a `nextItem` with `done === true`.
 			// The shutdown logic that rejects/resolves must be protected
 			// so it runs only one time as the `skippedIndex` logic is
 			// non-idempotent.
 			if (nextItem.done) {
 				isIterableDone = true;
 				if (resolvingCount === 0 && !isResolved) {
 					if (!stopOnError && errors.length > 0) {
 						reject(new AggregateError(errors)); // eslint-disable-line unicorn/error-message
 						return;
 					}
 					isResolved = true;
 					if (skippedIndexesMap.size === 0) {
 						resolve(result);
 						return;
 					}
 					const pureResult = [];
 					// Support multiple `pMapSkip`'s.
 					for (const [index, value] of result.entries()) {
 						if (skippedIndexesMap.get(index) === pMapSkip) {
 							continue;
 						}
 						pureResult.push(value);
 					}
 					resolve(pureResult);
 				}
 				return;
 			}
 			resolvingCount++;
 			// Intentionally detached
 			(async () => {
 				try {
 					const element = await nextItem.value;
 					if (isResolved) {
 						return;
 					}
 					const value = await mapper(element, index);
 					// Use Map to stage the index of the element.
 					if (value === pMapSkip) {
 						skippedIndexesMap.set(index, value);
 					}
 					result[index] = value;
 					resolvingCount--;
 					await next();
 				} catch (error) {
 					if (stopOnError) {
 						reject(error);
 					} else {
 						errors.push(error);
 						resolvingCount--;
 						// In that case we can't really continue regardless of `stopOnError` state
 						// since an iterable is likely to continue throwing after it throws once.
 						// If we continue calling `next()` indefinitely we will likely end up
 						// in an infinite loop of failed iteration.
 						try {
 							await next();
 						} catch (error) {
 							reject(error);
 						}
 					}
 				}
 			})();
 		};
 		// Create the concurrent runners in a detached (non-awaited)
 		// promise. We need this so we can await the `next()` calls
 		// to stop creating runners before hitting the concurrency limit
 		// if the iterable has already been marked as done.
 		// NOTE: We *must* do this for async iterators otherwise we'll spin up
 		// infinite `next()` calls by default and never start the event loop.
 		(async () => {
 			for (let index = 0; index < concurrency; index++) {
 				try {
 					// eslint-disable-next-line no-await-in-loop
 					await next();
 				} catch (error) {
 					reject(error);
 					break;
 				}
 				if (isIterableDone || isRejected) {
 					break;
 				}
 			}
 		})();
 	});
 }
 function pMapIterable(
 	iterable,
 	mapper,
 	{
 		concurrency = Number.POSITIVE_INFINITY,
 		backpressure = concurrency,
 	} = {},
 ) {
 	if (iterable[Symbol.iterator] === undefined && iterable[Symbol.asyncIterator] === undefined) {
 		throw new TypeError(`Expected \`input\` to be either an \`Iterable\` or \`AsyncIterable\`, got (${typeof iterable})`);
 	}
 	if (typeof mapper !== 'function') {
 		throw new TypeError('Mapper function is required');
 	}
 	if (!((Number.isSafeInteger(concurrency) && concurrency >= 1) || concurrency === Number.POSITIVE_INFINITY)) {
 		throw new TypeError(`Expected \`concurrency\` to be an integer from 1 and up or \`Infinity\`, got \`${concurrency}\` (${typeof concurrency})`);
 	}
 	if (!((Number.isSafeInteger(backpressure) && backpressure >= concurrency) || backpressure === Number.POSITIVE_INFINITY)) {
 		throw new TypeError(`Expected \`backpressure\` to be an integer from \`concurrency\` (${concurrency}) and up or \`Infinity\`, got \`${backpressure}\` (${typeof backpressure})`);
 	}
 	return {
 		async * [Symbol.asyncIterator]() {
 			const iterator = iterable[Symbol.asyncIterator] === undefined ? iterable[Symbol.iterator]() : iterable[Symbol.asyncIterator]();
 			const promises = [];
 			let pendingPromisesCount = 0;
 			let isDone = false;
 			let index = 0;
 			function trySpawn() {
 				if (isDone || !(pendingPromisesCount < concurrency && promises.length < backpressure)) {
 					return;
 				}
 				pendingPromisesCount++;
 				const promise = (async () => {
 					const {done, value} = await iterator.next();
 					if (done) {
 						pendingPromisesCount--;
 						return {done: true};
 					}
 					// Spawn if still below concurrency and backpressure limit
 					trySpawn();
 					try {
 						const returnValue = await mapper(await value, index++);
 						pendingPromisesCount--;
 						if (returnValue === pMapSkip) {
 							const index = promises.indexOf(promise);
 							if (index > 0) {
 								promises.splice(index, 1);
 							}
 						}
 						// Spawn if still below backpressure limit and just dropped below concurrency limit
 						trySpawn();
 						return {done: false, value: returnValue};
 					} catch (error) {
 						pendingPromisesCount--;
 						isDone = true;
 						return {error};
 					}
 				})();
 				promises.push(promise);
 			}
 			trySpawn();
 			while (promises.length > 0) {
 				const {error, done, value} = await promises[0]; // eslint-disable-line no-await-in-loop
 				promises.shift();
 				if (error) {
 					throw error;
 				}
 				if (done) {
 					return;
 				}
 				// Spawn if just dropped below backpressure limit and below the concurrency limit
 				trySpawn();
 				if (value === pMapSkip) {
 					continue;
 				}
 				yield value;
 			}
 		},
 	};
 }
 const pMapSkip = Symbol('skip');
 /***/ })
 };
 ;
 //# sourceMappingURL=606.index.js.map
@@ -1,9 +1,3 @@
 target "_common" {
  args = {
    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
  }
 }
 group "default" {
  targets = ["build"]
 }
@@ -17,49 +11,42 @@ group "validate" {
 }
 target "build" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-update"
  output = ["."]
 }
 target "build-validate" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-validate"
  output = ["type=cacheonly"]
 }
 target "format" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "format-update"
  output = ["."]
 }
 target "lint" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "lint"
  output = ["type=cacheonly"]
 }
 target "vendor" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-update"
  output = ["."]
 }
 target "vendor-validate" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-validate"
  output = ["type=cacheonly"]
 }
 target "test" {
  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
@@ -24,25 +24,25 @@
  ],
  "author": "Docker Inc.",
  "license": "Apache-2.0",
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@3.6.3",
  "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^1.10.1",
-    "@docker/actions-toolkit": "^0.68.0",
+    "@docker/actions-toolkit": "^0.24.0",
    "handlebars": "^4.7.8"
  },
  "devDependencies": {
-    "@types/node": "^20.19.9",
+    "@types/node": "^20.12.12",
-    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
-    "@typescript-eslint/parser": "^7.18.0",
+    "@typescript-eslint/parser": "^7.9.0",
-    "@vercel/ncc": "^0.38.3",
+    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.57.1",
+    "eslint": "^8.57.0",
-    "eslint-config-prettier": "^9.1.2",
+    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-jest": "^28.14.0",
+    "eslint-plugin-jest": "^28.5.0",
-    "eslint-plugin-prettier": "^5.5.4",
+    "eslint-plugin-prettier": "^5.1.3",
    "jest": "^29.7.0",
-    "prettier": "^3.6.2",
+    "prettier": "^3.2.5",
-    "ts-jest": "^29.4.1",
+    "ts-jest": "^29.1.2",
    "ts-node": "^10.9.2",
-    "typescript": "^5.9.2"
+    "typescript": "^5.4.5"
  }
 }
@@ -12,11 +12,9 @@ import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 export interface Inputs {
  builder: string;
  workdir: string;
  source: string;
  allow: string[];
  call: string;
  files: string[];
  workdir: string;
  targets: string[];
  'no-cache': boolean;
  pull: boolean;
  load: boolean;
@@ -24,18 +22,16 @@ export interface Inputs {
  push: boolean;
  sbom: string;
  set: string[];
-  targets: string[];
+  source: string;
  'github-token': string;
 }
 export async function getInputs(): Promise<Inputs> {
  return {
    builder: core.getInput('builder'),
    workdir: core.getInput('workdir') || '.',
    source: getSourceInput('source'),
    allow: Util.getInputList('allow'),
    call: core.getInput('call'),
    files: Util.getInputList('files'),
    workdir: core.getInput('workdir') || '.',
    targets: Util.getInputList('targets'),
    'no-cache': core.getBooleanInput('no-cache'),
    pull: core.getBooleanInput('pull'),
    load: core.getBooleanInput('load'),
@@ -43,7 +39,7 @@ export async function getInputs(): Promise<Inputs> {
    push: core.getBooleanInput('push'),
    sbom: core.getInput('sbom'),
    set: Util.getInputList('set', {ignoreComma: true, quote: false}),
-    targets: Util.getInputList('targets'),
+    source: getSourceInput('source'),
    'github-token': core.getInput('github-token')
  };
 }
@@ -62,21 +58,6 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
  if (inputs.source) {
    args.push(inputs.source);
  }
  if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
      // allow filesystem entitlements by default
      inputs.allow.push('fs=*');
    }
    await Util.asyncForEach(inputs.allow, async allow => {
      args.push('--allow', allow);
    });
  }
  if (inputs.call) {
    if (!(await toolkit.buildx.versionSatisfies('>=0.16.0'))) {
      throw new Error(`Buildx >= 0.16.0 is required to use the call flag.`);
    }
    args.push('--call', inputs.call);
  }
  await Util.asyncForEach(inputs.files, async file => {
    args.push('--file', file);
  });
@@ -89,23 +70,17 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
    if (inputs.provenance) {
      args.push('--provenance', inputs.provenance);
-    } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
-      // check if provenance attestation is already specified in the bake
+      // if provenance not specified and BuildKit version compatible for
      // definition and if not specified and BuildKit version compatible for
      // attestation, set default provenance. Also needs to make sure user
      // doesn't want to explicitly load the image to docker.
-      for (const targetName in definition.target) {
+      if (GitHub.context.payload.repository?.private ?? false) {
-        const target = definition.target[targetName];
+        // if this is a private repository, we set the default provenance
-        if (!Array.isArray(target.attest) || !target.attest.some(attest => attest?.type === 'provenance')) {
+        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
-          if (GitHub.context.payload.repository?.private ?? false) {
+        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=min,inline-only=true`));
-            // if this is a private repository, we set the default provenance
+      } else {
-            // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
+        // for a public repository, we set max provenance mode.
-            args.push('--set', `${targetName}.attest=type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
+        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=max`));
          } else {
            // for a public repository, we set max provenance mode.
            args.push('--set', `${targetName}.attest=type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
          }
        }
      }
    }
    if (inputs.sbom) {
@@ -139,18 +114,8 @@ function getSourceInput(name: string): string {
  let source = handlebars.compile(core.getInput(name))({
    defaultContext: Context.gitContext()
  });
  if (!source) {
    source = Context.gitContext();
  }
  if (source === '.') {
    source = '';
  }
  return source;
 }
 function noDefaultAttestations(): boolean {
  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
  }
  return false;
 }
@@ -3,19 +3,14 @@ import * as path from 'path';
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
 import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
 import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 import {Exec} from '@docker/actions-toolkit/lib/exec';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
 import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
 import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
 import * as context from './context';
 import * as stateHelper from './state-helper';
@@ -23,13 +18,12 @@ import * as stateHelper from './state-helper';
 actionsToolkit.run(
  // main
  async () => {
    const startedTime = new Date();
    const inputs: context.Inputs = await context.getInputs();
    stateHelper.setSummaryInputs(inputs);
    core.debug(`inputs: ${JSON.stringify(inputs)}`);
    const toolkit = new Toolkit();
    if (await toolkit.buildx.versionSatisfies('>=0.20.0')) {
      throw new Error('docker/bake-action < v5 is not compatible with buildx >= 0.20.0, please update your workflow to latest docker/bake-action or use an older buildx version.');
    }
    const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
    await core.group(`GitHub Actions runtime token ACs`, async () => {
@@ -85,11 +79,8 @@ actionsToolkit.run(
      await toolkit.buildx.printVersion();
    });
    let builder: BuilderInfo;
    await core.group(`Builder info`, async () => {
-      builder = await toolkit.builder.inspect(inputs.builder);
+      const builder = await toolkit.builder.inspect(inputs.builder);
      stateHelper.setBuilderDriver(builder.driver ?? '');
      stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
      core.info(JSON.stringify(builder, null, 2));
    });
@@ -97,7 +88,6 @@ actionsToolkit.run(
    await core.group(`Parsing raw definition`, async () => {
      definition = await toolkit.buildxBake.getDefinition(
        {
          allow: inputs.allow,
          files: inputs.files,
          load: inputs.load,
          noCache: inputs['no-cache'],
@@ -117,55 +107,29 @@ actionsToolkit.run(
    if (!definition) {
      throw new Error('Bake definition not set');
    }
    stateHelper.setBakeDefinition(definition);
    const args: string[] = await context.getArgs(inputs, definition, toolkit);
    const buildCmd = await toolkit.buildx.getCommand(args);
    const buildEnv = Object.assign({}, process.env, {
-      BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken,
+      BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken
      BUILDX_METADATA_WARNINGS: 'true'
    }) as {
      [key: string]: string;
    };
    await core.group(`Bake definition`, async () => {
-      await Exec.getExecOutput(buildCmd.command, [...buildCmd.args, '--print'], {
+      await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], {
        cwd: inputs.workdir,
-        env: buildEnv,
+        env: buildEnv
        ignoreReturnCode: true
      }).then(res => {
        if (res.stderr.length > 0 && res.exitCode != 0) {
          throw Error(res.stderr);
        }
      });
    });
    let err: Error | undefined;
    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
      cwd: inputs.workdir,
      env: buildEnv,
      ignoreReturnCode: true
    }).then(res => {
-      if (res.exitCode != 0) {
+      if (res.stderr.length > 0 && res.exitCode != 0) {
-        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
+        throw new Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
          // with bake we can have multiple targets being checked so we need to
          // count the total number of warnings
          const totalWarnings = [...res.stdout.matchAll(/^Check complete, (\d+) warnings? (?:has|have) been found!/gm)].reduce((sum, m) => sum + parseInt(m[1], 10), 0);
          if (totalWarnings > 0) {
            // https://github.com/docker/buildx/blob/1e50e8ddabe108f009b9925e13a321d7c8f99f26/commands/build.go#L797-L803
            if (totalWarnings === 1) {
              err = Error(`Check complete, ${totalWarnings} warning has been found!`);
            } else {
              err = Error(`Check complete, ${totalWarnings} warnings have been found!`);
            }
          } else {
            // if there are no warnings found, return the first line of stdout
            err = Error(res.stdout.split('\n')[0]?.trim());
          }
        } else if (res.stderr.length > 0) {
          err = Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
        }
      }
    });
@@ -177,96 +141,9 @@ actionsToolkit.run(
        core.setOutput('metadata', metadatadt);
      });
    }
    let refs: Array<string> = [];
    await core.group(`Build references`, async () => {
      refs = await buildRefs(toolkit, startedTime, inputs.builder);
      if (refs.length > 0) {
        for (const ref of refs) {
          core.info(ref);
        }
        stateHelper.setBuildRefs(refs);
      } else {
        core.info('No build references found');
      }
    });
    if (buildChecksAnnotationsEnabled()) {
      const warnings = toolkit.buildxBake.resolveWarnings(metadata);
      if (refs.length > 0 && warnings && warnings.length > 0) {
        const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, refs);
        core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
        if (annotations && annotations.length > 0) {
          await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
            for (const annotation of annotations) {
              core.warning(annotation.message, annotation);
            }
          });
        }
      }
    }
    await core.group(`Check build summary support`, async () => {
      if (!buildSummaryEnabled()) {
        core.info('Build summary disabled');
      } else if (inputs.call && inputs.call !== 'build') {
        core.info(`Build summary skipped for ${inputs.call} subrequest`);
      } else if (GitHub.isGHES) {
        core.info('Build summary is not yet supported on GHES');
      } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
        core.info('Build summary requires Buildx >= 0.13.0');
      } else if (refs.length == 0) {
        core.info('Build summary requires at least one build reference');
      } else {
        core.info('Build summary supported!');
        stateHelper.setSummarySupported();
      }
    });
    if (err) {
      throw err;
    }
  },
  // post
  async () => {
    if (stateHelper.isSummarySupported) {
      await core.group(`Generating build summary`, async () => {
        try {
          const recordUploadEnabled = buildRecordUploadEnabled();
          let recordRetentionDays: number | undefined;
          if (recordUploadEnabled) {
            recordRetentionDays = buildRecordRetentionDays();
          }
          const buildxHistory = new BuildxHistory();
          const exportRes = await buildxHistory.export({
            refs: stateHelper.buildRefs,
            useContainer: buildExportLegacy()
          });
          core.info(`Build records written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
          let uploadRes: UploadArtifactResponse | undefined;
          if (recordUploadEnabled) {
            uploadRes = await GitHub.uploadArtifact({
              filename: exportRes.dockerbuildFilename,
              mimeType: 'application/gzip',
              retentionDays: recordRetentionDays
            });
          }
          await GitHub.writeBuildSummary({
            exportRes: exportRes,
            uploadRes: uploadRes,
            inputs: stateHelper.summaryInputs,
            bakeDefinition: stateHelper.bakeDefinition,
            driver: stateHelper.builderDriver,
            endpoint: stateHelper.builderEndpoint
          });
        } catch (e) {
          core.warning(e.message);
        }
      });
    }
    if (stateHelper.tmpDir.length > 0) {
      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
        fs.rmSync(stateHelper.tmpDir, {recursive: true});
@@ -274,76 +151,3 @@ actionsToolkit.run(
    }
  }
 );
 async function buildRefs(toolkit: Toolkit, since: Date, builder?: string): Promise<Array<string>> {
  // get refs from metadata file
  const metaRefs = toolkit.buildxBake.resolveRefs();
  if (metaRefs) {
    return metaRefs;
  }
  // otherwise, look for the very first build ref since the build has started
  if (!builder) {
    const currentBuilder = await toolkit.builder.inspect();
    builder = currentBuilder.name;
  }
  const res = Buildx.refs({
    dir: Buildx.refsDir,
    builderName: builder,
    since: since
  });
  const refs: Array<string> = [];
  for (const ref in res) {
    if (Object.prototype.hasOwnProperty.call(res, ref)) {
      refs.push(ref);
    }
  }
  return refs;
 }
 function buildChecksAnnotationsEnabled(): boolean {
  if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
    return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
  }
  return true;
 }
 function buildSummaryEnabled(): boolean {
  if (process.env.DOCKER_BUILD_NO_SUMMARY) {
    core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
    return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
  } else if (process.env.DOCKER_BUILD_SUMMARY) {
    return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
  }
  return true;
 }
 function buildRecordUploadEnabled(): boolean {
  if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
    return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
  }
  return true;
 }
 function buildRecordRetentionDays(): number | undefined {
  let val: string | undefined;
  if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
    core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
    val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
  } else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
    val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
  }
  if (val) {
    const res = parseInt(val);
    if (isNaN(res)) {
      throw Error(`Invalid build record retention days: ${val}`);
    }
    return res;
  }
 }
 function buildExportLegacy(): boolean {
  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
  }
  return false;
 }
@@ -1,58 +1,7 @@
 import * as core from '@actions/core';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 import {Inputs} from './context';
 export const tmpDir = process.env['STATE_tmpDir'] || '';
 export const builderDriver = process.env['STATE_builderDriver'] || '';
 export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
 export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
 export const bakeDefinition = process.env['STATE_bakeDefinition'] ? <BakeDefinition>JSON.parse(process.env['STATE_bakeDefinition']) : undefined;
 export const buildRefs = process.env['STATE_buildRefs'] ? process.env['STATE_buildRefs'].split(',') : [];
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
 export function setTmpDir(tmpDir: string) {
  core.saveState('tmpDir', tmpDir);
 }
 export function setBuilderDriver(builderDriver: string) {
  core.saveState('builderDriver', builderDriver);
 }
 export function setBuilderEndpoint(builderEndpoint: string) {
  core.saveState('builderEndpoint', builderEndpoint);
 }
 export function setBakeDefinition(bakeDefinition: BakeDefinition) {
  core.saveState('bakeDefinition', JSON.stringify(bakeDefinition));
 }
 export function setBuildRefs(buildRefs: Array<string>) {
  core.saveState('buildRefs', buildRefs.join(','));
 }
 export function setSummarySupported() {
  core.saveState('isSummarySupported', 'true');
 }
 export function setSummaryInputs(inputs: Inputs) {
  const res = {};
  for (const key of Object.keys(inputs)) {
    if (key === 'github-token') {
      continue;
    }
    const value: string | string[] | boolean = inputs[key];
    if (typeof value === 'boolean' && !value) {
      continue;
    } else if (Array.isArray(value) && value.length === 0) {
      continue;
    } else if (!value) {
      continue;
    }
    res[key] = value;
  }
  core.saveState('summaryInputs', JSON.stringify(res));
 }
@@ -1,86 +0,0 @@
 > [!WARNING]
 > `docker/bake-action/subaction/list-targets` is deprecated and will be removed
 > in a future release. Please use [`docker/bake-action/subaction/matrix`](../matrix)
 > instead.
 ## About
 This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
 so you can distribute your builds across multiple runners.
 ![Screenshot](../../.github/subaction-list-targets.png)
 ___
 * [Usage](#usage)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
 ## Usage
 ```hcl
 # docker-bake.hcl
 group "validate" {
  targets = ["lint", "doctoc"]
 }
 target "lint" {
  target = "lint"
 }
 target "doctoc" {
  target = "doctoc"
 }
 ```
 ```yaml
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: List targets
        id: generate
        uses: docker/bake-action/subaction/list-targets@v6
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Validate
        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
 ```
 ## Customizing
 ### inputs
 | Name         | Type        | Description                                                                                                                                 |
 |--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
 | `workdir`    | String      | Working directory to use (defaults to `.`)                                                                                                  |
 | `files`      | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                              |
 | `target`     | String      | The target to use within the bake file                                                                                                      |
 ### outputs
 The following outputs are available
 | Name       | Type     | Description               |
 |------------|----------|---------------------------|
 | `targets`  | List/CSV | List of extracted targets |
@@ -26,23 +26,12 @@ runs:
      name: Generate
      id: generate
      uses: actions/github-script@v7
      env:
        INPUT_WORKDIR: ${{ inputs.workdir }}
        INPUT_FILES: ${{ inputs.files }}
        INPUT_TARGET: ${{ inputs.target }}
      with:
        script: |
-          core.warning(`docker/bake-action/subaction/list-targets is deprecated and will be removed in a future release. Please use docker/bake-action/subaction/matrix instead.`);
+          let def;
          const files = `${{ inputs.files }}` ? `${{ inputs.files }}`.split(',') : [];
          const target = `${{ inputs.target }}`;
          function getInputList(name) {
            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
          }
          const workdir = core.getInput('workdir');
          const files = getInputList('files');
          const target = core.getInput('target');
          let def = {};
          await core.group(`Validating definition`, async () => {
            let args = ['buildx', 'bake'];
            for (const file of files) {
@@ -56,7 +45,7 @@ runs:
            const res = await exec.getExecOutput('docker', args, {
              ignoreReturnCode: true,
              silent: true,
-              cwd: workdir
+              cwd: `${{ inputs.workdir }}`
            });
            if (res.stderr.length > 0 && res.exitCode != 0) {
              throw new Error(res.stderr);
@@ -1,140 +0,0 @@
 ## About
 This subaction generates a multi-dimension matrix that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)
 through the [`include` property](https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow#expanding-or-adding-matrix-configurations)
 so you can distribute your builds across multiple runners.
 ![Screenshot](../../.github/subaction-matrix.png)
 ___
 * [Usage](#usage)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
 ## Usage
 ### List targets
 ```hcl
 # docker-bake.hcl
 group "validate" {
  targets = ["lint", "doctoc"]
 }
 target "lint" {
  target = "lint"
 }
 target "doctoc" {
  target = "doctoc"
 }
 ```
 ```yaml
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.generate.outputs.matrix }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Generate matrix
        id: generate
        uses: docker/bake-action/subaction/matrix@v6
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
    steps:
      -
        name: Validate
        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
 ```
 ### Platforms split
 ```hcl
 # docker-bake.hcl
 target "lint" {
  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
  output = ["type=cacheonly"]
  platforms = [
    "darwin/amd64",
    "darwin/arm64",
    "linux/amd64",
    "linux/arm64",
    "linux/s390x",
    "linux/ppc64le",
    "linux/riscv64",
    "windows/amd64",
    "windows/arm64"
  ]
 }
 ```
 ```yaml
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.generate.outputs.matrix }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Generate matrix
        id: generate
        uses: docker/bake-action/subaction/matrix@v6
        with:
          target: lint
          fields: platforms
  lint:
    runs-on: ${{ startsWith(matrix.platforms, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
    steps:
      -
        name: Lint
        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
          set: |
            *.platform=${{ matrix.platforms }}
 ```
 ## Customizing
 ### inputs
 | Name      | Type     | Description                                                                                    |
 |-----------|----------|------------------------------------------------------------------------------------------------|
 | `workdir` | String   | Working directory to use (defaults to `.`)                                                     |
 | `files`   | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
 | `target`  | String   | The target to use within the bake file                                                         |
 | `fields`  | String   | List of extra fields to include in the matrix                                                  |
 ### outputs
 | Name     | Type | Description          |
 |----------|------|----------------------|
 | `matrix` | JSON | Matrix configuration |
@@ -1,101 +0,0 @@
 # https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
 name: 'Matrix'
 description: 'Generate a matrix from a Bake definition to help distributing builds in your workflow'
 inputs:
  workdir:
    description: Working directory
    default: '.'
    required: false
  files:
    description: List of Bake files
    required: false
  target:
    description: Bake target
    required: false
  fields:
    description: List of extra fields to include in the matrix
    required: false
 outputs:
  matrix:
    description: Matrix configuration
    value: ${{ steps.generate.outputs.includes }}
 runs:
  using: composite
  steps:
    -
      name: Generate
      id: generate
      uses: actions/github-script@v7
      env:
        INPUT_WORKDIR: ${{ inputs.workdir }}
        INPUT_FILES: ${{ inputs.files }}
        INPUT_TARGET: ${{ inputs.target }}
        INPUT_FIELDS: ${{ inputs.fields }}
      with:
        script: |
          function getInputList(name) {
            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
          }
          const workdir = core.getInput('workdir');
          const files = getInputList('files');
          const target = core.getInput('target');
          const fields = getInputList('fields');
          let def = {};
          await core.group(`Parsing definition`, async () => {
            let args = ['buildx', 'bake'];
            for (const file of files) {
              args.push('--file', file);
            }
            if (target) {
              args.push(target);
            }
            args.push('--print');
            const res = await exec.getExecOutput('docker', args, {
              ignoreReturnCode: true,
              silent: true,
              cwd: workdir
            });
            if (res.stderr.length > 0 && res.exitCode != 0) {
              throw new Error(res.stderr);
            }
            def = JSON.parse(res.stdout.trim());
            core.info(JSON.stringify(def, null, 2));
          });
          await core.group(`Generating matrix`, async () => {
            const result = [];
            for (const targetName of Object.keys(def.target)) {
              const target = def.target[targetName];
              const entry = { target: targetName };
              if (fields.length === 0) {
                result.push({ ...entry });
                continue;
              }
              let fieldFound = false;
              Object.keys(target).forEach(field => {
                if (fields.includes(field)) {
                  fieldFound = true;
                  const value = target[field];
                  if (Array.isArray(value)) {
                    value.forEach((v) => {
                      entry[field] = v;
                      result.push({ ...entry });
                    });
                  } else {
                    entry[field] = value;
                    result.push({ ...entry });
                  }
                }
              });
              if (!fieldFound) {
                result.push({ ...entry });
              }
            }
            core.info(JSON.stringify(result, null, 2));
            core.setOutput('includes', JSON.stringify(result));
          });
@@ -1,10 +0,0 @@
 # syntax=docker/dockerfile:1
 FROM busybox AS t1
 RUN echo "Hello t1"
 FROM busybox AS t2
 RUN echo "Hello t2"
 FROM busybox AS t3
 RUN echo "Hello t3"
@@ -1,17 +0,0 @@
 group "default" {
  targets = ["t1", "t2", "t3"]
 }
 target "t1" {
  target = "t1"
 }
 target "t2" {
  target = "t2"
  attest = ["type=provenance,mode=min"]
 }
 target "t3" {
  target = "t3"
  attest = ["type=sbom"]
 }
@@ -42,8 +42,3 @@ target "app-proxy" {
  inherits = ["app"]
  dockerfile = "proxy.Dockerfile"
 }
 target "app-entitlements" {
  inherits = ["app"]
  entitlements = ["network.host"]
 }
@@ -1,36 +0,0 @@
 group "validate" {
  targets = ["lint", "lint-gopls", "validate-vendor", "validate-docs"]
 }
 target "lint" {
  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
  output = ["type=cacheonly"]
  platforms = [
    "darwin/amd64",
    "darwin/arm64",
    "linux/amd64",
    "linux/arm64",
    "linux/s390x",
    "linux/ppc64le",
    "linux/riscv64",
    "windows/amd64",
    "windows/arm64"
  ]
 }
 target "lint-gopls" {
  inherits = ["lint"]
  target = "gopls-analyze"
 }
 target "validate-vendor" {
  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
  target = "validate"
  output = ["type=cacheonly"]
 }
 target "validate-docs" {
  dockerfile = "./hack/dockerfiles/docs.Dockerfile"
  target = "validate"
  output = ["type=cacheonly"]
 }
@@ -1,10 +0,0 @@
 frOM busybox as base
 cOpy lint-other.Dockerfile .
 froM busybox aS notused
 COPY lint-other.Dockerfile .
 from scratch
 COPy --from=base \
  /lint-other.Dockerfile \
  /
@@ -1,12 +0,0 @@
 frOM busybox as base
 cOpy lint.Dockerfile .
 from scratch
 MAINTAINER moby@example.com
 COPy --from=base \
  /lint.Dockerfile \
  /
 CMD [ "echo", "Hello, Norway!" ]
 CMD [ "echo", "Hello, Sweden!" ]
 ENTRYPOINT my-program start
@@ -1,12 +0,0 @@
 group "default" {
  targets = ["lint", "lint-other", "lint-inline"]
 }
 target "lint" {
  dockerfile = "lint.Dockerfile"
 }
 target "lint-other" {
  dockerfile = "lint-other.Dockerfile"
 }
 target "lint-inline" {
  dockerfile-inline = "FRoM alpine\nENTRYPOINT [\"echo\", \"hello\"]"
 }
@@ -1,15 +0,0 @@
 group "default" {
  targets = ["t3"]
 }
 target "t3" {
  name = "${item.tag}"
  matrix = {
    item = t3
  }
  args = {
    VERSION = "${item.version}"
    DUMMY_ARG = "${item.arg}"
  }
  tags = ["${item.tag}"]
 }
@@ -1,14 +0,0 @@
 {
  "t3": [
    {
      "version": "v1",
      "arg": "v1-value",
      "tag": "v1-tag"
    },
    {
      "version": "v2",
      "arg": "v2-value",
      "tag": "v2-tag"
    }
  ]
 }
Author	SHA1	Message	Date
CrazyMax	aefd381cba	Merge pull request #290 from crazy-max/v4_backport_buildx-version-support [v4] mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5	2025-01-21 16:07:27 +01:00
CrazyMax	1a883d70d7	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-21 14:03:47 +01:00
CrazyMax	44d6ed6f31	mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-21 14:03:01 +01:00