Merge pull request #293 from crazy-max/v3_buildx-0.20.0

[v3] mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5
chore: update generated content
2026-06-05 17:48:40 +02:00 · 2025-01-23 14:39:10 +01:00 · 2025-01-23 14:37:12 +01:00 · 2025-01-23 14:37:12 +01:00
47 changed files with 3947 additions and 11888 deletions
@@ -1,12 +1,2 @@
 /coverage
-
+/node_modules
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/cache
 .yarn/unplugged
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
@@ -1,3 +0,0 @@
 /dist/**
 /coverage/**
 /node_modules/**
@@ -1,12 +1,11 @@
 {
  "env": {
    "node": true,
-    "es6": true,
+    "es2021": true,
    "jest": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/eslint-recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
@@ -1,4 +1,2 @@
 /.yarn/releases/** binary
 /.yarn/plugins/** binary
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true
@@ -0,0 +1 @@
 *	@crazy-max
@@ -1,3 +0,0 @@
 # Code of conduct
 - [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)
@@ -1,101 +0,0 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Bug Report
 description: Report a bug
 labels:
  - status/triage
 body:
  - type: markdown
    attributes:
      value: |
        Thank you for taking the time to report a bug!
        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
  - type: checkboxes
    attributes:
      label: Contributing guidelines
      description: >
        Make sure you've read the contributing guidelines before proceeding.
      options:
        - label: I've read the [contributing guidelines](https://github.com/docker/bake-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
          required: true
  - type: checkboxes
    attributes:
      label: "I've found a bug, and:"
      description: |
        Make sure that your request fulfills all of the following requirements.
        If one requirement cannot be satisfied, explain in detail why.
      options:
        - label: The documentation does not mention anything about my problem
        - label: There are no open or closed issues that are related to my problem
  - type: textarea
    attributes:
      label: Description
      description: >
        Provide a brief description of the bug in 1-2 sentences.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Expected behaviour
      description: >
        Describe precisely what you'd expect to happen.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Actual behaviour
      description: >
        Describe precisely what is actually happening.
    validations:
      required: true
  - type: input
    attributes:
      label: Repository URL
      description: >
        Enter the URL of the repository where you are experiencing the
        issue. If your repository is private, provide a link to a minimal
        repository that reproduces the issue.
  - type: input
    attributes:
      label: Workflow run URL
      description: >
        Enter the URL of the GitHub Action workflow run if public (e.g.
        `https://github.com/<user>/<repo>/actions/runs/<id>`)
  - type: textarea
    attributes:
      label: YAML workflow
      description: |
        Provide the YAML of the workflow that's causing the issue.
        Make sure to remove any sensitive information.
      render: yaml
    validations:
      required: true
  - type: textarea
    attributes:
      label: Workflow logs
      description: >
        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
        and make sure to remove any sensitive information.
  - type: textarea
    attributes:
      label: BuildKit logs
      description: >
        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
      render: text
  - type: textarea
    attributes:
      label: Additional info
      description: |
        Provide any additional information that could be useful.
@@ -0,0 +1,34 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 ---
 ### Behaviour
 #### Steps to reproduce this issue
 1.
 2.
 3.
 #### Expected behaviour
 > Tell us what should happen
 #### Actual behaviour
 > Tell us what happens instead
 ### Configuration
 * Repository URL (if public): 
 * Build URL (if public): 
 ```yml
 # paste your YAML workflow file here and remove sensitive data
 ```
 ### Logs
 > Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
 > and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.
@@ -1,9 +0,0 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
 blank_issues_enabled: true
 contact_links:
  - name: Questions and Discussions
    url: https://github.com/docker/bake-action/discussions/new
    about: Use Github Discussions to ask questions and/or open discussion topics.
  - name: Documentation
    url: https://docs.docker.com/build/ci/github-actions/
    about: Read the documentation.
@@ -1,15 +0,0 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Feature request
 description: Missing functionality? Come tell us about it!
 labels:
  - kind/enhancement
  - status/triage
 body:
  - type: textarea
    id: description
    attributes:
      label: Description
      description: What is the feature you want to see?
    validations:
      required: true
@@ -1,12 +0,0 @@
 # Reporting security issues
 The project maintainers take security seriously. If you discover a security
 issue, please bring it to their attention right away!
 **Please _DO NOT_ file a public issue**, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 Security reports are greatly appreciated, and we will publicly thank you for it.
 We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
 us know. We currently do not offer a paid security bounty program, but are not
 ruling it out in the future.
@@ -0,0 +1,31 @@
 # Support [![](https://isitmaintained.com/badge/resolution/docker/bake-action.svg)](https://isitmaintained.com/project/docker/bake-action)
 First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
 ## Reporting an issue
 Please do a search in [open issues](https://github.com/docker/bake-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
 If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
 :+1: - upvote
 :-1: - downvote
 If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
 ## Writing good bug reports and feature requests
 File a single issue per problem and feature request.
 * Do not enumerate multiple bugs or feature requests in the same issue.
 * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
 The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
 You are now ready to [create a new issue](https://github.com/docker/bake-action/issues/new/choose)!
 ## Closure policy
 * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
 * Issues that go a week without a response from original poster are subject to closure at our discretion.
@@ -11,7 +11,6 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
    labels:
@@ -1,99 +0,0 @@
 name: ci-subaction
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
  schedule:
    - cron: '0 10 * * *'
  push:
    branches:
      - 'master'
      - 'releases/v*'
    tags:
      - 'v*'
    paths:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
      - 'test/**'
  pull_request:
    paths:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
      - 'test/**'
 jobs:
  list-targets-group:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Matrix gen
        id: gen
        uses: ./subaction/list-targets
        with:
          workdir: ./test/group
      -
        name: Check targets
        uses: actions/github-script@v7
        with:
          script: |
            const targets = `${{ steps.gen.outputs.targets }}`;
            if (!targets) {
              core.setFailed('No targets generated');
            }
            core.info(`targets=${targets}`);
  list-targets-group-matrix:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Matrix gen
        id: gen
        uses: ./subaction/list-targets
        with:
          workdir: ./test/group-matrix
          target: validate
      -
        name: Check targets
        uses: actions/github-script@v7
        with:
          script: |
            const targets = `${{ steps.gen.outputs.targets }}`;
            if (!targets) {
              core.setFailed('No targets generated');
            }
            core.info(`targets=${targets}`);
  list-targets-multi-files:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Matrix gen
        id: gen
        uses: ./subaction/list-targets
        with:
          workdir: ./test/multi-files
          files: |
            docker-bake.json
            docker-bake.hcl
      -
        name: Check targets
        uses: actions/github-script@v7
        with:
          script: |
            const targets = `${{ steps.gen.outputs.targets }}`;
            if (!targets) {
              core.setFailed('No targets generated');
            }
            core.info(`targets=${targets}`);
@@ -1,9 +1,5 @@
 name: ci
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
    inputs:
@@ -23,16 +19,10 @@ on:
      - 'releases/v*'
    tags:
      - 'v*'
    paths-ignore:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
  pull_request:
    paths-ignore:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
 env:
-  BUILDX_VERSION: latest
+  BUILDX_VERSION: v0.18.0
  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
 jobs:
@@ -52,14 +42,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
@@ -69,7 +59,6 @@ jobs:
        name: Build and push
        uses: ./
        with:
          source: .
          builder: ${{ steps.buildx.outputs.name }}
          files: |
            ./test/config.hcl
@@ -82,13 +71,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        continue-on-error: true
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          set: |
@@ -99,7 +93,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Stop docker
        run: |
@@ -110,7 +110,6 @@ jobs:
        continue-on-error: true
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
      -
@@ -127,18 +126,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
-        name: Uninstall docker cli
+        name: Uninstall moby cli
        run: |
-          if dpkg -s "docker-ce" >/dev/null 2>&1; then
+          sudo apt-get purge -y moby-cli moby-buildx
            sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin
          else
            sudo apt-get purge -y moby-cli moby-buildx
          fi
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
@@ -147,16 +142,21 @@ jobs:
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
-  remote:
+  source:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        uses: ./
@@ -178,10 +178,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
@@ -192,7 +192,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: binary
          provenance: ${{ matrix.attrs }}
          set: |
@@ -220,10 +219,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
@@ -234,7 +233,6 @@ jobs:
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: ${{ matrix.target }}
          sbom: true
          set: |
@@ -275,13 +273,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver: docker
      -
        name: Build
        uses: ./
        with:
          workdir: ./test/go
          source: .
          set: |
            *.platform=linux/amd64
            *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
@@ -297,10 +300,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
@@ -311,425 +314,35 @@ jobs:
        uses: ./
        with:
          workdir: ./test/group
          source: .
          push: true
          set: |
            t1.tags=localhost:5000/name/app:t1
            t2.tags=localhost:5000/name/app:t2
-  docker-config-malformed:
+  error-buildx-latest:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
-        name: Set malformed docker config
+        name: Set up Docker Buildx
-        run: |
+        uses: docker/setup-buildx-action@v2
-          mkdir -p ~/.docker
+        with:
-          echo 'foo_bar' >> ~/.docker/config.json
+          version: v0.20.0
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
  proxy-docker-config:
    runs-on: ubuntu-latest
    services:
      squid-proxy:
        image: ubuntu/squid:latest
        ports:
          - 3128:3128
    steps:
      -
        name: Check proxy
        run: |
          netstat -aptn
          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set proxy config
        run: |
          mkdir -p ~/.docker
          echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
            network=host
          buildkitd-flags: --debug
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          targets: app-proxy
  proxy-buildkitd:
    runs-on: ubuntu-latest
    services:
      squid-proxy:
        image: ubuntu/squid:latest
        ports:
          - 3128:3128
    steps:
      -
        name: Check proxy
        run: |
          netstat -aptn
          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
            network=host
            env.http_proxy=http://127.0.0.1:3128
            env.https_proxy=http://127.0.0.1:3128
          buildkitd-flags: --debug
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
  git-context:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
  git-context-and-local:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
      -
        name: Build
        uses: ./
        with:
          files: |
            cwd://${{ steps.meta.outputs.bake-file }}
  multi-output:
    runs-on: ubuntu-latest
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            network=host
      -
        name: Build and push
        uses: ./
        with:
          workdir: ./test/go
          source: .
          set: |
            *.output=type=image,name=localhost:5000/name/app:latest,push=true
            *.output=type=docker,name=app:local
            *.output=type=oci,dest=/tmp/oci.tar
      -
        name: Check registry
        run: |
          docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
      -
        name: Check docker
        run: |
          docker image inspect app:local
      -
        name: Check oci
        run: |
          set -ex
          mkdir -p /tmp/oci-out
          tar xf /tmp/oci.tar -C /tmp/oci-out
          tree -nh /tmp/oci-out
  load-and-push:
    runs-on: ubuntu-latest
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            network=host
      -
        name: Build and push
        uses: ./
        with:
          workdir: ./test/go
          source: .
          targets: image
          load: true
          push: true
          set: |
            *.tags=localhost:5000/name/app:latest
      -
        name: Check registry
        run: |
          docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
      -
        name: Check docker
        run: |
          docker image inspect localhost:5000/name/app:latest
  summary-disable:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        id: bake
        continue-on-error: true
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_SUMMARY: false
  summary-disable-deprecated:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Checkout
+        name: Check
-        uses: actions/checkout@v4
+        run: |
-      -
+          echo "${{ toJson(steps.bake) }}"
-        name: Set up Docker Buildx
+          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
-        uses: docker/setup-buildx-action@v3
+            echo "::error::Should have failed"
-        with:
+            exit 1
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          fi
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          source: .
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_NO_SUMMARY: true
  summary-not-supported:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: v0.12.1
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
  record-upload-disable:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_RECORD_UPLOAD: false
  record-retention-days:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        days:
          - 2
          - 0
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          targets: app
        env:
          DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
  checks:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        buildx-version:
          - latest
          - v0.14.1
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
            ./lint.hcl
  annotations-disabled:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          workdir: ./test
          source: .
          files: |
            ./lint.hcl
        env:
          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
  allow:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        buildx-version:
          - v0.19.0-rc2
          - v0.18.0
          - v0.17.1
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: |
            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
      -
        name: Build
        uses: ./
        with:
          files: |
            ./test/config.hcl
          allow: network.host
          targets: app-entitlements
@@ -1,21 +0,0 @@
 name: publish
 on:
  release:
    types:
      - published
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Publish
        uses: actions/publish-immutable-action@v0.0.4
@@ -1,21 +1,11 @@
 name: test
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
    paths-ignore:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
  pull_request:
    paths-ignore:
      - '.github/workflows/ci-subaction.yml'
      - 'subaction/**'
 jobs:
  test:
@@ -23,15 +13,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Test
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v3
        with:
-          files: ./coverage/clover.xml
+          file: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -1,9 +1,5 @@
 name: validate
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
@@ -15,17 +11,16 @@ jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
-      targets: ${{ steps.generate.outputs.targets }}
+      targets: ${{ steps.targets.outputs.matrix }}
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
-        name: List targets
+        name: Targets matrix
-        id: generate
+        id: targets
-        uses: ./subaction/list-targets
+        run: |
-        with:
+          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
          target: validate
  validate:
    runs-on: ubuntu-latest
@@ -38,9 +33,9 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Validate
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          targets: ${{ matrix.target }}
@@ -1,5 +1,12 @@
-# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
+/.dev
 node_modules
 lib
 # Jetbrains
 /.idea
 /*.iml
 # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -7,7 +14,6 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -18,14 +24,34 @@ pids
 *.seed
 *.pid.lock
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 # nyc test coverage
 .nyc_output
 # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 # Bower dependency directory (https://bower.io/)
 bower_components
 # node-waf configuration
 .lock-wscript
 # Compiled binary addons (https://nodejs.org/api/addons.html)
 build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
 # TypeScript v1 declaration files
 typings/
 # TypeScript cache
 *.tsbuildinfo
@@ -35,19 +61,36 @@ jspm_packages/
 # Optional eslint cache
 .eslintcache
 # Optional REPL history
 .node_repl_history
 # Output of 'npm pack'
 *.tgz
 # Yarn Integrity file
 .yarn-integrity
-# dotenv environment variable files
+# dotenv environment variables file
 .env
-.env.development.local
+.env.test
 .env.test.local
 .env.production.local
 .env.local
-# yarn v2
+# parcel-bundler cache (https://parceljs.org/)
-.yarn/cache
+.cache
-.yarn/unplugged
+
-.yarn/build-state.yml
+# next.js build output
-.yarn/install-state.gz
+.next
-.pnp.*
+
 # nuxt.js build output
 .nuxt
 # vuepress build output
 .vuepress/dist
 # Serverless directories
 .serverless/
 # FuseBox cache
 .fusebox/
 # DynamoDB Local files
 .dynamodb/
@@ -1,6 +0,0 @@
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/
@@ -1,13 +0,0 @@
 logFilters:
  - code: YN0013
    level: discard
  - code: YN0019
    level: discard
  - code: YN0076
    level: discard
 nodeLinker: node-modules
 plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
    spec: "@yarnpkg/plugin-interactive-tools"
@@ -4,6 +4,13 @@
 [![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/bake-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/bake-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/bake-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/bake-action)
 ## :test_tube: Experimental
 This repository is considered **EXPERIMENTAL** and under active development
 until further notice. It is subject to non-backward compatible changes or
 removal in any future version, so you should [pin to a specific tag/commit](https://docs.github.com/en/actions/creating-actions/about-actions#using-tags-for-release-management)
 of this action in your workflow (i.e `docker/bake-action@v1.1.3`).
 ## About
 GitHub Action to use Docker [Buildx Bake](https://docs.docker.com/build/customize/bake/)
@@ -14,108 +21,20 @@ as a high-level build command.
 ___
 * [Usage](#usage)
  * [Git context](#git-context)
  * [Path context](#path-context)
 * [Summaries](#summaries)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
  * [environment variables](#environment-variables)
 * [Subactions](#subactions)
  * [`list-targets`](subaction/list-targets)
 * [Contributing](#contributing)
 ## Usage
 ### Git context
 Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
 to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
 does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
 action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
 will do this directly.
 The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 ```yaml
 name: ci
 on:
  push:
 jobs:
  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          push: true
          set: |
            *.tags=user/app:latest
 ```
 Be careful because **any file mutation in the steps that precede the build step
 will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the Git reference. However, you can use the
 [Path context](#path-context) using the [`source` input](#inputs) alongside
 the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
 this restriction.
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
 to the default Git context:
 ```yaml
      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          source: "{{defaultContext}}:mysubdir"
          push: true
          set: |
            *.tags=user/app:latest
 ```
 Building from the current repository automatically uses the `GITHUB_TOKEN`
 secret that GitHub [automatically creates for workflows](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
 so you don't need to pass that manually. If you want to authenticate against
 another private repository for remote definitions, you can set the
 [`BUILDX_BAKE_GIT_AUTH_TOKEN` environment variable](https://docs.docker.com/build/building/variables/#buildx_bake_git_auth_token).
 > [!NOTE]
 > Supported since Buildx 0.14.0
 ```yaml
      -
        name: Build and push
        uses: docker/bake-action@v5
        with:
          push: true
          set: |
            *.tags=user/app:latest
        env:
          BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
 ```
 ### Path context
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  bake:
@@ -123,51 +42,28 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      -
        name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v3
        with:
          source: .
          push: true
          set: |
            *.tags=user/app:latest
 ```
 ## Summaries
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
 that provides a detailed overview of the build execution. The summary shows an
 overview of all the steps executed during the build, including the build
 inputs, bake definition, and eventual errors.
 ![build-push-action job summary](./.github/bake-summary.png)
 The summary also includes a link for downloading a build record archive with
 additional details about the build execution for all the bake targets,
 including build stats, logs, outputs, and more. The build record can be
 imported to Docker Desktop for inspecting the build in greater detail.
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 For more information about summaries, refer to the
 [documentation](https://docs.docker.com/go/build-summary/).
 ## Customizing
 ### inputs
-The following inputs can be used as `step.with` keys
+Following inputs can be used as `step.with` keys
 > `List` type is a newline-delimited string
 > ```yaml
@@ -184,44 +80,29 @@ The following inputs can be used as `step.with` keys
 > targets: default,release
 > ```
-| Name           | Type        | Description                                                                                                                                                        |
+| Name         | Type        | Description                                                                                                                                 |
-|----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
-| `builder`      | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                        |
+| `builder`    | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                 |
-| `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition)    |
+| `files`      | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                              |
-| `allow`        | List/CSV    | Allow build to access specified resources (e.g., `network.host`)                                                                                                   |
+| `workdir`    | String      | Working directory of execution                                                                                                              |
-| `files`        | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                                                     |
+| `targets`    | List/CSV    | List of bake targets (`default` target used if empty)                                                                                       |
-| `workdir`      | String      | Working directory of execution                                                                                                                                     |
+| `no-cache`   | Bool        | Do not use cache when building the image (default `false`)                                                                                  |
-| `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
+| `pull`       | Bool        | Always attempt to pull a newer version of the image (default `false`)                                                                       |
-| `no-cache`     | Bool        | Do not use cache when building the image (default `false`)                                                                                                         |
+| `load`       | Bool        | Load is a shorthand for `--set=*.output=type=docker` (default `false`)                                                                      |
-| `pull`         | Bool        | Always attempt to pull a newer version of the image (default `false`)                                                                                              |
+| `provenance` | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance`                    |
-| `load`         | Bool        | Load is a shorthand for `--set=*.output=type=docker` (default `false`)                                                                                             |
+| `push`       | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                    |
-| `provenance`   | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance`                                      |
+| `sbom`       | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                      |
-| `push`         | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                                           |
+| `set`        | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (eg: `targetpattern.key=value`) |
-| `sbom`         | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                                             |
+| `source`     | String      | [Remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition) to build from                     |
 | `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`)                      |
 | `github-token` | String      | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
 ### outputs
-The following outputs are available
+Following outputs are available
 | Name       | Type | Description           |
 |------------|------|-----------------------|
 | `metadata` | JSON | Build result metadata |
 ### environment variables
 | Name                                 | Type   | Default | Description                                                                                                                                                                                                                                                        |
 |--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `DOCKER_BUILD_CHECKS_ANNOTATIONS`    | Bool   | `true`  | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/)                                                                                                                                                         |
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
 ## Subactions
 * [`list-targets`](subaction/list-targets)
 ## Contributing
 Want to contribute? Awesome! You can find information about contributing to
@@ -1,7 +1,6 @@
 import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 import {Bake} from '@docker/actions-toolkit/lib/buildx/bake';
 import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
 import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
@@ -9,9 +8,8 @@ import {Context} from '@docker/actions-toolkit/lib/context';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
-
+import {BakeDefinition} from '@docker/actions-toolkit/lib/types/bake';
-import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
+import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder';
 import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
 import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
 import * as context from '../src/context';
@@ -39,11 +37,6 @@ jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean>
  return true;
 });
 const metadataJson = path.join(tmpDir, 'metadata.json');
 jest.spyOn(Bake.prototype, 'getMetadataFilePath').mockImplementation((): string => {
  return metadataJson;
 });
 jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
  return {
    name: 'builder2',
@@ -63,7 +56,7 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
  };
 });
-jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise<BakeDefinition> => {
+jest.spyOn(Bake.prototype, 'parseDefinitions').mockImplementation(async (): Promise<BakeDefinition> => {
  return JSON.parse(`{
    "group": {
      "default": {
@@ -137,7 +130,6 @@ describe('getArgs', () => {
      0,
      '0.4.1',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -151,7 +143,6 @@ describe('getArgs', () => {
      1,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -159,14 +150,13 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson
+        '--metadata-file', path.join(tmpDir, 'metadata-file')
      ]
    ],
    [
      2,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['targets', 'webapp\nvalidate'],
        ['load', 'false'],
        ['no-cache', 'false'],
@@ -175,7 +165,7 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
        'webapp', 'validate'
      ]
    ],
@@ -183,7 +173,6 @@ describe('getArgs', () => {
      3,
      '0.8.2',
      new Map<string, string>([
        ['source', '.'],
        ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
        ['load', 'false'],
        ['no-cache', 'false'],
@@ -194,14 +183,13 @@ describe('getArgs', () => {
        'bake',
        '--set', '*.cache-from=type=gha',
        '--set', '*.cache-to=type=gha',
-        '--metadata-file', metadataJson
+        '--metadata-file', path.join(tmpDir, 'metadata-file')
      ]
    ],
    [
      4,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -209,15 +197,14 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
      ]
    ],
    [
      5,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -226,15 +213,14 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`
      ]
    ],
    [
      6,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -243,15 +229,14 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`
      ]
    ],
    [
      7,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -260,7 +245,7 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
        "--provenance", 'false'
      ]
    ],
@@ -268,7 +253,6 @@ describe('getArgs', () => {
      8,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -277,7 +261,7 @@ describe('getArgs', () => {
      ]),
      [
        'bake',
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
        "--provenance", 'builder-id=foo'
      ]
    ],
@@ -285,7 +269,6 @@ describe('getArgs', () => {
      9,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -297,8 +280,8 @@ describe('getArgs', () => {
        'bake',
        '--set', '*.platform=linux/amd64,linux/ppc64le,linux/s390x',
        '--set', `*.output=type=image,"name=moby/buildkit:v0.11.0,moby/buildkit:latest",push=true`,
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
        'image-all'
      ]
    ],
@@ -306,7 +289,6 @@ describe('getArgs', () => {
      10,
      '0.10.0',
      new Map<string, string>([
        ['source', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
@@ -317,66 +299,11 @@ describe('getArgs', () => {
      [
        'bake',
        '--set', `*.labels.foo=bar=#baz`,
-        '--metadata-file', metadataJson,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
        'image-all'
      ]
    ],
    [
      11,
      '0.10.0',
      new Map<string, string>([
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
        ['files', './foo.hcl'],
      ]),
      [
        'bake',
        'https://github.com/docker/build-push-action.git#refs/heads/master',
        '--file', './foo.hcl',
        '--metadata-file', metadataJson,
        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
      ]
    ],
    [
      12,
      '0.17.0',
      new Map<string, string>([
        ['source', '.'],
        ['allow', 'network.host'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
      ]),
      [
        'bake',
        '--allow', 'network.host',
        '--metadata-file', metadataJson,
        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
      ]
    ],
    [
      13,
      '0.15.0',
      new Map<string, string>([
        ['source', '{{defaultContext}}:subdir'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
        ['files', './foo.hcl'],
      ]),
      [
        'bake',
        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
        '--file', './foo.hcl',
        '--metadata-file', metadataJson,
        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
      ]
    ],
  ])(
    '[%d] given %p with %p as inputs, returns %p',
    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
@@ -388,23 +315,7 @@ describe('getArgs', () => {
        return buildxVersion;
      });
      const inp = await context.getInputs();
-      const definition = await toolkit.buildxBake.getDefinition(
+      const res = await context.getArgs(inp, toolkit);
        {
          files: inp.files,
          load: inp.load,
          noCache: inp['no-cache'],
          overrides: inp.set,
          provenance: inp.provenance,
          push: inp.push,
          sbom: inp.sbom,
          source: inp.source,
          targets: inp.targets
        },
        {
          cwd: inp.workdir
        }
      );
      const res = await context.getArgs(inp, definition, toolkit);
      expect(res).toEqual(expected);
    }
  );
@@ -10,15 +10,9 @@ inputs:
  builder:
    description: "Builder instance"
    required: false
  source:
    description: "Context to build from. Can be either local or a remote bake definition"
    required: false
  allow:
    description: "Allow build to access specified resources (e.g., network.host)"
    required: false
  files:
    description: "List of bake definition files"
-    required: false
+    required: true
  workdir:
    description: "Working directory of bake execution"
    required: false
@@ -51,9 +45,8 @@ inputs:
  set:
    description: "List of targets values to override (eg. targetpattern.key=value)"
    required: false
-  github-token:
+  source:
-    description: "API token used to authenticate to a Git repository for remote definitions"
+    description: "Remote bake definition to build from"
    default: ${{ github.token }}
    required: false
 outputs:
@@ -61,6 +54,5 @@ outputs:
    description: 'Build result metadata'
 runs:
-  using: 'node20'
+  using: 'node16'
  main: 'dist/index.js'
  post: 'dist/index.js'
@@ -1,20 +1,15 @@
 # syntax=docker/dockerfile:1
-ARG NODE_VERSION=20
+ARG NODE_VERSION=16
 ARG DOCKER_VERSION=20.10.13
 ARG BUILDX_VERSION=0.8.1
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache <<EOT
  corepack enable
  yarn --version
  yarn config set --home enableTelemetry 0
 EOT
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /vendor && cp yarn.lock /vendor
@@ -35,7 +30,6 @@ EOT
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
@@ -56,25 +50,27 @@ EOT
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run lint
 FROM docker:${DOCKER_VERSION} as docker
 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
 FROM deps AS test
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverage --coverageDirectory=/tmp/coverage
+  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
  yarn run test --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
@@ -3,7 +3,7 @@ group "default" {
 }
 group "pre-checkin" {
-  targets = ["vendor", "format", "build"]
+  targets = ["vendor-update", "format", "build"]
 }
 group "validate" {
@@ -34,7 +34,7 @@ target "lint" {
  output = ["type=cacheonly"]
 }
-target "vendor" {
+target "vendor-update" {
  dockerfile = "dev.Dockerfile"
  target = "vendor-update"
  output = ["."]
@@ -1,16 +1,13 @@
 {
  "name": "docker-buildx-bake",
  "description": "GitHub Action to use Docker Buildx Bake as a high-level build command",
-  "main": "src/main.ts",
+  "main": "lib/main.js",
  "scripts": {
-    "build": "ncc build --source-map --minify --license licenses.txt",
+    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
-    "lint": "yarn run prettier && yarn run eslint",
+    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
-    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
-    "eslint": "eslint --max-warnings=0 .",
+    "test": "jest --coverage",
-    "eslint:fix": "eslint --fix .",
+    "all": "yarn run build && yarn run format && yarn test"
    "prettier": "prettier --check \"./**/*.ts\"",
    "prettier:fix": "prettier --write \"./**/*.ts\"",
    "test": "jest"
  },
  "repository": {
    "type": "git",
@@ -22,27 +19,31 @@
    "buildx",
    "bake"
  ],
-  "author": "Docker Inc.",
+  "author": "Docker",
  "contributors": [
    {
      "name": "CrazyMax",
      "url": "https://crazymax.dev"
    }
  ],
  "license": "Apache-2.0",
  "packageManager": "yarn@3.6.3",
  "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^1.10.0",
-    "@docker/actions-toolkit": "^0.49.0",
+    "@docker/actions-toolkit": "^0.5.0"
    "handlebars": "^4.7.8"
  },
  "devDependencies": {
-    "@types/node": "^20.12.12",
+    "@types/node": "^16.18.21",
-    "@typescript-eslint/eslint-plugin": "^7.9.0",
+    "@typescript-eslint/eslint-plugin": "^5.56.0",
-    "@typescript-eslint/parser": "^7.9.0",
+    "@typescript-eslint/parser": "^5.56.0",
-    "@vercel/ncc": "^0.38.1",
+    "@vercel/ncc": "^0.36.1",
-    "eslint": "^8.57.0",
+    "eslint": "^8.36.0",
-    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-prettier": "^8.8.0",
-    "eslint-plugin-jest": "^28.5.0",
+    "eslint-plugin-jest": "^27.2.1",
-    "eslint-plugin-prettier": "^5.1.3",
+    "eslint-plugin-prettier": "^4.2.1",
-    "jest": "^29.7.0",
+    "jest": "^29.5.0",
-    "prettier": "^3.2.5",
+    "prettier": "^2.8.7",
-    "ts-jest": "^29.1.2",
+    "ts-jest": "^29.0.5",
-    "ts-node": "^10.9.2",
+    "ts-node": "^10.9.1",
-    "typescript": "^5.4.5"
+    "typescript": "^4.9.5"
  }
 }
@@ -1,22 +1,16 @@
 import * as core from '@actions/core';
 import * as handlebars from 'handlebars';
 import {Bake} from '@docker/actions-toolkit/lib/buildx/bake';
-import {Build} from '@docker/actions-toolkit/lib/buildx/build';
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 export interface Inputs {
  allow: string[];
  builder: string;
  files: string[];
  workdir: string;
  targets: string[];
-  'no-cache': boolean;
+  noCache: boolean;
  pull: boolean;
  load: boolean;
  provenance: string;
@@ -24,73 +18,39 @@ export interface Inputs {
  sbom: string;
  set: string[];
  source: string;
  'github-token': string;
 }
 export async function getInputs(): Promise<Inputs> {
  return {
    allow: Util.getInputList('allow'),
    builder: core.getInput('builder'),
    files: Util.getInputList('files'),
    workdir: core.getInput('workdir') || '.',
    targets: Util.getInputList('targets'),
-    'no-cache': core.getBooleanInput('no-cache'),
+    noCache: core.getBooleanInput('no-cache'),
    pull: core.getBooleanInput('pull'),
    load: core.getBooleanInput('load'),
-    provenance: Build.getProvenanceInput('provenance'),
+    provenance: BuildxInputs.getProvenanceInput('provenance'),
    push: core.getBooleanInput('push'),
    sbom: core.getInput('sbom'),
    set: Util.getInputList('set', {ignoreComma: true, quote: false}),
-    source: getSourceInput('source'),
+    source: core.getInput('source')
    'github-token': core.getInput('github-token')
  };
 }
-export function sanitizeInputs(inputs: Inputs) {
+export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
  const res = {};
  for (const key of Object.keys(inputs)) {
    if (key === 'github-token') {
      continue;
    }
    const value: string | string[] | boolean = inputs[key];
    if (typeof value === 'boolean' && value === false) {
      continue;
    } else if (Array.isArray(value) && value.length === 0) {
      continue;
    } else if (!value) {
      continue;
    }
    if (key === 'workdir' && value === '.') {
      continue;
    }
    res[key] = value;
  }
  return res;
 }
 export async function getArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
  // prettier-ignore
  return [
-    ...await getBakeArgs(inputs, definition, toolkit),
+    ...await getBakeArgs(inputs, toolkit),
    ...await getCommonArgs(inputs),
    ...inputs.targets
  ];
 }
-async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
+async function getBakeArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
  const args: Array<string> = ['bake'];
  if (inputs.source) {
    args.push(inputs.source);
  }
  if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
      // allow filesystem entitlements by default
      inputs.allow.push('fs=*');
    }
    await Util.asyncForEach(inputs.allow, async allow => {
      args.push('--allow', allow);
    });
  }
  await Util.asyncForEach(inputs.files, async file => {
    args.push('--file', file);
  });
@@ -98,22 +58,23 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
    args.push('--set', set);
  });
  if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
-    args.push('--metadata-file', toolkit.buildxBake.getMetadataFilePath());
+    args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
  }
  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
    const bakedef = await toolkit.bake.parseDefinitions([...inputs.files, inputs.source], inputs.targets, inputs.set, inputs.load, inputs.push, inputs.workdir);
    if (inputs.provenance) {
      args.push('--provenance', inputs.provenance);
-    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(bakedef, inputs.load)) {
      // if provenance not specified and BuildKit version compatible for
      // attestation, set default provenance. Also needs to make sure user
      // doesn't want to explicitly load the image to docker.
      if (GitHub.context.payload.repository?.private ?? false) {
        // if this is a private repository, we set the default provenance
        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
-        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=min,inline-only=true`));
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
      } else {
        // for a public repository, we set max provenance mode.
-        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=max`));
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`));
      }
    }
    if (inputs.sbom) {
@@ -125,7 +86,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
 async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
  const args: Array<string> = [];
-  if (inputs['no-cache']) {
+  if (inputs.noCache) {
    args.push('--no-cache');
  }
  if (inputs.builder) {
@@ -142,16 +103,3 @@ async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
  }
  return args;
 }
 function getSourceInput(name: string): string {
  let source = handlebars.compile(core.getInput(name))({
    defaultContext: Context.gitContext()
  });
  if (!source) {
    source = Context.gitContext();
  }
  if (source === '.') {
    source = '';
  }
  return source;
 }
@@ -1,21 +1,12 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
-
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
 import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
 import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 import {Exec} from '@docker/actions-toolkit/lib/exec';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
 import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
 import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
 import * as context from './context';
 import * as stateHelper from './state-helper';
@@ -23,14 +14,11 @@ import * as stateHelper from './state-helper';
 actionsToolkit.run(
  // main
  async () => {
    const startedTime = new Date();
    const inputs: context.Inputs = await context.getInputs();
    core.debug(`inputs: ${JSON.stringify(inputs)}`);
    stateHelper.setInputs(inputs);
    const toolkit = new Toolkit();
-    const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
+    if (await toolkit.buildx.versionSatisfies('>=0.20.0')) {
      throw new Error('docker/bake-action < v5 is not compatible with buildx >= 0.20.0, please update your workflow to latest docker/bake-action or use an older buildx version.');
    }
    await core.group(`GitHub Actions runtime token ACs`, async () => {
      try {
@@ -49,31 +37,6 @@ actionsToolkit.run(
      }
    });
    await core.group(`Proxy configuration`, async () => {
      let dockerConfig: ConfigFile | undefined;
      let dockerConfigMalformed = false;
      try {
        dockerConfig = await Docker.configFile();
      } catch (e) {
        dockerConfigMalformed = true;
        core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
      }
      if (dockerConfig && dockerConfig.proxies) {
        for (const host in dockerConfig.proxies) {
          let prefix = '';
          if (Object.keys(dockerConfig.proxies).length > 1) {
            prefix = '  ';
            core.info(host);
          }
          for (const key in dockerConfig.proxies[host]) {
            core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
          }
        }
      } else if (!dockerConfigMalformed) {
        core.info('No proxy configuration found');
      }
    });
    if (!(await toolkit.buildx.isAvailable())) {
      core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
      return;
@@ -85,165 +48,34 @@ actionsToolkit.run(
      await toolkit.buildx.printVersion();
    });
-    let builder: BuilderInfo;
+    const args: string[] = await context.getArgs(inputs, toolkit);
    await core.group(`Builder info`, async () => {
      builder = await toolkit.builder.inspect(inputs.builder);
      core.info(JSON.stringify(builder, null, 2));
    });
    let definition: BakeDefinition | undefined;
    await core.group(`Parsing raw definition`, async () => {
      definition = await toolkit.buildxBake.getDefinition(
        {
          allow: inputs.allow,
          files: inputs.files,
          load: inputs.load,
          noCache: inputs['no-cache'],
          overrides: inputs.set,
          provenance: inputs.provenance,
          push: inputs.push,
          sbom: inputs.sbom,
          source: inputs.source,
          targets: inputs.targets,
          githubToken: gitAuthToken
        },
        {
          cwd: inputs.workdir
        }
      );
    });
    if (!definition) {
      throw new Error('Bake definition not set');
    }
    stateHelper.setBakeDefinition(definition);
    const args: string[] = await context.getArgs(inputs, definition, toolkit);
    const buildCmd = await toolkit.buildx.getCommand(args);
    const buildEnv = Object.assign({}, process.env, {
      BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken,
      BUILDX_METADATA_WARNINGS: 'true'
    }) as {
      [key: string]: string;
    };
    await core.group(`Bake definition`, async () => {
-      await Exec.getExecOutput(buildCmd.command, [...buildCmd.args, '--print'], {
+      await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], {
-        cwd: inputs.workdir,
+        cwd: inputs.workdir
        env: buildEnv,
        ignoreReturnCode: true
      }).then(res => {
        if (res.stderr.length > 0 && res.exitCode != 0) {
          throw Error(res.stderr);
        }
      });
    });
    let err: Error | undefined;
    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
      cwd: inputs.workdir,
      env: buildEnv,
      ignoreReturnCode: true
    }).then(res => {
      if (res.stderr.length > 0 && res.exitCode != 0) {
-        err = Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
+        throw new Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
      }
    });
-    const metadata = toolkit.buildxBake.resolveMetadata();
+    const metadata = await BuildxInputs.resolveBuildMetadata();
    if (metadata) {
      await core.group(`Metadata`, async () => {
-        const metadatadt = JSON.stringify(metadata, null, 2);
+        core.info(metadata);
-        core.info(metadatadt);
+        core.setOutput('metadata', metadata);
        core.setOutput('metadata', metadatadt);
      });
    }
    let refs: Array<string> = [];
    await core.group(`Build references`, async () => {
      refs = await buildRefs(toolkit, startedTime, inputs.builder);
      if (refs.length > 0) {
        for (const ref of refs) {
          core.info(ref);
        }
        stateHelper.setBuildRefs(refs);
      } else {
        core.info('No build references found');
      }
    });
    if (buildChecksAnnotationsEnabled()) {
      const warnings = toolkit.buildxBake.resolveWarnings(metadata);
      if (refs.length > 0 && warnings && warnings.length > 0) {
        const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, refs);
        core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
        if (annotations && annotations.length > 0) {
          await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
            for (const annotation of annotations) {
              core.warning(annotation.message, annotation);
            }
          });
        }
      }
    }
    await core.group(`Check build summary support`, async () => {
      if (!buildSummaryEnabled()) {
        core.info('Build summary disabled');
      } else if (GitHub.isGHES) {
        core.info('Build summary is not yet supported on GHES');
      } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
        core.info('Build summary requires Buildx >= 0.13.0');
      } else if (builder && builder.driver === 'cloud') {
        core.info('Build summary is not yet supported with Docker Build Cloud');
      } else if (refs.length == 0) {
        core.info('Build summary requires at least one build reference');
      } else {
        core.info('Build summary supported!');
        stateHelper.setSummarySupported();
      }
    });
    if (err) {
      throw err;
    }
  },
  // post
  async () => {
    if (stateHelper.isSummarySupported) {
      await core.group(`Generating build summary`, async () => {
        try {
          const recordUploadEnabled = buildRecordUploadEnabled();
          let recordRetentionDays: number | undefined;
          if (recordUploadEnabled) {
            recordRetentionDays = buildRecordRetentionDays();
          }
          const buildxHistory = new BuildxHistory();
          const exportRes = await buildxHistory.export({
            refs: stateHelper.buildRefs
          });
          core.info(`Build records written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
          let uploadRes: UploadArtifactResponse | undefined;
          if (recordUploadEnabled) {
            uploadRes = await GitHub.uploadArtifact({
              filename: exportRes.dockerbuildFilename,
              mimeType: 'application/gzip',
              retentionDays: recordRetentionDays
            });
          }
          await GitHub.writeBuildSummary({
            exportRes: exportRes,
            uploadRes: uploadRes,
            inputs: stateHelper.inputs,
            bakeDefinition: stateHelper.bakeDefinition
          });
        } catch (e) {
          core.warning(e.message);
        }
      });
    }
    if (stateHelper.tmpDir.length > 0) {
      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
        fs.rmSync(stateHelper.tmpDir, {recursive: true});
@@ -251,69 +83,3 @@ actionsToolkit.run(
    }
  }
 );
 async function buildRefs(toolkit: Toolkit, since: Date, builder?: string): Promise<Array<string>> {
  // get refs from metadata file
  const metaRefs = toolkit.buildxBake.resolveRefs();
  if (metaRefs) {
    return metaRefs;
  }
  // otherwise, look for the very first build ref since the build has started
  if (!builder) {
    const currentBuilder = await toolkit.builder.inspect();
    builder = currentBuilder.name;
  }
  const res = Buildx.refs({
    dir: Buildx.refsDir,
    builderName: builder,
    since: since
  });
  const refs: Array<string> = [];
  for (const ref in res) {
    if (Object.prototype.hasOwnProperty.call(res, ref)) {
      refs.push(ref);
    }
  }
  return refs;
 }
 function buildChecksAnnotationsEnabled(): boolean {
  if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
    return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
  }
  return true;
 }
 function buildSummaryEnabled(): boolean {
  if (process.env.DOCKER_BUILD_NO_SUMMARY) {
    core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
    return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
  } else if (process.env.DOCKER_BUILD_SUMMARY) {
    return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
  }
  return true;
 }
 function buildRecordUploadEnabled(): boolean {
  if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
    return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
  }
  return true;
 }
 function buildRecordRetentionDays(): number | undefined {
  let val: string | undefined;
  if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
    core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
    val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
  } else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
    val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
  }
  if (val) {
    const res = parseInt(val);
    if (isNaN(res)) {
      throw Error(`Invalid build record retention days: ${val}`);
    }
    return res;
  }
 }
@@ -1,31 +1,7 @@
 import * as core from '@actions/core';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 import {Inputs, sanitizeInputs} from './context';
 export const tmpDir = process.env['STATE_tmpDir'] || '';
 export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
 export const bakeDefinition = process.env['STATE_bakeDefinition'] ? <BakeDefinition>JSON.parse(process.env['STATE_bakeDefinition']) : undefined;
 export const buildRefs = process.env['STATE_buildRefs'] ? process.env['STATE_buildRefs'].split(',') : [];
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
 export function setTmpDir(tmpDir: string) {
  core.saveState('tmpDir', tmpDir);
 }
 export function setInputs(inputs: Inputs) {
  core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
 }
 export function setBakeDefinition(bakeDefinition: BakeDefinition) {
  core.saveState('bakeDefinition', JSON.stringify(bakeDefinition));
 }
 export function setBuildRefs(buildRefs: Array<string>) {
  core.saveState('buildRefs', buildRefs.join(','));
 }
 export function setSummarySupported() {
  core.saveState('isSummarySupported', 'true');
 }
@@ -1,84 +0,0 @@
 ## About
 This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
 so you can distribute your builds across multiple runners.
 ![Screenshot](../../.github/bake-action.png)
 ___
 * [Usage](#usage)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
 ## Usage
 ```hcl
 # docker-bake.hcl
 group "validate" {
  targets = ["lint", "doctoc"]
 }
 target "lint" {
  target = "lint"
 }
 target "doctoc" {
  target = "doctoc"
 }
 ```
 ```yaml
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: List targets
        id: generate
        uses: docker/bake-action/subaction/list-targets@v4
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Validate
        uses: docker/bake-action@v5
        with:
          targets: ${{ matrix.target }}
 ```
 ## Customizing
 ### inputs
 | Name         | Type        | Description                                                                                                                                 |
 |--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
 | `workdir`    | String      | Working directory to use (defaults to `.`)                                                                                                  |
 | `files`      | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                              |
 | `target`     | String      | The target to use within the bake file                                                                                                      |
 ### outputs
 The following outputs are available
 | Name       | Type     | Description                |
 |------------|----------|----------------------------|
 | `targets`  | List/CSV | List of extracted targest  |
@@ -1,61 +0,0 @@
 # https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
 name: 'List Bake targets'
 description: 'Generate a list of Bake targets to help distributing builds in your workflow'
 inputs:
  workdir:
    description: Working directory
    default: '.'
    required: false
  files:
    description: Comma separated list of Bake files
    required: false
  target:
    description: Bake target
    required: false
 outputs:
  targets:
    description: List of targets
    value: ${{ steps.generate.outputs.targets }}
 runs:
  using: composite
  steps:
    -
      name: Generate
      id: generate
      uses: actions/github-script@v7
      with:
        script: |
          let def;
          const files = `${{ inputs.files }}` ? `${{ inputs.files }}`.split(/[\r?\n,]+/).filter(Boolean) : [];
          const target = `${{ inputs.target }}`;
          await core.group(`Validating definition`, async () => {
            let args = ['buildx', 'bake'];
            for (const file of files) {
              args.push('--file', file);
            }
            if (target) {
              args.push(target);
            }
            args.push('--print');
            const res = await exec.getExecOutput('docker', args, {
              ignoreReturnCode: true,
              silent: true,
              cwd: `${{ inputs.workdir }}`
            });
            if (res.stderr.length > 0 && res.exitCode != 0) {
              throw new Error(res.stderr);
            }
            def = JSON.parse(res.stdout.trim());
            core.info(JSON.stringify(def, null, 2));
          });
          await core.group(`Set output`, async () => {
            const targets = Object.keys(def.target);
            core.info(`targets: ${JSON.stringify(targets)}`);
            core.setOutput('targets', JSON.stringify(targets));
          });
@@ -37,13 +37,3 @@ target "app-plus" {
    IAMPLUS = "true"
  }
 }
 target "app-proxy" {
  inherits = ["app"]
  dockerfile = "proxy.Dockerfile"
 }
 target "app-entitlements" {
  inherits = ["app"]
  entitlements = ["network.host"]
 }
@@ -1,31 +0,0 @@
 group "validate" {
  targets = ["lint", "validate-vendor", "validate-doctoc"]
 }
 target "lint" {
  name = "lint-${buildtags.name}"
  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
  target = buildtags.target
  output = ["type=cacheonly"]
  matrix = {
    buildtags = [
      { name = "default", tags = "", target = "golangci-lint" },
      { name = "labs", tags = "dfrunsecurity dfparents", target = "golangci-lint" },
      { name = "nydus", tags = "nydus", target = "golangci-lint" },
      { name = "yaml", tags = "", target = "yamllint" },
      { name = "proto", tags = "", target = "protolint" },
    ]
  }
 }
 target "validate-vendor" {
  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
  target = "validate"
  output = ["type=cacheonly"]
 }
 target "validate-doctoc" {
  dockerfile = "./hack/dockerfiles/doctoc.Dockerfile"
  target = "validate-toc"
  output = ["type=cacheonly"]
 }
@@ -1,10 +0,0 @@
 frOM busybox as base
 cOpy lint-other.Dockerfile .
 froM busybox aS notused
 COPY lint-other.Dockerfile .
 from scratch
 COPy --from=base \
  /lint-other.Dockerfile \
  /
@@ -1,12 +0,0 @@
 frOM busybox as base
 cOpy lint.Dockerfile .
 from scratch
 MAINTAINER moby@example.com
 COPy --from=base \
  /lint.Dockerfile \
  /
 CMD [ "echo", "Hello, Norway!" ]
 CMD [ "echo", "Hello, Sweden!" ]
 ENTRYPOINT my-program start
@@ -1,12 +0,0 @@
 group "default" {
  targets = ["lint", "lint-other", "lint-inline"]
 }
 target "lint" {
  dockerfile = "lint.Dockerfile"
 }
 target "lint-other" {
  dockerfile = "lint-other.Dockerfile"
 }
 target "lint-inline" {
  dockerfile-inline = "FRoM alpine\nENTRYPOINT [\"echo\", \"hello\"]"
 }
@@ -1,15 +0,0 @@
 group "default" {
  targets = ["t3"]
 }
 target "t3" {
  name = "${item.tag}"
  matrix = {
    item = t3
  }
  args = {
    VERSION = "${item.version}"
    DUMMY_ARG = "${item.arg}"
  }
  tags = ["${item.tag}"]
 }
@@ -1,14 +0,0 @@
 {
  "t3": [
    {
      "version": "v1",
      "arg": "v1-value",
      "tag": "v1-tag"
    },
    {
      "version": "v2",
      "arg": "v2-value",
      "tag": "v2-tag"
    }
  ]
 }
@@ -1,9 +0,0 @@
 # syntax=docker/dockerfile:1
 FROM alpine
 RUN apk add --no-cache curl net-tools
 ARG HTTP_PROXY
 ARG HTTPS_PROXY
 RUN printenv HTTP_PROXY
 RUN printenv HTTPS_PROXY
 RUN netstat -aptn
 RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com
Author	SHA1	Message	Date
CrazyMax	45c4bed4f4	Merge pull request #293 from crazy-max/v3_buildx-0.20.0 [v3] mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5	2025-01-23 14:39:10 +01:00
CrazyMax	aae765a36f	chore: update generated content Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-23 14:37:12 +01:00
CrazyMax	51c0065caf	mark buildx >= 0.20.0 as incompatible with docker/bake-action < v5 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2025-01-23 14:37:12 +01:00
		`@@ -1,3 +0,0 @@`
			`# Code of conduct`

			`- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)`