Merge pull request #298 from crazy-max/v5_update-actions-toolkit

[v5] Bump @docker/actions-toolkit from 0.51.0 to 0.53.0

.github/workflows/ci.yml

@@ -69,7 +69,6 @@ jobs:
         name: Build and push
         uses: ./
         with:
-          source: .
           builder: ${{ steps.buildx.outputs.name }}
           files: |
             ./test/config.hcl
@@ -88,7 +87,6 @@ jobs:
         continue-on-error: true
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           set: |
@@ -110,7 +108,6 @@ jobs:
         continue-on-error: true
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
       -
@@ -147,11 +144,10 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
-  remote:
+  source:
     runs-on: ubuntu-latest
     steps:
       -
@@ -192,7 +188,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: binary
           provenance: ${{ matrix.attrs }}
           set: |
@@ -234,7 +229,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: ${{ matrix.target }}
           sbom: true
           set: |
@@ -281,7 +275,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           set: |
             *.platform=linux/amd64
             *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
@@ -311,7 +304,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/group
-          source: .
           push: true
           set: |
             t1.tags=localhost:5000/name/app:t1
@@ -332,7 +324,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
@@ -370,7 +361,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           targets: app-proxy
@@ -406,7 +396,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
@@ -426,6 +415,8 @@ jobs:
       -
         name: Build
         uses: ./
+        with:
+          source: "{{defaultContext}}"
 
   git-context-and-local:
     runs-on: ubuntu-latest
@@ -448,6 +439,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: "{{defaultContext}}"
           files: |
             cwd://${{ steps.meta.outputs.bake-file }}
 
@@ -474,7 +466,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           set: |
             *.output=type=image,name=localhost:5000/name/app:latest,push=true
             *.output=type=docker,name=app:local
@@ -518,7 +509,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: image
           load: true
           push: true
@@ -573,7 +563,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           targets: app
@@ -677,7 +666,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test
-          source: .
           files: |
             ./lint.hcl
 
@@ -699,7 +687,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test
-          source: .
           files: |
             ./lint.hcl
         env:
@@ -729,7 +716,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           allow: network.host

.github/workflows/test.yml

@@ -21,9 +21,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Test
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           targets: test
       -

.github/workflows/validate.yml

@@ -36,8 +36,11 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           targets: ${{ matrix.target }}

README.md

@@ -14,8 +14,8 @@ as a high-level build command.
 ___
 
 * [Usage](#usage)
-  * [Git context](#git-context)
   * [Path context](#path-context)
+  * [Git context](#git-context)
 * [Summaries](#summaries)
 * [Customizing](#customizing)
   * [inputs](#inputs)
@@ -27,51 +27,84 @@ ___
 
 ## Usage
 
-### Git context
+### Path context
 
-Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
-to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
-does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
-action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
-will do this directly.
-
-The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
-and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+By default, this action will use the local bake definition (`source: .`), so
+you need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository.
 
 ```yaml
 name: ci
 
 on:
   push:
+    branches:
+      - 'master'
 
 jobs:
   bake:
     runs-on: ubuntu-latest
     steps:
       -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           push: true
-          set: |
-            *.tags=user/app:latest
+```
+
+### Git context
+
+Git context can be provided using the [`source` input](#inputs). This means
+that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
+will do this directly.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  bake:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/bake-action@v5
+        with:
+          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
+          push: true
 ```
 
 Be careful because **any file mutation in the steps that precede the build step
 will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the Git reference. However, you can use the
-[Path context](#path-context) using the [`source` input](#inputs) alongside
-the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
-this restriction.
+[Path context](#path-context) alongside the [`actions/checkout`](https://github.com/actions/checkout/)
+action to remove this restriction.
 
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
@@ -80,12 +113,10 @@ to the default Git context:
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           source: "{{defaultContext}}:mysubdir"
           push: true
-          set: |
-            *.tags=user/app:latest
 ```
 
 Building from the current repository automatically uses the `GITHUB_TOKEN`
@@ -100,49 +131,14 @@ another private repository for remote definitions, you can set the
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
+          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
           push: true
-          set: |
-            *.tags=user/app:latest
         env:
           BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
 ```
 
-### Path context
-
-```yaml
-name: ci
-
-on:
-  push:
-
-jobs:
-  bake:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build and push
-        uses: docker/bake-action@v6
-        with:
-          source: .
-          push: true
-          set: |
-            *.tags=user/app:latest
-```
-
 ## Summaries
 
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)

__tests__/context.test.ts

@@ -137,7 +137,6 @@ describe('getArgs', () => {
       0,
       '0.4.1',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -151,7 +150,6 @@ describe('getArgs', () => {
       1,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -166,7 +164,6 @@ describe('getArgs', () => {
       2,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['targets', 'webapp\nvalidate'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -183,7 +180,6 @@ describe('getArgs', () => {
       3,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -201,7 +197,6 @@ describe('getArgs', () => {
       4,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -217,7 +212,6 @@ describe('getArgs', () => {
       5,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -234,7 +228,6 @@ describe('getArgs', () => {
       6,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -251,7 +244,6 @@ describe('getArgs', () => {
       7,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -268,7 +260,6 @@ describe('getArgs', () => {
       8,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -285,7 +276,6 @@ describe('getArgs', () => {
       9,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -306,7 +296,6 @@ describe('getArgs', () => {
       10,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -326,6 +315,7 @@ describe('getArgs', () => {
       11,
       '0.10.0',
       new Map<string, string>([
+        ['source', '{{defaultContext}}'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -344,7 +334,6 @@ describe('getArgs', () => {
       12,
       '0.17.0',
       new Map<string, string>([
-        ['source', '.'],
         ['allow', 'network.host'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -358,25 +347,6 @@ describe('getArgs', () => {
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
       ]
     ],
-    [
-      13,
-      '0.15.0',
-      new Map<string, string>([
-        ['source', '{{defaultContext}}:subdir'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false'],
-        ['files', './foo.hcl'],
-      ]),
-      [
-        'bake',
-        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
-        '--file', './foo.hcl',
-        '--metadata-file', metadataJson,
-        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
-    ],
   ])(
     '[%d] given %p with %p as inputs, returns %p',
     async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {

docker-bake.hcl

@@ -1,9 +1,3 @@
-target "_common" {
-  args = {
-    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
-  }
-}
-
 group "default" {
   targets = ["build"]
 }
@@ -17,49 +11,42 @@ group "validate" {
 }
 
 target "build" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
 target "vendor" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

package.json

@@ -27,7 +27,7 @@
   "packageManager": "yarn@3.6.3",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "^0.50.0",
+    "@docker/actions-toolkit": "^0.53.0",
     "handlebars": "^4.7.8"
   },
   "devDependencies": {

src/context.ts

@@ -68,10 +68,6 @@ export function sanitizeInputs(inputs: Inputs) {
   return res;
 }
 
-export function getGitAuthToken(inputs: Inputs): string {
-  return process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
-}
-
 export async function getArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
   // prettier-ignore
   return [
@@ -101,15 +97,6 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
   await Util.asyncForEach(inputs.set, async set => {
     args.push('--set', set);
   });
-  if (await toolkit.buildx.versionSatisfies('<0.20.0')) {
-    // For buildx versions < 0.20.0, we need to set GIT_AUTH_TOKEN secret as it
-    // doesn't infer BUILDX_BAKE_GIT_AUTH_TOKEN environment variable for build
-    // request: https://github.com/docker/buildx/pull/2905
-    const gitAuthToken = getGitAuthToken(inputs);
-    if (gitAuthToken && !Bake.hasGitAuthTokenSecret(definition) && inputs.source.startsWith(Context.gitContext())) {
-      args.push('--set', `*.secrets=${Build.resolveSecretString(`GIT_AUTH_TOKEN=${gitAuthToken}`)}`);
-    }
-  }
   if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
     args.push('--metadata-file', toolkit.buildxBake.getMetadataFilePath());
   }
@@ -160,9 +147,6 @@ function getSourceInput(name: string): string {
   let source = handlebars.compile(core.getInput(name))({
     defaultContext: Context.gitContext()
   });
-  if (!source) {
-    source = Context.gitContext();
-  }
   if (source === '.') {
     source = '';
   }

src/main.ts

@@ -30,7 +30,7 @@ actionsToolkit.run(
     stateHelper.setInputs(inputs);
 
     const toolkit = new Toolkit();
-    const gitAuthToken = context.getGitAuthToken(inputs);
+    const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
 
     await core.group(`GitHub Actions runtime token ACs`, async () => {
       try {

subaction/list-targets/README.md

@@ -42,7 +42,7 @@ jobs:
       -
         name: List targets
         id: generate
-        uses: docker/bake-action/subaction/list-targets@v6
+        uses: docker/bake-action/subaction/list-targets@v4
         with:
           target: validate
 
@@ -60,7 +60,7 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           targets: ${{ matrix.target }}
 ```

yarn.lock

@@ -33,9 +33,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/cache@npm:^3.3.0":
-  version: 3.3.0
-  resolution: "@actions/cache@npm:3.3.0"
+"@actions/cache@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@actions/cache@npm:4.0.0"
   dependencies:
     "@actions/core": ^1.11.1
     "@actions/exec": ^1.0.1
@@ -45,8 +45,10 @@ __metadata:
     "@azure/abort-controller": ^1.1.0
     "@azure/ms-rest-js": ^2.6.0
     "@azure/storage-blob": ^12.13.0
+    "@protobuf-ts/plugin": ^2.9.4
     semver: ^6.3.1
-  checksum: f0761b1491b7706a80b44d68ed52eb48c04653fc939525a7c7b606e9d9251c40c7e4ac20846ab92ac32db6869e1a6f0f574bd6b7fec1ab9378c8e199c5acc9c9
+    twirp-ts: ^2.5.0
+  checksum: 8ab819a67b578a5ce6de984f4ef8420066f8270e1f9db053700f4a8f084d0bbe4f911114f7088a95a987372ea63078550355d99849412152dd0efdf688bf9144
   languageName: node
   linkType: hard
 
@@ -140,17 +142,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/tool-cache@npm:^2.0.1":
-  version: 2.0.1
-  resolution: "@actions/tool-cache@npm:2.0.1"
+"@actions/tool-cache@npm:^2.0.2":
+  version: 2.0.2
+  resolution: "@actions/tool-cache@npm:2.0.2"
   dependencies:
-    "@actions/core": ^1.2.6
+    "@actions/core": ^1.11.1
     "@actions/exec": ^1.0.0
     "@actions/http-client": ^2.0.1
     "@actions/io": ^1.1.1
     semver: ^6.1.0
-    uuid: ^3.3.2
-  checksum: 33f6393b9b163e4af2b9759e8d37cda4f018f10ddda3643355bb8a9f92d732e5bdff089cf8036b46d181e1ef2b3210b895b2f746fdf54487afe88f1d340aa9e1
+  checksum: c2bab4297be752bdda9dd61f8159a201ad0d37d026134b960f1edcc9418a80387f44d1f24a070fe992c44dcfc28a152f70600e76669bb0578132789a6f37a596
   languageName: node
   linkType: hard
 
@@ -1066,18 +1067,18 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@docker/actions-toolkit@npm:^0.50.0":
-  version: 0.50.0
-  resolution: "@docker/actions-toolkit@npm:0.50.0"
+"@docker/actions-toolkit@npm:^0.53.0":
+  version: 0.53.0
+  resolution: "@docker/actions-toolkit@npm:0.53.0"
   dependencies:
     "@actions/artifact": ^2.2.1
-    "@actions/cache": ^3.3.0
+    "@actions/cache": ^4.0.0
     "@actions/core": ^1.11.1
     "@actions/exec": ^1.1.1
     "@actions/github": ^6.0.0
     "@actions/http-client": ^2.2.3
     "@actions/io": ^1.1.3
-    "@actions/tool-cache": ^2.0.1
+    "@actions/tool-cache": ^2.0.2
     "@azure/storage-blob": ^12.15.0
     "@octokit/core": ^5.1.0
     "@octokit/plugin-rest-endpoint-methods": ^10.4.0
@@ -1091,7 +1092,7 @@ __metadata:
     semver: ^7.6.3
     tar-stream: ^3.1.7
     tmp: ^0.2.3
-  checksum: dc1b0323f142f96cbac47be327ebdbc9038a8835f32f174e24c3d8113df03ca6fb034be6ffadeab1e1d234ccd6931e09915c96a8732065e35a576e459d3471ff
+  checksum: 9b14d8e0d17cbf52a38e66e85c1d04f599a64633aaaac550f9dcbed51567f7cc2c36ad2c748884fecf3355f25dc05b783e500e621014f43348a776f5433de927
   languageName: node
   linkType: hard
 
@@ -1904,7 +1905,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@protobuf-ts/plugin@npm:^2.2.3-alpha.1":
+"@protobuf-ts/plugin@npm:^2.2.3-alpha.1, @protobuf-ts/plugin@npm:^2.9.4":
   version: 2.9.4
   resolution: "@protobuf-ts/plugin@npm:2.9.4"
   dependencies:
@@ -3159,7 +3160,7 @@ __metadata:
   resolution: "docker-buildx-bake@workspace:."
   dependencies:
     "@actions/core": ^1.11.1
-    "@docker/actions-toolkit": ^0.50.0
+    "@docker/actions-toolkit": ^0.53.0
     "@types/node": ^20.12.12
     "@typescript-eslint/eslint-plugin": ^7.9.0
     "@typescript-eslint/parser": ^7.9.0
@@ -6579,15 +6580,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"uuid@npm:^3.3.2":
-  version: 3.4.0
-  resolution: "uuid@npm:3.4.0"
-  bin:
-    uuid: ./bin/uuid
-  checksum: 58de2feed61c59060b40f8203c0e4ed7fd6f99d42534a499f1741218a1dd0c129f4aa1de797bcf822c8ea5da7e4137aa3673431a96dae729047f7aca7b27866f
-  languageName: node
-  linkType: hard
-
 "uuid@npm:^8.3.0, uuid@npm:^8.3.2":
   version: 8.3.2
   resolution: "uuid@npm:8.3.2"