Merge pull request #325 from crazy-max/history-export-cmd

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0

.github/workflows/ci.yml

@@ -653,6 +653,35 @@ jobs:
         env:
           DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
 
+  export-legacy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        legacy:
+          - false
+          - true
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
+
   checks:
     runs-on: ubuntu-latest
     strategy:
@@ -734,3 +763,19 @@ jobs:
             ./test/config.hcl
           allow: network.host
           targets: app-entitlements
+
+  no-default-attestations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: 1

.github/workflows/pr-assign-author.yml

@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/test.yml

@@ -21,10 +21,14 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Test
         uses: docker/bake-action@v6
         with:
+          source: .
           targets: test
       -
         name: Upload coverage

README.md

@@ -157,6 +157,19 @@ additional details about the build execution for all the bake targets,
 including build stats, logs, outputs, and more. The build record can be
 imported to Docker Desktop for inspecting the build in greater detail.
 
+> [!WARNING]
+>
+> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
+> action in your workflow, you need to ignore the build record artifacts
+> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
+> otherwise the action will fail:
+> ```yaml
+> - uses: actions/download-artifact@v4
+>   with:
+>     pattern: "!*.dockerbuild"
+> ```
+> More info: https://github.com/actions/toolkit/pull/1874
+
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 
@@ -217,6 +230,7 @@ The following outputs are available
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
+| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
 
 ## Subactions
 

__tests__/context.test.ts

@@ -1,4 +1,4 @@
-import {beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 
@@ -122,6 +122,7 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
 });
 
 describe('getArgs', () => {
+  const originalEnv = process.env;
   beforeEach(() => {
     process.env = Object.keys(process.env).reduce((object, key) => {
       if (!key.startsWith('INPUT_')) {
@@ -130,6 +131,9 @@ describe('getArgs', () => {
       return object;
     }, {});
   });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
 
   // prettier-ignore
   test.each([
@@ -145,7 +149,8 @@ describe('getArgs', () => {
       ]),
       [
         'bake',
-      ]
+      ],
+      undefined
     ],
     [
       1,
@@ -160,7 +165,8 @@ describe('getArgs', () => {
       [
         'bake',
         '--metadata-file', metadataJson
-      ]
+      ],
+      undefined
     ],
     [
       2,
@@ -177,7 +183,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         'webapp', 'validate'
-      ]
+      ],
+      undefined
     ],
     [
       3,
@@ -195,7 +202,8 @@ describe('getArgs', () => {
         '--set', '*.cache-from=type=gha',
         '--set', '*.cache-to=type=gha',
         '--metadata-file', metadataJson
-      ]
+      ],
+      undefined
     ],
     [
       4,
@@ -211,7 +219,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
+      ],
+      undefined
     ],
     [
       5,
@@ -228,7 +237,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ]
+      ],
+      undefined
     ],
     [
       6,
@@ -245,7 +255,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ]
+      ],
+      undefined
     ],
     [
       7,
@@ -262,7 +273,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'false'
-      ]
+      ],
+      undefined
     ],
     [
       8,
@@ -279,7 +291,8 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'builder-id=foo'
-      ]
+      ],
+      undefined
     ],
     [
       9,
@@ -300,7 +313,8 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ]
+      ],
+      undefined
     ],
     [
       10,
@@ -320,7 +334,8 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ]
+      ],
+      undefined
     ],
     [
       11,
@@ -338,7 +353,8 @@ describe('getArgs', () => {
         '--file', './foo.hcl',
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
+      ],
+      undefined
     ],
     [
       12,
@@ -356,7 +372,8 @@ describe('getArgs', () => {
         '--allow', 'network.host',
         '--metadata-file', metadataJson,
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ]
+      ],
+      undefined
     ],
     [
       13,
@@ -375,11 +392,35 @@ describe('getArgs', () => {
         '--file', './foo.hcl',
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ]
+      ],
+      undefined
+    ],
+    [
+      14,
+      '0.15.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson
+      ],
+      new Map<string, string>([
+        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
+      ])
     ],
   ])(
     '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+      if (envs) {
+        envs.forEach((value: string, name: string) => {
+          process.env[name] = value;
+        });
+      }
       inputs.forEach((value: string, name: string) => {
         setInput(name, value);
       });

package.json

@@ -27,7 +27,7 @@
   "packageManager": "yarn@3.6.3",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "^0.56.0",
+    "@docker/actions-toolkit": "^0.61.0",
     "handlebars": "^4.7.8"
   },
   "devDependencies": {

src/context.ts

@@ -103,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
     if (inputs.provenance) {
       args.push('--provenance', inputs.provenance);
-    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+    } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
       // if provenance not specified and BuildKit version compatible for
       // attestation, set default provenance. Also needs to make sure user
       // doesn't want to explicitly load the image to docker.
@@ -155,3 +155,10 @@ function getSourceInput(name: string): string {
   }
   return source;
 }
+
+function noDefaultAttestations(): boolean {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
+  }
+  return false;
+}

src/main.ts

@@ -220,7 +220,8 @@ actionsToolkit.run(
 
           const buildxHistory = new BuildxHistory();
           const exportRes = await buildxHistory.export({
-            refs: stateHelper.buildRefs
+            refs: stateHelper.buildRefs,
+            useContainer: buildExportLegacy()
           });
           core.info(`Build records written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
 
@@ -317,3 +318,10 @@ function buildRecordRetentionDays(): number | undefined {
     return res;
   }
 }
+
+function buildExportLegacy(): boolean {
+  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
+    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
+  }
+  return false;
+}

yarn.lock

@@ -12,9 +12,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/artifact@npm:^2.2.2":
-  version: 2.2.2
-  resolution: "@actions/artifact@npm:2.2.2"
+"@actions/artifact@npm:^2.3.2":
+  version: 2.3.2
+  resolution: "@actions/artifact@npm:2.3.2"
   dependencies:
     "@actions/core": ^1.10.0
     "@actions/github": ^5.1.1
@@ -28,13 +28,13 @@ __metadata:
     archiver: ^7.0.1
     jwt-decode: ^3.1.2
     unzip-stream: ^0.3.1
-  checksum: 1501b3d0ceb671f370786ccf70014de9586c5a78c95d235248fc16c73bf928f8de2aa932a679258f6d9bc2f2e570648d830551af9f063298f05d19f3330b33bc
+  checksum: 78ee41b43800accb2f3527e1733217c43d53693e7f96ce2470b16890fb84f5c2ebaaa6048ccdb6cfe188b54c02779ec99623c6932558e757f6829cfde203cf2c
   languageName: node
   linkType: hard
 
-"@actions/cache@npm:^4.0.2":
-  version: 4.0.2
-  resolution: "@actions/cache@npm:4.0.2"
+"@actions/cache@npm:^4.0.3":
+  version: 4.0.3
+  resolution: "@actions/cache@npm:4.0.3"
   dependencies:
     "@actions/core": ^1.11.1
     "@actions/exec": ^1.0.1
@@ -46,7 +46,7 @@ __metadata:
     "@azure/storage-blob": ^12.13.0
     "@protobuf-ts/plugin": ^2.9.4
     semver: ^6.3.1
-  checksum: 208f11238a26194f331b329bb99d50a87c1a3ccef1dbae181e5c142b3faf41715203e0c5cbc491519d3d97540a68fbd418c25fb6e16caabf76248c40867c02b4
+  checksum: ee9c2a21a70bd3f35c63f302af478e23f135c26deb77ea2e4eed29c62766a4b201fc7435651c0d56fa504c02d203107e3bdfda1dba18a3ee09338e1dfc3f2fe8
   languageName: node
   linkType: hard
 
@@ -1065,12 +1065,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@docker/actions-toolkit@npm:^0.56.0":
-  version: 0.56.0
-  resolution: "@docker/actions-toolkit@npm:0.56.0"
+"@docker/actions-toolkit@npm:^0.61.0":
+  version: 0.61.0
+  resolution: "@docker/actions-toolkit@npm:0.61.0"
   dependencies:
-    "@actions/artifact": ^2.2.2
-    "@actions/cache": ^4.0.2
+    "@actions/artifact": ^2.3.2
+    "@actions/cache": ^4.0.3
     "@actions/core": ^1.11.1
     "@actions/exec": ^1.1.1
     "@actions/github": ^6.0.0
@@ -1090,7 +1090,7 @@ __metadata:
     semver: ^7.7.1
     tar-stream: ^3.1.7
     tmp: ^0.2.3
-  checksum: 0f1b569f8bb206399f8c26e566c78e30e4a311bbd64486016e7fa1d35fbbb4c94d4f55afa6b711afa4b41c5835b40b038f48c3d1bfdfdc6f7c6680973e922d9e
+  checksum: 60cc6c8f5bde8221a3d6a40c15258d44a468950353098f1814d8af3a14131df9c41df5b87298cd82f5c77aa4e36e262c15a5bb0cc03ea2857bea18c9e0952d80
   languageName: node
   linkType: hard
 
@@ -3141,7 +3141,7 @@ __metadata:
   resolution: "docker-buildx-bake@workspace:."
   dependencies:
     "@actions/core": ^1.11.1
-    "@docker/actions-toolkit": ^0.56.0
+    "@docker/actions-toolkit": ^0.61.0
     "@types/node": ^20.12.12
     "@typescript-eslint/eslint-plugin": ^7.9.0
     "@typescript-eslint/parser": ^7.9.0