Merge pull request #298 from crazy-max/v5_update-actions-toolkit

[v5] Bump @docker/actions-toolkit from 0.51.0 to 0.53.0

.github/workflows/ci-subaction.yml

@@ -25,112 +25,75 @@ on:
       - 'test/**'
 
 jobs:
-  list-targets:
+  list-targets-group:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          -
-            testdir: group
-            expected: >
-              ["t1","t2"]
-          -
-            testdir: group-matrix
-            target: validate
-            expected: >
-              ["lint-default","lint-labs","lint-nydus","lint-proto","lint-yaml","validate-doctoc","validate-vendor"]
-          -
-            testdir: multi-files
-            files: |
-              docker-bake.json
-              docker-bake.hcl
-            expected: >
-              ["v1-tag","v2-tag"]
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Matrix gen
         id: gen
         uses: ./subaction/list-targets
         with:
-          workdir: ./test/${{ matrix.testdir }}
+          workdir: ./test/group
-          files: ${{ matrix.files }}
-          target: ${{ matrix.target }}
       -
-        name: Check output
+        name: Check targets
         uses: actions/github-script@v7
-        env:
-          INPUT_TARGETS: ${{ steps.gen.outputs.targets }}
-          INPUT_EXPECTED: ${{ matrix.expected }}
         with:
           script: |
-            const targets = JSON.stringify(JSON.parse(core.getInput('targets')));
+            const targets = `${{ steps.gen.outputs.targets }}`;
-            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
+            if (!targets) {
-            if (targets !== expected) {
+              core.setFailed('No targets generated');
-              throw new Error(`Targets do not match expected values: ${targets} != ${expected}`);
-            } else {
-              core.info(`✅`);
             }
+            core.info(`targets=${targets}`);
 
-  matrix:
+  list-targets-group-matrix:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          -
-            testdir: group
-            expected: >
-              [{"target":"t1"},{"target":"t2"}]
-          -
-            testdir: group-matrix
-            target: validate
-            expected: >
-              [{"target":"lint-default"},{"target":"lint-labs"},{"target":"lint-nydus"},{"target":"lint-proto"},{"target":"lint-yaml"},{"target":"validate-doctoc"},{"target":"validate-vendor"}]
-          -
-            testdir: group-with-platform
-            target: validate
-            expected: >
-              [{"target":"lint"},{"target":"lint-gopls"},{"target":"validate-docs"},{"target":"validate-vendor"}]
-          -
-            testdir: group-with-platform
-            target: validate
-            fields: platforms
-            expected: >
-              [{"target":"lint","platforms":"darwin/amd64"},{"target":"lint","platforms":"darwin/arm64"},{"target":"lint","platforms":"linux/amd64"},{"target":"lint","platforms":"linux/arm64"},{"target":"lint","platforms":"linux/s390x"},{"target":"lint","platforms":"linux/ppc64le"},{"target":"lint","platforms":"linux/riscv64"},{"target":"lint","platforms":"windows/amd64"},{"target":"lint","platforms":"windows/arm64"},{"target":"lint-gopls","platforms":"darwin/amd64"},{"target":"lint-gopls","platforms":"darwin/arm64"},{"target":"lint-gopls","platforms":"linux/amd64"},{"target":"lint-gopls","platforms":"linux/arm64"},{"target":"lint-gopls","platforms":"linux/s390x"},{"target":"lint-gopls","platforms":"linux/ppc64le"},{"target":"lint-gopls","platforms":"linux/riscv64"},{"target":"lint-gopls","platforms":"windows/amd64"},{"target":"lint-gopls","platforms":"windows/arm64"},{"target":"validate-docs"},{"target":"validate-vendor"}]
-          -
-            testdir: group-with-platform
-            target: validate
-            fields: platforms,dockerfile
-            expected: >
-               [{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"validate-docs","dockerfile":"./hack/dockerfiles/docs.Dockerfile"},{"target":"validate-vendor","dockerfile":"./hack/dockerfiles/vendor.Dockerfile"}]
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Matrix gen
         id: gen
-        uses: ./subaction/matrix
+        uses: ./subaction/list-targets
         with:
-          workdir: ./test/${{ matrix.testdir }}
+          workdir: ./test/group-matrix
-          target: ${{ matrix.target }}
+          target: validate
-          fields: ${{ matrix.fields }}
       -
-        name: Check output
+        name: Check targets
         uses: actions/github-script@v7
-        env:
-          INPUT_MATRIX: ${{ steps.gen.outputs.matrix }}
-          INPUT_EXPECTED: ${{ matrix.expected }}
         with:
           script: |
-            const matrix = JSON.stringify(JSON.parse(core.getInput('matrix')));
+            const targets = `${{ steps.gen.outputs.targets }}`;
-            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
+            if (!targets) {
-            if (matrix !== expected) {
+              core.setFailed('No targets generated');
-              throw new Error(`Matrix do not match expected values: ${matrix} != ${expected}`);
-            } else {
-              core.info(`✅`);
             }
+            core.info(`targets=${targets}`);
+
+  list-targets-multi-files:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Matrix gen
+        id: gen
+        uses: ./subaction/list-targets
+        with:
+          workdir: ./test/multi-files
+          files: |
+            docker-bake.json
+            docker-bake.hcl
+      -
+        name: Check targets
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const targets = `${{ steps.gen.outputs.targets }}`;
+            if (!targets) {
+              core.setFailed('No targets generated');
+            }
+            core.info(`targets=${targets}`);

.github/workflows/ci.yml

@@ -32,8 +32,8 @@ on:
       - 'subaction/**'
 
 env:
-  BUILDX_VERSION: edge
+  BUILDX_VERSION: latest
-  BUILDKIT_IMAGE: moby/buildkit:latest
+  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
 
 jobs:
   bake:
@@ -52,7 +52,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -69,7 +69,6 @@ jobs:
         name: Build and push
         uses: ./
         with:
-          source: .
           builder: ${{ steps.buildx.outputs.name }}
           files: |
             ./test/config.hcl
@@ -82,13 +81,12 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Build
         continue-on-error: true
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           set: |
@@ -99,7 +97,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Stop docker
         run: |
@@ -110,12 +108,12 @@ jobs:
         continue-on-error: true
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
       -
         name: Check
         run: |
+          echo "${{ toJson(steps.bake) }}"
           if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
             echo "::error::Should have failed"
             exit 1
@@ -126,7 +124,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Uninstall docker cli
         run: |
@@ -146,16 +144,15 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
-  remote:
+  source:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Build
         uses: ./
@@ -177,7 +174,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -191,7 +188,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: binary
           provenance: ${{ matrix.attrs }}
           set: |
@@ -219,7 +215,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -233,7 +229,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: ${{ matrix.target }}
           sbom: true
           set: |
@@ -274,13 +269,12 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Build
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           set: |
             *.platform=linux/amd64
             *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
@@ -296,7 +290,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -310,7 +304,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/group
-          source: .
           push: true
           set: |
             t1.tags=localhost:5000/name/app:t1
@@ -321,7 +314,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set malformed docker config
         run: |
@@ -331,7 +324,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
@@ -350,7 +342,7 @@ jobs:
           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set proxy config
         run: |
@@ -369,7 +361,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           targets: app-proxy
@@ -389,7 +380,7 @@ jobs:
           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -405,7 +396,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
 
@@ -414,7 +404,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -425,13 +415,15 @@ jobs:
       -
         name: Build
         uses: ./
+        with:
+          source: "{{defaultContext}}"
 
   git-context-and-local:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -447,6 +439,7 @@ jobs:
         name: Build
         uses: ./
         with:
+          source: "{{defaultContext}}"
           files: |
             cwd://${{ steps.meta.outputs.bake-file }}
 
@@ -460,7 +453,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -473,7 +466,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           set: |
             *.output=type=image,name=localhost:5000/name/app:latest,push=true
             *.output=type=docker,name=app:local
@@ -504,7 +496,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -517,7 +509,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test/go
-          source: .
           targets: image
           load: true
           push: true
@@ -537,7 +528,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -560,7 +551,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -572,7 +563,6 @@ jobs:
         name: Build
         uses: ./
         with:
-          source: .
           files: |
             ./test/config.hcl
           targets: app
@@ -584,7 +574,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -605,7 +595,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -634,7 +624,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -652,47 +642,18 @@ jobs:
         env:
           DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
 
-  export-legacy:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        legacy:
-          - false
-          - true
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          driver-opts: |
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-      -
-        name: Build
-        uses: ./
-        with:
-          files: |
-            ./test/config.hcl
-          targets: app
-        env:
-          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
-
   checks:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         buildx-version:
-          - edge
+          - latest
           - v0.14.1
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -705,7 +666,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test
-          source: .
           files: |
             ./lint.hcl
 
@@ -714,7 +674,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -727,7 +687,6 @@ jobs:
         uses: ./
         with:
           workdir: ./test
-          source: .
           files: |
             ./lint.hcl
         env:
@@ -739,14 +698,13 @@ jobs:
       fail-fast: false
       matrix:
         buildx-version:
-          - edge
+          - v0.19.0-rc2
-          - v0.19.0
           - v0.18.0
           - v0.17.1
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -762,108 +720,3 @@ jobs:
             ./test/config.hcl
           allow: network.host
           targets: app-entitlements
-
-  no-default-attestations:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Build
-        uses: ./
-        with:
-          source: .
-          files: |
-            ./test/config.hcl
-        env:
-          BUILDX_NO_DEFAULT_ATTESTATIONS: 1
-
-  call-check:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          driver-opts: |
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-      -
-        name: Build
-        id: bake
-        continue-on-error: true
-        uses: ./
-        with:
-          workdir: ./test
-          source: .
-          files: |
-            ./lint.hcl
-          call: check
-          targets: lint
-      -
-        name: Check
-        run: |
-          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
-            echo "::error::Should have failed"
-            exit 1
-          fi
-
-  call-check-multi:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          driver-opts: |
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-      -
-        name: Build
-        id: bake
-        continue-on-error: true
-        uses: ./
-        with:
-          workdir: ./test
-          source: .
-          files: |
-            ./lint.hcl
-          call: check
-      -
-        name: Check
-        run: |
-          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
-            echo "::error::Should have failed"
-            exit 1
-          fi
-
-  call-check-nowarning:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          driver-opts: |
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
-      -
-        name: Build
-        id: bake
-        continue-on-error: true
-        uses: ./
-        with:
-          source: .
-          files: |
-            ./test/config.hcl
-          call: check

.github/workflows/pr-assign-author.yml

@@ -1,17 +0,0 @@
-name: pr-assign-author
-
-permissions:
-  contents: read
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - reopened
-
-jobs:
-  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
-    permissions:
-      contents: read
-      pull-requests: write

.github/workflows/publish.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -23,12 +23,11 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: Test
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
-          source: .
           targets: test
       -
         name: Upload coverage

.github/workflows/validate.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       -
         name: List targets
         id: generate
@@ -36,8 +36,11 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           targets: ${{ matrix.target }}

.yarnrc.yml

@@ -1,9 +1,3 @@
-# https://yarnpkg.com/configuration/yarnrc
-
-compressionLevel: mixed
-enableGlobalCache: false
-enableHardenedMode: true
-
 logFilters:
   - code: YN0013
     level: discard
@@ -11,7 +5,9 @@ logFilters:
     level: discard
   - code: YN0076
     level: discard
-  - code: YN0086
-    level: discard
 
 nodeLinker: node-modules
+
+plugins:
+  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+    spec: "@yarnpkg/plugin-interactive-tools"

README.md

@@ -14,64 +14,97 @@ as a high-level build command.
 ___
 
 * [Usage](#usage)
-  * [Git context](#git-context)
   * [Path context](#path-context)
+  * [Git context](#git-context)
 * [Summaries](#summaries)
 * [Customizing](#customizing)
   * [inputs](#inputs)
   * [outputs](#outputs)
   * [environment variables](#environment-variables)
 * [Subactions](#subactions)
-  * [`matrix`](subaction/matrix)
+  * [`list-targets`](subaction/list-targets)
 * [Contributing](#contributing)
 
 ## Usage
 
-### Git context
+### Path context
 
-Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
+By default, this action will use the local bake definition (`source: .`), so
-to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
+you need to use the [`actions/checkout`](https://github.com/actions/checkout/)
-does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository.
-action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
-will do this directly.
-
-The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
-and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 
 ```yaml
 name: ci
 
 on:
   push:
+    branches:
+      - 'master'
 
 jobs:
   bake:
     runs-on: ubuntu-latest
     steps:
       -
-        name: Login to DockerHub
+        name: Checkout
-        uses: docker/login-action@v3
+        uses: actions/checkout@v4
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           push: true
-          set: |
+```
-            *.tags=user/app:latest
+
+### Git context
+
+Git context can be provided using the [`source` input](#inputs). This means
+that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
+will do this directly.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  bake:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/bake-action@v5
+        with:
+          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
+          push: true
 ```
 
 Be careful because **any file mutation in the steps that precede the build step
 will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the Git reference. However, you can use the
-[Path context](#path-context) using the [`source` input](#inputs) alongside
+[Path context](#path-context) alongside the [`actions/checkout`](https://github.com/actions/checkout/)
-the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+action to remove this restriction.
-this restriction.
 
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
@@ -80,12 +113,10 @@ to the default Git context:
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           source: "{{defaultContext}}:mysubdir"
           push: true
-          set: |
-            *.tags=user/app:latest
 ```
 
 Building from the current repository automatically uses the `GITHUB_TOKEN`
@@ -100,49 +131,14 @@ another private repository for remote definitions, you can set the
 ```yaml
       -
         name: Build and push
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
+          source: "${{ github.server_url }}/${{ github.repository }}.git#${{ github.ref }}"
           push: true
-          set: |
-            *.tags=user/app:latest
         env:
           BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
 ```
 
-### Path context
-
-```yaml
-name: ci
-
-on:
-  push:
-
-jobs:
-  bake:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build and push
-        uses: docker/bake-action@v6
-        with:
-          source: .
-          push: true
-          set: |
-            *.tags=user/app:latest
-```
-
 ## Summaries
 
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
@@ -157,19 +153,6 @@ additional details about the build execution for all the bake targets,
 including build stats, logs, outputs, and more. The build record can be
 imported to Docker Desktop for inspecting the build in greater detail.
 
-> [!WARNING]
->
-> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
-> action in your workflow, you need to ignore the build record artifacts
-> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
-> otherwise the action will fail:
-> ```yaml
-> - uses: actions/download-artifact@v4
->   with:
->     pattern: "!*.dockerbuild"
-> ```
-> More info: https://github.com/actions/toolkit/pull/1874
-
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 
@@ -200,11 +183,11 @@ The following inputs can be used as `step.with` keys
 | Name           | Type        | Description                                                                                                                                                        |
 |----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `builder`      | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                        |
-| `workdir`      | String      | Working directory of execution                                                                                                                                     |
+| `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/customize/bake/file-definition/#remote-definition)    |
-| `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/bake/remote-definition/)                              |
 | `allow`        | List/CSV    | Allow build to access specified resources (e.g., `network.host`)                                                                                                   |
-| `call`         | String      | Set method for evaluating build (e.g., check)                                                                                                                      |
 | `files`        | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                                                     |
+| `workdir`      | String      | Working directory of execution                                                                                                                                     |
+| `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
 | `no-cache`     | Bool        | Do not use cache when building the image (default `false`)                                                                                                         |
 | `pull`         | Bool        | Always attempt to pull a newer version of the image (default `false`)                                                                                              |
 | `load`         | Bool        | Load is a shorthand for `--set=*.output=type=docker` (default `false`)                                                                                             |
@@ -212,7 +195,6 @@ The following inputs can be used as `step.with` keys
 | `push`         | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                                           |
 | `sbom`         | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                                             |
 | `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`)                      |
-| `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
 | `github-token` | String      | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
 
 ### outputs
@@ -231,11 +213,10 @@ The following outputs are available
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
-| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
 
 ## Subactions
 
-* [`matrix`](subaction/matrix)
+* [`list-targets`](subaction/list-targets)
 
 ## Contributing
 

__tests__/context.test.ts

@@ -1,4 +1,4 @@
-import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 
@@ -122,7 +122,6 @@ jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise
 });
 
 describe('getArgs', () => {
-  const originalEnv = process.env;
   beforeEach(() => {
     process.env = Object.keys(process.env).reduce((object, key) => {
       if (!key.startsWith('INPUT_')) {
@@ -131,9 +130,6 @@ describe('getArgs', () => {
       return object;
     }, {});
   });
-  afterEach(() => {
-    process.env = originalEnv;
-  });
 
   // prettier-ignore
   test.each([
@@ -141,7 +137,6 @@ describe('getArgs', () => {
       0,
       '0.4.1',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -149,14 +144,12 @@ describe('getArgs', () => {
       ]),
       [
         'bake',
-      ],
+      ]
-      undefined
     ],
     [
       1,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -165,14 +158,12 @@ describe('getArgs', () => {
       [
         'bake',
         '--metadata-file', metadataJson
-      ],
+      ]
-      undefined
     ],
     [
       2,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['targets', 'webapp\nvalidate'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -183,14 +174,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         'webapp', 'validate'
-      ],
+      ]
-      undefined
     ],
     [
       3,
       '0.8.2',
       new Map<string, string>([
-        ['source', '.'],
         ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -202,14 +191,12 @@ describe('getArgs', () => {
         '--set', '*.cache-from=type=gha',
         '--set', '*.cache-to=type=gha',
         '--metadata-file', metadataJson
-      ],
+      ]
-      undefined
     ],
     [
       4,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -219,14 +206,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ],
+      ]
-      undefined
     ],
     [
       5,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -237,14 +222,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ],
+      ]
-      undefined
     ],
     [
       6,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -255,14 +238,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ],
+      ]
-      undefined
     ],
     [
       7,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -273,14 +254,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'false'
-      ],
+      ]
-      undefined
     ],
     [
       8,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -291,14 +270,12 @@ describe('getArgs', () => {
         'bake',
         '--metadata-file', metadataJson,
         "--provenance", 'builder-id=foo'
-      ],
+      ]
-      undefined
     ],
     [
       9,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -313,14 +290,12 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ],
+      ]
-      undefined
     ],
     [
       10,
       '0.10.0',
       new Map<string, string>([
-        ['source', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -334,13 +309,13 @@ describe('getArgs', () => {
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         'image-all'
-      ],
+      ]
-      undefined
     ],
     [
       11,
       '0.10.0',
       new Map<string, string>([
+        ['source', '{{defaultContext}}'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
@@ -353,14 +328,12 @@ describe('getArgs', () => {
         '--file', './foo.hcl',
         '--metadata-file', metadataJson,
         '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ],
+      ]
-      undefined
     ],
     [
       12,
       '0.17.0',
       new Map<string, string>([
-        ['source', '.'],
         ['allow', 'network.host'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -372,55 +345,11 @@ describe('getArgs', () => {
         '--allow', 'network.host',
         '--metadata-file', metadataJson,
         "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
-      ],
+      ]
-      undefined
-    ],
-    [
-      13,
-      '0.15.0',
-      new Map<string, string>([
-        ['source', '{{defaultContext}}:subdir'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false'],
-        ['files', './foo.hcl'],
-      ]),
-      [
-        'bake',
-        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
-        '--file', './foo.hcl',
-        '--metadata-file', metadataJson,
-        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
-      ],
-      undefined
-    ],
-    [
-      14,
-      '0.15.0',
-      new Map<string, string>([
-        ['source', '.'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false']
-      ]),
-      [
-        'bake',
-        '--metadata-file', metadataJson
-      ],
-      new Map<string, string>([
-        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
-      ])
     ],
   ])(
     '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
-      if (envs) {
-        envs.forEach((value: string, name: string) => {
-          process.env[name] = value;
-        });
-      }
       inputs.forEach((value: string, name: string) => {
         setInput(name, value);
       });

action.yml

@@ -10,22 +10,22 @@ inputs:
   builder:
     description: "Builder instance"
     required: false
-  workdir:
-    description: "Working directory of bake execution"
-    required: false
-    default: '.'
   source:
     description: "Context to build from. Can be either local or a remote bake definition"
     required: false
   allow:
     description: "Allow build to access specified resources (e.g., network.host)"
     required: false
-  call:
-    description: "Set method for evaluating build (e.g., check)"
-    required: false
   files:
     description: "List of bake definition files"
     required: false
+  workdir:
+    description: "Working directory of bake execution"
+    required: false
+    default: '.'
+  targets:
+    description: "List of bake targets"
+    required: false
   no-cache:
     description: "Do not use cache when building the image"
     required: false
@@ -51,9 +51,6 @@ inputs:
   set:
     description: "List of targets values to override (eg. targetpattern.key=value)"
     required: false
-  targets:
-    description: "List of bake targets"
-    required: false
   github-token:
     description: "API token used to authenticate to a Git repository for remote definitions"
     default: ${{ github.token }}

dist/licenses.txt

@@ -2358,6 +2358,9 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 
+dot-object
+MIT
+
 encoding
 MIT
 Copyright (c) 2012-2014 Andris Reinman
@@ -3688,6 +3691,9 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
+twirp-ts
+MIT
+
 undici
 MIT
 MIT License

docker-bake.hcl

@@ -1,9 +1,3 @@
-target "_common" {
-  args = {
-    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
-  }
-}
-
 group "default" {
   targets = ["build"]
 }
@@ -17,49 +11,42 @@ group "validate" {
 }
 
 target "build" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
 target "vendor" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
-  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

package.json

@@ -24,25 +24,25 @@
   ],
   "author": "Docker Inc.",
   "license": "Apache-2.0",
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@3.6.3",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "^0.63.0",
+    "@docker/actions-toolkit": "^0.53.0",
     "handlebars": "^4.7.8"
   },
   "devDependencies": {
-    "@types/node": "^20.19.9",
+    "@types/node": "^20.12.12",
-    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
-    "@typescript-eslint/parser": "^7.18.0",
+    "@typescript-eslint/parser": "^7.9.0",
-    "@vercel/ncc": "^0.38.3",
+    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.57.1",
+    "eslint": "^8.57.0",
-    "eslint-config-prettier": "^9.1.2",
+    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-jest": "^28.14.0",
+    "eslint-plugin-jest": "^28.5.0",
-    "eslint-plugin-prettier": "^5.5.4",
+    "eslint-plugin-prettier": "^5.1.3",
     "jest": "^29.7.0",
-    "prettier": "^3.6.2",
+    "prettier": "^3.2.5",
-    "ts-jest": "^29.4.1",
+    "ts-jest": "^29.1.2",
     "ts-node": "^10.9.2",
-    "typescript": "^5.9.2"
+    "typescript": "^5.4.5"
   }
 }

src/context.ts

@@ -11,12 +11,11 @@ import {Util} from '@docker/actions-toolkit/lib/util';
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 
 export interface Inputs {
-  builder: string;
-  workdir: string;
-  source: string;
   allow: string[];
-  call: string;
+  builder: string;
   files: string[];
+  workdir: string;
+  targets: string[];
   'no-cache': boolean;
   pull: boolean;
   load: boolean;
@@ -24,18 +23,17 @@ export interface Inputs {
   push: boolean;
   sbom: string;
   set: string[];
-  targets: string[];
+  source: string;
   'github-token': string;
 }
 
 export async function getInputs(): Promise<Inputs> {
   return {
-    builder: core.getInput('builder'),
-    workdir: core.getInput('workdir') || '.',
-    source: getSourceInput('source'),
     allow: Util.getInputList('allow'),
-    call: core.getInput('call'),
+    builder: core.getInput('builder'),
     files: Util.getInputList('files'),
+    workdir: core.getInput('workdir') || '.',
+    targets: Util.getInputList('targets'),
     'no-cache': core.getBooleanInput('no-cache'),
     pull: core.getBooleanInput('pull'),
     load: core.getBooleanInput('load'),
@@ -43,11 +41,33 @@ export async function getInputs(): Promise<Inputs> {
     push: core.getBooleanInput('push'),
     sbom: core.getInput('sbom'),
     set: Util.getInputList('set', {ignoreComma: true, quote: false}),
-    targets: Util.getInputList('targets'),
+    source: getSourceInput('source'),
     'github-token': core.getInput('github-token')
   };
 }
 
+export function sanitizeInputs(inputs: Inputs) {
+  const res = {};
+  for (const key of Object.keys(inputs)) {
+    if (key === 'github-token') {
+      continue;
+    }
+    const value: string | string[] | boolean = inputs[key];
+    if (typeof value === 'boolean' && value === false) {
+      continue;
+    } else if (Array.isArray(value) && value.length === 0) {
+      continue;
+    } else if (!value) {
+      continue;
+    }
+    if (key === 'workdir' && value === '.') {
+      continue;
+    }
+    res[key] = value;
+  }
+  return res;
+}
+
 export async function getArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
   // prettier-ignore
   return [
@@ -71,12 +91,6 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
       args.push('--allow', allow);
     });
   }
-  if (inputs.call) {
-    if (!(await toolkit.buildx.versionSatisfies('>=0.16.0'))) {
-      throw new Error(`Buildx >= 0.16.0 is required to use the call flag.`);
-    }
-    args.push('--call', inputs.call);
-  }
   await Util.asyncForEach(inputs.files, async file => {
     args.push('--file', file);
   });
@@ -89,7 +103,7 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
     if (inputs.provenance) {
       args.push('--provenance', inputs.provenance);
-    } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
       // if provenance not specified and BuildKit version compatible for
       // attestation, set default provenance. Also needs to make sure user
       // doesn't want to explicitly load the image to docker.
@@ -133,18 +147,8 @@ function getSourceInput(name: string): string {
   let source = handlebars.compile(core.getInput(name))({
     defaultContext: Context.gitContext()
   });
-  if (!source) {
-    source = Context.gitContext();
-  }
   if (source === '.') {
     source = '';
   }
   return source;
 }
-
-function noDefaultAttestations(): boolean {
-  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
-    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
-  }
-  return false;
-}

src/main.ts

@@ -26,8 +26,8 @@ actionsToolkit.run(
     const startedTime = new Date();
 
     const inputs: context.Inputs = await context.getInputs();
-    stateHelper.setSummaryInputs(inputs);
     core.debug(`inputs: ${JSON.stringify(inputs)}`);
+    stateHelper.setInputs(inputs);
 
     const toolkit = new Toolkit();
     const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
@@ -88,8 +88,6 @@ actionsToolkit.run(
     let builder: BuilderInfo;
     await core.group(`Builder info`, async () => {
       builder = await toolkit.builder.inspect(inputs.builder);
-      stateHelper.setBuilderDriver(builder.driver ?? '');
-      stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
       core.info(JSON.stringify(builder, null, 2));
     });
 
@@ -146,26 +144,8 @@ actionsToolkit.run(
       env: buildEnv,
       ignoreReturnCode: true
     }).then(res => {
-      if (res.exitCode != 0) {
+      if (res.stderr.length > 0 && res.exitCode != 0) {
-        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
+        err = Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
-          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
-          // with bake we can have multiple targets being checked so we need to
-          // count the total number of warnings
-          const totalWarnings = [...res.stdout.matchAll(/^Check complete, (\d+) warnings? (?:has|have) been found!/gm)].reduce((sum, m) => sum + parseInt(m[1], 10), 0);
-          if (totalWarnings > 0) {
-            // https://github.com/docker/buildx/blob/1e50e8ddabe108f009b9925e13a321d7c8f99f26/commands/build.go#L797-L803
-            if (totalWarnings === 1) {
-              err = Error(`Check complete, ${totalWarnings} warning has been found!`);
-            } else {
-              err = Error(`Check complete, ${totalWarnings} warnings have been found!`);
-            }
-          } else {
-            // if there are no warnings found, return the first line of stdout
-            err = Error(res.stdout.split('\n')[0]?.trim());
-          }
-        } else if (res.stderr.length > 0) {
-          err = Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
-        }
       }
     });
 
@@ -209,12 +189,12 @@ actionsToolkit.run(
     await core.group(`Check build summary support`, async () => {
       if (!buildSummaryEnabled()) {
         core.info('Build summary disabled');
-      } else if (inputs.call && inputs.call !== 'build') {
-        core.info(`Build summary skipped for ${inputs.call} subrequest`);
       } else if (GitHub.isGHES) {
         core.info('Build summary is not yet supported on GHES');
       } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
         core.info('Build summary requires Buildx >= 0.13.0');
+      } else if (builder && builder.driver === 'cloud') {
+        core.info('Build summary is not yet supported with Docker Build Cloud');
       } else if (refs.length == 0) {
         core.info('Build summary requires at least one build reference');
       } else {
@@ -240,8 +220,7 @@ actionsToolkit.run(
 
           const buildxHistory = new BuildxHistory();
           const exportRes = await buildxHistory.export({
-            refs: stateHelper.buildRefs,
+            refs: stateHelper.buildRefs
-            useContainer: buildExportLegacy()
           });
           core.info(`Build records written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
 
@@ -257,10 +236,8 @@ actionsToolkit.run(
           await GitHub.writeBuildSummary({
             exportRes: exportRes,
             uploadRes: uploadRes,
-            inputs: stateHelper.summaryInputs,
+            inputs: stateHelper.inputs,
-            bakeDefinition: stateHelper.bakeDefinition,
+            bakeDefinition: stateHelper.bakeDefinition
-            driver: stateHelper.builderDriver,
-            endpoint: stateHelper.builderEndpoint
           });
         } catch (e) {
           core.warning(e.message);
@@ -340,10 +317,3 @@ function buildRecordRetentionDays(): number | undefined {
     return res;
   }
 }
-
-function buildExportLegacy(): boolean {
-  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
-    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
-  }
-  return false;
-}

src/state-helper.ts

@@ -2,15 +2,11 @@ import * as core from '@actions/core';
 
 import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 
-import {Inputs} from './context';
+import {Inputs, sanitizeInputs} from './context';
 
 export const tmpDir = process.env['STATE_tmpDir'] || '';
-
+export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
-export const builderDriver = process.env['STATE_builderDriver'] || '';
-export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
-export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
 export const bakeDefinition = process.env['STATE_bakeDefinition'] ? <BakeDefinition>JSON.parse(process.env['STATE_bakeDefinition']) : undefined;
-
 export const buildRefs = process.env['STATE_buildRefs'] ? process.env['STATE_buildRefs'].split(',') : [];
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
 
@@ -18,12 +14,8 @@ export function setTmpDir(tmpDir: string) {
   core.saveState('tmpDir', tmpDir);
 }
 
-export function setBuilderDriver(builderDriver: string) {
+export function setInputs(inputs: Inputs) {
-  core.saveState('builderDriver', builderDriver);
+  core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
-}
-
-export function setBuilderEndpoint(builderEndpoint: string) {
-  core.saveState('builderEndpoint', builderEndpoint);
 }
 
 export function setBakeDefinition(bakeDefinition: BakeDefinition) {
@@ -37,22 +29,3 @@ export function setBuildRefs(buildRefs: Array<string>) {
 export function setSummarySupported() {
   core.saveState('isSummarySupported', 'true');
 }
-
-export function setSummaryInputs(inputs: Inputs) {
-  const res = {};
-  for (const key of Object.keys(inputs)) {
-    if (key === 'github-token') {
-      continue;
-    }
-    const value: string | string[] | boolean = inputs[key];
-    if (typeof value === 'boolean' && !value) {
-      continue;
-    } else if (Array.isArray(value) && value.length === 0) {
-      continue;
-    } else if (!value) {
-      continue;
-    }
-    res[key] = value;
-  }
-  core.saveState('summaryInputs', JSON.stringify(res));
-}

subaction/list-targets/README.md

@@ -1,14 +1,9 @@
-> [!WARNING]
-> `docker/bake-action/subaction/list-targets` is deprecated and will be removed
-> in a future release. Please use [`docker/bake-action/subaction/matrix`](../matrix)
-> instead.
-
 ## About
 
 This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
 so you can distribute your builds across multiple runners.
 
-![Screenshot](../../.github/subaction-list-targets.png)
+![Screenshot](../../.github/bake-action.png)
 
 ___
 
@@ -47,7 +42,7 @@ jobs:
       -
         name: List targets
         id: generate
-        uses: docker/bake-action/subaction/list-targets@v6
+        uses: docker/bake-action/subaction/list-targets@v4
         with:
           target: validate
 
@@ -60,9 +55,12 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v5
         with:
           targets: ${{ matrix.target }}
 ```
@@ -81,6 +79,6 @@ jobs:
 
 The following outputs are available
 
-| Name       | Type     | Description               |
+| Name       | Type     | Description                |
-|------------|----------|---------------------------|
+|------------|----------|----------------------------|
-| `targets`  | List/CSV | List of extracted targets |
+| `targets`  | List/CSV | List of extracted targest  |

subaction/list-targets/action.yml

@@ -26,23 +26,12 @@ runs:
       name: Generate
       id: generate
       uses: actions/github-script@v7
-      env:
-        INPUT_WORKDIR: ${{ inputs.workdir }}
-        INPUT_FILES: ${{ inputs.files }}
-        INPUT_TARGET: ${{ inputs.target }}
       with:
         script: |
-          core.warning(`docker/bake-action/subaction/list-targets is deprecated and will be removed in a future release. Please use docker/bake-action/subaction/matrix instead.`);
+          let def;
+          const files = `${{ inputs.files }}` ? `${{ inputs.files }}`.split(/[\r?\n,]+/).filter(Boolean) : [];
+          const target = `${{ inputs.target }}`;
 
-          function getInputList(name) {
-            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
-          }
-
-          const workdir = core.getInput('workdir');
-          const files = getInputList('files');
-          const target = core.getInput('target');
-
-          let def = {};
           await core.group(`Validating definition`, async () => {
             let args = ['buildx', 'bake'];
             for (const file of files) {
@@ -56,7 +45,7 @@ runs:
             const res = await exec.getExecOutput('docker', args, {
               ignoreReturnCode: true,
               silent: true,
-              cwd: workdir
+              cwd: `${{ inputs.workdir }}`
             });
             if (res.stderr.length > 0 && res.exitCode != 0) {
               throw new Error(res.stderr);

subaction/matrix/README.md

@@ -1,140 +0,0 @@
-## About
-
-This subaction generates a multi-dimension matrix that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)
-through the [`include` property](https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow#expanding-or-adding-matrix-configurations)
-so you can distribute your builds across multiple runners.
-
-![Screenshot](../../.github/subaction-matrix.png)
-
-___
-
-* [Usage](#usage)
-* [Customizing](#customizing)
-  * [inputs](#inputs)
-  * [outputs](#outputs)
-
-## Usage
-
-### List targets
-
-```hcl
-# docker-bake.hcl
-group "validate" {
-  targets = ["lint", "doctoc"]
-}
-
-target "lint" {
-  target = "lint"
-}
-
-target "doctoc" {
-  target = "doctoc"
-}
-```
-
-```yaml
-jobs:
-  prepare:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Generate matrix
-        id: generate
-        uses: docker/bake-action/subaction/matrix@v6
-        with:
-          target: validate
-
-  validate:
-    runs-on: ubuntu-latest
-    needs:
-      - prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Validate
-        uses: docker/bake-action@v6
-        with:
-          targets: ${{ matrix.target }}
-```
-
-### Platforms split
-
-```hcl
-# docker-bake.hcl
-target "lint" {
-  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
-  output = ["type=cacheonly"]
-  platforms = [
-    "darwin/amd64",
-    "darwin/arm64",
-    "linux/amd64",
-    "linux/arm64",
-    "linux/s390x",
-    "linux/ppc64le",
-    "linux/riscv64",
-    "windows/amd64",
-    "windows/arm64"
-  ]
-}
-```
-
-```yaml
-jobs:
-  prepare:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.generate.outputs.matrix }}
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Generate matrix
-        id: generate
-        uses: docker/bake-action/subaction/matrix@v6
-        with:
-          target: lint
-          fields: platforms
-
-  lint:
-    runs-on: ${{ startsWith(matrix.platforms, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    needs:
-      - prepare
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
-    steps:
-      -
-        name: Lint
-        uses: docker/bake-action@v6
-        with:
-          targets: ${{ matrix.target }}
-          set: |
-            *.platform=${{ matrix.platforms }}
-```
-
-## Customizing
-
-### inputs
-
-| Name      | Type     | Description                                                                                    |
-|-----------|----------|------------------------------------------------------------------------------------------------|
-| `workdir` | String   | Working directory to use (defaults to `.`)                                                     |
-| `files`   | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
-| `target`  | String   | The target to use within the bake file                                                         |
-| `fields`  | String   | List of extra fields to include in the matrix                                                  |
-
-### outputs
-
-| Name     | Type | Description          |
-|----------|------|----------------------|
-| `matrix` | JSON | Matrix configuration |

subaction/matrix/action.yml

@@ -1,101 +0,0 @@
-# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
-name: 'Matrix'
-description: 'Generate a matrix from a Bake definition to help distributing builds in your workflow'
-
-inputs:
-  workdir:
-    description: Working directory
-    default: '.'
-    required: false
-  files:
-    description: List of Bake files
-    required: false
-  target:
-    description: Bake target
-    required: false
-  fields:
-    description: List of extra fields to include in the matrix
-    required: false
-
-outputs:
-  matrix:
-    description: Matrix configuration
-    value: ${{ steps.generate.outputs.includes }}
-
-runs:
-  using: composite
-  steps:
-    -
-      name: Generate
-      id: generate
-      uses: actions/github-script@v7
-      env:
-        INPUT_WORKDIR: ${{ inputs.workdir }}
-        INPUT_FILES: ${{ inputs.files }}
-        INPUT_TARGET: ${{ inputs.target }}
-        INPUT_FIELDS: ${{ inputs.fields }}
-      with:
-        script: |
-          function getInputList(name) {
-            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
-          }
-
-          const workdir = core.getInput('workdir');
-          const files = getInputList('files');
-          const target = core.getInput('target');
-          const fields = getInputList('fields');
-
-          let def = {};
-          await core.group(`Parsing definition`, async () => {
-            let args = ['buildx', 'bake'];
-            for (const file of files) {
-              args.push('--file', file);
-            }
-            if (target) {
-              args.push(target);
-            }
-            args.push('--print');
-            const res = await exec.getExecOutput('docker', args, {
-              ignoreReturnCode: true,
-              silent: true,
-              cwd: workdir
-            });
-            if (res.stderr.length > 0 && res.exitCode != 0) {
-              throw new Error(res.stderr);
-            }
-            def = JSON.parse(res.stdout.trim());
-            core.info(JSON.stringify(def, null, 2));
-          });
-
-          await core.group(`Generating matrix`, async () => {
-            const result = [];
-            for (const targetName of Object.keys(def.target)) {
-              const target = def.target[targetName];
-              const entry = { target: targetName };
-              if (fields.length === 0) {
-                result.push({ ...entry });
-                continue;
-              }
-              let fieldFound = false;
-              Object.keys(target).forEach(field => {
-                if (fields.includes(field)) {
-                  fieldFound = true;
-                  const value = target[field];
-                  if (Array.isArray(value)) {
-                    value.forEach((v) => {
-                      entry[field] = v;
-                      result.push({ ...entry });
-                    });
-                  } else {
-                    entry[field] = value;
-                    result.push({ ...entry });
-                  }
-                }
-              });
-              if (!fieldFound) {
-                result.push({ ...entry });
-              }
-            }
-            core.info(JSON.stringify(result, null, 2));
-            core.setOutput('includes', JSON.stringify(result));
-          });

test/group-with-platform/docker-bake.hcl

@@ -1,36 +0,0 @@
-group "validate" {
-  targets = ["lint", "lint-gopls", "validate-vendor", "validate-docs"]
-}
-
-target "lint" {
-  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
-  output = ["type=cacheonly"]
-  platforms = [
-    "darwin/amd64",
-    "darwin/arm64",
-    "linux/amd64",
-    "linux/arm64",
-    "linux/s390x",
-    "linux/ppc64le",
-    "linux/riscv64",
-    "windows/amd64",
-    "windows/arm64"
-  ]
-}
-
-target "lint-gopls" {
-  inherits = ["lint"]
-  target = "gopls-analyze"
-}
-
-target "validate-vendor" {
-  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
-  target = "validate"
-  output = ["type=cacheonly"]
-}
-
-target "validate-docs" {
-  dockerfile = "./hack/dockerfiles/docs.Dockerfile"
-  target = "validate"
-  output = ["type=cacheonly"]
-}