Merge pull request #206 from crazy-max/docker-meta

Simplify "Complete workflow" with Docker meta action

.dockerignore

@@ -0,0 +1 @@
+node_modules

.github/CONTRIBUTING.md

@@ -15,6 +15,21 @@ Contributions to this project are [released](https://help.github.com/articles/gi
 7. Push to your fork and [submit a pull request](https://github.com/docker/build-push-action/compare)
 8. Pat your self on the back and wait for your pull request to be reviewed and merged.
 
+## Container based developer flow
+
+If you don't want to maintain a Node developer environment that fits this project you can use containerized commands instead of invoking yarn directly.
+
+```
+# format code and build javascript artifacts
+docker buildx bake pre-checkin
+
+# validate all code has correctly formatted and built
+docker buildx bake validate
+
+# run tests
+docker buildx bake test
+```
+
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 
 - Make sure the `README.md` and any other relevant **documentation are kept up-to-date**.

.github/workflows/ci.yml

@@ -381,10 +381,8 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v1
         with:
-          # TODO: Remove image=moby/buildkit:buildx-stable-1 when moby/buildkit#1727 fixed
           driver-opts: |
             network=host
-            image=moby/buildkit:buildx-stable-1
       -
         name: Build and push (1)
         id: docker_build
@@ -481,10 +479,8 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v1
         with:
-          # TODO: Remove image=moby/buildkit:buildx-stable-1 when moby/buildkit#1727 fixed
           driver-opts: |
             network=host
-            image=moby/buildkit:buildx-stable-1
       -
         name: Cache Docker layers
         uses: actions/cache@v2
@@ -551,10 +547,8 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v1
         with:
-          # TODO: Remove image=moby/buildkit:buildx-stable-1 when moby/buildkit#1727 fixed
           driver-opts: |
             network=host
-            image=moby/buildkit:buildx-stable-1
       -
         name: Cache Docker layers
         uses: actions/cache@v2

.github/workflows/example.yml

@@ -1,5 +1,4 @@
 # This workflow is provided just as an usage example and not for repo testing/verification
-# See https://github.com/docker/build-push-action#complete-workflow
 name: example
 
 on:
@@ -12,6 +11,9 @@ on:
       - 'v*.*.*'
   pull_request:
 
+env:
+  DOCKER_IMAGE: localhost:5000/name/app
+
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -25,34 +27,12 @@ jobs:
         name: Checkout
         uses: actions/checkout@v2.3.3
       -
-        name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=localhost:5000/name/app
-          VERSION=noop
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            VERSION=nightly
-          elif [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=edge
-            fi
-          elif [[ $GITHUB_REF == refs/pull/* ]]; then
-            VERSION=pr-${{ github.event.number }}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            MINOR=${VERSION%.*}
-            MAJOR=${MINOR%.*}
-            TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-          elif [ "${{ github.event_name }}" = "push" ]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-          fi
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+        name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ env.DOCKER_IMAGE }} # list of Docker images to use as base name for tags
+          tag-sha: true # add git short SHA as Docker tag
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
@@ -64,15 +44,9 @@ jobs:
         with:
           context: ./test
           file: ./test/Dockerfile
-          outputs: type=docker
-          tags: ${{ steps.prep.outputs.tags }}
-          labels: |
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+          load: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
       -
         name: Build and push to local registry
         uses: ./
@@ -80,23 +54,17 @@ jobs:
           context: ./test
           file: ./test/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          labels: |
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
       -
         name: Inspect image
         run: |
-          docker image inspect localhost:5000/name/app:${{ steps.prep.outputs.version }}
+          docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
       -
         name: Check manifest
         if: github.event_name != 'pull_request'
         run: |
-          docker buildx imagetools inspect localhost:5000/name/app:${{ steps.prep.outputs.version }}
+          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
       -
         name: Dump context
         if: always()

.github/workflows/test.yml

@@ -9,6 +9,19 @@ on:
       - master
 
 jobs:
+  test-containerized:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2.3.3
+      -
+        name: Validate
+        run: docker buildx bake validate
+      -
+        name: Test
+        run: docker buildx bake test
+
   test:
     runs-on: ubuntu-latest
     steps:

Dockerfile

@@ -0,0 +1,52 @@
+#syntax=docker/dockerfile:1.1-experimental
+
+FROM node:12 AS deps
+WORKDIR /src
+COPY package.json yarn.lock ./
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn \
+  yarn install
+
+FROM scratch AS update-yarn
+COPY --from=deps /src/yarn.lock /
+
+FROM deps AS validate-yarn
+COPY .git .git
+RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
+
+FROM deps AS base
+COPY . .
+
+FROM base AS build
+RUN yarn build
+
+FROM deps AS test
+COPY --from=docker /usr/local/bin/docker /usr/bin/
+ARG TARGETOS
+ARG TARGETARCH
+ARG BUILDX_VERSION=v0.4.2
+ENV RUNNER_TEMP=/tmp/github_runner
+ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
+RUN mkdir -p /usr/local/lib/docker/cli-plugins && \
+  curl -fsSL https://github.com/docker/buildx/releases/download/$BUILDX_VERSION/buildx-$BUILDX_VERSION.$TARGETOS-$TARGETARCH > /usr/local/lib/docker/cli-plugins/docker-buildx && \
+  chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx && \
+  docker buildx version
+COPY . .
+RUN yarn run test
+
+FROM base AS run-format
+RUN yarn run format
+
+FROM scratch AS format
+COPY --from=run-format /src/src/*.ts /src/
+
+FROM base AS validate-format
+RUN yarn run format-check
+
+FROM scratch AS dist
+COPY --from=build /src/dist/ /dist/
+
+FROM build AS validate-build
+RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
+
+FROM base AS dev
+ENTRYPOINT ["bash"]

README.md

@@ -39,7 +39,7 @@ ___
   * [Local registry](#local-registry)
   * [Export image to Docker](#export-image-to-docker)
   * [Leverage GitHub cache](#leverage-github-cache)
-  * [Complete workflow](#complete-workflow)
+  * [Handle tags and labels](#handle-tags-and-labels)
   * [Update DockerHub repo description](#update-dockerhub-repo-description)
 * [Customizing](#customizing)
   * [inputs](#inputs)
@@ -472,17 +472,12 @@ using [actions/cache](https://github.com/actions/cache) with this action:
 > If you want to [export layers for all stages](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue),
 > you have to specify `mode=max` attribute in `cache-to`.
 
-### Complete workflow
+### Handle tags and labels
 
 If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
-"automatic" tag management through Git reference and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-for labels, you will have to do it in a dedicated step.
-
-The following workflow with the `Prepare` step will generate some [outputs](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjobs_idoutputs)
-to handle tags and labels based on GitHub actions events.
-
-This is just an example to show many cases that you might want to use and that you will have to adapt according
-to your needs:
+"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
+for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
+to handle tags and labels based on GitHub actions events and Git metadata.
 
 <details>
   <summary><b>Show workflow</b></summary>
@@ -508,42 +503,12 @@ to your needs:
           name: Checkout
           uses: actions/checkout@v2
         -
-          name: Repo metadata
-          id: repo
-          uses: actions/github-script@v3
+          name: Docker meta
+          id: docker_meta
+          uses: crazy-max/ghaction-docker-meta@v1
           with:
-            script: |
-              const repo = await github.repos.get(context.repo)
-              return repo.data
-        -
-          name: Prepare
-          id: prep
-          run: |
-            DOCKER_IMAGE=name/app
-            VERSION=noop
-            if [ "${{ github.event_name }}" = "schedule" ]; then
-              VERSION=nightly
-            elif [[ $GITHUB_REF == refs/tags/* ]]; then
-              VERSION=${GITHUB_REF#refs/tags/}
-            elif [[ $GITHUB_REF == refs/heads/* ]]; then
-              VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-              if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-                VERSION=edge
-              fi
-            elif [[ $GITHUB_REF == refs/pull/* ]]; then
-              VERSION=pr-${{ github.event.number }}
-            fi
-            TAGS="${DOCKER_IMAGE}:${VERSION}"
-            if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-              MINOR=${VERSION%.*}
-              MAJOR=${MINOR%.*}
-              TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-            elif [ "${{ github.event_name }}" = "push" ]; then
-              TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-            fi
-            echo ::set-output name=version::${VERSION}
-            echo ::set-output name=tags::${TAGS}
-            echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+            images: name/app # list of Docker images to use as base name for tags
+            tag-sha: true # add git short SHA as Docker tag
         -
           name: Set up QEMU
           uses: docker/setup-qemu-action@v1
@@ -566,28 +531,11 @@ to your needs:
             file: ./Dockerfile
             platforms: linux/amd64,linux/arm64,linux/386
             push: ${{ github.event_name != 'pull_request' }}
-            tags: ${{ steps.prep.outputs.tags }}
-            labels: |
-              org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }}
-              org.opencontainers.image.description=${{ fromJson(steps.repo.outputs.result).description }}
-              org.opencontainers.image.url=${{ fromJson(steps.repo.outputs.result).html_url }}
-              org.opencontainers.image.source=${{ fromJson(steps.repo.outputs.result).clone_url }}
-              org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-              org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-              org.opencontainers.image.revision=${{ github.sha }}
-              org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }}
+            tags: ${{ steps.docker_meta.outputs.tags }}
+            labels: ${{ steps.docker_meta.outputs.labels }}
   ```
 </details>
 
-| Event           | Ref                           | Commit SHA | Docker Tag                         | Pushed |
-|-----------------|-------------------------------|------------|------------------------------------|--------|
-| `schedule`      |                               |            | `nightly`                          | Yes    |
-| `pull_request`  | `refs/pull/2/merge`           | `a123b57`  | `pr-2`                             | No     |
-| `push`          | `refs/heads/<default_branch>` | `676cae2`  | `sha-676cae2`, `edge`              | Yes    |
-| `push`          | `refs/heads/dev`              | `cf20257`  | `sha-cf20257`, `dev`               | Yes    |
-| `push`          | `refs/heads/my/branch`        | `a5df687`  | `sha-a5df687`, `my-branch`         | Yes    |
-| `push tag`      | `refs/tags/v1.2.3`            |            | `v1.2.3`, `v1.2`, `v1`, `latest`   | Yes    |
-
 ### Update DockerHub repo description
 
 You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
@@ -673,6 +621,7 @@ Following inputs can be used as `step.with` keys
 | `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue) (eg. `type=local,src=path/to/dir`) |
 | `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue) (eg. `type=local,dest=path/to/dir`) |
 | `secrets`           | List     | List of secrets to expose to the build (eg. `key=value`, `GIT_AUTH_TOKEN=mytoken`) |
+| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
 
 ### outputs
 

TROUBLESHOOTING.md

@@ -1,6 +1,114 @@
 # Troubleshooting
 
-## Errors on pushing to registry
+* [`auto-push is currently not implemented for docker driver`](#auto-push-is-currently-not-implemented-for-docker-driver)
+* [Cannot push to a registry](#cannot-push-to-a-registry)
+
+## `auto-push is currently not implemented for docker driver`
+
+If you're using the default builder (which uses the docker driver) without using our `setup-buildx-action`, you may
+encounter this error message if you try to push your image:
+
+```
+Run docker/build-push-action@v2
+📣 Buildx version: 0.4.2
+🏃 Starting build...
+/usr/bin/docker buildx build --tag localhost:5000/name/app:latest --iidfile /tmp/docker-build-push-eYl8PB/iidfile --file ./test/Dockerfile --push ./test
+auto-push is currently not implemented for docker driver
+Error: buildx call failed with: auto-push is currently not implemented for docker driver
+```
+
+While waiting for an implementation to be done on buildx/buildkit, you have the following possibilities
+to solve this atm:
+
+### With `docker-container` driver and `setup-buildx`
+
+> Recommended solution
+
+```yaml
+jobs:
+  build:
+    -
+      name: Checkout
+      uses: actions/checkout@v2
+    -
+      name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    -
+      name: Login
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ env.USER }}
+        password: ${{ secrets.PASSWORD }}
+    -
+      name: Build and push
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ${{ env.REGISTRY }}/myapp:latest
+        push: true
+```
+
+### With `docker` driver
+
+```yaml
+jobs:
+  build:
+    -
+      name: Checkout
+      uses: actions/checkout@v2
+    -
+      name: Login
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ env.USER }}
+        password: ${{ secrets.PASSWORD }}
+    -
+      name: Build
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ${{ env.REGISTRY }}/myapp:latest
+        load: true
+    -
+      name: Push
+      run: docker push ${{ env.REGISTRY }}/myapp:latest
+```
+
+### With `docker` driver and `setup-buildx`
+
+```yaml
+jobs:
+  build:
+    -
+      name: Checkout
+      uses: actions/checkout@v2
+    -
+      name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+      with:
+        driver: docker
+    -
+      name: Login
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ env.USER }}
+        password: ${{ secrets.PASSWORD }}
+    -
+      name: Build
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        tags: ${{ env.REGISTRY }}/myapp:latest
+        load: true
+    -
+      name: Push
+      run: docker push ${{ env.REGISTRY }}/myapp:latest
+```
+
+## Cannot push to a registry
 
 While pushing to a registry, you may encounter these kinds of issues:
 
@@ -38,7 +146,7 @@ jobs:
   containerd:
     runs-on: ubuntu-latest
     steps:
-       -
+      -
         name: Checkout
         uses: actions/checkout@v2
       -

UPGRADE.md

@@ -91,6 +91,7 @@ steps:
       push: ${{ github.event_name != 'pull_request' }}
       tag_with_ref: true
       tag_with_sha: true
+      add_git_labels: true
 ```
 
 ```yaml
@@ -142,3 +143,6 @@ steps:
         org.opencontainers.image.created=${{ steps.prep.outputs.created }}
         org.opencontainers.image.revision=${{ github.sha }}
 ```
+
+> You can also use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta) to handle tags and
+> labels based on GitHub actions events and Git metadata. A workflow example is available in the [README](README.md#handle-tags-and-labels).

__tests__/buildx.test.ts

@@ -2,9 +2,10 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as buildx from '../src/buildx';
-import * as exec from '@actions/exec';
+import * as docker from '../src/docker';
 import * as context from '../src/context';
 
+const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
 const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
 
 jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
@@ -16,7 +17,7 @@ jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
 });
 
 jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
-  return path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
+  return tmpNameSync;
 });
 
 describe('getImageID', () => {
@@ -91,11 +92,18 @@ describe('isLocalOrTarExporter', () => {
 });
 
 describe('getVersion', () => {
-  it('valid', async () => {
-    const version = await buildx.getVersion();
-    console.log(`version: ${version}`);
-    expect(semver.valid(version)).not.toBeNull();
-  }, 100000);
+  async function isDaemonRunning() {
+    return await docker.isDaemonRunning();
+  }
+  (isDaemonRunning() ? it : it.skip)(
+    'valid',
+    async () => {
+      const version = await buildx.getVersion();
+      console.log(`version: ${version}`);
+      expect(semver.valid(version)).not.toBeNull();
+    },
+    100000
+  );
 });
 
 describe('parseVersion', () => {
@@ -107,3 +115,18 @@ describe('parseVersion', () => {
     expect(await buildx.parseVersion(stdout)).toEqual(expected);
   });
 });
+
+describe('getSecret', () => {
+  test.each([
+    ['A_SECRET', 'abcdef0123456789'],
+    ['GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789'],
+    ['MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==']
+  ])('given %p key and %p secret', async (key, secret) => {
+    const secretArgs = await buildx.getSecret(`${key}=${secret}`);
+    console.log(`secretArgs: ${secretArgs}`);
+    expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
+    const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
+    console.log(`secretValue: ${secretContent}`);
+    expect(secretContent).toEqual(secret);
+  });
+});

__tests__/context.test.ts

@@ -1,6 +1,5 @@
 import * as fs from 'fs';
 import * as path from 'path';
-import * as buildx from '../src/buildx';
 import * as context from '../src/context';
 
 jest.spyOn(context, 'defaultContext').mockImplementation((): string => {
@@ -107,7 +106,7 @@ describe('getArgs', () => {
       '0.4.2',
       new Map<string, string>([
         ['context', '.'],
-        ['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno0123456789'],
+        ['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
       ]),
       [
         'buildx',
@@ -139,7 +138,7 @@ describe('getArgs', () => {
         ['context', 'https://github.com/docker/build-push-action.git#heads/master'],
         ['tag', 'localhost:5000/name/app:latest'],
         ['platforms', 'linux/amd64,linux/arm64'],
-        ['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno0123456789'],
+        ['secrets', 'GIT_AUTH_TOKEN=abcdefghijklmno=0123456789'],
         ['file', './test/Dockerfile'],
         ['builder', 'builder-git-context-2'],
         ['push', 'true']

action.yml

@@ -67,6 +67,9 @@ inputs:
     description: "GitHub Token used to authenticate against a repository for Git context"
     default: ${{ github.token }}
     required: false
+  ssh:
+    description: "List of SSH agent socket or keys to expose to the build"
+    required: false
 
 outputs:
   digest:

docker-bake.hcl

@@ -0,0 +1,42 @@
+group "default" {
+  targets = ["build"]
+}
+
+group "pre-checkin" {
+  targets = ["update-yarn", "format", "build"]
+}
+
+group "validate" {
+	targets = ["validate-format", "validate-build", "validate-yarn"]
+}
+
+target "update-yarn" {
+  target = "update-yarn"
+  output = ["."]
+}
+
+target "build" {
+  target = "dist"
+  output = ["."]
+}
+
+target "test" {
+  target = "test"
+}
+
+target "format" {
+  target = "format"
+  output = ["."]
+}
+
+target "validate-format" {
+  target = "validate-format"
+}
+
+target "validate-build" {
+  target = "validate-build"
+}
+
+target "validate-yarn" {
+	target = "validate-yarn"
+}

src/buildx.ts

@@ -18,7 +18,9 @@ export async function getImageID(): Promise<string | undefined> {
 }
 
 export async function getSecret(kvp: string): Promise<string> {
-  const [key, value] = kvp.split('=');
+  const delimiterIndex = kvp.indexOf('=');
+  const key = kvp.substring(0, delimiterIndex);
+  const value = kvp.substring(delimiterIndex + 1);
   const secretFile = context.tmpNameSync({
     tmpdir: context.tmpDir()
   });

src/context.ts

@@ -3,10 +3,12 @@ import * as os from 'os';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as tmp from 'tmp';
-import * as buildx from './buildx';
+
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
+import * as buildx from './buildx';
+
 let _defaultContext, _tmpDir: string;
 
 export interface Inputs {
@@ -28,6 +30,7 @@ export interface Inputs {
   cacheTo: string[];
   secrets: string[];
   githubToken: string;
+  ssh: string[];
 }
 
 export function defaultContext(): string {
@@ -69,7 +72,8 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
     cacheFrom: await getInputList('cache-from', true),
     cacheTo: await getInputList('cache-to', true),
     secrets: await getInputList('secrets', true),
-    githubToken: core.getInput('github-token')
+    githubToken: core.getInput('github-token'),
+    ssh: await getInputList('ssh')
   };
 }
 
@@ -122,6 +126,9 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
   if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
     args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
   }
+  await asyncForEach(inputs.ssh, async ssh => {
+    args.push('--ssh', ssh);
+  });
   if (inputs.file) {
     args.push('--file', inputs.file);
   }

src/docker.ts

@@ -0,0 +1,7 @@
+import * as exec from './exec';
+
+export async function isDaemonRunning(): Promise<boolean> {
+  return await exec.exec(`docker`, ['version', '--format', '{{.Server.Os}}'], true).then(res => {
+    return !res.stdout.includes(' ') && res.success;
+  });
+}