Merge pull request #299 from crazy-max/split-docs

Enhance documentation

.github/labels.yml

@@ -1,79 +0,0 @@
-## more info https://github.com/crazy-max/ghaction-github-labeler
-- # automerge
-  name: ":bell: automerge"
-  color: "8f4fbc"
-  description: ""
-- # bot
-  name: ":robot: bot"
-  color: "69cde9"
-  description: ""
-- # bug
-  name: ":bug: bug"
-  color: "b60205"
-  description: ""
-- # dependencies
-  name: ":game_die: dependencies"
-  color: "0366d6"
-  description: ""
-  from_name: "dependencies"
-- # documentation
-  name: ":memo: documentation"
-  color: "c5def5"
-  description: ""
-- # duplicate
-  name: ":busts_in_silhouette: duplicate"
-  color: "cccccc"
-  description: ""
-- # enhancement
-  name: ":sparkles: enhancement"
-  color: "0054ca"
-  description: ""
-- # feature request
-  name: ":bulb: feature request"
-  color: "0e8a16"
-  description: ""
-- # feedback
-  name: ":mega: feedback"
-  color: "03a9f4"
-  description: ""
-- # future maybe
-  name: ":rocket: future maybe"
-  color: "fef2c0"
-  description: ""
-- # good first issue
-  name: ":hatching_chick: good first issue"
-  color: "7057ff"
-  description: ""
-- # help wanted
-  name: ":pray: help wanted"
-  color: "4caf50"
-  description: ""
-- # hold
-  name: ":hand: hold"
-  color: "24292f"
-  description: ""
-- # invalid
-  name: ":no_entry_sign: invalid"
-  color: "e6e6e6"
-  description: ""
-- # maybe bug
-  name: ":interrobang: maybe bug"
-  color: "ff5722"
-  description: ""
-- # needs more info
-  name: ":thinking: needs more info"
-  color: "795548"
-  description: ""
-- # question
-  name: ":question: question"
-  color: "3f51b5"
-  description: ""
-  from_name: "question"
-- # upstream
-  name: ":eyes: upstream"
-  color: "fbca04"
-  description: ""
-- # wontfix
-  name: ":coffin: wontfix"
-  color: "ffffff"
-  description: ""

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
         with:
           path: action
       -
@@ -41,7 +41,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
         with:
           path: action
       -
@@ -95,7 +95,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
         with:
           path: action
       -
@@ -121,6 +121,14 @@ jobs:
             localhost:5000/name/app:1.0.0
           secrets: |
             GIT_AUTH_TOKEN=${{ github.token }}
+            "MYSECRET=aaaaaaaa
+            bbbbbbb
+            ccccccccc"
+            FOO=bar
+            "EMPTYLINE=aaaa
+
+            bbbb
+            ccc"
       -
         name: Inspect
         run: |
@@ -156,7 +164,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -203,7 +211,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -236,12 +244,6 @@ jobs:
 
   docker-driver:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        push:
-          - true
-          - false
     services:
       registry:
         image: registry:2
@@ -250,28 +252,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Build
         id: docker_build
-        continue-on-error: ${{ matrix.push }}
         uses: ./
         with:
           context: ./test
           file: ./test/Dockerfile
-          push: ${{ matrix.push }}
+          push: true
           tags: localhost:5000/name/app:latest
-      -
-        name: Check
-        run: |
-          echo "${{ toJson(steps.docker_build) }}"
-          if [ "${{ matrix.push }}" = "false" ]; then
-            exit 0
-          fi
-          if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
-            echo "::error::Should have failed"
-            exit 1
-          fi
       -
         name: Dump context
         if: always()
@@ -282,7 +272,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Build
         uses: ./
@@ -319,7 +309,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -372,7 +362,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -470,7 +460,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -538,7 +528,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1

.github/workflows/e2e.yml

@@ -0,0 +1,105 @@
+name: e2e
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 10 * * *' # everyday at 10am
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          -
+            registry: ''
+            slug: ghactionstest/ghactionstest
+            username_secret: DOCKERHUB_USERNAME
+            password_secret: DOCKERHUB_TOKEN
+          -
+            registry: ghcr.io
+            slug: ghcr.io/docker-ghactiontest/test
+            username_secret: GHCR_USERNAME
+            password_secret: GHCR_PAT
+          -
+            registry: registry.gitlab.com
+            slug: registry.gitlab.com/test1716/test
+            username_secret: GITLAB_USERNAME
+            password_secret: GITLAB_TOKEN
+          -
+            registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
+            slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
+            username_secret: AWS_ACCESS_KEY_ID
+            password_secret: AWS_SECRET_ACCESS_KEY
+          -
+            registry: public.ecr.aws
+            slug: public.ecr.aws/q3b5f1u4/test-docker-action
+            username_secret: AWS_ACCESS_KEY_ID
+            password_secret: AWS_SECRET_ACCESS_KEY
+          -
+            registry: us-east4-docker.pkg.dev
+            slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
+            username_secret: GAR_USERNAME
+            password_secret: GAR_JSON_KEY
+          -
+            registry: gcr.io
+            slug: gcr.io/sandbox-298914/test-docker-action
+            username_secret: GCR_USERNAME
+            password_secret: GCR_JSON_KEY
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ matrix.slug }}
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ matrix.registry }}
+          username: ${{ secrets[matrix.username_secret] }}
+          password: ${{ secrets[matrix.password_secret] }}
+      -
+        name: Build and push
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/Dockerfile-multi
+          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ matrix.slug }}:master
+          cache-to: type=inline
+      -
+        name: Inspect image
+        if: github.event_name != 'pull_request'
+        run: |
+          docker pull ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
+          docker image inspect ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
+      -
+        name: Check manifest
+        if: github.event_name != 'pull_request'
+        run: |
+          docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.docker_meta.outputs.version }}
+      -
+        name: Dump context
+        if: always()
+        uses: crazy-max/ghaction-dump-context@v1

.github/workflows/example.yml

@@ -1,5 +1,4 @@
 # This workflow is provided just as an usage example and not for repo testing/verification
-# See https://github.com/docker/build-push-action#complete-workflow
 name: example
 
 on:
@@ -12,6 +11,9 @@ on:
       - 'v*.*.*'
   pull_request:
 
+env:
+  DOCKER_IMAGE: localhost:5000/name/app
+
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -23,36 +25,14 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
-        name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=localhost:5000/name/app
-          VERSION=noop
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            VERSION=nightly
-          elif [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=edge
-            fi
-          elif [[ $GITHUB_REF == refs/pull/* ]]; then
-            VERSION=pr-${{ github.event.number }}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            MINOR=${VERSION%.*}
-            MAJOR=${MINOR%.*}
-            TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-          elif [ "${{ github.event_name }}" = "push" ]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-          fi
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+        name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ env.DOCKER_IMAGE }} # list of Docker images to use as base name for tags
+          tag-sha: true # add git short SHA as Docker tag
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
@@ -64,15 +44,9 @@ jobs:
         with:
           context: ./test
           file: ./test/Dockerfile
-          outputs: type=docker
-          tags: ${{ steps.prep.outputs.tags }}
-          labels: |
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+          load: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
       -
         name: Build and push to local registry
         uses: ./
@@ -80,23 +54,17 @@ jobs:
           context: ./test
           file: ./test/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          labels: |
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
       -
         name: Inspect image
         run: |
-          docker image inspect localhost:5000/name/app:${{ steps.prep.outputs.version }}
+          docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
       -
         name: Check manifest
         if: github.event_name != 'pull_request'
         run: |
-          docker buildx imagetools inspect localhost:5000/name/app:${{ steps.prep.outputs.version }}
+          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
       -
         name: Dump context
         if: always()

.github/workflows/labels.yml

@@ -1,20 +0,0 @@
-name: labels
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - '.github/labels.yml'
-      - '.github/workflows/labels.yml'
-
-jobs:
-  labeler:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2.3.3
-      -
-        name: Run Labeler
-        uses: crazy-max/ghaction-github-labeler@v3.1.0

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Validate
         run: docker buildx bake validate
@@ -27,7 +27,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2.3.3
+        uses: actions/checkout@v2
       -
         name: Install
         run: yarn install
@@ -36,7 +36,7 @@ jobs:
         run: yarn run test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v1.0.14
+        uses: codecov/codecov-action@v1
         if: success()
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/virtual-env.yml

@@ -0,0 +1,38 @@
+name: virtual-env
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 10 * * *' # everyday at 10am
+
+jobs:
+  os:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - ubuntu-20.04
+          - ubuntu-18.04
+          - ubuntu-16.04
+    steps:
+      -
+        name: List install packages
+        run: apt list --installed
+      -
+        name: Docker info
+        run: docker info
+      -
+        name: Docker version
+        run: docker version
+      -
+        name: buildx version
+        run: docker buildx version
+      -
+        name: containerd version
+        run: containerd --version
+      -
+        name: Dump context
+        if: always()
+        uses: crazy-max/ghaction-dump-context@v1

Dockerfile

@@ -1,4 +1,4 @@
-#syntax=docker/dockerfile:1.1-experimental
+#syntax=docker/dockerfile:1.2
 
 FROM node:12 AS deps
 WORKDIR /src
@@ -23,7 +23,7 @@ FROM deps AS test
 COPY --from=docker /usr/local/bin/docker /usr/bin/
 ARG TARGETOS
 ARG TARGETARCH
-ARG BUILDX_VERSION=v0.4.2
+ARG BUILDX_VERSION=v0.5.1
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN mkdir -p /usr/local/lib/docker/cli-plugins && \

README.md

@@ -6,18 +6,18 @@
 
 ## Upgrade from v1
 
-`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It
-works with 3 new actions ([login](https://github.com/docker/login-action), [setup-buildx](https://github.com/docker/setup-buildx-action)
-and [setup-qemu](https://github.com/docker/setup-qemu-action)) that we have created. It's also rewritten as a
-[typescript-action](https://github.com/actions/typescript-action/) to be as closed as possible of the
-[GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
+`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
+also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
+of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
 
-[Upgrade notes](UPGRADE.md) and many [usage examples](#usage) have been added to handle most use cases but `v1` is
-still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
+[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
+`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
 
 ## About
 
-GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx).
+GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
+features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform
+build, secrets, remote cache, etc. and different builder deployment/namespacing options.
 
 > :bulb: See also:
 > * [login](https://github.com/docker/login-action) action
@@ -31,16 +31,18 @@ ___
 * [Usage](#usage)
   * [Git context](#git-context)
   * [Path context](#path-context)
-  * [Isolated builders](#isolated-builders)
-  * [Multi-platform image](#multi-platform-image)
 * [Advanced usage](#advanced-usage)
-  * [Push to multi-registries](#push-to-multi-registries)
-  * [Cache to registry](#push-to-multi-registries)
-  * [Local registry](#local-registry)
-  * [Export image to Docker](#export-image-to-docker)
-  * [Leverage GitHub cache](#leverage-github-cache)
-  * [Complete workflow](#complete-workflow)
-  * [Update DockerHub repo description](#update-dockerhub-repo-description)
+  * [Multi-platform image](docs/advanced/multi-platform.md)
+  * [Secrets](docs/advanced/secrets.md)
+  * [Isolated builders](docs/advanced/isolated-builders.md)
+  * [Push to multi-registries](docs/advanced/push-multi-registries.md)
+  * [Cache](docs/advanced/cache.md)
+    * [Registry cache](docs/advanced/cache.md#registry-cache)
+    * [GitHub cache](docs/advanced/cache.md#github-cache)
+  * [Local registry](docs/advanced/local-registry.md)
+  * [Export image to Docker](docs/advanced/export-docker.md)
+  * [Handle tags and labels](docs/advanced/tags-labels.md)
+  * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 * [Customizing](#customizing)
   * [inputs](#inputs)
   * [outputs](#outputs)
@@ -50,25 +52,37 @@ ___
 
 ## Usage
 
-This action uses our [setup-buildx](https://github.com/docker/setup-buildx-action) action that extends the
-`docker build` command named [buildx](https://github.com/docker/buildx) with the full support of the features
-provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-arch build,
-build-secrets, remote cache, etc. and different builder deployment/namespacing options.
+By default, this action uses the [Git context](#git-context) so you don't need to use the
+[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
+done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
+Be careful because **any file mutation in the steps that precede the build step will be ignored** since
+the context is based on the git reference. However, you can use the [Path context](#path-context) using the
+[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
+
+In the examples below we are using 3 other actions:
+
+* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
+default the `docker-container` [builder driver](https://github.com/docker/buildx#--driver-driver). This is
+**not required but recommended** using it to be able to build multi-platform images, export cache, etc.
+* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want
+to add emulation support with QEMU to be able to build against more platforms. 
+* [`login`](https://github.com/docker/setup-qemu-action) action will take care to log in against a Docker registry.
 
 ### Git context
 
-The default behavior of this action is to use the [Git context invoked](https://github.com/docker/build-push-action/blob/master/src/context.ts#L31-L35)
-by your workflow.
-
 ```yaml
 name: ci
 
 on:
   push:
-    branches: master
+    branches:
+      - 'master'
 
 jobs:
-  main:
+  docker:
     runs-on: ubuntu-latest
     steps:
       -
@@ -90,17 +104,14 @@ jobs:
         with:
           push: true
           tags: user/app:latest
-          build-args: |
-            arg1=value1
-            arg2=value2
       -
         name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
 ```
 
-Building from current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
-as provided by `secrets` so it does not need to be passed. But if you want to authenticate against another private
-repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+so it does not need to be passed. If you want to authenticate against another private repository, you have to use
+a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
 
 ```yaml
       -
@@ -114,24 +125,21 @@ repository, you have to use a secret named `GIT_AUTH_TOKEN` to be able to authen
             GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
 ```
 
-> :warning: Subdir for Git context is [not yet supported](https://github.com/docker/build-push-action/issues/120).
-> For the moment you can use the [path context](#path-context).
-
-> More info: https://docs.docker.com/engine/reference/commandline/build/#git-repositories
+> :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684))
+> but you can use the [path context](#path-context) in the meantime. More info on [Docker docs website](https://docs.docker.com/engine/reference/commandline/build/#git-repositories).
 
 ### Path context
 
-You can also use the `PATH` context alongside the [`actions/checkout`](https://github.com/actions/checkout/) action.
-
 ```yaml
 name: ci
 
 on:
   push:
-    branches: master
+    branches:
+      - 'master'
 
 jobs:
-  path-context:
+  docker:
     runs-on: ubuntu-latest
     steps:
       -
@@ -154,487 +162,23 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm64,linux/386
           push: true
           tags: user/app:latest
 ```
 
-### Isolated builders
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches: master
-
-jobs:
-  multi-builders:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        uses: docker/setup-buildx-action@v1
-        id: builder1
-      -
-        uses: docker/setup-buildx-action@v1
-        id: builder2
-      -
-        name: Builder 1 name
-        run: echo ${{ steps.builder1.outputs.name }}
-      -
-        name: Builder 2 name
-        run: echo ${{ steps.builder2.outputs.name }}
-      -
-        name: Build against builder1
-        uses: docker/build-push-action@v2
-        with:
-          builder: ${{ steps.builder1.outputs.name }}
-          target: mytarget1
-      -
-        name: Build against builder2
-        uses: docker/build-push-action@v2
-        with:
-          builder: ${{ steps.builder2.outputs.name }}
-          target: mytarget2
-```
-
-### Multi-platform image
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches: master
-
-jobs:
-  multi:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
-          push: true
-          tags: |
-            user/app:latest
-            user/app:1.0.0
-```
-
 ## Advanced usage
 
-### Push to multi-registries
-
-The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
-and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
-image to these registries.
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-  
-  on:
-    push:
-      branches: master
-  
-  jobs:
-    multi-registries:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Checkout
-          uses: actions/checkout@v2
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Login to GitHub Container Registry
-          uses: docker/login-action@v1 
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.CR_PAT }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            context: .
-            file: ./Dockerfile
-            platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
-            push: true
-            tags: |
-              user/app:latest
-              user/app:1.0.0
-              ghcr.io/user/app:latest
-              ghcr.io/user/app:1.0.0
-  ```
-</details>
-
-### Cache to registry
-
-You can import/export cache from a cache manifest or (special) image configuration on the registry.
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    push:
-      branches: master
-
-  jobs:
-    registry-cache:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            push: true
-            tags: user/app:latest
-            cache-from: type=registry,ref=user/app:latest
-            cache-to: type=inline
-  ```
-</details>
-
-### Local registry
-
-For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    push:
-      branches: master
-
-  jobs:
-    local-registry:
-      runs-on: ubuntu-latest
-      services:
-        registry:
-          image: registry:2
-          ports:
-            - 5000:5000
-      steps:
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-          with:
-            driver-opts: network=host
-        -
-          name: Build and push to local registry
-          uses: docker/build-push-action@v2
-          with:
-            push: true
-            tags: localhost:5000/name/app:latest
-        -
-          name: Inspect
-          run: |
-            docker buildx imagetools inspect localhost:5000/name/app:latest
-  ```
-</details>
-
-### Export image to Docker
-
-You may want your build result to be available in the Docker client through `docker images` to be able to use it
-in another step of your workflow:
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    push:
-      branches: master
-
-  jobs:
-    export-docker:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Checkout
-          uses: actions/checkout@v2
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Build
-          uses: docker/build-push-action@v2
-          with:
-            context: .
-            file: ./Dockerfile
-            load: true
-            tags: myimage:latest
-        -
-          name: Inspect
-          run: |
-            docker image inspect myimage:latest
-  ```
-</details>
-
-### Leverage GitHub cache
-
-You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
-using [actions/cache](https://github.com/actions/cache) with this action:
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    push:
-      branches: master
-
-  jobs:
-    github-cache:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Cache Docker layers
-          uses: actions/cache@v2
-          with:
-            path: /tmp/.buildx-cache
-            key: ${{ runner.os }}-buildx-${{ github.sha }}
-            restore-keys: |
-              ${{ runner.os }}-buildx-
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            push: true
-            tags: user/app:latest
-            cache-from: type=local,src=/tmp/.buildx-cache
-            cache-to: type=local,dest=/tmp/.buildx-cache
-  ```
-</details>
-
-> If you want to [export layers for all stages](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue),
-> you have to specify `mode=max` attribute in `cache-to`.
-
-### Complete workflow
-
-If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
-"automatic" tag management through Git reference and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-for labels, you will have to do it in a dedicated step.
-
-The following workflow with the `Prepare` step will generate some [outputs](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjobs_idoutputs)
-to handle tags and labels based on GitHub actions events.
-
-This is just an example to show many cases that you might want to use and that you will have to adapt according
-to your needs:
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    schedule:
-      - cron: '0 10 * * *' # everyday at 10am
-    push:
-      branches:
-        - '**'
-      tags:
-        - 'v*.*.*'
-    pull_request:
-
-  jobs:
-    docker:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Checkout
-          uses: actions/checkout@v2
-        -
-          name: Repo metadata
-          id: repo
-          uses: actions/github-script@v3
-          with:
-            script: |
-              const repo = await github.repos.get(context.repo)
-              return repo.data
-        -
-          name: Prepare
-          id: prep
-          run: |
-            DOCKER_IMAGE=name/app
-            VERSION=noop
-            if [ "${{ github.event_name }}" = "schedule" ]; then
-              VERSION=nightly
-            elif [[ $GITHUB_REF == refs/tags/* ]]; then
-              VERSION=${GITHUB_REF#refs/tags/}
-            elif [[ $GITHUB_REF == refs/heads/* ]]; then
-              VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-              if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-                VERSION=edge
-              fi
-            elif [[ $GITHUB_REF == refs/pull/* ]]; then
-              VERSION=pr-${{ github.event.number }}
-            fi
-            TAGS="${DOCKER_IMAGE}:${VERSION}"
-            if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-              MINOR=${VERSION%.*}
-              MAJOR=${MINOR%.*}
-              TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest"
-            elif [ "${{ github.event_name }}" = "push" ]; then
-              TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
-            fi
-            echo ::set-output name=version::${VERSION}
-            echo ::set-output name=tags::${TAGS}
-            echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          if: github.event_name != 'pull_request'
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          id: docker_build
-          uses: docker/build-push-action@v2
-          with:
-            context: .
-            file: ./Dockerfile
-            platforms: linux/amd64,linux/arm64,linux/386
-            push: ${{ github.event_name != 'pull_request' }}
-            tags: ${{ steps.prep.outputs.tags }}
-            labels: |
-              org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }}
-              org.opencontainers.image.description=${{ fromJson(steps.repo.outputs.result).description }}
-              org.opencontainers.image.url=${{ fromJson(steps.repo.outputs.result).html_url }}
-              org.opencontainers.image.source=${{ fromJson(steps.repo.outputs.result).clone_url }}
-              org.opencontainers.image.version=${{ steps.prep.outputs.version }}
-              org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-              org.opencontainers.image.revision=${{ github.sha }}
-              org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }}
-  ```
-</details>
-
-| Event           | Ref                           | Commit SHA | Docker Tag                         | Pushed |
-|-----------------|-------------------------------|------------|------------------------------------|--------|
-| `schedule`      |                               |            | `nightly`                          | Yes    |
-| `pull_request`  | `refs/pull/2/merge`           | `a123b57`  | `pr-2`                             | No     |
-| `push`          | `refs/heads/<default_branch>` | `676cae2`  | `sha-676cae2`, `edge`              | Yes    |
-| `push`          | `refs/heads/dev`              | `cf20257`  | `sha-cf20257`, `dev`               | Yes    |
-| `push`          | `refs/heads/my/branch`        | `a5df687`  | `sha-a5df687`, `my-branch`         | Yes    |
-| `push tag`      | `refs/tags/v1.2.3`            |            | `v1.2.3`, `v1.2`, `v1`, `latest`   | Yes    |
-
-### Update DockerHub repo description
-
-You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
-a third-party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
-with this action:
-
-<details>
-  <summary><b>Show workflow</b></summary>
-  
-  ```yaml
-  name: ci
-
-  on:
-    push:
-      branches: master
-
-  jobs:
-    main:
-      runs-on: ubuntu-latest
-      steps:
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v1
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v1
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v1 
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v2
-          with:
-            push: true
-            tags: user/app:latest
-        -
-          name: Update repo description
-          uses: peter-evans/dockerhub-description@v2
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_PASSWORD }}
-            repository: user/app
-  ```
-</details>
+* [Multi-platform image](docs/advanced/multi-platform.md)
+* [Secrets](docs/advanced/secrets.md)
+* [Isolated builders](docs/advanced/isolated-builders.md)
+* [Push to multi-registries](docs/advanced/push-multi-registries.md)
+* [Cache](docs/advanced/cache.md)
+  * [Registry cache](docs/advanced/cache.md#registry-cache)
+  * [GitHub cache](docs/advanced/cache.md#github-cache)
+* [Local registry](docs/advanced/local-registry.md)
+* [Export image to Docker](docs/advanced/export-docker.md)
+* [Handle tags and labels](docs/advanced/tags-labels.md)
+* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 
 ## Customizing
 
@@ -658,7 +202,7 @@ Following inputs can be used as `step.with` keys
 |---------------------|----------|------------------------------------|
 | `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
 | `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
-| `file`              | String   | Path to the Dockerfile (default `Dockerfile`) |
+| `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
 | `build-args`        | List     | List of build-time variables |
 | `labels`            | List     | List of metadata for an image |
 | `tags`              | List/CSV | List of tags |
@@ -672,7 +216,9 @@ Following inputs can be used as `step.with` keys
 | `outputs`           | List     | List of [output destinations](https://github.com/docker/buildx#-o---outputpath-typetypekeyvalue) (format: `type=local,dest=path`) |
 | `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue) (eg. `type=local,src=path/to/dir`) |
 | `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue) (eg. `type=local,dest=path/to/dir`) |
-| `secrets`           | List     | List of secrets to expose to the build (eg. `key=value`, `GIT_AUTH_TOKEN=mytoken`) |
+| `secrets`           | List     | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
+| `secret-files`      | List     | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
+| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
 
 ### outputs
 

TROUBLESHOOTING.md

@@ -1,113 +1,7 @@
 # Troubleshooting
 
-* [`auto-push is currently not implemented for docker driver`](#auto-push-is-currently-not-implemented-for-docker-driver)
 * [Cannot push to a registry](#cannot-push-to-a-registry)
 
-## `auto-push is currently not implemented for docker driver`
-
-If you're using the default builder (which uses the docker driver) without using our `setup-buildx-action`, you may
-encounter this error message if you try to push your image:
-
-```
-Run docker/build-push-action@v2
-📣 Buildx version: 0.4.2
-🏃 Starting build...
-/usr/bin/docker buildx build --tag localhost:5000/name/app:latest --iidfile /tmp/docker-build-push-eYl8PB/iidfile --file ./test/Dockerfile --push ./test
-auto-push is currently not implemented for docker driver
-Error: buildx call failed with: auto-push is currently not implemented for docker driver
-```
-
-While waiting for an implementation to be done on buildx/buildkit, you have the following possibilities
-to solve this atm:
-
-### With `docker-container` driver and `setup-buildx`
-
-> Recommended solution
-
-```yaml
-jobs:
-  build:
-    -
-      name: Checkout
-      uses: actions/checkout@v2
-    -
-      name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-    -
-      name: Login
-      uses: docker/login-action@v1
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ env.USER }}
-        password: ${{ secrets.PASSWORD }}
-    -
-      name: Build and push
-      uses: docker/build-push-action@v2
-      with:
-        context: .
-        tags: ${{ env.REGISTRY }}/myapp:latest
-        push: true
-```
-
-### With `docker` driver
-
-```yaml
-jobs:
-  build:
-    -
-      name: Checkout
-      uses: actions/checkout@v2
-    -
-      name: Login
-      uses: docker/login-action@v1
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ env.USER }}
-        password: ${{ secrets.PASSWORD }}
-    -
-      name: Build
-      uses: docker/build-push-action@v2
-      with:
-        context: .
-        tags: ${{ env.REGISTRY }}/myapp:latest
-        load: true
-    -
-      name: Push
-      run: docker push ${{ env.REGISTRY }}/myapp:latest
-```
-
-### With `docker` driver and `setup-buildx`
-
-```yaml
-jobs:
-  build:
-    -
-      name: Checkout
-      uses: actions/checkout@v2
-    -
-      name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-      with:
-        driver: docker
-    -
-      name: Login
-      uses: docker/login-action@v1
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ env.USER }}
-        password: ${{ secrets.PASSWORD }}
-    -
-      name: Build
-      uses: docker/build-push-action@v2
-      with:
-        context: .
-        tags: ${{ env.REGISTRY }}/myapp:latest
-        load: true
-    -
-      name: Push
-      run: docker push ${{ env.REGISTRY }}/myapp:latest
-```
-
 ## Cannot push to a registry
 
 While pushing to a registry, you may encounter these kinds of issues:
@@ -165,8 +59,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./Dockerfile
-          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          platforms: linux/amd64,linux/arm64
           tags: docker.io/user/app:latest
           outputs: type=oci,dest=/tmp/image.tar
       -

UPGRADE.md

@@ -13,6 +13,7 @@
 * Add [`outputs`](https://github.com/docker/buildx#-o---outputpath-typetypekeyvalue) input
 * Add [`cache-from`](https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue) input (`cache_froms` removed)
 * Add [`cache-to`](https://github.com/docker/buildx#--cache-tonametypetypekeyvalue) input
+* Rename `build_args` input to `build-args` for consistency with other Docker build tools
 * Add `secrets` input
 * Review `tags` input
 * Remove `repository` input. See [Simple workflow](#simple-workflow) for migration
@@ -62,7 +63,6 @@ steps:
     uses: docker/build-push-action@v2
     with:
       context: .
-      file: ./Dockerfile
       pull: true
       push: true
       build-args: |
@@ -91,6 +91,7 @@ steps:
       push: ${{ github.event_name != 'pull_request' }}
       tag_with_ref: true
       tag_with_sha: true
+      add_git_labels: true
 ```
 
 ```yaml
@@ -134,11 +135,13 @@ steps:
     uses: docker/build-push-action@v2
     with:
       context: .
-      file: ./Dockerfile
       push: ${{ github.event_name != 'pull_request' }}
       tags: ${{ steps.prep.outputs.tags }}
       labels: |
-        org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+        org.opencontainers.image.source=${{ github.event.repository.html_url }}
         org.opencontainers.image.created=${{ steps.prep.outputs.created }}
         org.opencontainers.image.revision=${{ github.sha }}
 ```
+
+> You can also use the [Docker meta action to handle tags and labels](docs/advanced/tags-labels.md) based on GitHub
+> actions events and Git metadata.

__tests__/buildx.test.ts

@@ -1,9 +1,10 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import * as semver from 'semver';
+
 import * as buildx from '../src/buildx';
-import * as docker from '../src/docker';
 import * as context from '../src/context';
+import * as docker from '../src/docker';
 
 const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
 const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
@@ -118,15 +119,36 @@ describe('parseVersion', () => {
 
 describe('getSecret', () => {
   test.each([
-    ['A_SECRET', 'abcdef0123456789'],
-    ['GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789'],
-    ['MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==']
-  ])('given %p key and %p secret', async (key, secret) => {
-    const secretArgs = await buildx.getSecret(`${key}=${secret}`);
-    console.log(`secretArgs: ${secretArgs}`);
-    expect(secretArgs).toEqual(`id=${key},src=${tmpNameSync}`);
-    const secretContent = await fs.readFileSync(tmpNameSync, 'utf-8');
-    console.log(`secretValue: ${secretContent}`);
-    expect(secretContent).toEqual(secret);
+    ['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', false],
+    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
+    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
+    ['aaaaaaaa', false, '', '', true],
+    ['aaaaaaaa=', false, '', '', true],
+    ['=bbbbbbb', false, '', '', true],
+    [
+      `foo=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`,
+      true,
+      'foo',
+      'bar',
+      false
+    ],
+    [`notfound=secret`, true, '', '', true]
+  ])('given %p key and %p secret', async (kvp, file, exKey, exValue, invalid) => {
+    try {
+      let secret: string;
+      if (file) {
+        secret = await buildx.getSecretFile(kvp);
+      } else {
+        secret = await buildx.getSecretString(kvp);
+      }
+      expect(true).toBe(!invalid);
+      console.log(`secret: ${secret}`);
+      expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
+      const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
+      console.log(`secretValue: ${secretValue}`);
+      expect(secretValue).toEqual(exValue);
+    } catch (err) {
+      expect(true).toBe(invalid);
+    }
   });
 });

__tests__/context.test.ts

@@ -1,7 +1,115 @@
 import * as fs from 'fs';
 import * as path from 'path';
+
 import * as context from '../src/context';
 
+const pgp = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQdGBF6tzaABEACjFbX7PFEG6vDPN2MPyxYW7/3o/sonORj4HXUFjFxxJxktJ3x3
+N1ayHPJ1lqIeoiY7jVbq0ZdEVGkd3YsKG9ZMdZkzGzY6PQPC/+M8OnzOiOPwUdWc
++Tdhh115LvVz0MMKYiab6Sn9cgxj9On3LCQKpjvMDpPo9Ttf6v2GQIw8h2ACvdzQ
+71LtIELS/I+dLbfZiwpUu2fhQT13EJkEnYMOYwM5jNUd66P9itUc7MrOWjkicrKP
+oF1dQaCM+tuKuxvD8WLdiwU5x60NoGkJHHUehKQXl2dVzjpqEqHKEBJt9tfJ9lpE
+YIisgwB8o3pes0fgCehjW2zI95/o9+ayJ6nl4g5+mSvWRXEu66h71nwM0Yuvquk8
+3me7qhYfDrDdCwcxS5BS1hwakTgUQLD99FZjbx1j8sq96I65O0GRdyU2PR8KIjwu
+JrkTH4ZlKxK3FQghUhFoA5GkiDb+eClmRMSni5qg+81T4XChmUkEprA3eWCHL+Ma
+xRNNxLS+r6hH9HG5JBxpV3iaTI9HHpnQKhEeaLXqsUTDZliN9hP7Ywo8bpUB8j2d
+oWYwDV4dPyMKr6Fb8RDCh2q5gJGbVp8w/NmmBTeL+IP2fFggJkRfyumv3Ul7x66L
+tBFQ4rYo4JUUrGweSTneG6REIgxH66hIrNl6Vo/D1ZyknTe1dMOu/BTkkQARAQAB
+/gcDAqra8KO+h3bfyu90vxTL1ro4x/x9il7VBcWlIR4cBP7Imgxv+T4hwPIu8P1x
+lOlxLNWegFOV0idoTy1o3VLLBev/F+IlspX4A+2XEIddR6nZnKFi0Lv2L4TKgE9E
+VJJTszmviDIRLMLN9dWzDfA8hj5tR5Inot92CHRF414AS22JHvlhbFSLQnjqsN+C
+n1cQpNOJhkxsSfZsxjnFa/70y/u8v0o8mzyLZmk9HpzRHGzoz8IfpLp8OTqBR9u6
+zzoKLy16zZO55OKbj7h8uVZvDUq9l8iDICpqWMdZqBJIl56MBexYKgYxh3YO/8v2
+oXli+8Xuaq5QLiCN3yT7IbKoYzplnFfaJwFiMh7R1iPLXaYAZ0qdRijlbtseTK1m
+oHNkwUbxVzjkh4LfE8UpmMwZn5ZjWni3230SoiXuKy0OHkGvwGvWWAL1mEuoYuUI
+mFMcH5MnixP8oQYZKDj2IR/yEeOpdU6B/tr3Tk1NidLf7pUMqG7Ff1NU6dAUeBpa
+9xahITMjHvrhgMISY4IYZep5cEnVw8lQTpUJtW/ePMzrFhu3sA7oNdj9joW/VMfz
+H7MHwwavtICsYqoqV3lnjX4EC9dW6o8PTUg2u956dmtK7KAyUK/+w2aLNGT28ChN
+jhRYHvHzB9Kw5asqI/lTM49eqslBqYQMTTjdBphkYuSZQzNMf291j/ZmoLhD1A1a
+S8tUnNygKV4D1cJYgSXfzhFoU8ib/0SPo+KqQ+CzGS+wxXg6WNBA6wepTjpnVVx3
+4JADP8IJcDC3P0iwAreWjSy15F1cvemFFB0SLNUkyZGzsxtKzbM1+8khl68+eazC
+LzRj0rxfIF5znWjX1QFhKxCk6eF0IWDY0+b3DBkmChME9YDXJ3TthcqA7JgcX4JI
+M4/wdqhgerJYOmj+i2Q0M+Bu02icOJYMwTMMsDVl7XGHkaCuRgZ54eZAUH7JFwUm
+1Ct3tcaqiTMmz0ngHVqBTauzgqKDvzwdVqdfg05H364nJMay/3omR6GayIb5CwSo
+xdNVwG3myPPradT9MP09mDr4ys2zcnQmCkvTVBF6cMZ1Eh6PQQ8CyQWv0zkaBnqj
+JrM1hRpgW4ZlRosSIjCaaJjolN5QDcXBM9TbW9ww+ZYstazN2bV1ZQ7BEjlHQPa1
+BhzMsvqkbETHsIpDNF52gZKn3Q9eIX05BeadzpHUb5/XOheIHVIdhSaTlgl/qQW5
+hQgPGSzSV6KhXEY7aevTdvOgq++WiELkjfz2f2lQFesTjFoQWEvxVDUmLxHtEhaN
+DOuh4H3mX5Opn3pLQmqWVhJTbFdx+g5qQd0NCW4mDaTFWTRLFLZQsSJxDSeg9xrY
+gmaii8NhMZRwquADW+6iU6KfraBhngi7HRz4TfqPr9ma/KUY464cqim1fnwXejyx
+jsb5YHR9R66i+F6P/ysF5w+QuVdDt1fnf9GLay0r6qxpA8ft2vGPcDs4806Huj+7
+Aq5VeJaNkCuh3GR3xVnCFAz/7AtkO6xKuZm8B3q904UuMdSmkhWbaobIuF/B2B6S
+eawIXQHEOplK3ic26d8Ckf4gbjeORfELcMAEi5nGXpTThCdmxQApCLxAYYnTfQT1
+xhlDwT9xPEabo98mIwJJsAU5VsTDYW+qfo4qIx8gYoSKc9Xu3yVh3n+9k43Gcm5V
+9lvK1slijf+TzODZt/jsmkF8mPjXyP5KOI+xQp/m4PxW3pp57YrYj/Rnwga+8DKX
+jMsW7mLAAZ/e+PY6z/s3x1Krfk+Bb5Ph4mI0zjw5weQdtyEToRgveda0GEpvZSBU
+ZXN0ZXIgPGpvZUBmb28uYmFyPokCNgQQAQgAIAUCXq3NoAYLCQcIAwIEFQgKAgQW
+AgEAAhkBAhsDAh4BAAoJEH2FHrctc72gxtQP/AulaClIcn/kDt43mhYnyLglPfbo
+AqPlU26chXolBg0Wo0frFY3aIs5SrcWEf8aR4XLwCFGyi3vya0CUxjghN5tZBYqo
+vswbT00zP3ohxxlJFCRRR9bc7OZXCgTddtfVf6EKrUAzIkbWyAhaJnwJy/1UGpSw
+SEO/KpastrVKf3sv1wqOeFQ4DFyjaNda+xv3dVWS8db7KogqJiPFZXrQK3FKVIxS
+fxRSmKaYN7//d+xwVAEY++RrnL/o8B2kV6N68cCpQWJELyYnJzis9LBcWd/3wiYh
+efTyY+ePKUjcB+kEZnyJfLc7C2hll2e7UJ0fxv+k8vHReRhrNWmGRXsjNRxiw3U0
+hfvxD/C8nyqAbeTHp4XDX78Tc3XCysAqIYboIL+RyewDMjjLj5vzUYAdUdtyNaD7
+C6M2R6pN1GAt52CJmC/Z6F7W7GFGoYOdEkVdMQDsjCwScyEUNlGj9Zagw5M2EgSe
+6gaHgMgTzsMzCc4W6WV5RcS55cfDNOXtxPsMJTt4FmXrjl11prBzpMfpU5a9zxDZ
+oi54ZZ8VPE6jsT4Lzw3sni3c83wm28ArM20AzZ1vh7fk3Sfd0u4Yaz7s9JlEm5+D
+34tEyli28+QjCQc18EfQUiJqiYEJRxJXJ3esvMHfYi45pV/Eh5DgRW1305fUJV/6
++rGpg0NejsHoZdZPnQdGBF6tzaABEAC4mVXTkVk6Kdfa4r5zlzsoIrR27laUlMkb
+OBMt+aokqS+BEbmTnMg6xIAmcUT5uvGAc8S/WhrPoYfc15fTUyHIz8ZbDoAg0LO6
+0Io4VkAvNJNEnsSV9VdLBh/XYlc4K49JqKyWTL4/FJFAGbsmHY3b+QU90AS6FYRv
+KeBAoiyebrjx0vmzb8E8h3xthVLN+AfMlR1ickY62zvnpkbncSMY/skur1D2KfbF
+3sFprty2pEtjFcyB5+18l2IyyHGOlEUw1PZdOAV4/Myh1EZRgYBPs80lYTJALCVF
+IdOakH33WJCImtNZB0AbDTABG+JtMjQGscOa0qzf1Y/7tlhgCrynBBdaIJTx95TD
+21BUHcHOu5yTIS6Ulysxfkv611+BiOKHgdq7DVGP78VuzA7bCjlP1+vHqIt3cnIa
+t2tEyuZ/XF4uc3/i4g0uP9r7AmtET7Z6SKECWjpVv+UEgLx5Cv+ql+LSKYQMvU9a
+i3B1F9fatn3FSLVYrL4aRxu4TSw9POb0/lgDNmN3lGQOsjGCZPibkHjgPEVxKuiq
+9Oi38/VTQ0ZKAmHwBTq1WTZIrPrCW0/YMQ6yIJZulwQ9Yx1cgzYzEfg04fPXlXMi
+vkvNpKbYIICzqj0/DVztz9wgpW6mnd0A2VX2dqbMM0fJUCHA6pj8AvXY4R+9Q4rj
+eWRK9ycInQARAQAB/gcDApjt7biRO0PEyrrAiUwDMsJL4/CVMu11qUWEPjKe2Grh
+ZTW3N+m3neKPRULu+LUtndUcEdVWUCoDzAJ7MwihZtV5vKST/5Scd2inonOaJqoA
+nS3wnEMN/Sc93HAZiZnFx3NKjQVNCwbuEs45mXkkcjLm2iadrTL8fL4acsu5IsvD
+LbDwVOPeNnHKl6Hr20e39fK0FuJEyH49JM6U3B1/8385sJB8+E24+hvSF81aMddh
+Ne4Bc3ZYiYaKxe1quPNKC0CQhAZiT7LsMfkInXr0hY1I+kISNXEJ1dPYOEWiv0Ze
+jD5Pupn34okKNEeBCx+dK8BmUCi6Jgs7McUA7hN0D/YUS++5fuR55UQq2j8Ui0tS
+P8GDr86upH3PgEL0STh9fYfJ7TesxurwonWjlmmT62Myl4Pr+RmpS6PXOnhtcADm
+eGLpzhTveFj4JBLMpyYHgBTqcs12zfprATOpsI/89kmQoGCZpG6+AbfSHqNNPdy2
+eqUCBhOZlIIda1z/cexmU3f/gBqyflFf8fkvmlO4AvI8aMH3OpgHdWnzh+AB51xj
+kmdD/oWel9v7Dz4HoZUfwFaLZ0fE3P9voD8e+sCwqQwVqRY4L/BOYPD5noVOKgOj
+ABNKu5uKrobj6rFUi6DTUCjFGcmoF1Sc06xFNaagUNggRbmlC/dz22RWdDUYv5ra
+N6TxIDkGC0cK6ujyK0nes3DN0aHjgwWuMXDYkN3UckiebI4Cv/eF9jvUKOSiIcy1
+RtxdazZS4dYg2LBMeJKVkPi5elsNyw2812nEY3du/nEkQYXfYgWOF27OR+g4Y9Yw
+1BiqJ1TTjbQnd/khOCrrbzDH1mw00+1XVsT6wjObuYqqxPPS87UrqmMf6OdoYfPm
+zEOnNLBnsJ5VQM3A3pcT40RfdBrZRO8LjGhzKTreyq3C+jz0RLa5HNE8GgOhGyck
+ME4h+RhXlE8KGM+tTo6PA1NJSrEt+8kZzxjP4rIEn0aVthCkNXK12inuXtnHm0ao
+iLUlQOsfPFEnzl0TUPd7+z7j/wB+XiKU/AyEUuB0mvdxdKtqXvajahOyhLjzHQhz
+ZnNlgANGtiqcSoJmkJ8yAvhrtQX51fQLftxbArRW1RYk/5l+Gy3azR+gUC17M6JN
+jrUYxn0zlAxDGFH7gACHUONwVekcuEffHzgu2lk7MyO1Y+lPnwabqjG0eWWHuU00
+hskJlXyhj7DeR12bwjYkyyjG62GvOH02g3OMvUgNGH+K321Dz539csCh/xwtg7Wt
+U3YAphU7htQ1dPDfk1IRs7DQo2L+ZTE57vmL5m0l6fTataEWBPUXkygfQFUJOM6Q
+yY76UEZww1OSDujNeY171NSTzXCVkUeAdAMXgjaHXWLK2QUQUoXbYX/Kr7Vvt9Fu
+Jh6eGjjp7dSjQ9+DW8CAB8vxd93gsQQGWYjmGu8khkEmx6OdZhmSbDbe915LQTb9
+sPhk2s5/Szsvr5W2JJ2321JI6KXBJMZvPC5jEBWmRzOYkRd2vloft+CSMfXF+Zfd
+nYtc6R3dvb9vcjo+a9wFtfcoDsO0MaPSM+9GB25MamdatmGX6iLOy9Re1UABwUi/
+VhTWNkP5uzqx0sDwHEIa2rYOwxpIZDwwjM3oOASCW1DDBQ0BI9KNjfIeL3ubx2mS
+2x8hFU9qSK4umoDNbzOqGPSlkdbiPcNjF2ZcSN1qQZiYdwLL5dw6APNyBVjxTN1J
+gkCdJ/HwAY+r93Lbl5g8gz8d0vJEyfn//34sn9u+toSTw55GcG9Ks1kSKIeDNh0h
+MiPm3HmJAh8EGAEIAAkFAl6tzaACGwwACgkQfYUety1zvaBV9hAAgliX36pXJ59g
+3I9/4R68e/fGg0FMM6D+01yCeiKApOYRrJ0cYKn7ITDYmHhlGGpBAie90UsqX12h
+hdLP7LoQx7sjTyzQt6JmpA8krIwi2ON7FKBkdYb8IYx4mE/5vKnYT4/SFnwTmnZY
++m+NzK2U/qmhq8JyO8gozdAKJUcgz49IVv2Ij0tQ4qaPbyPwQxIDyKnT758nJhB1
+jTqo+oWtER8q3okzIlqcArqn5rDaNJx+DRYL4E/IddyHQAiUWUka8usIUqeW5reu
+zoPUE2CCfOJSGArkqHQQqMx0WEzjQTwAPaHrQbera4SbiV/o4CLCV/u5p1Qnig+Q
+iUsakmlD299t//125LIQEa5qzd9hRC7u1uJS7VdW8eGIEcZ0/XT/sr+z23z0kpZH
+D3dXPX0BwM4IP9xu31CNg10x0rKwjbxy8VaskFEelpqpu+gpAnxqMd1evpeUHcOd
+r5RgPgkNFfba9Nbxf7uEX+HOmsOM+kdtSmdGIvsBZjVnW31nnoDMp49jG4OynjrH
+cRuoM9sxdr6UDqb22CZ3/e0YN4UaZM3YDWMVaP/QBVgvIFcdByqNWezpd9T4ZUII
+MZlaV1uRnHg6B/zTzhIdMM80AXz6Uv6kw4S+Lt7HlbrnMT7uKLuvzH7cle0hcIUa
+PejgXO0uIRolYQ3sz2tMGhx1MfBqH64=
+=WbwB
+-----END PGP PRIVATE KEY BLOCK-----`;
+
 jest.spyOn(context, 'defaultContext').mockImplementation((): string => {
   return 'https://github.com/docker/build-push-action.git#test-jest';
 });
@@ -39,7 +147,6 @@ describe('getArgs', () => {
         'buildx',
         'build',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--file', 'Dockerfile',
         '.'
       ]
     ],
@@ -54,7 +161,20 @@ describe('getArgs', () => {
         '--build-arg', 'MY_ARG=val1,val2,val3',
         '--build-arg', 'ARG=val',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--file', 'Dockerfile',
+        'https://github.com/docker/build-push-action.git#test-jest'
+      ]
+    ],
+    [
+      '0.4.2',
+      new Map<string, string>([
+        ['tags', 'name/app:7.4, name/app:latest'],
+      ]),
+      [
+        'buildx',
+        'build',
+        '--tag', 'name/app:7.4',
+        '--tag', 'name/app:latest',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         'https://github.com/docker/build-push-action.git#test-jest'
       ]
     ],
@@ -71,7 +191,6 @@ describe('getArgs', () => {
         '--label', 'org.opencontainers.image.title=buildkit',
         '--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
         '--output', 'type=local,dest=./release-out',
-        '--file', 'Dockerfile',
         '.'
       ]
     ],
@@ -85,7 +204,6 @@ describe('getArgs', () => {
         'buildx',
         'build',
         '--platform', 'linux/amd64,linux/arm64',
-        '--file', 'Dockerfile',
         '.'
       ]
     ],
@@ -98,7 +216,6 @@ describe('getArgs', () => {
         'buildx',
         'build',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--file', 'Dockerfile',
         '.'
       ]
     ],
@@ -113,7 +230,6 @@ describe('getArgs', () => {
         'build',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--file', 'Dockerfile',
         '.'
       ]
     ],
@@ -128,7 +244,6 @@ describe('getArgs', () => {
         'build',
         '--output', '.',
         '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--file', 'Dockerfile',
         'https://github.com/docker/build-push-action.git#test-jest'
       ]
     ],
@@ -154,6 +269,95 @@ describe('getArgs', () => {
         '--push',
         'https://github.com/docker/build-push-action.git#heads/master'
       ]
+    ],
+    [
+      '0.4.2',
+      new Map<string, string>([
+        ['context', 'https://github.com/docker/build-push-action.git#heads/master'],
+        ['tag', 'localhost:5000/name/app:latest'],
+        ['platforms', 'linux/amd64,linux/arm64'],
+        ['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
+"MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc"
+FOO=bar
+"EMPTYLINE=aaaa
+
+bbbb
+ccc"`],
+        ['file', './test/Dockerfile'],
+        ['builder', 'builder-git-context-2'],
+        ['push', 'true']
+      ]),
+      [
+        'buildx',
+        'build',
+        '--platform', 'linux/amd64,linux/arm64',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--file', './test/Dockerfile',
+        '--builder', 'builder-git-context-2',
+        '--push',
+        'https://github.com/docker/build-push-action.git#heads/master'
+      ]
+    ],
+    [
+      '0.4.2',
+      new Map<string, string>([
+        ['context', 'https://github.com/docker/build-push-action.git#heads/master'],
+        ['tag', 'localhost:5000/name/app:latest'],
+        ['platforms', 'linux/amd64,linux/arm64'],
+        ['secrets', `GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
+MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc
+FOO=bar
+EMPTYLINE=aaaa
+
+bbbb
+ccc`],
+        ['file', './test/Dockerfile'],
+        ['builder', 'builder-git-context-2'],
+        ['push', 'true']
+      ]),
+      [
+        'buildx',
+        'build',
+        '--platform', 'linux/amd64,linux/arm64',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--file', './test/Dockerfile',
+        '--builder', 'builder-git-context-2',
+        '--push',
+        'https://github.com/docker/build-push-action.git#heads/master'
+      ]
+    ],
+    [
+      '0.5.1',
+      new Map<string, string>([
+        ['context', 'https://github.com/docker/build-push-action.git#heads/master'],
+        ['tag', 'localhost:5000/name/app:latest'],
+        ['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`],
+        ['file', './test/Dockerfile'],
+        ['builder', 'builder-git-context-2'],
+        ['push', 'true']
+      ]),
+      [
+        'buildx',
+        'build',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--file', './test/Dockerfile',
+        '--builder', 'builder-git-context-2',
+        '--push',
+        'https://github.com/docker/build-push-action.git#heads/master'
+      ]
     ]
   ])(
     'given %p with %p as inputs, returns %p',
@@ -172,68 +376,167 @@ describe('getArgs', () => {
 });
 
 describe('getInputList', () => {
-  it('handles single line correctly', async () => {
+  it('single line correctly', async () => {
     await setInput('foo', 'bar');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar']);
   });
 
-  it('handles multiple lines correctly', async () => {
+  it('multiline correctly', async () => {
     setInput('foo', 'bar\nbaz');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
-  it('remove empty lines correctly', async () => {
+  it('empty lines correctly', async () => {
     setInput('foo', 'bar\n\nbaz');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
-  it('handles comma correctly', async () => {
+  it('comma correctly', async () => {
     setInput('foo', 'bar,baz');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
-  it('remove empty result correctly', async () => {
+  it('empty result correctly', async () => {
     setInput('foo', 'bar,baz,');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
-  it('handles different new lines correctly', async () => {
+  it('different new lines correctly', async () => {
     setInput('foo', 'bar\r\nbaz');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
-  it('handles different new lines and comma correctly', async () => {
+  it('different new lines and comma correctly', async () => {
     setInput('foo', 'bar\r\nbaz,bat');
     const res = await context.getInputList('foo');
     console.log(res);
     expect(res).toEqual(['bar', 'baz', 'bat']);
   });
 
-  it('handles multiple lines and ignoring comma correctly', async () => {
+  it('multiline and ignoring comma correctly', async () => {
     setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
     const res = await context.getInputList('cache-from', true);
     console.log(res);
     expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
   });
 
-  it('handles different new lines and ignoring comma correctly', async () => {
+  it('different new lines and ignoring comma correctly', async () => {
     setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
     const res = await context.getInputList('cache-from', true);
     console.log(res);
     expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
   });
+
+  it('multiline values', async () => {
+    setInput(
+      'secrets',
+      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
+"MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc"
+FOO=bar`
+    );
+    const res = await context.getInputList('secrets', true);
+    console.log(res);
+    expect(res).toEqual([
+      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
+      `MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc`,
+      'FOO=bar'
+    ]);
+  });
+
+  it('multiline values with empty lines', async () => {
+    setInput(
+      'secrets',
+      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
+"MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc"
+FOO=bar
+"EMPTYLINE=aaaa
+
+bbbb
+ccc"`
+    );
+    const res = await context.getInputList('secrets', true);
+    console.log(res);
+    expect(res).toEqual([
+      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
+      `MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc`,
+      'FOO=bar',
+      `EMPTYLINE=aaaa
+
+bbbb
+ccc`
+    ]);
+  });
+
+  it('multiline values without quotes', async () => {
+    setInput(
+      'secrets',
+      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
+MYSECRET=aaaaaaaa
+bbbbbbb
+ccccccccc
+FOO=bar`
+    );
+    const res = await context.getInputList('secrets', true);
+    console.log(res);
+    expect(res).toEqual([
+      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
+      'MYSECRET=aaaaaaaa',
+      'bbbbbbb',
+      'ccccccccc',
+      'FOO=bar'
+    ]);
+  });
+
+  it('large multiline values', async () => {
+    setInput(
+      'secrets',
+      `"GPG_KEY=${pgp}"
+FOO=bar`
+    );
+    const res = await context.getInputList('secrets', true);
+    console.log(res);
+    expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']);
+  });
+
+  it('multiline values escape quotes', async () => {
+    setInput(
+      'secrets',
+      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
+"MYSECRET=aaaaaaaa
+bbbb""bbb
+ccccccccc"
+FOO=bar`
+    );
+    const res = await context.getInputList('secrets', true);
+    console.log(res);
+    expect(res).toEqual([
+      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
+      `MYSECRET=aaaaaaaa
+bbbb\"bbb
+ccccccccc`,
+      'FOO=bar'
+    ]);
+  });
 });
 
 describe('asyncForEach', () => {

__tests__/fixtures/secret.txt

@@ -0,0 +1 @@
+bar

action.yml

@@ -16,7 +16,6 @@ inputs:
   file:
     description: "Path to the Dockerfile"
     required: false
-    default: './Dockerfile'
   build-args:
     description: "List of build-time variables"
     required: false
@@ -61,7 +60,13 @@ inputs:
     description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
     required: false
   secrets:
-    description: "List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken)"
+    description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
+    required: false
+  secret-files:
+    description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
+    required: false
+  ssh:
+    description: "List of SSH agent socket or keys to expose to the build"
     required: false
   github-token:
     description: "GitHub Token used to authenticate against a repository for Git context"

docs/advanced/cache.md

@@ -0,0 +1,107 @@
+# Cache
+
+* [Registry cache](#registry-cache)
+* [GitHub cache](#github-cache)
+
+> More info about buildx cache: https://github.com/docker/buildx#--cache-fromnametypetypekeyvalue
+
+## Registry cache
+
+You can import/export cache from a cache manifest or (special) image configuration on the registry.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: user/app:latest
+          cache-from: type=registry,ref=user/app:latest
+          cache-to: type=inline
+```
+
+## GitHub cache
+
+> :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252).
+> The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896).
+
+> :rocket: There is a new cache backend using GitHub cache being developed that will lighten your workflow.
+> More info: https://github.com/docker/buildx/pull/535
+
+You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
+using [actions/cache](https://github.com/actions/cache) with this action:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: user/app:latest
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+      -
+        # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+```

docs/advanced/dockerhub-desc.md

@@ -0,0 +1,48 @@
+# Update DockerHub repo description
+
+You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
+a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
+with this action:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: user/app:latest
+      -
+        name: Update repo description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: user/app
+```

docs/advanced/export-docker.md

@@ -0,0 +1,35 @@
+# Export image to Docker
+
+You may want your build result to be available in the Docker client through `docker images` to be able to use it
+in another step of your workflow:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          load: true
+          tags: myimage:latest
+      -
+        name: Inspect
+        run: |
+          docker image inspect myimage:latest
+```

docs/advanced/isolated-builders.md

@@ -0,0 +1,44 @@
+# Isolated builders
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        uses: docker/setup-buildx-action@v1
+        id: builder1
+      -
+        uses: docker/setup-buildx-action@v1
+        id: builder2
+      -
+        name: Builder 1 name
+        run: echo ${{ steps.builder1.outputs.name }}
+      -
+        name: Builder 2 name
+        run: echo ${{ steps.builder2.outputs.name }}
+      -
+        name: Build against builder1
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.builder1.outputs.name }}
+          context: .
+          target: mytarget1
+      -
+        name: Build against builder2
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.builder2.outputs.name }}
+          context: .
+          target: mytarget2
+```

docs/advanced/local-registry.md

@@ -0,0 +1,44 @@
+# Local registry
+
+For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: network=host
+      -
+        name: Build and push to local registry
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: localhost:5000/name/app:latest
+      -
+        name: Inspect
+        run: |
+          docker buildx imagetools inspect localhost:5000/name/app:latest
+```

docs/advanced/multi-platform.md

@@ -0,0 +1,44 @@
+# Multi-platform image
+
+You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below.
+
+> :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action.
+
+> :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: user/app:latest
+```

docs/advanced/push-multi-registries.md

@@ -0,0 +1,57 @@
+# Push to multi-registries
+
+* [Docker Hub and GHCR](#docker-hub-and-ghcr)
+
+## Docker Hub and GHCR
+
+The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
+and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
+image to these registries.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1 
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.CR_PAT }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            user/app:latest
+            user/app:1.0.0
+            ghcr.io/user/app:latest
+            ghcr.io/user/app:1.0.0
+```

docs/advanced/secrets.md

@@ -0,0 +1,84 @@
+# Secrets
+
+In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret)
+as provided by GitHub in your workflow.
+
+First let's create our `Dockerfile` to use our secret:
+
+```Dockerfile
+#syntax=docker/dockerfile:1.2
+
+FROM alpine
+RUN --mount=type=secret,id=github_token \
+  cat /run/secrets/github_token
+```
+
+As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
+the [`secrets` input](../../README.md#inputs):
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          tags: user/app:latest
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
+```
+
+> :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input:
+> ```yaml
+> secret-files: |
+>   "MY_SECRET=./secret.txt"
+> ```
+
+If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle
+multi-line value, you will need to place the key-value pair between quotes:
+
+```yaml
+secrets: |
+  "MYSECRET=${{ secrets.GPG_KEY }}"
+  GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
+  "MYSECRET=aaaaaaaa
+  bbbbbbb
+  ccccccccc"
+  FOO=bar
+  "EMPTYLINE=aaaa
+  
+  bbbb
+  ccc"
+  "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
+```
+
+| Key                | Value                                            |
+|--------------------|--------------------------------------------------|
+| `MYSECRET`         | `***********************` |
+| `GIT_AUTH_TOKEN`   | `abcdefghi,jklmno=0123456789` |
+| `MYSECRET`         | `aaaaaaaa\nbbbbbbb\nccccccccc` |
+| `FOO`              | `bar` |
+| `EMPTYLINE`        | `aaaa\n\nbbbb\nccc` |
+| `JSON_SECRET`      | `{"key1":"value1","key2":"value2"}` |
+
+> :bulb: All quote signs need to be doubled for escaping.

docs/advanced/tags-labels.md

@@ -0,0 +1,70 @@
+# Handle tags and labels
+
+If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
+"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
+for labels, you can do it in a dedicated step. The following workflow will use the [Docker meta action](https://github.com/crazy-max/ghaction-docker-meta)
+to handle tags and labels based on GitHub actions events and Git metadata.
+
+```yaml
+name: ci
+
+on:
+  schedule:
+    - cron: '0 10 * * *' # everyday at 10am
+  push:
+    branches:
+      - '**'
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            name/app
+            ghcr.io/username/app
+          # add git short SHA as Docker tag
+          tag-sha: true
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+```

package.json

@@ -31,8 +31,8 @@
     "@actions/core": "^1.2.6",
     "@actions/exec": "^1.0.4",
     "@actions/github": "^4.0.0",
-    "csv-parse": "^4.12.0",
-    "semver": "^7.3.2",
+    "csv-parse": "^4.15.1",
+    "semver": "^7.3.4",
     "tmp": "^0.2.1"
   },
   "devDependencies": {

src/buildx.ts

@@ -1,7 +1,8 @@
+import csvparse from 'csv-parse/lib/sync';
 import fs from 'fs';
 import path from 'path';
-import csvparse from 'csv-parse/lib/sync';
 import * as semver from 'semver';
+
 import * as context from './context';
 import * as exec from './exec';
 
@@ -17,14 +18,34 @@ export async function getImageID(): Promise<string | undefined> {
   return fs.readFileSync(iidFile, {encoding: 'utf-8'});
 }
 
-export async function getSecret(kvp: string): Promise<string> {
+export async function getSecretString(kvp: string): Promise<string> {
+  return getSecret(kvp, false);
+}
+
+export async function getSecretFile(kvp: string): Promise<string> {
+  return getSecret(kvp, true);
+}
+
+export async function getSecret(kvp: string, file: boolean): Promise<string> {
   const delimiterIndex = kvp.indexOf('=');
   const key = kvp.substring(0, delimiterIndex);
-  const value = kvp.substring(delimiterIndex + 1);
+  let value = kvp.substring(delimiterIndex + 1);
+  if (key.length == 0 || value.length == 0) {
+    throw new Error(`${kvp} is not a valid secret`);
+  }
+
+  if (file) {
+    if (!fs.existsSync(value)) {
+      throw new Error(`secret file ${value} not found`);
+    }
+    value = fs.readFileSync(value, {encoding: 'utf-8'});
+  }
+
   const secretFile = context.tmpNameSync({
     tmpdir: context.tmpDir()
   });
-  await fs.writeFileSync(secretFile, value);
+  fs.writeFileSync(secretFile, value);
+
   return `id=${key},src=${secretFile}`;
 }
 
@@ -33,7 +54,7 @@ export function isLocalOrTarExporter(outputs: string[]): Boolean {
     delimiter: ',',
     trim: true,
     columns: false,
-    relax_column_count: true
+    relaxColumnCount: true
   })) {
     // Local if no type is defined
     // https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43

src/context.ts

@@ -1,12 +1,15 @@
+import csvparse from 'csv-parse/lib/sync';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as tmp from 'tmp';
-import * as buildx from './buildx';
+
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
+import * as buildx from './buildx';
+
 let _defaultContext, _tmpDir: string;
 
 export interface Inputs {
@@ -27,7 +30,9 @@ export interface Inputs {
   cacheFrom: string[];
   cacheTo: string[];
   secrets: string[];
+  secretFiles: string[];
   githubToken: string;
+  ssh: string[];
 }
 
 export function defaultContext(): string {
@@ -53,7 +58,7 @@ export function tmpNameSync(options?: tmp.TmpNameOptions): string {
 export async function getInputs(defaultContext: string): Promise<Inputs> {
   return {
     context: core.getInput('context') || defaultContext,
-    file: core.getInput('file') || 'Dockerfile',
+    file: core.getInput('file'),
     buildArgs: await getInputList('build-args', true),
     labels: await getInputList('labels', true),
     tags: await getInputList('tags'),
@@ -69,7 +74,9 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
     cacheFrom: await getInputList('cache-from', true),
     cacheTo: await getInputList('cache-to', true),
     secrets: await getInputList('secrets', true),
-    githubToken: core.getInput('github-token')
+    secretFiles: await getInputList('secret-files', true),
+    githubToken: core.getInput('github-token'),
+    ssh: await getInputList('ssh')
   };
 }
 
@@ -117,11 +124,25 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
     args.push('--cache-to', cacheTo);
   });
   await asyncForEach(inputs.secrets, async secret => {
-    args.push('--secret', await buildx.getSecret(secret));
+    try {
+      args.push('--secret', await buildx.getSecretString(secret));
+    } catch (err) {
+      core.warning(err.message);
+    }
+  });
+  await asyncForEach(inputs.secretFiles, async secretFile => {
+    try {
+      args.push('--secret', await buildx.getSecretFile(secretFile));
+    } catch (err) {
+      core.warning(err.message);
+    }
   });
   if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
-    args.push('--secret', await buildx.getSecret(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+    args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
   }
+  await asyncForEach(inputs.ssh, async ssh => {
+    args.push('--ssh', ssh);
+  });
   if (inputs.file) {
     args.push('--file', inputs.file);
   }
@@ -149,17 +170,29 @@ async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
 }
 
 export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
+  let res: Array<string> = [];
+
   const items = core.getInput(name);
   if (items == '') {
-    return [];
+    return res;
   }
-  return items
-    .split(/\r?\n/)
-    .filter(x => x)
-    .reduce<string[]>(
-      (acc, line) => acc.concat(!ignoreComma ? line.split(',').filter(x => x) : line).map(pat => pat.trim()),
-      []
-    );
+
+  for (let output of (await csvparse(items, {
+    columns: false,
+    relaxColumnCount: true,
+    skipLinesWithEmptyValues: true
+  })) as Array<string[]>) {
+    if (output.length == 1) {
+      res.push(output[0]);
+      continue;
+    } else if (!ignoreComma) {
+      res.push(...output);
+      continue;
+    }
+    res.push(output.join(','));
+  }
+
+  return res.filter(item => item).map(pat => pat.trim());
 }
 
 export const asyncForEach = async (array, callback) => {

yarn.lock

@@ -1236,10 +1236,10 @@ cssstyle@^2.2.0:
   dependencies:
     cssom "~0.3.6"
 
-csv-parse@*, csv-parse@^4.12.0:
-  version "4.12.0"
-  resolved "https://registry.yarnpkg.com/csv-parse/-/csv-parse-4.12.0.tgz#fd42d6291bbaadd51d3009f6cadbb3e53b4ce026"
-  integrity sha512-wPQl3H79vWLPI8cgKFcQXl0NBgYYEqVnT1i6/So7OjMpsI540oD7p93r3w6fDSyPvwkTepG05F69/7AViX2lXg==
+csv-parse@*, csv-parse@^4.15.1:
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/csv-parse/-/csv-parse-4.15.1.tgz#fc5a0a1b24eaa6d4c24892daa387c46f7f92f8d2"
+  integrity sha512-TXIvRtNp0fqMJbk3yPR35bQIDzMH4khDwduElzE7Fl1wgnl25mnWYLSLqd/wS5GsDoX1rWtysivEYMNsz5jKwQ==
 
 dashdash@^1.12.0:
   version "1.14.1"
@@ -2614,6 +2614,13 @@ lru-cache@^4.1.5:
     pseudomap "^1.0.2"
     yallist "^2.1.2"
 
+lru-cache@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-6.0.0.tgz#6d6fe6570ebd96aaf90fcad1dafa3b2566db3a94"
+  integrity sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==
+  dependencies:
+    yallist "^4.0.0"
+
 make-dir@^3.0.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-3.1.0.tgz#415e967046b3a7f1d185277d84aa58203726a13f"
@@ -3236,10 +3243,12 @@ saxes@^5.0.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
   integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
 
-semver@7.x, semver@^7.3.2:
-  version "7.3.2"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.2.tgz#604962b052b81ed0786aae84389ffba70ffd3938"
-  integrity sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==
+semver@7.x, semver@^7.3.2, semver@^7.3.4:
+  version "7.3.4"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.4.tgz#27aaa7d2e4ca76452f98d3add093a72c943edc97"
+  integrity sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==
+  dependencies:
+    lru-cache "^6.0.0"
 
 semver@^6.0.0, semver@^6.3.0:
   version "6.3.0"
@@ -3895,6 +3904,11 @@ yallist@^2.1.2:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"
   integrity sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=
 
+yallist@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
+  integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
+
 yargs-parser@18.x, yargs-parser@^18.1.2:
   version "18.1.3"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.3.tgz#be68c4975c6b2abf469236b0c870362fab09a7b0"